Commit 9f0100d9 authored by Leigh B. Stoller's avatar Leigh B. Stoller
Browse files

Add addslashes() call to make sure new value is properly escaped

before DB insertion.
parent c7d7872d
......@@ -74,6 +74,8 @@ if (isset($edit)) {
if (isset($edited)) {
$value = addslashes("$value");
DBQueryFatal("UPDATE sitevariables ".
"SET value='$value' ".
"WHERE name='$name'");
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment