[AppDB] security fix for editAppVersion
tony_lambregts at telusplanet.net
tony_lambregts at telusplanet.net
Wed Jan 5 21:56:29 CST 2005
Change Log: Security fix for edit AppVersion.
Files Changed: admin/editAppVersion.php
-------------- next part --------------
Index: admin/editAppVersion.php
===================================================================
RCS file: /home/wine/appdb/admin/editAppVersion.php,v
retrieving revision 1.8
diff -u -r1.8 editAppVersion.php
--- admin/editAppVersion.php 4 Jan 2005 19:37:49 -0000 1.8
+++ admin/editAppVersion.php 6 Jan 2005 03:50:57 -0000
@@ -88,16 +88,16 @@
//did anything change?
if ($VersionChanged)
{
- $query = "UPDATE appVersion SET versionName = '".$versionName."', ".
- "keywords = '".$_REQUEST['keywords']."', ".
- "description = '".$description."', ".
- "webPage = '".$webPage."',".
- "maintainer_rating = '".$maintainer_rating."',".
- "maintainer_release = '".$maintainer_release."'".
- " WHERE appId = ".$_REQUEST['appId']." and versionId = ".$_REQUEST['versionId'];
- if (mysql_query($query))
+ $sUpdate = compile_update_string(array( 'versionName' => $_REQUEST['versionName'],
+ 'description' => $_REQUEST['description'],
+ 'webPage' => $_REQUEST['webPage'],
+ 'keywords' => $_REQUEST['keywords'],
+ 'maintainer_rating' => $_REQUEST['maintainer_rating'],
+ 'maintainer_release' => $_REQUEST['maintainer_release'] ));
+
+ if (query_appdb("UPDATE `appVersion` SET $sUpdate WHERE `appId` = {$_REQUEST['appId']} AND `versionId` = {$_REQUEST['versionId']}"))
{
- //success
+ //success
$email = getNotifyEmailAddressList($_REQUEST['appId'], $_REQUEST['versionId']);
if($email)
{
More information about the wine-patches
mailing list