[Aminet-commit] r143 - trunk/phpinclude
aminet-discuss at aminet.net
aminet-discuss at aminet.net
Sun Nov 16 20:48:40 CET 2008
Author: mendoza
Date: 2008-11-16 11:48:40 -0800 (Sun, 16 Nov 2008)
New Revision: 143
Modified:
trunk/phpinclude/package.php
Log:
avoid sql injection
Modified: trunk/phpinclude/package.php
===================================================================
--- trunk/phpinclude/package.php 2008-11-09 21:55:14 UTC (rev 142)
+++ trunk/phpinclude/package.php 2008-11-16 19:48:40 UTC (rev 143)
@@ -14,7 +14,7 @@
if (preg_match("/(.*?\/.*?)\/(.*)/",$package,$matches)) {
$path=$matches[1];
$name=$matches[2];
- $basename = get_basename($name);
+ $basename = mysql_real_escape_string(get_basename($name));
list($root,$branch) = explode("/",$path);
}
More information about the Aminet-commit
mailing list