Update frametest.php

-secured PDO query with bindParam
-$seitenname -> $system['seitenname']

adminforce/frametest.php

@@ -16,7 +16,9 @@ if ($_GET['testen'] == 'true') {
         // SecVMS change begin
         $_GET['tan'] = addslashes ($_GET['tan']);
         // SecVMS change end
-        $sql = sql::$db->query("SELECT ziel FROM "._VMS_."_gebuchte_werbung WHERE tan='" . $_GET['tan'] . "' LIMIT 1");
+        $sql = sql::$db->prepare("SELECT ziel FROM "._VMS_."_gebuchte_werbung WHERE tan=:tan LIMIT 1");
+        $sql -> bindParam(':tan', $_GET['tan'], PDO::PARAM_STR);
+        $sql -> execute();
         $forced = $sql -> fetch();
         if ($forced) {
             $ziel = $forced['ziel'];
@@ -27,7 +29,7 @@ if ($_GET['testen'] == 'true') {
 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
 <html>
 <head>
-	<title>Framekiller-Test by ' . $seitenname . '</title>
+	<title>Framekiller-Test by ' . $system['seitenname'] . '</title>
 </head>
 
 <frameset rows="75,*" border="0">