3.69: Fix possible SQL injection for tagnames, thanks to Brian carpenter (geeknik) and Hanno B?ck
This commit is contained in:
parent
12aaee2e8f
commit
3edecdb7ec
|
@ -1,3 +1,5 @@
|
|||
3.69: Fix possible SQL injection for tagnames, Thanks to Brian carpenter (geeknik) and Hanno BÃck
|
||||
|
||||
3.67: Iconfont a11y fix (yellowled)
|
||||
|
||||
3.66: Fix an issue refering to Smarty2->Smarty3 changes.
|
||||
|
|
|
@ -72,7 +72,7 @@ class serendipity_event_freetag extends serendipity_event
|
|||
'smarty' => '2.6.7',
|
||||
'php' => '4.1.0'
|
||||
));
|
||||
$propbag->add('version', '3.68');
|
||||
$propbag->add('version', '3.69');
|
||||
$propbag->add('event_hooks', array(
|
||||
'frontend_fetchentries' => true,
|
||||
'frontend_fetchentry' => true,
|
||||
|
@ -1556,8 +1556,8 @@ addLoadEvent(enableAutocomplete);
|
|||
} else {
|
||||
|
||||
if (is_string($tag)) {
|
||||
$cond = "main.tag = '$tag'";
|
||||
$ncond = "neg.tag != '$tag'";
|
||||
$cond = "main.tag = '" . serendipity_db_escape_string($tag) . "'";
|
||||
$ncond = "neg.tag != '" . serendipity_db_escape_string($tag) . "'";
|
||||
$join = "LEFT JOIN {$serendipity['dbPrefix']}entrytags AS neg ".
|
||||
"ON main.entryid = neg.entryid ";
|
||||
$totalModifier = '';
|
||||
|
@ -1582,8 +1582,8 @@ addLoadEvent(enableAutocomplete);
|
|||
|
||||
$join .= "LEFT JOIN {$serendipity['dbPrefix']}entrytags AS sub{$i} ".
|
||||
"ON main.entryid = sub{$i}.entryid ";
|
||||
$cond .= "sub{$i}.tag = '{$tag[$i]}' ";
|
||||
$ncond .= "neg.tag != '{$tag[$i]}' ";
|
||||
$cond .= "sub{$i}.tag = '" . serendipity_db_escape_string($tag[$i]) . "' ";
|
||||
$ncond .= "neg.tag != '" . serendipity_db_escape_string($tag[$i]) . "' ";
|
||||
}
|
||||
} else {
|
||||
return;
|
||||
|
|
Loading…
Reference in a new issue