beenull/wiby
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Add files via upload

Browse source
This commit is contained in:
wibyweb 2022-08-10 02:27:10 -04:00 committed by GitHub
parent 57090aa162
commit 29c1f89ed1
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 4 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
html/submit/index.php
View file

@ -50,11 +50,11 @@
exit();
}
$url = mysqli_real_escape_string($link, $_POST['url']);
$url = str_replace("\"", "\"\"", $url);
$url = mysqli_real_escape_string($link, $_POST['url']);
//$url = str_replace("\"", "\"\"", $url); //not needed if using single quotes for query
$url = substr($url,0,400); //don't allow user to post a longer url than 400b (also limited in form)
$worksafe = mysqli_real_escape_string($link, $_POST['worksafe']);
$worksafe = str_replace("\"", "\"\"", $worksafe);
//$worksafe = str_replace("\"", "\"\"", $worksafe);
if($worksafe == 'on')
{
@ -72,7 +72,7 @@
$url = str_replace("/index.html", "/", $url);
$url = str_replace("/index.htm", "/", $url);
$sql = 'INSERT INTO reviewqueue (url,worksafe) VALUES ("'.$url.'","'.$worksafe.'")';
$sql = "INSERT INTO reviewqueue (url,worksafe) VALUES ('".$url."','".$worksafe."')";
if (!mysqli_query($link, $sql))