arman/science-ation
1
1
Fork 0
forked from science-ation/science-ation
Code Pull Requests Activity

escape some email usage incase of weird characters.

Browse Source
This commit is contained in:
james 2007-10-25 15:12:20 +00:00
parent a83695bfe7
commit e00e210690
2 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
committee_auth.php
View File

@ -13,7 +13,7 @@ function auth_has_access($access="")
} }
else else
{ {
$q=mysql_query("SELECT access_admin, access_config, access_super FROM committees_members WHERE email='".$_SESSION['email']."' AND id='".$_SESSION['committee_member_id']."' AND deleted='N'"); $q=mysql_query("SELECT access_admin, access_config, access_super FROM committees_members WHERE email='".mysql_escape_string($_SESSION['email'])."' AND id='".$_SESSION['committee_member_id']."' AND deleted='N'");
$r=mysql_fetch_object($q); $r=mysql_fetch_object($q);
$accesscache['admin']=$r->access_admin; $accesscache['admin']=$r->access_admin;

2
register_participants.php
View File

@ -138,7 +138,7 @@
if($_POST['action']=="login" && ( $_POST['email'] || $_SESSION['email']) ) if($_POST['action']=="login" && ( $_POST['email'] || $_SESSION['email']) )
{ {
if($_POST['email']) if($_POST['email'])
$_SESSION['email']=$_POST['email']; $_SESSION['email']=stripslashes(mysql_escape_string($_POST['email']));
echo "<form method=\"post\" action=\"register_participants.php\">"; echo "<form method=\"post\" action=\"register_participants.php\">";