|
#1
|
||||
|
||||
A little bug-fix in rss.php (potential SQL-injection)
For YSE PRE 6 but Also working for BoLaMns PRE 7
Open rss.php and substitute: Replace This: Code:
$user = mysql_fetch_row(sql_query("SELECT COUNT(*) FROM users WHERE passkey = '$passkey'")); Code:
$user = mysql_fetch_row(sql_query("SELECT COUNT(*) FROM users WHERE passkey = ".sqlesc($passkey))); |
Tags |
bugfix , potential , rssphp , sqlinjection |
Thread Tools | |
|
|