diff options
author | patdenice <patdenice@piwigo.org> | 2008-10-15 20:58:36 +0000 |
---|---|---|
committer | patdenice <patdenice@piwigo.org> | 2008-10-15 20:58:36 +0000 |
commit | 3e49cf5f56cfb64e1f3b00cecda8868f6b43f72f (patch) | |
tree | 29641a82ce9f4418e8d87e3e73dd27c9bc5648ba /admin | |
parent | 478291598f09d2055c72b3ff49d6a622e7648f40 (diff) |
Merge from trunk 2752:
- change mysql_escape_string function (deprecated) by mysql_real_escape_string.
- Correction on install.tpl (link color).
git-svn-id: http://piwigo.org/svn/branches/2.0@2753 68402e56-0260-453c-a942-63ccdbb3a9ee
Diffstat (limited to 'admin')
-rw-r--r-- | admin/group_list.php | 2 | ||||
-rw-r--r-- | admin/history.php | 2 | ||||
-rw-r--r-- | admin/template/goto/install.tpl | 2 | ||||
-rw-r--r-- | admin/user_list.php | 9 |
4 files changed, 4 insertions, 11 deletions
diff --git a/admin/group_list.php b/admin/group_list.php index 09462025e..8bb0412b4 100644 --- a/admin/group_list.php +++ b/admin/group_list.php @@ -107,7 +107,7 @@ SELECT COUNT(*) INSERT INTO '.GROUPS_TABLE.' (name) VALUES - (\''.mysql_escape_string($_POST['groupname']).'\') + (\''.mysql_real_escape_string($_POST['groupname']).'\') ;'; pwg_query($query); diff --git a/admin/history.php b/admin/history.php index 222deaaf1..a915704d4 100644 --- a/admin/history.php +++ b/admin/history.php @@ -110,7 +110,7 @@ if (isset($_POST['submit'])) $search['fields']['filename'] = str_replace( '*', '%', - mysql_escape_string($_POST['filename']) + mysql_real_escape_string($_POST['filename']) ); } diff --git a/admin/template/goto/install.tpl b/admin/template/goto/install.tpl index 0fdf9b709..553eb737d 100644 --- a/admin/template/goto/install.tpl +++ b/admin/template/goto/install.tpl @@ -29,7 +29,7 @@ TD { height: 2.5em; } -.sql_content { +.sql_content, .infos a { color: #ff3363; } </style> diff --git a/admin/user_list.php b/admin/user_list.php index 8f0430ee5..80d3306f7 100644 --- a/admin/user_list.php +++ b/admin/user_list.php @@ -49,14 +49,7 @@ function get_filtered_user_list() if (isset($_GET['username']) and !empty($_GET['username'])) { $username = str_replace('*', '%', $_GET['username']); - if (function_exists('mysql_real_escape_string')) - { - $filter['username'] = mysql_real_escape_string($username); - } - else - { - $filter['username'] = mysql_escape_string($username); - } + $filter['username'] = mysql_real_escape_string($username); } if (isset($_GET['group']) |