+2005-05-27 Ognyan Kulev <ogi@fmi.uni-sofia.bg>
+
+ * www/tracker/admin/updates.php: addslashes() before using string
+ in SQL.
+
2005-05-20 Marcelo Mottalli <marcelo@gforgegroup.com>
* Enabled option for sending a message to the administrators when
exit;
}
$size = @filesize($input_file);
- $input_data = fread(fopen($input_file, 'r'), $size);
+ $input_data = addslashes(fread(fopen($input_file, 'r'), $size));
db_query("UPDATE artifact_group_list SET custom_renderer='$input_data' WHERE group_artifact_id='".$ath->getID()."'");
echo db_error();