From bda0046770e915dbbbf52ab9db1dcb7ac94f0e05 Mon Sep 17 00:00:00 2001
From: Laury GvR <laury@gaslightmedia.com>
Date: Thu, 25 Feb 2016 13:58:02 -0500
Subject: [PATCH] Hidden submit field, fix for the sql statement

---
 models/admin/member/social.php | 4 ++--
 setup/adminTabs.php            | 2 +-
 views/admin/member/social.html | 3 ++-
 3 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/models/admin/member/social.php b/models/admin/member/social.php
index eb712d7..ef9be9f 100644
--- a/models/admin/member/social.php
+++ b/models/admin/member/social.php
@@ -183,7 +183,7 @@ class GlmMembersAdmin_member_social extends GlmDataSocial
         
         // If there's an action option
         if (isset($_REQUEST['option'])) {
-            $option = trim($_REQUEST['option']);
+            $option = trim(filter_var($_REQUEST['option'],FILTER_SANITIZE_STRING));
         }
         
         $socialData = $this->editEntry($memberID);
@@ -242,7 +242,7 @@ class GlmMembersAdmin_member_social extends GlmDataSocial
                 // Also update all member info records with any possible name change
                 $sql = "
                     UPDATE ".GLM_MEMBERS_SOCIAL_PLUGIN_DB_PREFIX."socialURL
-                       SET facebook_url = www.testval.com
+                       SET facebook_url = 'www.testval.com'
                      WHERE member_id = 1
                 ;";
 //                $sql = "
diff --git a/setup/adminTabs.php b/setup/adminTabs.php
index dd5514e..cfa1ca1 100644
--- a/setup/adminTabs.php
+++ b/setup/adminTabs.php
@@ -58,4 +58,4 @@ add_filter('glm-member-db-add-tab-for-member',
         $addOnTabs = array_merge($addOnTabs, $newTabs);
         return $addOnTabs;
     }
-);
\ No newline at end of file
+);
diff --git a/views/admin/member/social.html b/views/admin/member/social.html
index 27ee18e..df3628d 100644
--- a/views/admin/member/social.html
+++ b/views/admin/member/social.html
@@ -9,7 +9,8 @@
         <p>{$displayData}</p>
         <a href="{$thisURL}?page={$thisPage}&glm_action=more">Click me to see more!</a>
         <form action="{$thisURL}?page={$thisPage}" method="post" enctype="multipart/form-data">
-            <input type="submit" class="button glm-button submit" value="{if $memberInfoID && $memberInfo}Update member information{else}Add new member information{/if}">
+            <input type="submit" class="button glm-button submit" value="submit">
+            <input type="hidden" name="option" value="submit">
             <div class="button glm-button right">Update</div>
             <table class="glm-admin-table">
             {foreach from=$socialArray key=k item=socialItem}
-- 
2.17.1