AS1024
/
itflow
mirror of https://github.com/itflow-org/itflow
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Sanitize portal session vars against sql/html code

This commit is contained in:
Marcus Hill 2023-01-02 15:17:58 +00:00
parent fcdeee6321
commit 67b306795b
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
portal/check_login.php
View File

@ -36,10 +36,10 @@ $session_company_id = $_SESSION['company_id'];
$contact_sql = mysqli_query($mysqli, "SELECT * FROM contacts WHERE contact_id = '$session_contact_id' AND contact_client_id = '$session_client_id'");
$contact = mysqli_fetch_array($contact_sql);
$session_contact_name = $contact['contact_name'];
$session_contact_name = strip_tags(mysqli_real_escape_string($mysqli,$contact['contact_name']));
$session_contact_initials = initials($session_contact_name);
$session_contact_title = $contact['contact_title'];
$session_contact_email = $contact['contact_email'];
$session_contact_title = strip_tags(mysqli_real_escape_string($mysqli,$contact['contact_title']));
$session_contact_email = strip_tags(mysqli_real_escape_string($mysqli,$contact['contact_email']));
$session_contact_photo = $contact['contact_photo'];
// Get client info