]> git.mxchange.org Git - quix0rs-gnu-social.git/commit
projects / quix0rs-gnu-social.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: c5a710e) | patch
Escape SQL parameter in Profile_tag::moveTag()
authorJoshua Wise <jwise@nvidia.com>
Tue, 16 Jul 2013 17:27:30 +0000 (10:27 -0700)
committerEvan Prodromou <evan@e14n.com>
Tue, 16 Jul 2013 17:27:30 +0000 (10:27 -0700)
commit5b118b3781d888a97f713b32e76a8604e1e4c0f5
tree09e681f09d82ceeedb431b646fd4d8f5a9065ca1tree | snapshot
parentc5a710e081079ae79ac84aa3628314bb803c0aedcommit | diff
Escape SQL parameter in Profile_tag::moveTag()

This change adds additional escapes for arguments to
Profile_tag::moveTag(). The arguments are canonicalized in the API and
Web UI paths higher up the stack, but this change makes sure that no
other paths can introduce SQL injection errors.
classes/Profile_tag.php diff | blob | history
This is my personal clone from the wonderful software GNUSocial. I may fix or break things here, so use it on your own risk. :-)