Commit: 1b0dac3d83739242e2cca66ea533bc03e5553ada Author: kovacs.ferenc <[email protected]> Wed, 11 Jun 2014 12:55:21 +0200 Parents: 41e4d4aff29ccbf0ab3ac756e344d73ba1f4e0c2 Branches: master
Link: http://git.php.net/?p=web/master.git;a=commitdiff;h=1b0dac3d83739242e2cca66ea533bc03e5553ada Log: escape the $search variable coming from $_REQUEST magic_quote_gpc makes this not exploitable, but we should move away from that sooner or later Changed paths: M manage/event.php Diff: diff --git a/manage/event.php b/manage/event.php index be186ac..c1caacc 100644 --- a/manage/event.php +++ b/manage/event.php @@ -242,7 +242,7 @@ if ($order) { $orderby = "ORDER BY $order $ext"; } -$searchby = $search ? " WHERE MATCH(sdesc,ldesc,email) AGAINST ('$search')" : ""; +$searchby = $search ? " WHERE MATCH(sdesc,ldesc,email) AGAINST ('".real_clean($search)."')" : ""; if (!$searchby && $unapproved) { $searchby = ' WHERE NOT approved'; } -- PHP Webmaster List Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
