[pLog-svn] r5869 - plog/branches/lifetype-1.2/class/dao/userdata

oscar at devel.lifetype.net oscar at devel.lifetype.net
Thu Aug 23 14:19:53 EDT 2007


Author: oscar
Date: 2007-08-23 14:19:53 -0400 (Thu, 23 Aug 2007)
New Revision: 5869

Modified:
   plog/branches/lifetype-1.2/class/dao/userdata/baseuserdataprovider.class.php
Log:
One of the parameters was not being properly escaped.

Modified: plog/branches/lifetype-1.2/class/dao/userdata/baseuserdataprovider.class.php
===================================================================
--- plog/branches/lifetype-1.2/class/dao/userdata/baseuserdataprovider.class.php	2007-08-23 18:08:52 UTC (rev 5868)
+++ plog/branches/lifetype-1.2/class/dao/userdata/baseuserdataprovider.class.php	2007-08-23 18:19:53 UTC (rev 5869)
@@ -100,7 +100,7 @@
 
             // check if the user is the owner of any blog
             $prefix = $this->getPrefix();
-            $owner = "SELECT * FROM {$prefix}blogs WHERE owner_id = ".$userid;			
+            $owner = "SELECT * FROM {$prefix}blogs WHERE owner_id = '".Db::qstr( $userid )."'";
 			if( $status != BLOG_STATUS_ALL ) 
 				$owner .= " AND status = '".Db::qstr( $status )."'";
            



More information about the pLog-svn mailing list