diff options
Diffstat (limited to 'engine')
-rw-r--r-- | engine/lib/annotations.php | 20 | ||||
-rw-r--r-- | engine/lib/sites.php | 2 |
2 files changed, 11 insertions, 11 deletions
diff --git a/engine/lib/annotations.php b/engine/lib/annotations.php index 703538273..1a559b872 100644 --- a/engine/lib/annotations.php +++ b/engine/lib/annotations.php @@ -108,9 +108,9 @@ global $CONFIG; $object_id = (int)$object_id; - $object_type = mysql_real_escape_string(trim($object_type)); - $name = mysql_real_escape_string(trim($name)); - $value = mysql_real_escape_string(trim($value)); + $object_type = sanitise_string(trim($object_type)); + $name = sanitise_string(trim($name)); + $value = sanitise_string(trim($value)); $owner_id = (int)$owner_id; $limit = (int)$limit; $offset = (int)$offset; @@ -159,10 +159,10 @@ global $CONFIG; $object_id = (int)$object_id; - $object_type = mysql_real_escape_string(trim($object_type)); - $name = mysql_real_escape_string(trim($name)); - $value = mysql_real_escape_string(trim($value)); - $value_type = mysql_real_escape_string(trim($value_type)); + $object_type = sanitise_string(trim($object_type)); + $name = sanitise_string(trim($name)); + $value = sanitise_string(trim($value)); + $value_type = sanitise_string(trim($value_type)); $owner_id = (int)$owner_id; $access_id = (int)$access_id; @@ -184,9 +184,9 @@ global $CONFIG; $annotation_id = (int)$annotation_id; - $name = mysql_real_escape_string(trim($name)); - $value = mysql_real_escape_string(trim($value)); - $value_type = mysql_real_escape_string(trim($value_type)); + $name = sanitise_string(trim($name)); + $value = sanitise_string(trim($value)); + $value_type = sanitise_string(trim($value_type)); $owner_id = (int)$owner_id; $access_id = (int)$access_id; diff --git a/engine/lib/sites.php b/engine/lib/sites.php index 420616ca3..b5a06f45c 100644 --- a/engine/lib/sites.php +++ b/engine/lib/sites.php @@ -265,7 +265,7 @@ { global $CONFIG; - $url = mysql_real_escape_string(trim($url)); + $url = sanitise_string(trim($url)); $access = get_access_list(); return get_data_row("select o.* from {$CONFIG->dbprefix}sites where url='$url' and (o.access_id in {$access} or (o.access_id = 0 and o.owner_id = {$_SESSION['id']}))"); |