From 4c2c363036bbf1093cd0f732a23a05795e16aa06 Mon Sep 17 00:00:00 2001
From: bmarlon <bmarlon@ispconfig3>
Date: Thu, 28 Apr 2011 06:03:16 -0400
Subject: [PATCH] * Changed "aptitude upgrade -y" to "aptitude safe-upgrade -y" since upgrade is deprecated. + Added DNS-import, not finished. Needs language-variables and better way to parse SOA-record and possibly some cleaning.

---
 interface/lib/classes/form.inc.php |    7 ++++---
 1 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/interface/lib/classes/form.inc.php b/interface/lib/classes/form.inc.php
index c45936a..99f6cfb 100644
--- a/interface/lib/classes/form.inc.php
+++ b/interface/lib/classes/form.inc.php
@@ -1,6 +1,7 @@
 <?php
+
 /*
-Copyright (c) 2005, Till Brehm, projektfarm Gmbh
+Copyright (c) 2007, Till Brehm, projektfarm Gmbh
 All rights reserved.
 
 Redistribution and use in source and binary forms, with or without modification,
@@ -293,7 +294,7 @@
 				switch ($this->tableDef[$key]['datatype']) {
 				case 'VARCHAR':
 					if(!is_array($val)) {
-						$new_record[$key] = addslashes($val);
+						$new_record[$key] = mysql_real_escape_string($val);
 					} else {
 						$new_record[$key] = implode($this->tableDef[$key]['separator'],$val);
 					}
@@ -308,7 +309,7 @@
 					$new_record[$key] = intval($val);
 				break;
 				case 'DOUBLE':
-					$new_record[$key] = addslashes($val);
+					$new_record[$key] = mysql_real_escape_string($val);
 				break;
 				case 'CURRENCY':
 					$new_record[$key] = str_replace(",",".",$val);

--
Gitblit v1.9.1