Merge pull request #8 from JoaoBGusmao/exploit_fix

kedarv · web-flow · commit 07042aab3691 · 2016-10-01T20:28:20.000-04:00
sql injection fix
diff --git a/sources/ucp/buynx.php b/sources/ucp/buynx.php
@@ -45,8 +45,8 @@
 	}
 }
 else {
-	$selChar = isset($_POST['selChar']) ? $_POST['selChar'] : '';
-	$selPack = isset($_POST['selPack']) ? $_POST['selPack'] : '';
+	$selChar = isset($_POST['selChar']) ? $mysqli->real_escape_string( $_POST['selChar'] ) : '';
+	$selPack = isset($_POST['selPack']) ? $mysqli->real_escape_string( $_POST['selPack'] ) : '';
 	$hasMeso = $mysqli->query("SELECT * FROM `characters` WHERE `id` = '".$selChar."'") or die();
 	$getMeso = $hasMeso->fetch_assoc();
 	$fetchNX = $mysqli->query("SELECT * FROM `".$prefix."buynx` WHERE `meso` = '".$selPack."'") or die();

Original file line number	Diff line number	Diff line change
`@@ -45,8 +45,8 @@`
`45`	`45`	`}`
`46`	`46`	`}`
`47`	`47`	`else {`
`48`		`- $selChar = isset($_POST['selChar']) ? $_POST['selChar'] : '';`
`49`		`- $selPack = isset($_POST['selPack']) ? $_POST['selPack'] : '';`
	`48`	`+ $selChar = isset($_POST['selChar']) ? $mysqli->real_escape_string( $_POST['selChar'] ) : '';`
	`49`	`+ $selPack = isset($_POST['selPack']) ? $mysqli->real_escape_string( $_POST['selPack'] ) : '';`
`50`	`50`	$hasMeso = $mysqli->query("SELECT * FROM `characters` WHERE `id` = '".$selChar."'") or die();
`51`	`51`	`$getMeso = $hasMeso->fetch_assoc();`
`52`	`52`	$fetchNX = $mysqli->query("SELECT * FROM `".$prefix."buynx` WHERE `meso` = '".$selPack."'") or die();