From 9499f57c1eef8bb1c8f35d6cdc9b243fa9884bcb Mon Sep 17 00:00:00 2001 From: Steve Sutton Date: Wed, 29 Aug 2018 10:13:53 -0400 Subject: [PATCH] Update for drop and upload image files. If file has a ' in it, it's breaking sql. --- models/admin/ajax/imageUpload.php | 15 +++++++-------- 1 file changed, 7 insertions(+), 8 deletions(-) diff --git a/models/admin/ajax/imageUpload.php b/models/admin/ajax/imageUpload.php index 96ec13db..c08c6c11 100644 --- a/models/admin/ajax/imageUpload.php +++ b/models/admin/ajax/imageUpload.php @@ -265,16 +265,15 @@ class GlmMembersAdmin_ajax_imageUpload extends GlmDataImages ) VALUES ( - '".$file['name']."', - '".$file['newFileName']."', + '".addslashes( $file['name'] )."', + '".addslashes( $file['newFileName'] )."', '', - '".addslashes($caption)."', + '".addslashes( $caption )."', ".$this->config['status_numb']['Active'].", - 99, - $refType, - $refDest - ); - "; + 99, + $refType, + $refDest + )"; $this->wpdb->query($sql); $queryError = $this->wpdb->last_error; -- 2.17.1