diff options
author | friendica <info@friendica.com> | 2012-05-29 17:14:35 -0700 |
---|---|---|
committer | friendica <info@friendica.com> | 2012-05-29 17:14:35 -0700 |
commit | 514c994e6a323cd8075da1442c32e65f036539ff (patch) | |
tree | bfc585c96c00b7e76ca20eb4334ba6d8d18d23b6 /include/api.php | |
parent | 21d79e787ef6a1fd183a4f439c2488110841b530 (diff) | |
download | volse-hubzilla-514c994e6a323cd8075da1442c32e65f036539ff.tar.gz volse-hubzilla-514c994e6a323cd8075da1442c32e65f036539ff.tar.bz2 volse-hubzilla-514c994e6a323cd8075da1442c32e65f036539ff.zip |
possible sql injection in search
Diffstat (limited to 'include/api.php')
-rw-r--r-- | include/api.php | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/include/api.php b/include/api.php index 5697fbdbc..5c17b35f5 100644 --- a/include/api.php +++ b/include/api.php @@ -995,8 +995,8 @@ else $sql_extra .= sprintf(" AND `item`.`parent` IN (SELECT distinct(`parent`) from item where ( `author-link` like '%s' or `tag` like '%s' or tag like '%s' )) ", dbesc(protect_sprintf('%' . $myurl)), - dbesc(protect_sprintf('%' . $myurl . '\\]%')), - dbesc(protect_sprintf('%' . $diasp_url . '\\]%')) + dbesc(protect_sprintf('%' . $myurl . ']%')), + dbesc(protect_sprintf('%' . $diasp_url . ']%')) ); if ($max_id > 0) |