From: Joshua Wise <jwise@nvidia.com>
Date: Tue, 16 Jul 2013 17:14:38 +0000 (-0700)
Subject: Escape $tag passed to Profile::getTaggedSubscribers()
X-Git-Url: https://git.mxchange.org/?a=commitdiff_plain;h=c5a710e081079ae79ac84aa3628314bb803c0aed;p=quix0rs-gnu-social.git

Escape $tag passed to Profile::getTaggedSubscribers()

This patch escapes the $tag parameter in
Profile::getTaggedSubscribers(). The parameter is not escaped either
in actions/subscriptions.php or in actions/apiuserfollowers.php. So
there is a potential for SQL injection here.
---

diff --git a/classes/Profile.php b/classes/Profile.php
index cefcaf90b5..540699eb3a 100644
--- a/classes/Profile.php
+++ b/classes/Profile.php
@@ -682,7 +682,7 @@ class Profile extends Managed_DataObject
         $profile = new Profile();
         $tagged = array();
 
-        $cnt = $profile->query(sprintf($qry, $this->id, $this->id, $tag));
+        $cnt = $profile->query(sprintf($qry, $this->id, $this->id, $profile->escape($tag)));
 
         while ($profile->fetch()) {
             $tagged[] = clone($profile);