]> git.mxchange.org Git - quix0rs-gnu-social.git/commit
projects / quix0rs-gnu-social.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 4092ee1) | patch
Potential SQL injection in Local_group::setNickname()
authorJoshua Wise <jwise@nvidia.com>
Tue, 16 Jul 2013 17:09:16 +0000 (10:09 -0700)
committerEvan Prodromou <evan@e14n.com>
Tue, 16 Jul 2013 17:11:26 +0000 (10:11 -0700)
commit3fb2c06cba19106c2621921379704d18b37d1810
tree36a77d379ad85b79aaa8632bf1ee4b6acedfd5b9tree | snapshot
parent4092ee1bd14d599357eb5ea25a29de71c325d703commit | diff
Potential SQL injection in Local_group::setNickname()

This change escapes a parameter in Local_group::setNickname(). Review
of the code paths that call this function sanitize the parameter
higher up the stack, but it's escaped here to prevent mistakes later.

Note that nickname parameters are normally alphanum strings, so
there's not much danger in double-escaping them.
classes/Local_group.php diff | blob | history
This is my personal clone from the wonderful software GNUSocial. I may fix or break things here, so use it on your own risk. :-)