]> git.mxchange.org Git - quix0rs-gnu-social.git/commit
projects / quix0rs-gnu-social.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 3fb2c06) | patch
Escape $tag passed to Profile::getTaggedSubscribers()
authorJoshua Wise <jwise@nvidia.com>
Tue, 16 Jul 2013 17:14:38 +0000 (10:14 -0700)
committerEvan Prodromou <evan@e14n.com>
Tue, 16 Jul 2013 17:14:38 +0000 (10:14 -0700)
commitc5a710e081079ae79ac84aa3628314bb803c0aed
tree13a6628148cfce5aeb8a5ec43a2f4837f32f327ctree | snapshot
parent3fb2c06cba19106c2621921379704d18b37d1810commit | diff
Escape $tag passed to Profile::getTaggedSubscribers()

This patch escapes the $tag parameter in
Profile::getTaggedSubscribers(). The parameter is not escaped either
in actions/subscriptions.php or in actions/apiuserfollowers.php. So
there is a potential for SQL injection here.
classes/Profile.php diff | blob | history
This is my personal clone from the wonderful software GNUSocial. I may fix or break things here, so use it on your own risk. :-)