Changeset 1474

Show
Ignore:
Timestamp:
02/08/08 01:29:17 (7 months ago)
Author:
Neal
Message:

Added a call to $db->escape to search.php. The cleanup done on keywords prior to their use should protect from any SQL inject possibilities, but it's better to be safe than sorry. Reported by chrizz.

Files:

Legend:

Unmodified
Added
Removed
Modified
Copied
Moved

  • branches/punbb-1.3-dev/upload/search.php

    r1461 r1474  
    148148                                        default: 
    149149                                        { 
    150                                                 $cur_word = str_replace('*', '%', $cur_word); 
     150                                                $cur_word = $db->escape(str_replace('*', '%', $cur_word)); 
    151151 
    152152                                                $query = array(