Improve security Change-Id: Ia98bb629c8c81f609d3a5e4d023616a95f9c4248

commit: 13cf0cd109772eabd750d4d0bf322beb19e3bc12 [log] [tgz]
author: Adrià Vilanova Martínez <me@avm99963.com> Sun Nov 20 01:02:20 2022 +0100
committer: Adrià Vilanova Martínez <me@avm99963.com> Sun Nov 20 01:02:20 2022 +0100
tree: 89af6f70df0612e4b1c1154aa2069f6fb9df13ee
parent: d3394e1accae91a2624805e4b08012483d99341f [diff] [blame]
diff --git a/php/send_thread.php b/php/send_thread.php
index ddeb60a..131627d 100644
--- a/php/send_thread.php
+++ b/php/send_thread.php

@@ -1,15 +1,14 @@
 <?php
   require '../credentials.php';
   require 'utils.php';
+	require_once("security.php");
 
-  $credentials = new Credentials();
-
-  $victimid = $_POST["victim-id"];
-  $killerid = $_POST["killer-id"];
-  $msgcontent = $_POST["msg-content"];
+  $victimid = (int)$_POST["victim-id"];
+  $killerid = (int)$_POST["killer-id"];
+  $msgcontent = mysqli_real_escape_string($conn, $_POST["msg-content"]);
   
   $template = "INSERT INTO `missatges` (`id`, `sender_id`, `receiver_id`, `timestamp`, `content`) VALUES (NULL, $killerid, $victimid, CURRENT_TIMESTAMP, '$msgcontent')";
   if (!query($template)) die("An error ocurred." . $template);
   
-  header("Location: http://pastanagapp2020.mygamesonline.org/main.php");
+  header("Location: /main.php");
 ?>
commit	13cf0cd109772eabd750d4d0bf322beb19e3bc12	[log] [tgz]
author	Adrià Vilanova Martínez <me@avm99963.com>	Sun Nov 20 01:02:20 2022 +0100
committer	Adrià Vilanova Martínez <me@avm99963.com>	Sun Nov 20 01:02:20 2022 +0100
tree	89af6f70df0612e4b1c1154aa2069f6fb9df13ee
parent	d3394e1accae91a2624805e4b08012483d99341f [diff] [blame]