Project

General

Profile

« Previous | Next » 

Revision 41

Added by stefan about 19 years ago

Corrected use of addslashes in install/save.php

View differences:

trunk/wb/install/save.php
221 221
if(!isset($_POST['website_title']) OR $_POST['website_title'] == '') {
222 222
	set_error('Please enter a website title');
223 223
} else {
224
	$website_title = wb::addslashes($_POST['website_title']);
224
	$website_title = wb::add_slashes($_POST['website_title']);
225 225
}
226 226
// End website title code
227 227

  
......
500 500
	$insert_website_footer = "INSERT INTO `".TABLE_PREFIX."settings` VALUES ('', 'footer', '')";
501 501
	$database->query($insert_website_footer);
502 502
	// Search header
503
	$search_header = wb::addslashes('
503
	$search_header = addslashes('
504 504
<h1>Search</h1>
505 505

  
506 506
<form name="search" action="[WB_URL]/search/index[PAGE_EXTENSION]" method="post">
......
532 532
	$insert_search_header = "INSERT INTO `".TABLE_PREFIX."search` VALUES ('', 'header', '$search_header', '')";
533 533
	$database->query($insert_search_header);
534 534
	// Search footer
535
	$search_footer = wb::addslashes('');
535
	$search_footer = addslashes('');
536 536
	$insert_search_footer = "INSERT INTO `".TABLE_PREFIX."search` VALUES ('', 'footer', '$search_footer', '')";
537 537
	$database->query($insert_search_footer);
538 538
	// Search results header
539
	$search_results_header = wb::addslashes(''.
539
	$search_results_header = addslashes(''.
540 540
'[TEXT_RESULTS_FOR] \'<b>[SEARCH_STRING]</b>\':
541 541
<table cellpadding="2" cellspacing="0" border="0" width="100%" style="padding-top: 10px;">');
542 542
	$insert_search_results_header = "INSERT INTO `".TABLE_PREFIX."search` VALUES ('', 'results_header', '$search_results_header', '')";
543 543
	$database->query($insert_search_results_header);
544 544
	// Search results loop
545
	$search_results_loop = wb::addslashes(''.
545
	$search_results_loop = addslashes(''.
546 546
'<tr style="background-color: #F0F0F0;">
547 547
<td><a href="[LINK]">[TITLE]</a></td>
548 548
<td align="right">[TEXT_LAST_UPDATED_BY] [DISPLAY_NAME] ([USERNAME]) [TEXT_ON] [DATE]</td>
......
551 551
$insert_search_results_loop = "INSERT INTO `".TABLE_PREFIX."search` VALUES ('', 'results_loop', '$search_results_loop', '')";
552 552
$database->query($insert_search_results_loop);
553 553
// Search results footer
554
$search_results_footer = wb::addslashes("</table>");
554
$search_results_footer = addslashes("</table>");
555 555
$insert_search_results_footer = "INSERT INTO `".TABLE_PREFIX."search` VALUES ('', 'results_footer', '$search_results_footer', '')";
556 556
$database->query($insert_search_results_footer);
557 557
// Search no results
558
$search_no_results = wb::add_slashes('<br />No results found');
558
$search_no_results = addslashes('<br />No results found');
559 559
	$insert_search_no_results = "INSERT INTO `".TABLE_PREFIX."search` VALUES ('', 'no_results', '$search_no_results', '')";
560 560
	$database->query($insert_search_no_results);
561 561
	// Search template

Also available in: Unified diff