Commit c5da43fa authored by Steven Wittens's avatar Steven Wittens
Browse files

- Fixed missing filtering

parent 1ff4da96
...@@ -136,7 +136,7 @@ function poll_insert($node) { ...@@ -136,7 +136,7 @@ function poll_insert($node) {
$node->active = 1; $node->active = 1;
} }
db_query("INSERT INTO poll (nid, runtime, voters, active) VALUES ('$node->nid', '$node->runtime', '', '$node->active')"); db_query("INSERT INTO poll (nid, runtime, voters, active) VALUES ('". check_input($node->nid) ."', '". check_input($node->runtime) ."', '', '". check_input($node->active) ."')");
for ($i = 0; $i < $node->choices; $i++) { for ($i = 0; $i < $node->choices; $i++) {
$choice->chtext = filter($node->choice[$i]); $choice->chtext = filter($node->choice[$i]);
...@@ -144,7 +144,7 @@ function poll_insert($node) { ...@@ -144,7 +144,7 @@ function poll_insert($node) {
$choice->chorder = $i; $choice->chorder = $i;
if ($choice->chtext != "") { if ($choice->chtext != "") {
db_query("INSERT INTO poll_choices (nid, chtext, chvotes, chorder) VALUES ('$node->nid', '$choice->chtext', '$choice->chvotes', '$choice->chorder')"); db_query("INSERT INTO poll_choices (nid, chtext, chvotes, chorder) VALUES ('". check_input($node->nid) ."', '". check_input($choice->chtext) ."', '". check_input($choice->chvotes) ."', '". check_input($choice->chorder) ."')");
} }
} }
} }
...@@ -404,7 +404,7 @@ function poll_update($node) { ...@@ -404,7 +404,7 @@ function poll_update($node) {
$choice->chorder = $i; $choice->chorder = $i;
if ($choice->chtext != "") { if ($choice->chtext != "") {
db_query("INSERT INTO poll_choices (nid, chtext, chvotes, chorder) VALUES ('$node->nid', '$choice->chtext', '$choice->chvotes', '$choice->chorder')"); db_query("INSERT INTO poll_choices (nid, chtext, chvotes, chorder) VALUES ('". check_input($node->nid) ."', '". check_input($choice->chtext) ."', '". check_input($choice->chvotes) ."', '". check_input($choice->chorder) ."')");
} }
} }
} }
......
...@@ -136,7 +136,7 @@ function poll_insert($node) { ...@@ -136,7 +136,7 @@ function poll_insert($node) {
$node->active = 1; $node->active = 1;
} }
db_query("INSERT INTO poll (nid, runtime, voters, active) VALUES ('$node->nid', '$node->runtime', '', '$node->active')"); db_query("INSERT INTO poll (nid, runtime, voters, active) VALUES ('". check_input($node->nid) ."', '". check_input($node->runtime) ."', '', '". check_input($node->active) ."')");
for ($i = 0; $i < $node->choices; $i++) { for ($i = 0; $i < $node->choices; $i++) {
$choice->chtext = filter($node->choice[$i]); $choice->chtext = filter($node->choice[$i]);
...@@ -144,7 +144,7 @@ function poll_insert($node) { ...@@ -144,7 +144,7 @@ function poll_insert($node) {
$choice->chorder = $i; $choice->chorder = $i;
if ($choice->chtext != "") { if ($choice->chtext != "") {
db_query("INSERT INTO poll_choices (nid, chtext, chvotes, chorder) VALUES ('$node->nid', '$choice->chtext', '$choice->chvotes', '$choice->chorder')"); db_query("INSERT INTO poll_choices (nid, chtext, chvotes, chorder) VALUES ('". check_input($node->nid) ."', '". check_input($choice->chtext) ."', '". check_input($choice->chvotes) ."', '". check_input($choice->chorder) ."')");
} }
} }
} }
...@@ -404,7 +404,7 @@ function poll_update($node) { ...@@ -404,7 +404,7 @@ function poll_update($node) {
$choice->chorder = $i; $choice->chorder = $i;
if ($choice->chtext != "") { if ($choice->chtext != "") {
db_query("INSERT INTO poll_choices (nid, chtext, chvotes, chorder) VALUES ('$node->nid', '$choice->chtext', '$choice->chvotes', '$choice->chorder')"); db_query("INSERT INTO poll_choices (nid, chtext, chvotes, chorder) VALUES ('". check_input($node->nid) ."', '". check_input($choice->chtext) ."', '". check_input($choice->chvotes) ."', '". check_input($choice->chorder) ."')");
} }
} }
} }
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment