WebsiteBaker Community Forum

WebsiteBaker Support (2.12.x) => Modules => Topic started by: dbs on December 16, 2018, 12:48:31 PM

Title: OneForAll wblink
Post by: dbs on December 16, 2018, 12:48:31 PM

You have problems with [wblink] in Wysiwyg editor on OneForAll v2.x ?

Since some versions in line 214 there is a mismatch of ' and " in string definition.
    // Get page link
    $link = $database->get_one('SELECT `link` FROM `".TABLE_PREFIX."pages` WHERE `page_id` = '.$page_id.' LIMIT 1');

Please change this line into
    // Get page link
    $sql = 'SELECT `link` FROM `'.TABLE_PREFIX.'pages` '
         . 'WHERE `page_id`='.(int) $page_id;
    $link = $database->get_one($sql);

What has been changed?

• fixed the mismatch of the string limiters
• prevented a possible SQL injection in the assignment of $page_id
• removed the not required LIMIT 1. By design there can be only one single record per ID.