From: Roland Häder Date: Mon, 9 Nov 2009 18:19:38 +0000 (+0000) Subject: Fixes for HTML in extension menu SQLs. :( X-Git-Url: https://git.mxchange.org/?p=mailer.git;a=commitdiff_plain;h=b7ec93f8292180fa480361949f8da5d6f558ef7e Fixes for HTML in extension menu SQLs. :( --- diff --git a/inc/db/lib-mysql3.php b/inc/db/lib-mysql3.php index 8ed21c3218..13d333d1b2 100644 --- a/inc/db/lib-mysql3.php +++ b/inc/db/lib-mysql3.php @@ -78,7 +78,7 @@ function SQL_QUERY ($sqlString, $F, $L) { $querytimeBefore = microtime(true); // Run SQL command - //* DEBUG: */ print('F=' . basename($F) . ',L=' . $L . 'sql=' . $sqlString . '
'); + //* DEBUG: */ print('F=' . basename($F) . ',L=' . $L . 'sql=' . htmlentities($sqlString) . '
'); $result = mysql_query($sqlString, SQL_GET_LINK()) or addFatalMessage(__FUNCTION__, __LINE__, $F . ' (' . $L . '):' . mysql_error() . '
Query string:
diff --git a/inc/filters.php b/inc/filters.php index 3b198af56b..1033083dab 100644 --- a/inc/filters.php +++ b/inc/filters.php @@ -434,7 +434,9 @@ function FILTER_COMPILE_CONFIG ($code, $compiled = false) { // Should we compile it? if ($compiled === true) { // Run the code - eval("\$GLOBALS['compiled_config'][\$uncompiled] = \"" . $GLOBALS['compiled_config'][$uncompiled] . "\";"); + $eval = "\$GLOBALS['compiled_config'][\$uncompiled] = \"" . $GLOBALS['compiled_config'][$uncompiled] . "\";"; + //* DEBUG: */ print '
' . str_replace('$', '$', htmlentities($eval)) . '
'; + eval($eval); } // END - if // Return compiled code