diff options
Diffstat (limited to 'account.php')
| -rw-r--r-- | account.php | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/account.php b/account.php index ff9bf3dd3..a3b0d0899 100644 --- a/account.php +++ b/account.php @@ -152,7 +152,7 @@ function account_content_edit() { // construct form: $result = db_query("SELECT * FROM blocks WHERE status = 1 ORDER BY module"); while ($block = db_fetch_object($result)) { - $entry = db_fetch_object(db_query("SELECT * FROM layout WHERE block = '$block->name' AND user = '$user->id'")); + $entry = db_fetch_object(db_query("SELECT * FROM layout WHERE block = '". check_input($block->name) ."' AND user = '$user->id'")); $options .= "<INPUT TYPE=\"checkbox\" NAME=\"edit[$block->name]\"". ($entry->user ? " CHECKED" : "") ."> ". t($block->name) ."<BR>\n"; } |