I've looked over your code and your template variables aren't uppercase which they should be. However most importantly your SQL statements are vulnerable because you're not using the
Here is one example in event/main_listener.php:
It really should be:
Read the documentation for more information about this kind of thing. It's very useful.
sql_build methods available to help sanitise the input.Here is one example in event/main_listener.php:
Code:
$sql = 'SELECT post_subject, forum_id, topic_id, poster_id, post_text FROM ' . POSTS_TABLE . ' WHERE post_id = ' . $post_id;Code:
$sql = 'SELECT post_subject, forum_id, topic_id, poster_id, post_text FROM ' . POSTS_TABLE . ' WHERE ' . $this->db->sql_build_array( 'SELECT', ['post_id' => $post_id] );Statistics: Posted by danieltj — Mon Jun 02, 2025 3:38 pm