Skip to content
Snippets Groups Projects
Commit 24f1b10e authored by Henoch Einbier's avatar Henoch Einbier
Browse files

Update frametest.php

-secured PDO query with bindParam
-$seitenname -> $system['seitenname']
parent 9e5caba2
2 merge requests!46Release 3.0,!13Update frametest.php
......@@ -16,7 +16,9 @@ if ($_GET['testen'] == 'true') {
// SecVMS change begin
$_GET['tan'] = addslashes ($_GET['tan']);
// SecVMS change end
$sql = sql::$db->query("SELECT ziel FROM "._VMS_."_gebuchte_werbung WHERE tan='" . $_GET['tan'] . "' LIMIT 1");
$sql = sql::$db->prepare("SELECT ziel FROM "._VMS_."_gebuchte_werbung WHERE tan=:tan LIMIT 1");
$sql -> bindParam(':tan', $_GET['tan'], PDO::PARAM_STR);
$sql -> execute();
$forced = $sql -> fetch();
if ($forced) {
$ziel = $forced['ziel'];
......@@ -27,7 +29,7 @@ if ($_GET['testen'] == 'true') {
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<head>
<title>Framekiller-Test by ' . $seitenname . '</title>
<title>Framekiller-Test by ' . $system['seitenname'] . '</title>
</head>
<frameset rows="75,*" border="0">
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment