From: <sam...@us...> - 2011-03-31 12:50:52
|
Revision: 33735 http://tikiwiki.svn.sourceforge.net/tikiwiki/?rev=33735&view=rev Author: sampaioprimo Date: 2011-03-31 12:50:46 +0000 (Thu, 31 Mar 2011) Log Message: ----------- [FIX] prevent sql injection Modified Paths: -------------- branches/7.x/lib/language/LanguageTranslations.php Modified: branches/7.x/lib/language/LanguageTranslations.php =================================================================== --- branches/7.x/lib/language/LanguageTranslations.php 2011-03-31 11:57:32 UTC (rev 33734) +++ branches/7.x/lib/language/LanguageTranslations.php 2011-03-31 12:50:46 UTC (rev 33735) @@ -317,7 +317,8 @@ $searchQuery = ''; if ($search) { - $searchQuery = " and (`source` like '$search' or `tran` like '$search')"; + $search = $this->qstr("%$search%"); + $searchQuery = " and (`source` like $search or `tran` like $search)"; } $translations = $this->_getDbTranslations($sort_mode, $maxRecords, $offset, true, $searchQuery); This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |