Revision 656
Added by thorn almost 17 years ago
| save.php | ||
|---|---|---|
| 31 | 31 |
|
| 32 | 32 |
// Update the mod_wrapper table with the contents |
| 33 | 33 |
if(isset($_POST['url'])) {
|
| 34 |
$url = $admin->add_slashes($_POST['url']);
|
|
| 34 |
$url = $admin->add_slashes(strip_tags($_POST['url']));
|
|
| 35 | 35 |
$height = $_POST['height']; |
| 36 | 36 |
if(!is_numeric($height)) {
|
| 37 | 37 |
$height = 400; |
| 38 | 38 |
} |
| 39 |
$database = new database(); |
|
| 40 | 39 |
$query = "UPDATE ".TABLE_PREFIX."mod_wrapper SET url = '$url', height = '$height' WHERE section_id = '$section_id'"; |
| 41 | 40 |
$database->query($query); |
| 42 | 41 |
} |
Also available in: Unified diff
Added some missing add_slashes(), get_post_escaped(), and strip_tags() for $_POST, $_GET and $_REQUEST-data. Also for $_SERVER['PHP_SELF'].