Skip to content
GitLab
Explore
Sign in
Register
Primary navigation
Search or go to…
Project
V
VMSone
Manage
Activity
Members
Labels
Plan
Issues
1
Issue boards
Milestones
Wiki
Code
Merge requests
0
Repository
Branches
Commits
Tags
Repository graph
Compare revisions
Build
Pipelines
Jobs
Pipeline schedules
Artifacts
Deploy
Releases
Operate
Environments
Monitor
Incidents
Service Desk
Analyze
Value stream analytics
Contributor analytics
CI/CD analytics
Repository analytics
Model experiments
Help
Help
Support
GitLab documentation
Compare GitLab plans
Community forum
Contribute to GitLab
Provide feedback
Keyboard shortcuts
?
Snippets
Groups
Projects
Designerscripte
VMSone
Commits
24f1b10e
Commit
24f1b10e
authored
5 years ago
by
Henoch Einbier
Browse files
Options
Downloads
Patches
Plain Diff
Update frametest.php
-secured PDO query with bindParam -$seitenname -> $system['seitenname']
parent
9e5caba2
2 merge requests
!46
Release 3.0
,
!13
Update frametest.php
Changes
1
Hide whitespace changes
Inline
Side-by-side
Showing
1 changed file
adminforce/frametest.php
+4
-2
4 additions, 2 deletions
adminforce/frametest.php
with
4 additions
and
2 deletions
adminforce/frametest.php
+
4
−
2
View file @
24f1b10e
...
...
@@ -16,7 +16,9 @@ if ($_GET['testen'] == 'true') {
// SecVMS change begin
$_GET
[
'tan'
]
=
addslashes
(
$_GET
[
'tan'
]);
// SecVMS change end
$sql
=
sql
::
$db
->
query
(
"SELECT ziel FROM "
.
_VMS_
.
"_gebuchte_werbung WHERE tan='"
.
$_GET
[
'tan'
]
.
"' LIMIT 1"
);
$sql
=
sql
::
$db
->
prepare
(
"SELECT ziel FROM "
.
_VMS_
.
"_gebuchte_werbung WHERE tan=:tan LIMIT 1"
);
$sql
->
bindParam
(
':tan'
,
$_GET
[
'tan'
],
PDO
::
PARAM_STR
);
$sql
->
execute
();
$forced
=
$sql
->
fetch
();
if
(
$forced
)
{
$ziel
=
$forced
[
'ziel'
];
...
...
@@ -27,7 +29,7 @@ if ($_GET['testen'] == 'true') {
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<head>
<title>Framekiller-Test by '
.
$seitenname
.
'</title>
<title>Framekiller-Test by '
.
$
system
[
'
seitenname
'
]
.
'</title>
</head>
<frameset rows="75,*" border="0">
...
...
This diff is collapsed.
Click to expand it.
Preview
0%
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Save comment
Cancel
Please
register
or
sign in
to comment