From 2cb1563f63386b35a69e460051aa9b4a2851d104 Mon Sep 17 00:00:00 2001
From: ftimme <ft@falkotimme.com>
Date: Wed, 30 May 2012 07:30:44 -0400
Subject: [PATCH] - Added (clickable) placeholders to client messaging function. - Added check so that the client password isn't inserted into the message (for security reasons).

---
 interface/lib/classes/form.inc.php |    8 ++++----
 1 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/interface/lib/classes/form.inc.php b/interface/lib/classes/form.inc.php
index 99f6cfb..2b2504a 100644
--- a/interface/lib/classes/form.inc.php
+++ b/interface/lib/classes/form.inc.php
@@ -286,7 +286,7 @@
 	* @return record
 	*/
 	function encode($record) {
-		
+		global $app;
 		$this->errorMessage = '';
 		
 		if(is_array($record)) {
@@ -294,7 +294,7 @@
 				switch ($this->tableDef[$key]['datatype']) {
 				case 'VARCHAR':
 					if(!is_array($val)) {
-						$new_record[$key] = mysql_real_escape_string($val);
+						$new_record[$key] = $app->db->quote($val);
 					} else {
 						$new_record[$key] = implode($this->tableDef[$key]['separator'],$val);
 					}
@@ -309,7 +309,7 @@
 					$new_record[$key] = intval($val);
 				break;
 				case 'DOUBLE':
-					$new_record[$key] = mysql_real_escape_string($val);
+					$new_record[$key] = $app->db->quote($val);
 				break;
 				case 'CURRENCY':
 					$new_record[$key] = str_replace(",",".",$val);
@@ -472,4 +472,4 @@
 	
 }
 
-?>
\ No newline at end of file
+?>

--
Gitblit v1.9.1