[Tikiwiki-cvs/svn] SF.net SVN: tikiwiki:[33735] branches/7.x/lib/language/LanguageTranslations .php

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

Revision: 33735
          http://tikiwiki.svn.sourceforge.net/tikiwiki/?rev=33735&view=rev
Author:   sampaioprimo
Date:     2011-03-31 12:50:46 +0000 (Thu, 31 Mar 2011)

Log Message:
-----------
[FIX] prevent sql injection

Modified Paths:
--------------
    branches/7.x/lib/language/LanguageTranslations.php

Modified: branches/7.x/lib/language/LanguageTranslations.php
===================================================================

--- branches/7.x/lib/language/LanguageTranslations.php	2011-03-31 11:57:32 UTC (rev 33734)
+++ branches/7.x/lib/language/LanguageTranslations.php	2011-03-31 12:50:46 UTC (rev 33735)
@@ -317,7 +317,8 @@
 		$searchQuery = '';
 
 		if ($search) {
-			$searchQuery = " and (`source` like '$search' or `tran` like '$search')";
+			$search = $this->qstr("%$search%");
+			$searchQuery = " and (`source` like $search or `tran` like $search)";
 		}
 
 		$translations = $this->_getDbTranslations($sort_mode, $maxRecords, $offset, true, $searchQuery);


This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.




[Tikiwiki-cvs/svn] SF.net SVN: tikiwiki:[33735] branches/7.x/lib/language/LanguageTranslations .php

The Free / Libre / Open Source Web App with the most built-in features

[Tikiwiki-cvs/svn] SF.net SVN: tikiwiki:[33735] branches/7.x/lib/language/LanguageTranslations .php