diff options
| author | natec <natec@users.sourceforge.net> | 2001-09-15 22:11:20 +0000 |
|---|---|---|
| committer | natec <natec@users.sourceforge.net> | 2001-09-15 22:11:20 +0000 |
| commit | fe252a54fdc1be0547e53291fca8b9dec29c4f15 (patch) | |
| tree | afd676f57e696b152a804785c381a2d3484e2e9c /phpBB | |
| parent | d80238fe5798f4e7296f337f76d2de2c0b62ec9c (diff) | |
| download | forums-fe252a54fdc1be0547e53291fca8b9dec29c4f15.tar forums-fe252a54fdc1be0547e53291fca8b9dec29c4f15.tar.gz forums-fe252a54fdc1be0547e53291fca8b9dec29c4f15.tar.bz2 forums-fe252a54fdc1be0547e53291fca8b9dec29c4f15.tar.xz forums-fe252a54fdc1be0547e53291fca8b9dec29c4f15.zip | |
Fixed a situation where we weren't escaping sql special chars.
git-svn-id: file:///svn/phpbb/trunk@1041 89ea8834-ac86-4346-8a33-228a782c2dd0
Diffstat (limited to 'phpBB')
| -rw-r--r-- | phpBB/posting.php | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/phpBB/posting.php b/phpBB/posting.php index eac19e3014..f084d37780 100644 --- a/phpBB/posting.php +++ b/phpBB/posting.php @@ -85,6 +85,7 @@ else $topic_id = ""; } + // // Was cancel pressed? If so then redirect to the appropriate // page, no point in continuing with any further checks @@ -629,7 +630,7 @@ if( ( $submit || $confirm ) && !$error ) if( $mode == "newtopic" ) { $sql = "INSERT INTO " . TOPICS_TABLE . " (topic_title, topic_poster, topic_time, forum_id, topic_status, topic_type, topic_vote) - VALUES ('$subject', " . $userdata['user_id'] . ", $current_time, $forum_id, " . TOPIC_UNLOCKED . ", $topic_type, $topic_vote)"; + VALUES ('$post_subject', " . $userdata['user_id'] . ", $current_time, $forum_id, " . TOPIC_UNLOCKED . ", $topic_type, $topic_vote)"; if( $result = $db->sql_query($sql, BEGIN_TRANSACTION) ) { |