[pLog-svn] r5678 - plog/branches/lifetype-1.2/class/dao
oscar at devel.lifetype.net
oscar at devel.lifetype.net
Wed Jul 18 17:33:03 EDT 2007
Author: oscar
Date: 2007-07-18 17:33:03 -0400 (Wed, 18 Jul 2007)
New Revision: 5678
Modified:
plog/branches/lifetype-1.2/class/dao/articlecategories.class.php
Log:
This was a very stupid and dangerous hole for an SQL injection vulnerability...
Modified: plog/branches/lifetype-1.2/class/dao/articlecategories.class.php
===================================================================
--- plog/branches/lifetype-1.2/class/dao/articlecategories.class.php 2007-07-18 21:27:54 UTC (rev 5677)
+++ plog/branches/lifetype-1.2/class/dao/articlecategories.class.php 2007-07-18 21:33:03 UTC (rev 5678)
@@ -100,7 +100,7 @@
*/
function getSearchConditions( $searchTerms )
{
- return( "name LIKE '%".$searchTerms."%' OR description LIKE '%".$searchTerms."%'" );
+ return( "name LIKE '%".Db::qstr($searchTerms)."%' OR description LIKE '%".Db::qstr($searchTerms)."%'" );
}
/**
More information about the pLog-svn
mailing list