diff options
| author | Paul S. Owen <psotfx@users.sourceforge.net> | 2003-07-23 15:39:38 +0000 |
|---|---|---|
| committer | Paul S. Owen <psotfx@users.sourceforge.net> | 2003-07-23 15:39:38 +0000 |
| commit | 8ee1433d16ef183298fd165ff7eb635c599aead1 (patch) | |
| tree | 852648fdcff9d1f36bb2fffbeb45098b0ddc4efe /phpBB/includes/session.php | |
| parent | 0f265c3712fed7d5750e4406812e86ca3b37f5a5 (diff) | |
| download | forums-8ee1433d16ef183298fd165ff7eb635c599aead1.tar forums-8ee1433d16ef183298fd165ff7eb635c599aead1.tar.gz forums-8ee1433d16ef183298fd165ff7eb635c599aead1.tar.bz2 forums-8ee1433d16ef183298fd165ff7eb635c599aead1.tar.xz forums-8ee1433d16ef183298fd165ff7eb635c599aead1.zip | |
escape browser and page info
git-svn-id: file:///svn/phpbb/trunk@4318 89ea8834-ac86-4346-8a33-228a782c2dd0
Diffstat (limited to 'phpBB/includes/session.php')
| -rw-r--r-- | phpBB/includes/session.php | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/phpBB/includes/session.php b/phpBB/includes/session.php index 06e1b72078..052ccd5fb4 100644 --- a/phpBB/includes/session.php +++ b/phpBB/includes/session.php @@ -71,7 +71,7 @@ class session } // Load limit check (if applicable) - if (doubleval($config['limit_load']) && file_exists('/proc/loadavg')) + if (doubleval($config['limit_load']) && @file_exists('/proc/loadavg')) { if ($load = @file('/proc/loadavg')) { @@ -257,7 +257,7 @@ class session $db->sql_return_on_error(true); $sql = 'UPDATE ' . SESSIONS_TABLE . " - SET session_user_id = $user_id, session_last_visit = " . $this->data['session_last_visit'] . ", session_start = $current_time, session_time = $current_time, session_browser = '$this->browser', session_page = '$this->page', session_allow_viewonline = $viewonline + SET session_user_id = $user_id, session_last_visit = " . $this->data['session_last_visit'] . ", session_start = $current_time, session_time = $current_time, session_browser = '" . $db->sql_escape($this->browser) . "', session_page = '" . $db->sql_escape($this->page) . "', session_allow_viewonline = $viewonline WHERE session_id = '" . $this->session_id . "'"; if ($this->session_id == '' || !$db->sql_query($sql) || !$db->sql_affectedrows()) { @@ -266,7 +266,7 @@ class session $sql = 'INSERT INTO ' . SESSIONS_TABLE . " (session_id, session_user_id, session_last_visit, session_start, session_time, session_ip, session_browser, session_page, session_allow_viewonline) - VALUES ('" . $this->session_id . "', $user_id, " . $this->data['session_last_visit'] . ", $current_time, $current_time, '$this->ip', '$this->browser', '$this->page', $viewonline)"; + VALUES ('" . $this->session_id . "', $user_id, " . $this->data['session_last_visit'] . ", $current_time, $current_time, '$this->ip', '" . $db->sql_escape($this->browser) . "', '" . $db->sql_escape($this->page) . "', $viewonline)"; $db->sql_query($sql); } $db->sql_return_on_error(false); |