Skip to content

Commit

Permalink
Fix a possible SQL injection
Browse files Browse the repository at this point in the history
  • Loading branch information
@lairdshaw
lairdshaw committed Feb 16, 2021
1 parent 4dd3308 commit e8daa4f
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion upload/inc/plugins/isango.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -277,7 +277,7 @@ function isango_bridge()

if ($mybb->user['uid'] && $mybb->settings['isango_single_connection']) { // UCP Connection add request. Validate
global $db, $lang;
if ($db->fetch_field($db->simple_select("isango", "COUNT(cid) AS conn", "gateway='" . $gateway . "' AND uid='" . $mybb->user['uid'] . "'"), "conn")) {
if ($db->fetch_field($db->simple_select("isango", "COUNT(cid) AS conn", "gateway='" . $db->escape_string($gateway) . "' AND uid='" . $mybb->user['uid'] . "'"), "conn")) {
error($lang->sprintf($lang->isango_single_connection_error, ucwords($gateway)));
}
}
Expand Down

0 comments on commit e8daa4f

Please sign in to comment.