[Tikiwiki-cvs/svn] SF.net SVN: tikiwiki:[46462] trunk/lib/logs/logslib.php

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

Revision: 46462
          http://sourceforge.net/p/tikiwiki/code/46462
Author:   arildb
Date:     2013-06-25 21:54:16 +0000 (Tue, 25 Jun 2013)
Log Message:
-----------
[SEC] Always use parameters in queries to prevent XSS

Modified Paths:
--------------
    trunk/lib/logs/logslib.php

Modified: trunk/lib/logs/logslib.php
===================================================================

--- trunk/lib/logs/logslib.php	2013-06-25 21:10:40 UTC (rev 46461)
+++ trunk/lib/logs/logslib.php	2013-06-25 21:54:16 UTC (rev 46462)
@@ -324,10 +324,10 @@
 	{
 		$actionlogconf = array();
 		$query = "select * from `tiki_actionlog_conf`" .
-						" where `objectType` like '$type' and `action` like '$action'" .
+						" where `objectType` like ? and `action` like ?" .
 						" order by `objectType` desc, `action` asc"
 						;
-		$result = $this->query($query, array());
+		$result = $this->query($query, array($type, $action));
 
 		while ($res = $result->fetchRow()) {
 			if ( $res['action'] == '%' ) {

This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.





[Tikiwiki-cvs/svn] SF.net SVN: tikiwiki:[46462] trunk/lib/logs/logslib.php

The Free / Libre / Open Source Web App with the most built-in features

[Tikiwiki-cvs/svn] SF.net SVN: tikiwiki:[46462] trunk/lib/logs/logslib.php