From: Joshua Wise <jwise@nvidia.com>
Date: Tue, 16 Jul 2013 17:43:56 +0000 (-0700)
Subject: Escape argument to User::getTaggedSubscribers() to preven SQL injection
X-Git-Url: https://git.mxchange.org/?a=commitdiff_plain;h=4a30da924a52b16fb863649e5f5da14b26ab70c4;p=quix0rs-gnu-social.git

Escape argument to User::getTaggedSubscribers() to preven SQL injection

This change escapes the argument to User::getTaggedSubscribers() to
prevent SQL injection attacks.

Both code paths up the stack fail to escape this parameter, so this is
a potential SQL injection attack.
---

diff --git a/classes/User.php b/classes/User.php
index 8d21d2bc19..cd99a3dd4f 100644
--- a/classes/User.php
+++ b/classes/User.php
@@ -736,7 +736,7 @@ class User extends Managed_DataObject
 
         $profile = new Profile();
 
-        $cnt = $profile->query(sprintf($qry, $this->id, $tag));
+        $cnt = $profile->query(sprintf($qry, $this->id, $profile->escape($tag)));
 
         return $profile;
     }