vanzhiganov/clipbucket
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Mysql Injection added to rating method

Browse source
This commit is contained in:
Saqib Razzaq 2016-07-29 15:23:32 +05:00
parent 519630db05
commit c20ce7dde9
1 changed files with 9 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

18
upload/ajax.php
View file

@ -188,9 +188,9 @@ if(!empty($mode))
{
case "video":
{
$rating = $_POST['rating']*2;
$id = $_POST['id'];
$result = $cbvid->rate_video($id,$rating);
$rating = mysql_clean($_POST['rating'])*2;
$id = mysql_clean($_POST['id']);
$result = $cbvid->rate_video($id,$rating);
$result['is_rating'] = true;
$cbvid->show_video_rating($result);
@ -205,8 +205,8 @@ if(!empty($mode))
case "photo":
{
$rating = $_POST['rating']*2;
$id = $_POST['id'];
$rating = mysql_clean($_POST['rating'])*2;
$id = mysql_clean($_POST['id']);
$result = $cbphoto->rate_photo($id,$rating);
$result['is_rating'] = true;
$cbvid->show_video_rating($result);
@ -221,8 +221,8 @@ if(!empty($mode))
break;
case "collection":
{
$rating = $_POST['rating']*2;
$id = $_POST['id'];
$rating = mysql_clean($_POST['rating'])*2;
$id = mysql_clean($_POST['id']);
$result = $cbcollection->rate_collection($id,$rating);
$result['is_rating'] = true;
$cbvid->show_video_rating($result);
@ -238,8 +238,8 @@ if(!empty($mode))
case "user":
{
$rating = $_POST['rating']*2;
$id = $_POST['id'];
$rating = mysql_clean($_POST['rating'])*2;
$id = mysql_clean($_POST['id']);
$result = $userquery->rate_user($id,$rating);
$result['is_rating'] = true;
$cbvid->show_video_rating($result);