Revision 656
Added by thorn over 17 years ago
| sections_save.php | ||
|---|---|---|
| 106 | 106 |
} |
| 107 | 107 |
if($sql != '') |
| 108 | 108 |
$sql .= ","; |
| 109 |
$sql .= " publ_start = '".$publ_start."'";
|
|
| 110 |
$sql .= ", publ_end = '".$publ_end."'";
|
|
| 109 |
$sql .= " publ_start = '".$admin->add_slashes($publ_start)."'";
|
|
| 110 |
$sql .= ", publ_end = '".$admin->add_slashes($publ_end)."'";
|
|
| 111 | 111 |
} |
| 112 | 112 |
$query = "UPDATE ".TABLE_PREFIX."sections SET $sql WHERE section_id = '$section_id' LIMIT 1"; |
| 113 | 113 |
if($sql != '') {
|
Also available in: Unified diff
Added some missing add_slashes(), get_post_escaped(), and strip_tags() for $_POST, $_GET and $_REQUEST-data. Also for $_SERVER['PHP_SELF'].