Changeset 1093:446407fe913a for plugins/importExport/inc

Timestamp:

01/08/13 16:33:39 (13 years ago)

Author:

Dsls <dsls@…>

Branch:

default

Message:

media files should be escaped when importing flat files.

File:

plugins/importExport/inc/flat/class.flat.import.php

-                      r841
+                      r1093
           $strReq = 'SELECT media_id '.
                     'FROM '.$this->prefix.'media '.
                     "WHERE media_path = '".$this->cur_media->media_path."' ".
                     "AND media_file = '".$this->cur_media->media_file."' ";
+                    "WHERE media_path = '".$this->con->escape($this->cur_media->media_path)."' ".
+                    "AND media_file = '".$this->con->escape($this->cur_media->media_file)."' ";
           $rs = $this->con->select($strReq);

Note: See TracChangeset for help on using the changeset viewer.