WebsiteBaker Logo
  • *
  • Templates
  • Help
  • Add-ons
  • Download
  • Home
*
Welcome, Guest. Please login or register.

Login with username, password and session length
 

News

WebsiteBaker 2.13.8 is now available!

R.I.P Dietmar (luisehahne) and thank you for all your valuable work for WB
https://forum.websitebaker.org/index.php/topic,32355.0.html

* Support WebsiteBaker

Your donations will help to:

  • Pay for our dedicated server
  • Pay for domain registration
  • and much more!

You can donate by clicking on the button below.


  • Home
  • Help
  • Search
  • Login
  • Register

  • WebsiteBaker Community Forum »
  • WebsiteBaker Support (2.12.x) »
  • Modules »
  • OneForAll wblink
  • Print
Pages: [1]   Go Down

Author Topic: OneForAll wblink  (Read 8407 times)

Offline dbs

  • Betatester
  • **
  • Posts: 8920
  • Gender: Male
  • tioz4ever
    • WebsiteBaker - jQuery-Plugins - Module - Droplets - Tests
OneForAll wblink
« on: December 16, 2018, 12:48:31 PM »
You have problems with [wblink] in Wysiwyg editor on OneForAll v2.x ?

Since some versions in line 214 there is a mismatch of ' and " in string definition.
    // Get page link
    $link = $database->get_one('SELECT `link` FROM `".TABLE_PREFIX."pages` WHERE `page_id` = '.$page_id.' LIMIT 1');

Please change this line into
    // Get page link
    $sql = 'SELECT `link` FROM `'.TABLE_PREFIX.'pages` '
         . 'WHERE `page_id`='.(int) $page_id;
    $link = $database->get_one($sql);

What has been changed?
  • fixed the mismatch of the string limiters
  • prevented a possible SQL injection in the assignment of $page_id
  • removed the not required LIMIT 1. By design there can be only one single record per ID.
Logged
https://onkel-franky.de
  • Print
Pages: [1]   Go Up
  • WebsiteBaker Community Forum »
  • WebsiteBaker Support (2.12.x) »
  • Modules »
  • OneForAll wblink
 

  • SMF 2.0.19 | SMF © 2017, Simple Machines
  • XHTML
  • RSS
  • WAP2