Nemcio/Kleeja
1
0
Fork 0
mirror of https://github.com/kleeja-official/kleeja.git synced 2025-12-16 04:59:42 +01:00
Code Issues Packages Projects Releases Activity

Update for messages and reports

Browse Source 
- Use real_escape instead of htmlspecialchars_decode and escape
This commit is contained in:
Hani Rouatbi
2022-11-26 16:42:17 +01:00
parent b726823298
commit e81f295997
2 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
go.php
View File

@@ -178,7 +178,7 @@ switch ($current_go_case)
if (empty($ERRORS))
{
$name = $NOT_USER ? (string) $SQL->escape(p('rname')) : $usrcp->name();
$text = (string) $SQL->escape(htmlspecialchars_decode(p('rtext')));
$text = (string) $SQL->real_escape(nl2br(p('rtext')));
$mail = $NOT_USER ? (string) strtolower(trim($SQL->escape(p('rmail')))) : $usrcp->mail();
$url = (string) ip('rid') ? $SQL->escape($url_id) : $SQL->real_escape(p('surl'));
$time = (int) time();
@@ -307,7 +307,7 @@ switch ($current_go_case)
if (empty($ERRORS))
{
$name = $NOT_USER ? (string) $SQL->escape(p('cname')) : $usrcp->name();
$text = (string) $SQL->escape(htmlspecialchars_decode(p('ctext')));
$text = (string) $SQL->real_escape(nl2br(p('ctext')));
$mail = $NOT_USER ? (string) strtolower(trim($SQL->escape(p('cmail')))) : $usrcp->mail();
$timee = (int) time();
$ip = get_ip();

2
install/includes/install_sqls.php
View File

@@ -217,7 +217,7 @@ CREATE TABLE `{$dbprefix}filters` (
$install_sqls['stats_insert'] = "INSERT INTO `{$dbprefix}stats` VALUES (0,0,1,0,0," . time() . ",0,0,0,0,'',0,0,0,0,'','','','')";
$install_sqls['users_insert'] = "INSERT INTO `{$dbprefix}users` (`id`,`name`,`group_id`,`password`,`password_salt`,`mail`,`founder`,`clean_name`) VALUES (1,'" . $user_name . "', 1, '" . $user_pass . "','" . $user_salt . "', '" . $user_mail . "', 1,'" . $clean_name . "')";
$install_sqls['TeamMsg_insert'] = "INSERT INTO `{$dbprefix}call` (`name`,`text`,`mail`,`time`,`ip`) VALUES ('" . $SQL->escape($lang['KLEEJA_TEAM_MSG_NAME']) . "', '" . $SQL->escape($lang['KLEEJA_TEAM_MSG_TEXT']) . "','info@kleeja.net', " . time() . ", '127.0.0.1')";
$install_sqls['TeamMsg_insert'] = "INSERT INTO `{$dbprefix}call` (`name`,`text`,`mail`,`time`,`ip`) VALUES ('" . $SQL->escape($lang['KLEEJA_TEAM_MSG_NAME']) . "', '" . $SQL->real_escape(nl2br($lang['KLEEJA_TEAM_MSG_TEXT'])) . "','info@kleeja.net', " . time() . ", '127.0.0.1')";
$install_sqls['groups_insert'] = "INSERT INTO `{$dbprefix}groups` (`group_id`, `group_name`, `group_is_default`, `group_is_essential`) VALUES
(1, '{lang.ADMINS}', 0, 1),
(2, '{lang.GUESTS}', 0, 1),