http://www.mediawiki.org/wiki/Special:Code/MediaWiki/73868
Revision: 73868
Author: brion
Date: 2010-09-28 04:04:28 +0000 (Tue, 28 Sep 2010)
Log Message:
-----------
SQL escaping fix in ProofreadPage: use addQuotes() instead of hardcoded
single-quotes, and name var $encCat instead of $cat per recommended norms
Modified Paths:
--------------
trunk/extensions/ProofreadPage/ProofreadPage_body.php
Modified: trunk/extensions/ProofreadPage/ProofreadPage_body.php
===================================================================
--- trunk/extensions/ProofreadPage/ProofreadPage_body.php 2010-09-28
03:36:30 UTC (rev 73867)
+++ trunk/extensions/ProofreadPage/ProofreadPage_body.php 2010-09-28
04:04:28 UTC (rev 73868)
@@ -843,13 +843,13 @@
$pagelist = "'" . implode( "', '", $pp ) . "'";
$page_ns_index = MWNamespace::getCanonicalIndex(
strtolower( $page_namespace ) );
$dbr = wfGetDB( DB_SLAVE );
- $cat = $dbr->strencode( str_replace( ' ' , '_' ,
wfMsgForContent( 'proofreadpage_quality0_category' ) ) );
+ $encCat = $dbr->addQuotes( str_replace( ' ' , '_' ,
wfMsgForContent( 'proofreadpage_quality0_category' ) ) );
$res = $dbr->select(
array( 'page', 'categorylinks' ),
array( 'page_title' ),
array(
"page_title IN ( $pagelist )",
- "cl_to='$cat'",
+ "cl_to=$encCat",
"page_namespace=$page_ns_index"
),
__METHOD__,
_______________________________________________
MediaWiki-CVS mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-cvs
