From: Joshua Wise <jwise@nvidia.com>
Date: Tue, 16 Jul 2013 17:47:29 +0000 (-0700)
Subject: Escape argument to prevent SQL injection attack in
X-Git-Url: https://git.mxchange.org/?a=commitdiff_plain;h=89ba820246978d01bfd56501a6a12f1ae5384090;p=quix0rs-gnu-social.git

Escape argument to prevent SQL injection attack in
User::getTaggedSubscriptions()

This change escapes the $tag argument to prevent a SQL injection
attack in User::getTaggedSubscriptions(). The parameter was not
escaped higher up the stack, so this vulnerability could be exploited.
---

diff --git a/classes/User.php b/classes/User.php
index cd99a3dd4f..e8aaaf6a10 100644
--- a/classes/User.php
+++ b/classes/User.php
@@ -758,7 +758,7 @@ class User extends Managed_DataObject
 
         $profile = new Profile();
 
-        $profile->query(sprintf($qry, $this->id, $tag));
+        $profile->query(sprintf($qry, $this->id, $profile->escape($tag)));
 
         return $profile;
     }