From d370bbc3d3550bb5c6015215c9af48a812e240e9 Mon Sep 17 00:00:00 2001
From: tbrehm <t.brehm@ispconfig.org>
Date: Fri, 08 Jun 2012 05:43:10 -0400
Subject: [PATCH] Implemented: FS#2280 - Extend the tform library to apply filters on form values

---
 interface/lib/classes/form.inc.php |   11 ++++++-----
 1 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/interface/lib/classes/form.inc.php b/interface/lib/classes/form.inc.php
index c45936a..2b2504a 100644
--- a/interface/lib/classes/form.inc.php
+++ b/interface/lib/classes/form.inc.php
@@ -1,6 +1,7 @@
 <?php
+
 /*
-Copyright (c) 2005, Till Brehm, projektfarm Gmbh
+Copyright (c) 2007, Till Brehm, projektfarm Gmbh
 All rights reserved.
 
 Redistribution and use in source and binary forms, with or without modification,
@@ -285,7 +286,7 @@
 	* @return record
 	*/
 	function encode($record) {
-		
+		global $app;
 		$this->errorMessage = '';
 		
 		if(is_array($record)) {
@@ -293,7 +294,7 @@
 				switch ($this->tableDef[$key]['datatype']) {
 				case 'VARCHAR':
 					if(!is_array($val)) {
-						$new_record[$key] = addslashes($val);
+						$new_record[$key] = $app->db->quote($val);
 					} else {
 						$new_record[$key] = implode($this->tableDef[$key]['separator'],$val);
 					}
@@ -308,7 +309,7 @@
 					$new_record[$key] = intval($val);
 				break;
 				case 'DOUBLE':
-					$new_record[$key] = addslashes($val);
+					$new_record[$key] = $app->db->quote($val);
 				break;
 				case 'CURRENCY':
 					$new_record[$key] = str_replace(",",".",$val);
@@ -471,4 +472,4 @@
 	
 }
 
-?>
\ No newline at end of file
+?>

--
Gitblit v1.9.1