Bravo List
Go Back   > Bravo List > Source Code > Archived Trackers > Torrent Trader
Old 10th November 2019, 08:00
BamBam0077's Avatar
BamBam0077 BamBam0077 is offline
Join Date: Jul 2013
Posts: 311
Default MailBox SQL injection updates
PHP Code:
if (isset($_GET['inbox']))
$pagename T_("INBOX");
$tablefmt " ,Sender,Subject,Date";
$where "`receiver` = $CURUSER[id] AND `location` IN ('in','both')";
$type "Mail";
elseif (isset(
$pagename "Outbox";
$tablefmt " ,Sent_to,Subject,Date";
$where "`sender` = $CURUSER[id] AND `location` IN ('out','both')";
$type "Mail";
elseif (isset(
$pagename "Draft";
$tablefmt " ,Sent_to,Subject,Date";
$where "`sender` = $CURUSER[id] AND `location` = 'draft'";
$type "Mail";
elseif (isset(
$pagename "Templates";
$tablefmt " ,Subject,Date";
$where "`sender` = $CURUSER[id] AND `location` = 'template'";
$type "Mail";
$pagename "Mail Overview";
$type "Overview";

Need to sqlesc($CURUSER[$id]) to secure I am just venting
Reply With Quote

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

All times are GMT +2. The time now is 11:00. vBulletin skin by ForumMonkeys. Powered by vBulletin® Version 3.8.11 Beta 3
Copyright ©2000 - 2019, vBulletin Solutions Inc.