From 794ad67a37b303c11e288811988e6be342442d9b Mon Sep 17 00:00:00 2001 From: Roman Kelesidis Date: Mon, 18 Dec 2023 08:08:39 +0700 Subject: [PATCH] Updated --- search.php | 3 ++- tracker.php | 3 ++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/search.php b/search.php index 12fa5c6a..6d3cabe7 100644 --- a/search.php +++ b/search.php @@ -339,7 +339,7 @@ if ($search_id) FROM ". BB_SEARCH ." WHERE session_id = '$session_id' AND search_type = ". SEARCH_TYPE_POST ." - AND search_id = '$search_id' + AND search_id = '" . DB()->escape($search_id) . "' LIMIT 1 "); @@ -902,6 +902,7 @@ function fetch_search_ids ($sql, $search_type = SEARCH_TYPE_POST) $curr_set[$GLOBALS["{$name}_key"]] = $GLOBALS["{$name}_val"]; } $search_settings = DB()->escape(serialize($curr_set)); + $search_id = DB()->escape($search_id); $columns = 'session_id, search_type, search_id, search_time, search_settings, search_array'; $values = "'$session_id', $search_type, '$search_id', ". TIMENOW .", '$search_settings', '$search_array'"; diff --git a/tracker.php b/tracker.php index 9d26b34d..30a0fdc6 100644 --- a/tracker.php +++ b/tracker.php @@ -329,7 +329,7 @@ if ($search_id) FROM ". BB_SEARCH ." WHERE session_id = '$session_id' AND search_type = ". SEARCH_TYPE_TRACKER ." - AND search_id = '$search_id' + AND search_id = '" . DB()->escape($search_id) . "' LIMIT 1 "); @@ -708,6 +708,7 @@ if ($allowed_forums) if ($tor_count > $per_page && !$search_id) { $search_id = make_rand_str(SEARCH_ID_LENGTH); + $search_id = DB()->escape($search_id); $search_type = SEARCH_TYPE_TRACKER; $columns = 'session_id, search_type, search_id, search_time, search_settings, search_array';