diff options
author | friendica <info@friendica.com> | 2012-05-29 17:14:35 -0700 |
---|---|---|
committer | friendica <info@friendica.com> | 2012-05-29 17:14:35 -0700 |
commit | 514c994e6a323cd8075da1442c32e65f036539ff (patch) | |
tree | bfc585c96c00b7e76ca20eb4334ba6d8d18d23b6 /mod/search.php | |
parent | 21d79e787ef6a1fd183a4f439c2488110841b530 (diff) | |
download | volse-hubzilla-514c994e6a323cd8075da1442c32e65f036539ff.tar.gz volse-hubzilla-514c994e6a323cd8075da1442c32e65f036539ff.tar.bz2 volse-hubzilla-514c994e6a323cd8075da1442c32e65f036539ff.zip |
possible sql injection in search
Diffstat (limited to 'mod/search.php')
-rw-r--r-- | mod/search.php | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/mod/search.php b/mod/search.php index 20007ada7..466ffc4c3 100644 --- a/mod/search.php +++ b/mod/search.php @@ -110,7 +110,7 @@ function search_content(&$a) { if (get_config('system','use_fulltext_engine')) { if($tag) - $sql_extra = sprintf(" AND MATCH (`item`.`tag`) AGAINST ('".'"%s"'."' in boolean mode) ", '#'.protect_sprintf($search)); + $sql_extra = sprintf(" AND MATCH (`item`.`tag`) AGAINST ('".'"%s"'."' in boolean mode) ", '#'.dbesc(protect_sprintf($search))); else $sql_extra = sprintf(" AND MATCH (`item`.`body`) AGAINST ('".'"%s"'."' in boolean mode) ", dbesc(protect_sprintf($search))); } else { |