Mirror/Gazelle
1
0
Fork 0
mirror of https://github.com/WhatCD/Gazelle.git synced 2025-02-26 07:09:02 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

SQL injection possible

Browse Source 
SQL injections were possible
This commit is contained in:
TeamRocketYolo 2015-04-01 01:04:21 +02:00
parent beb0c8362e
commit d8cee3c173
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
sections/api/index.php
View File

@ -32,7 +32,7 @@
$DB->query(" $DB->query("
SELECT Token, Name SELECT Token, Name
FROM api_applications FROM api_applications
WHERE ID = '$AppID' WHERE ID = '"+db_string($AppID)+"'
LIMIT 1"); LIMIT 1");
$App = $DB->to_array(false, MYSQLI_ASSOC); $App = $DB->to_array(false, MYSQLI_ASSOC);
$Cache->cache_value("api_apps_$AppID", $App, 0); $Cache->cache_value("api_apps_$AppID", $App, 0);
@ -54,7 +54,7 @@
$DB->query(" $DB->query("
SELECT AppID, Token, State, Time, Access SELECT AppID, Token, State, Time, Access
FROM api_users FROM api_users
WHERE UserID = '$UserID' WHERE UserID = '"+db_string($UserID)+"'
LIMIT 1"); //int, no db_string LIMIT 1"); //int, no db_string
$User = $DB->to_array('AppID', MYSQLI_ASSOC); $User = $DB->to_array('AppID', MYSQLI_ASSOC);
$Cache->cache_value("api_users_$UserID", $User, 0); $Cache->cache_value("api_users_$UserID", $User, 0);