chamilo
/
chamilo-lms
mirror of https://github.com/chamilo/chamilo-lms/tree/1.11.x
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

[svn r11161] Removed potential SQL injection (http://projects.dokeos.com/?do=details&id=1202)

Browse Source
skala
Yannick Warnier 18 years ago
parent bd5bb44a23
commit af659f16f5
2 changed files with 4 additions and 2 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 3
      main/tracking/courseLog.php
  2. 3
      main/tracking/courseLogCSV.php

3
main/tracking/courseLog.php
Unescape View File

@ -55,7 +55,8 @@ require_once('../newscorm/scormItem.class.php');
if ($_GET['scormcontopen'])
{
$tbl_lp = Database::get_course_table('lp');
$sql = "SELECT default_encoding FROM $tbl_lp WHERE id = ".$_GET['scormcontopen'];
$contopen = (int) $_GET['scormcontopen'];
$sql = "SELECT default_encoding FROM $tbl_lp WHERE id = ".$contopen;
$res = api_sql_query($sql,__FILE__,__LINE__);
$row = Database::fetch_array($res);
$lp_charset = $row['default_encoding'];

3
main/tracking/courseLogCSV.php
Unescape View File

@ -54,7 +54,8 @@ require_once('../newscorm/scormItem.class.php');
if ($_GET['scormcontopen'])
{
$tbl_lp = Database::get_course_table('lp');
$sql = "SELECT default_encoding FROM $tbl_lp WHERE id = ".$_GET['scormcontopen'];
$contopen = (int) $_GET['scormcontopen'];
$sql = "SELECT default_encoding FROM $tbl_lp WHERE id = ".$contopen;
$res = api_sql_query($sql,__FILE__,__LINE__);
$row = Database::fetch_array($res);
$lp_charset = $row['default_encoding'];

Write Preview
Loading…
Cancel
Save