Project

General

Profile

« Previous | Next » 

Revision 656

Added by thorn over 17 years ago

Added some missing add_slashes(), get_post_escaped(), and strip_tags() for $_POST, $_GET and $_REQUEST-data. Also for $_SERVER['PHP_SELF'].

View differences:

tool.php
35 35 
}
36 36 

  		




  37
  37
  
    
// Check if tool is installed


  		




  38
  
  
    
$result = $database->query("SELECT * FROM ".TABLE_PREFIX."addons WHERE type = 'module' AND function = 'tool' AND directory = '".$_GET['tool']."'");


  		




  
  38
  
    
$result = $database->query("SELECT * FROM ".TABLE_PREFIX."addons WHERE type = 'module' AND function = 'tool' AND directory = '".$admin->add_slashes($_GET['tool'])."'");


  		




  39
  39
  
    
if($result->numRows() == 0) {


  		




  40
  40
  
    
	header("Location: index.php");


  		




  41
  41
  
    
	exit(0);


  		












Also available in:  Unified diff