mirror of
https://github.com/itflow-org/itflow
synced 2026-03-10 15:54:51 +00:00
Escape server http host/uri submitted to database during setup
This commit is contained in:
Marcus Hill
@@ -923,7 +923,7 @@ if(isset($_POST['add_company_settings'])){
|
|||||||
mysqli_query($mysqli,"INSERT INTO companies SET company_name = '$name', company_address = '$address', company_city = '$city', company_state = '$state', company_zip = '$zip', company_country = '$country', company_phone = '$phone', company_email = '$email', company_website = '$website', company_locale = '$locale', company_currency = '$currency_code', company_created_at = NOW()");
|
mysqli_query($mysqli,"INSERT INTO companies SET company_name = '$name', company_address = '$address', company_city = '$city', company_state = '$state', company_zip = '$zip', company_country = '$country', company_phone = '$phone', company_email = '$email', company_website = '$website', company_locale = '$locale', company_currency = '$currency_code', company_created_at = NOW()");
|
||||||
|
|
||||||
$company_id = mysqli_insert_id($mysqli);
|
$company_id = mysqli_insert_id($mysqli);
|
||||||
$config_base_url = $_SERVER['HTTP_HOST'] . dirname($_SERVER['REQUEST_URI']);
|
$config_base_url = mysqli_real_escape_string($mysqli,$_SERVER['HTTP_HOST'] . dirname($_SERVER['REQUEST_URI']));
|
||||||
|
|
||||||
mkdir_missing("uploads/clients/$company_id");
|
mkdir_missing("uploads/clients/$company_id");
|
||||||
file_put_contents("uploads/clients/$company_id/index.php", "");
|
file_put_contents("uploads/clients/$company_id/index.php", "");
|
||||||
|
|||||||
Reference in New Issue
Block a user