diff --git a/upload/uc_client/model/pm.php b/upload/uc_client/model/pm.php index 96d4e09..8964ee3 100644 --- a/upload/uc_client/model/pm.php +++ b/upload/uc_client/model/pm.php @@ -225,7 +225,8 @@ class pmmodel { } else { $subject = dhtmlspecialchars($subject); } - $lastsummary = $this->removecode(trim(stripslashes($message)), 150); + $lastsummary = addslashes($this->removecode(trim(stripslashes($message)), 150)); + $subject = addslashes($subject); if(!$type) { $query = $this->db->query("SELECT plid, min_max FROM ".UC_DBTABLEPRE."pm_lists WHERE min_max IN (".$this->base->implode($relationship).")"); @@ -326,7 +327,7 @@ class pmmodel { if($_CACHE['badwords']['findpattern']) { $message = @preg_replace($_CACHE['badwords']['findpattern'], $_CACHE['badwords']['replace'], $message); } - $lastsummary = $this->removecode(trim(stripslashes($message)), 150); + $lastsummary = addslashes($this->removecode(trim(stripslashes($message)), 150)); $this->db->query("INSERT INTO ".UC_DBTABLEPRE."pm_indexes(plid) VALUES('$plid')"); $pmid = $this->db->insert_id(); diff --git a/upload/uc_server/model/pm.php b/upload/uc_server/model/pm.php index e29c384..e2e94e2 100644 --- a/upload/uc_server/model/pm.php +++ b/upload/uc_server/model/pm.php @@ -225,7 +225,8 @@ class pmmodel { } else { $subject = dhtmlspecialchars($subject); } - $lastsummary = $this->removecode(trim(stripslashes($message)), 150); + $lastsummary = addslashes($this->removecode(trim(stripslashes($message)), 150)); + $subject = addslashes($subject); if(!$type) { $query = $this->db->query("SELECT plid, min_max FROM ".UC_DBTABLEPRE."pm_lists WHERE min_max IN (".$this->base->implode($relationship).")"); @@ -326,7 +327,7 @@ class pmmodel { if($_CACHE['badwords']['findpattern']) { $message = @preg_replace($_CACHE['badwords']['findpattern'], $_CACHE['badwords']['replace'], $message); } - $lastsummary = $this->removecode(trim(stripslashes($message)), 150); + $lastsummary = addslashes($this->removecode(trim(stripslashes($message)), 150)); $this->db->query("INSERT INTO ".UC_DBTABLEPRE."pm_indexes(plid) VALUES('$plid')"); $pmid = $this->db->insert_id();