chamilo
/
chamilo-lms
mirror of https://github.com/chamilo/chamilo-lms/tree/1.11.x
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

[svn r21113] minor - logic changes - improvements security in forum tool - (partial FS#4261)

Browse Source
skala
Isaac Flores 16 years ago
parent bcde0254ac
commit 17ff505c8b
1 changed files with 1 additions and 1 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 2
      main/forum/viewforum.php

2
main/forum/viewforum.php
Unescape View File

@ -185,7 +185,7 @@ if (($my_action=='lock' OR $my_action=='unlock') AND isset($_GET['content']) AND
if ($my_action=='delete' AND isset($_GET['content']) AND isset($_GET['id']) AND api_is_allowed_to_edit(false,true)) {
$message=delete_forum_forumcategory_thread($_GET['content'],$_GET['id']); // note: this has to be cleaned first
//delete link
$sql_link='DELETE FROM '.$table_link.' WHERE ref_id='.Security::remove_XSS($_GET['id']).' and type=5 and course_code="'.api_get_course_id().'";';
$sql_link='DELETE FROM '.$table_link.' WHERE ref_id='.Database::escape_string(Security::remove_XSS($_GET['id'])).' and type=5 and course_code="'.api_get_course_id().'";';
api_sql_query($sql_link);
}
// moving

Write Preview
Loading…
Cancel
Save