aboutsummaryrefslogtreecommitdiffstats
path: root/include/api.php
diff options
context:
space:
mode:
authorfriendica <info@friendica.com>2012-05-29 17:14:35 -0700
committerfriendica <info@friendica.com>2012-05-29 17:14:35 -0700
commit514c994e6a323cd8075da1442c32e65f036539ff (patch)
treebfc585c96c00b7e76ca20eb4334ba6d8d18d23b6 /include/api.php
parent21d79e787ef6a1fd183a4f439c2488110841b530 (diff)
downloadvolse-hubzilla-514c994e6a323cd8075da1442c32e65f036539ff.tar.gz
volse-hubzilla-514c994e6a323cd8075da1442c32e65f036539ff.tar.bz2
volse-hubzilla-514c994e6a323cd8075da1442c32e65f036539ff.zip
possible sql injection in search
Diffstat (limited to 'include/api.php')
-rw-r--r--include/api.php4
1 files changed, 2 insertions, 2 deletions
diff --git a/include/api.php b/include/api.php
index 5697fbdbc..5c17b35f5 100644
--- a/include/api.php
+++ b/include/api.php
@@ -995,8 +995,8 @@
else
$sql_extra .= sprintf(" AND `item`.`parent` IN (SELECT distinct(`parent`) from item where ( `author-link` like '%s' or `tag` like '%s' or tag like '%s' )) ",
dbesc(protect_sprintf('%' . $myurl)),
- dbesc(protect_sprintf('%' . $myurl . '\\]%')),
- dbesc(protect_sprintf('%' . $diasp_url . '\\]%'))
+ dbesc(protect_sprintf('%' . $myurl . ']%')),
+ dbesc(protect_sprintf('%' . $diasp_url . ']%'))
);
if ($max_id > 0)