oqapi/webgui
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fix: Security bug in session env

Browse source
This commit is contained in:
JT Smith 2006-07-11 20:32:46 +00:00
parent 63b22dc502
commit a440cb5f41
10 changed files with 30 additions and 16 deletions
Download patch file Download diff file Expand all files Collapse all files

2
lib/WebGUI/Asset/Post/Thread.pm
View file

@ -553,7 +553,7 @@ sub rate {
return undef unless ($rating == -1 || $rating == 1);
unless ($self->hasRated) {
$self->session->db->write("insert into Post_rating (assetId,userId,ipAddress,dateOfRating,rating) values ("
.$self->session->db->quote($self->getId).", ".$self->session->db->quote($self->session->user->userId).", ".$self->session->db->quote($self->session->env->get("REMOTE_ADDR")).",
.$self->session->db->quote($self->getId).", ".$self->session->db->quote($self->session->user->userId).", ".$self->session->db->quote($self->session->env->getIp).",
".$self->session->datetime->time().", ".$self->session->db->quote($rating).")");
my ($sum) = $self->session->db->quickArray("select sum(Post.rating) from Post left join asset on Post.assetId=asset.assetId where Post.threadId=".$self->session->db->quote($self->getId)." and Post.rating>0");
$self->update({rating=>$sum});