Fix an SQL injection hole in notifications

Marty Penner
Showing 1 changed file with 30 additions and 2 deletions
com/Notifications/Notifications.php
--- a/com/Notifications/Notifications.php
View file @3488538
+++ b/com/Notifications/Notifications.php
View file @3488538
@@ -277,8 +277,36 @@ function send_triggered_notification($uid = 0, $trigger = "NO_TRIGGER", $args = 
            $att2 = isset($attachments[1]) ? $attachments[1] : '';
            $att3 = isset($attachments[2]) ? $attachments[2] : '';

-            $wpdb->query(
-                "INSERT INTO wp_mail_daemon (notification_id,from_email,to_email,subject,text,html,attachment1,attachment2,attachment3,sent,sent_date) VALUES ($nid,'$from_email','$to_email','$subject','$alttext','$html','$att1','$att2','$att3',0,'')");
+            $wpdb->insert(
+                'wp_mail_daemon',
+                [
+                    'notification_id' => $nid,
+                    'from_email'      => $from_email,
+                    'to_email'        => $to_email,
+                    'subject'         => $subject,
+                    'text'            => $alttext,
+                    'html'            => $html,
+                    'attachment1'     => $att1,
+                    'attachment2'     => $att2,
+                    'attachment3'     => $att3,
+                    'sent'            => 0,
+                    'sent_date'       => ''
+                ],
+                [
+                    '%d',
+                    '%s',
+                    '%s',
+                    '%s',
+                    '%s',
+                    '%s',
+                    '%s',
+                    '%s',
+                    '%s',
+                    '%d',
+                    '%s'
+                ]
+            );
+
            //send_email($uid,$email,$args, true);
        }
    }