Security issue: Database::escape_string function added

16 years ago · 2e07249f31
parent c250e4765b
commit 2e07249f31
1 changed files with 3 additions and 6 deletions
--- a/main/calendar/agenda.inc.php
+++ b/main/calendar/agenda.inc.php
@ -1529,12 +1529,9 @@ function get_agenda_item($id)
    $t_agenda_repeat = Database::get_course_table(TABLE_AGENDA_REPEAT);
    $id=Database::escape_string($id);
    $item = array();
-	if(empty($id))
+	if(empty($id)) {
-    {
+        $id=intval(Database::escape_string(($_GET['id'])));
-        $id=(int)addslashes($_GET['id']);
+    } else {
    }
    else
    {
    	$id = (int) $id;
    }
    if(empty($id)){return $item;}