Revision 656
Added by thorn almost 17 years ago
| save.php | ||
|---|---|---|
| 33 | 33 |
if(isset($_POST['content'])) {
|
| 34 | 34 |
$tags = array('<?php', '?>' , '<?');
|
| 35 | 35 |
$content = $admin->add_slashes(str_replace($tags, '', $_POST['content'])); |
| 36 |
$database = new database(); |
|
| 37 | 36 |
$query = "UPDATE ".TABLE_PREFIX."mod_code SET content = '$content' WHERE section_id = '$section_id'"; |
| 38 | 37 |
$database->query($query); |
| 39 | 38 |
} |
Also available in: Unified diff
Added some missing add_slashes(), get_post_escaped(), and strip_tags() for $_POST, $_GET and $_REQUEST-data. Also for $_SERVER['PHP_SELF'].