Update for drop and upload image files.

If file has a ' in it, it's breaking sql.

diff --git a/models/admin/ajax/imageUpload.php b/models/admin/ajax/imageUpload.php
index 96ec13d..c08c6c1 100644 (file)
--- a/models/admin/ajax/imageUpload.php
+++ b/models/admin/ajax/imageUpload.php
@@ -265,16 +265,15 @@ class GlmMembersAdmin_ajax_imageUpload extends GlmDataImages
                                 )
                             VALUES
                                 (
-                                    '".$file['name']."',
-                                    '".$file['newFileName']."',
+                                    '".addslashes( $file['name'] )."',
+                                    '".addslashes( $file['newFileName'] )."',
                                     '',
-                                    '".addslashes($caption)."',
+                                    '".addslashes( $caption )."',
                                     ".$this->config['status_numb']['Active'].",
-                                        99,
-                                        $refType,
-                                        $refDest
-                                        );
-                                        ";
+                                    99,
+                                    $refType,
+                                    $refDest
+                                )";
                 $this->wpdb->query($sql);
                 $queryError = $this->wpdb->last_error;