WebsiteBaker Support (2.12.x) > Modules

OneForAll wblink

(1/1)

dbs:
You have problems with [wblink] in Wysiwyg editor on OneForAll v2.x ?

Since some versions in line 214 there is a mismatch of ' and " in string definition.
    // Get page link
    $link = $database->get_one('SELECT `link` FROM `".TABLE_PREFIX."pages` WHERE `page_id` = '.$page_id.' LIMIT 1');

Please change this line into
    // Get page link
    $sql = 'SELECT `link` FROM `'.TABLE_PREFIX.'pages` '
         . 'WHERE `page_id`='.(int) $page_id;
    $link = $database->get_one($sql);

What has been changed?

* fixed the mismatch of the string limiters
* prevented a possible SQL injection in the assignment of $page_id
* removed the not required LIMIT 1. By design there can be only one single record per ID.

Navigation

[0] Message Index