Author Topic: OneForAll wblink (Read 6906 times)

dbs · « **on:** December 16, 2018, 12:48:31 PM »

You have problems with [wblink] in Wysiwyg editor on OneForAll v2.x ?

Since some versions in line 214 there is a mismatch of ' and " in string definition.
// Get page link $link = $database->get_one('SELECT `link` FROM `".TABLE_PREFIX."pages` WHERE `page_id` = '.$page_id.' LIMIT 1');
Please change this line into
// Get page link $sql = 'SELECT `link` FROM `'.TABLE_PREFIX.'pages` ' . 'WHERE `page_id`='.(int) $page_id; $link = $database->get_one($sql);
What has been changed?

fixed the mismatch of the string limiters
prevented a possible SQL injection in the assignment of $page_id
removed the not required LIMIT 1. By design there can be only one single record per ID.

News

Support WebsiteBaker

Author Topic: OneForAll wblink (Read 6906 times)

dbs

OneForAll wblink