From: Steve Sutton <steve@gaslightmedia.com>
Date: Wed, 29 Aug 2018 14:13:53 +0000 (-0400)
Subject: Update for drop and upload image files.
X-Git-Tag: v2.10.38^2~3
X-Git-Url: http://cvs2.gaslightmedia.com/gitweb/?a=commitdiff_plain;h=9499f57c1eef8bb1c8f35d6cdc9b243fa9884bcb;p=WP-Plugins%2Fglm-member-db.git

Update for drop and upload image files.

If file has a ' in it, it's breaking sql.
---

diff --git a/models/admin/ajax/imageUpload.php b/models/admin/ajax/imageUpload.php
index 96ec13db..c08c6c11 100644
--- a/models/admin/ajax/imageUpload.php
+++ b/models/admin/ajax/imageUpload.php
@@ -265,16 +265,15 @@ class GlmMembersAdmin_ajax_imageUpload extends GlmDataImages
                                 )
                             VALUES
                                 (
-                                    '".$file['name']."',
-                                    '".$file['newFileName']."',
+                                    '".addslashes( $file['name'] )."',
+                                    '".addslashes( $file['newFileName'] )."',
                                     '',
-                                    '".addslashes($caption)."',
+                                    '".addslashes( $caption )."',
                                     ".$this->config['status_numb']['Active'].",
-                                        99,
-                                        $refType,
-                                        $refDest
-                                        );
-                                        ";
+                                    99,
+                                    $refType,
+                                    $refDest
+                                )";
                 $this->wpdb->query($sql);
                 $queryError = $this->wpdb->last_error;