A little bug-fix in rss.php (potential SQL-injection)
For YSE PRE 6 but Also working for BoLaMns PRE 7
Open rss.php and substitute: Replace This: Code:
$user = mysql_fetch_row(sql_query("SELECT COUNT(*) FROM users WHERE passkey = '$passkey'")); Code:
$user = mysql_fetch_row(sql_query("SELECT COUNT(*) FROM users WHERE passkey = ".sqlesc($passkey))); |
All times are GMT +2. The time now is 15:19. |
Powered by vBulletin® Version 3.8.11 Beta 3
Copyright ©2000 - 2024, vBulletin Solutions Inc.