fix:fix the Stored XSS
parent
e8a181d795
commit
308df1617c
|
@ -681,11 +681,11 @@ if (!empty($_GET["updatevisibility"])) {
|
||||||
|
|
||||||
if (!empty($_GET["remarking"])) {
|
if (!empty($_GET["remarking"])) {
|
||||||
|
|
||||||
$id = mysqli_real_escape_string($con, $_GET["id"]);
|
$id = htmlspecialchars(mysqli_real_escape_string($con, $_GET["id"]));
|
||||||
$url = mysqli_real_escape_string($con, $_GET["url"]);
|
$url = htmlspecialchars(mysqli_real_escape_string($con, $_GET["url"]));
|
||||||
|
|
||||||
$status = mysqli_real_escape_string($con, $_GET["status"]);
|
$status = htmlspecialchars(mysqli_real_escape_string($con, $_GET["status"]));
|
||||||
$details = mysqli_real_escape_string($con, $_GET["details"]);
|
$details = htmlspecialchars(mysqli_real_escape_string($con, $_GET["details"]));
|
||||||
|
|
||||||
$sql = "UPDATE `lab_report_submissions` SET `Status`='Remarking',Remarking_Reason='$details' WHERE Submission_ID='$id'
|
$sql = "UPDATE `lab_report_submissions` SET `Status`='Remarking',Remarking_Reason='$details' WHERE Submission_ID='$id'
|
||||||
";
|
";
|
||||||
|
|
Loading…
Reference in New Issue