]> git.mxchange.org Git - quix0rs-gnu-social.git/commit
projects / quix0rs-gnu-social.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: e54cb69) | patch
Escape argument to User::getTaggedSubscribers() to preven SQL injection
authorJoshua Wise <jwise@nvidia.com>
Tue, 16 Jul 2013 17:43:56 +0000 (10:43 -0700)
committerEvan Prodromou <evan@e14n.com>
Tue, 16 Jul 2013 17:43:56 +0000 (10:43 -0700)
commit4a30da924a52b16fb863649e5f5da14b26ab70c4
tree143809ef8fff51358cb171349bf9b7896c943594tree | snapshot
parente54cb6958a90934ecfffcfd0074e7dc09d96c13bcommit | diff
Escape argument to User::getTaggedSubscribers() to preven SQL injection

This change escapes the argument to User::getTaggedSubscribers() to
prevent SQL injection attacks.

Both code paths up the stack fail to escape this parameter, so this is
a potential SQL injection attack.
classes/User.php diff | blob | history
This is my personal clone from the wonderful software GNUSocial. I may fix or break things here, so use it on your own risk. :-)