projects / acontent.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
4811: Multiple vulnerabilities fixed as listed on the tracker.
[acontent.git] / docs / include / classes / DAO / UsersDAO.class.php
diff --git a/docs/include/classes/DAO/UsersDAO.class.php b/docs/include/classes/DAO/UsersDAO.class.php
index f646ec0..b159ee6 100644 (file)
--- a/docs/include/classes/DAO/UsersDAO.class.php
+++ b/docs/include/classes/DAO/UsersDAO.class.php
@@ -252,8 +252,8 @@ class UsersDAO extends DAO {
                }
                                                
                $sql = "UPDATE ".TABLE_PREFIX."users 
-                          SET ".$fieldName."='".$addslashes($fieldValue)."'
-                        WHERE user_id = ".$userID;
+                          SET ".$addslashes($fieldName)."='".$addslashes($fieldValue)."'
+                        WHERE user_id = ".intval($userID);
                
                return $this->execute($sql);
        }
AContent learning content authoring system