Congegni
/
libretime
mirror of https://github.com/libretime/libretime.git
7
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

CC-3926: System -> Stream setting: input ' into "Name/Description" will cause PDOException

This commit is contained in:
Martin Konecny 2012-06-03 22:39:42 -04:00
parent 3f481309b8
commit 89c0583849
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
airtime_mvc/application/models/StreamSetting.php
View File

@ -172,7 +172,11 @@ class Application_Model_StreamSetting {
$v = $d['enable'] == 1 ? 'true' : 'false';
}
$v = trim($v);
#escape double single quotes CC-3926
$v = str_replace("'", "''", $v);
$sql = "UPDATE cc_stream_setting SET value='$v' WHERE keyname='$keyname'";
$con->exec($sql);
}
} else {