Or find them and use them maliciously against FearHotel. I've got no issues morally with that idea.
If OP is the author of this, I wouldn't be surprised to see many, many more than 13 issues. His spelling is atrocious, he's a nobody to the community and the fact that he's working on PhoenixPHP in the first place makes me think he's utterly retarded.
Besides that... good release? 8-)
update_room.php - line 13:
Code:
$query = mysql_query("UPDATE rooms SET caption = '".$core->EscapeString($_POST['caption'])."', owner = '".$core->EscapeString($_POST['owner'])."', state = '".$core->EscapeString($_POST['state'])."', model_name = '".$core->EscapeString($_POST['model_name'])."', password = '".$_POST['password']."', users_max = '".$core->EscapeString($_POST['users_max'])."' WHERE id ='".$core->EscapeString($_POST['id'])."'");
Notice unfiltered post for 'password'. Injectable. La la la...