[ddluk]

Thanks catchpen. I look into that files and find simple solution. You need to open file vote.php, then find line:

Code:

if($_POST['id']){

and edit it to that:

Code:

if(is_numeric($_POST['id'])){

Open settemplate.php, then find:

Code:

if(file_exists("./templates/".$_GET['template']."/link_summary.tpl")){

and change into:

Code:

if(file_exists("./templates/".$_GET['template']."/link_summary.tpl")) && strpos('.', $_GET['template']) === 0){

Open login.php, then find:

Code:

$username = trim($_POST['username']);
$password = trim($_POST['password']);

and change to that:

Code:

$username = sanitize(trim($_POST['username']), 3);
$password = sanitize(trim($_POST['password']), 3);

find

Code:

$username = trim($_POST['username']);

and change to:

Code:

$username = $db->escape(trim($_POST['username']));

find:

Code:

$username = trim($_GET['username']);

and change to:

Code:

$username = sanitize(trim($_GET['username']), 3);

Open cvote.php, then find:

Code:

$comment->id=$_POST['id'];

(line 20)

after that paste:

Code:

if(!is_numeric($comment->id)){die();}

Open edit.php, then find:

Code:

$link->commentid=$_REQUEST['commentid'];

and after that paste :

Code:

if(!is_numeric($link->commentid)){die();}