Author Topic: OneForAll wblink  (Read 283 times)

Offline dbs

  • Betatester
  • **
  • Posts: 8012
  • Gender: Male
  • tioz4ever
    • WebsiteBaker - jQuery-Plugins - Module - Droplets - Tests
OneForAll wblink
« on: December 16, 2018, 12:48:31 PM »
You have problems with [wblink] in Wysiwyg editor on OneForAll v2.x ?

Since some versions in line 214 there is a mismatch of ' and " in string definition.
    // Get page link
    
$link $database->get_one('SELECT `link` FROM `".TABLE_PREFIX."pages` WHERE `page_id` = '.$page_id.' LIMIT 1');

Please change this line into
    // Get page link
    
$sql 'SELECT `link` FROM `'.TABLE_PREFIX.'pages` '
         
'WHERE `page_id`='.(int) $page_id;
    
$link $database->get_one($sql);

What has been changed?
  • fixed the mismatch of the string limiters
  • prevented a possible SQL injection in the assignment of $page_id
  • removed the not required LIMIT 1. By design there can be only one single record per ID.