Fix an SQL injection hole in notifications
Showing
1 changed file
with
30 additions
and
2 deletions
| ... | @@ -277,8 +277,36 @@ function send_triggered_notification($uid = 0, $trigger = "NO_TRIGGER", $args = | ... | @@ -277,8 +277,36 @@ function send_triggered_notification($uid = 0, $trigger = "NO_TRIGGER", $args = |
| 277 | $att2 = isset($attachments[1]) ? $attachments[1] : ''; | 277 | $att2 = isset($attachments[1]) ? $attachments[1] : ''; |
| 278 | $att3 = isset($attachments[2]) ? $attachments[2] : ''; | 278 | $att3 = isset($attachments[2]) ? $attachments[2] : ''; |
| 279 | 279 | ||
| 280 | $wpdb->query( | 280 | $wpdb->insert( |
| 281 | "INSERT INTO wp_mail_daemon (notification_id,from_email,to_email,subject,text,html,attachment1,attachment2,attachment3,sent,sent_date) VALUES ($nid,'$from_email','$to_email','$subject','$alttext','$html','$att1','$att2','$att3',0,'')"); | 281 | 'wp_mail_daemon', |
| 282 | [ | ||
| 283 | 'notification_id' => $nid, | ||
| 284 | 'from_email' => $from_email, | ||
| 285 | 'to_email' => $to_email, | ||
| 286 | 'subject' => $subject, | ||
| 287 | 'text' => $alttext, | ||
| 288 | 'html' => $html, | ||
| 289 | 'attachment1' => $att1, | ||
| 290 | 'attachment2' => $att2, | ||
| 291 | 'attachment3' => $att3, | ||
| 292 | 'sent' => 0, | ||
| 293 | 'sent_date' => '' | ||
| 294 | ], | ||
| 295 | [ | ||
| 296 | '%d', | ||
| 297 | '%s', | ||
| 298 | '%s', | ||
| 299 | '%s', | ||
| 300 | '%s', | ||
| 301 | '%s', | ||
| 302 | '%s', | ||
| 303 | '%s', | ||
| 304 | '%s', | ||
| 305 | '%d', | ||
| 306 | '%s' | ||
| 307 | ] | ||
| 308 | ); | ||
| 309 | |||
| 282 | //send_email($uid,$email,$args, true); | 310 | //send_email($uid,$email,$args, true); |
| 283 | } | 311 | } |
| 284 | } | 312 | } | ... | ... |
-
Please register or sign in to post a comment