From 9d7cb1b6114f3a26d254bdd20ef645d97a18a87f Mon Sep 17 00:00:00 2001
From: Justin Mitchell <arthur@sucs.org>
Date: Fri, 30 Jan 2015 15:23:35 +0000
Subject: [PATCH] Don't call addslashes() on query parameters, you corrupt the
 content

---
 components/susignup-admin.php | 4 ++--
 components/susignup.php       | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/components/susignup-admin.php b/components/susignup-admin.php
index 7dc2b30..c0694f9 100644
--- a/components/susignup-admin.php
+++ b/components/susignup-admin.php
@@ -84,7 +84,7 @@ if (isset($session->groups[$permission])) {
 								} else {
 									$pass = make_password();
 									$query = "INSERT INTO signup (password,sid,issuedby) VALUES ( ?, ?, ?) RETURNING id";
-									$attribs[]=addslashes($pass);
+									$attribs[]=$pass;
 									$attribs[]=$sid[0];
 									$attribs[]='99999'; //SUCS Magic internal use UID
 
@@ -106,7 +106,7 @@ if (isset($session->groups[$permission])) {
 								if (empty($id)) {
 									$pass = make_password();
 									$query = "INSERT INTO signup (password,sid,issuedby) VALUES ( ?, ?, ?) RETURNING id";
-									$attribs[]=addslashes($pass);
+									$attribs[]=$pass;
 									$attribs[]=$sid[0];
 									$attribs[]='99999'; //SUCS Magic internal use UID
 
diff --git a/components/susignup.php b/components/susignup.php
index 942a34d..c7eb1a4 100755
--- a/components/susignup.php
+++ b/components/susignup.php
@@ -210,7 +210,7 @@ if(!empty($_REQUEST['sid'])&&!empty($_REQUEST['transactionID'])){
 						unset($query);
 						$query = "insert into signup (password,sid,issuedby) values( ?, ?, ?) returning id";
 						unset($attribs);
-						$attribs[]=addslashes($pass);
+						$attribs[]=$pass;
 						$attribs[]=$array['cardNumber'];
 						$attribs[]='99999';
 					
-- 
GitLab