Tady je kód celý, který funguje:
//Kvetos, 06.12.2021 - news/Internet.tpl.php ve footer.
if (file_exists(INFUSIONS.'news/templates/locale/'.LANGUAGE.'.php')) {
$locale = fusion_get_locale('', INFUSIONS.'news/templates/locale/'.LANGUAGE.'.php');
} else {
$locale = fusion_get_locale('', INFUSIONS.'news/templates/locale/Czech.php/');
}
echo '<div class="well text-center m-t-10 m-b-0">';
openside($locale['internet_01']);
$result = dbquery("SELECT * FROM ".DB_NEWS."
WHERE news_id='".stripinput($_GET['readmore'])."'
AND news_draft='0' LIMIT 5");
$data = dbarray($result);
$related_news = dbquery("SELECT * FROM ".DB_NEWS."
WHERE ".groupaccess('news_visibility')."
AND (news_start='0'||news_start<=".time().")
AND (news_end='0'||news_end>=".time().")
AND news_draft='0'
AND news_cat='".stripinput($data['news_cat'])."'
AND news_id !='".stripinput($_GET['readmore'])."'
ORDER BY RAND()
DESC LIMIT 0,6");
echo"<div style='margin-left:auto; margin-right:auto;' class='tbl-border'>";
if (dbrows($related_news)) {
$i = 0;
while ($related_news_data = dbarray($related_news)) {
$row_color = ($i % 2 == 0 ? "tbl1" : "tbl2");
$subject = trimlink(strip_tags(parseubb($related_news_data['news_subject'])), 35);
echo "<div class='$row_color'><a href='".INFUSIONS."/news/news.php?readmore=".$related_news_data['news_id']."'>".$subject."</a><div style='float: left; padding-right: 10px;'>".showdate("%d.%m.%Y %H:%M", $related_news_data['news_datestamp'])."</div>\n</div>\n";
$i++;
}
}else{
echo"<div style='text-align: center;'>Není žádný související článek Internet!</div>\n";
}
echo"</div>\n";
closeside();
Otázka:
Na první pohled, je ten kód nebezpečný.
Je dostačující použití stripinput nebo bych měl kromě toho použít metodu add_slashes?
Díky pouze za ANO - NE.