WordPress.org

Support

Support » Plugins and Hacks » [Plugin: ProPlayer] SQL inyection

[Plugin: ProPlayer] SQL inyection

Viewing 2 replies - 1 through 2 (of 2 total)
  • I reported it to its author but no response was received.
    You can fix it by editing playlist-controller.php at line 164, replacing:

    $xml = $playlistController->getPlaylist($_GET["pp_playlist_id"]);

    with

    $xml = $playlistController->getPlaylist(mysql_real_escape_string($_GET["pp_playlist_id"]));

    Hope it helps you.

    If what you get is a number, is not this better?:
    $xml = $playlistController->getPlaylist(abs((int) $_GET["pp_playlist_id"]));

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘[Plugin: ProPlayer] SQL inyection’ is closed to new replies.