MyHyvesBookPlus/WebDB
1
0
Fork 0
Code Issues 2 Pull Requests Projects Releases Wiki Activity

fixed crosssitescripting on settings pagw

Browse Source
This commit is contained in:
Marijn Jansen
2017-01-20 15:41:13 +01:00
parent b1e01699eb
commit 587d0e6ac3
2 changed files with 4 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
website/queries/settings.php
View File

@@ -87,11 +87,11 @@ function updateSettings() {
`userID` = :userID
");
$stmt->bindParam(":fname", $_POST["fname"]);
$stmt->bindParam(":lname", $_POST["lname"]);
$stmt->bindParam(":location", $_POST["location"]);
$stmt->bindParam(":fname", test_input($_POST["fname"]));
$stmt->bindParam(":lname", test_input($_POST["lname"]));
$stmt->bindParam(":location", test_input($_POST["location"]));
$stmt->bindParam(":bday", $_POST["bday"]);
$stmt->bindParam(":bio", $_POST["bio"]);
$stmt->bindParam(":bio", test_input($_POST["bio"]));
$stmt->bindParam(":userID", $_SESSION["userID"]);
$stmt->execute();

1
website/views/settings-view.php
View File

@@ -1,6 +1,5 @@
<?php
$settings = getSettings();
//phpinfo();
?>
<div class="content">