wamo/gnu-social
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Escape $tag passed to Profile::getTaggedSubscribers()

Browse Source 
This patch escapes the $tag parameter in
Profile::getTaggedSubscribers(). The parameter is not escaped either
in actions/subscriptions.php or in actions/apiuserfollowers.php. So
there is a potential for SQL injection here.
This commit is contained in:
Joshua Wise 2013-07-16 10:14:38 -07:00 committed by Evan Prodromou
parent 3fb2c06cba
commit c5a710e081
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
classes/Profile.php
View File

@ -682,7 +682,7 @@ class Profile extends Managed_DataObject
$profile = new Profile(); $profile = new Profile();
$tagged = array(); $tagged = array();
$cnt = $profile->query(sprintf($qry, $this->id, $this->id, $tag)); $cnt = $profile->query(sprintf($qry, $this->id, $this->id, $profile->escape($tag)));
while ($profile->fetch()) { while ($profile->fetch()) {
$tagged[] = clone($profile); $tagged[] = clone($profile);