User "Platonides" changed the status of MediaWiki.r100165. Old Status: new New Status: fixme
User "Platonides" also posted a comment on MediaWiki.r100165. Full URL: http://www.mediawiki.org/wiki/Special:Code/MediaWiki/100165#c24564 Commit summary: Adds API Module by cryptocoryne Bug 31723 Comment: Double quoting one variable is meaningless. Just use the variable. The $this->addWhere( "cuc_user_text = '$target'" ); calls allow SQL injection. Use addWhereFld. Same for $user, $from, $to. _______________________________________________ MediaWiki-CodeReview mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/mediawiki-codereview
