[ create a new paste ] login | about

Link: http://codepad.org/M7axVuUz    [ raw code | fork | 2 comments ]

hudolejev - PHP, pasted on Dec 7: 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16

@@ -271,12 +273,12 @@
         
         if(!isset($_POST['dsfaq_quest'])){ error(); }
         if(get_magic_quotes_gpc()){ $dsfaq_quest = $_POST['dsfaq_quest']; }
-        else{ $dsfaq_quest = addslashes($_POST['dsfaq_quest']); }
+        else{ $dsfaq_quest = addslashes(stripslashes_deep($_POST['dsfaq_quest'])); }
         if($dsfaq_quest == ""){ error(); }
 
         if(!isset($_POST['dsfaq_answer'])) error();
         if(get_magic_quotes_gpc()){ $dsfaq_answer = $_POST['dsfaq_answer']; }
-        else{ $dsfaq_answer = addslashes($_POST['dsfaq_answer']); }
+        else{ $dsfaq_answer = addslashes(stripslashes_deep($_POST['dsfaq_answer'])); }
         
         $sql = "UPDATE ".$table_quest." SET date='".date("Y-m-d-H-i-s")."', quest='".$dsfaq_quest."', answer='".$dsfaq_answer."' WHERE id='".$id."'";
         $results = $wpdb->query( $sql );
@@ -484,4 +486,4 @@


Create a new paste based on this one


Comments:
posted by hudolejev on Dec 7
WP DS FAQ fix (http://wordpress.org/support/topic/plugin-wp-ds-faq-does-not-parse-quotes-correctly)
reply
posted by hudolejev on Dec 7
I'd also replace `addslashes()` with `mysql_real_escape_string()`.
reply