Uploaded image for project: 'phpBB'
  1. phpBB
  2. PHPBB-3912

sql query in style.php

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Fixed
    • 3.0.0
    • 3.0.B5
    • Styles
    • None
    • PHP Environment:
      Database:

      In style.php file instead of using constants $table_prefix variable is used.
      line #70 

      $sql = "SELECT s.session_id, u.user_lang    FROM {$table_prefix}sessions s, {$table_prefix}users u    WHERE s.session_id = '" . $db->sql_escape($sid) . "'        AND s.session_user_id = u.user_id";

      and line #80 

      $sql = "SELECT s.style_id, c.theme_data, c.theme_path, c.theme_name, c.theme_mtime, i.*, t.template_path    FROM {$table_prefix}styles s, {$table_prefix}styles_template t, {$table_prefix}styles_theme c, {$table_prefix}styles_imageset i    WHERE s.style_id = $id        AND t.template_id = s.template_id        AND c.theme_id = s.theme_id        AND i.imageset_id = s.imageset_id";

            Acyd Burn Meik Sievertsen [X] (Inactive)
            prakash_ultimate prakash_ultimate
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

              Created:
              Updated:
              Resolved: