diff options
| author | Andrew Dolgov <[email protected]> | 2016-01-29 17:24:59 +0300 |
|---|---|---|
| committer | Andrew Dolgov <[email protected]> | 2016-01-29 17:24:59 +0300 |
| commit | a5556c2471973e292dce615fe0c77fdbbc54405b (patch) | |
| tree | 3846d6c3c88b6f7d2fca376795503f6d76093027 /classes | |
| parent | 7af2e795784307652ade0e8761232ad3e0c8dd9c (diff) | |
fix item_id not being properly escaped in pref_feeds::process_category_order() (possible sql injection)
Diffstat (limited to 'classes')
| -rwxr-xr-x | classes/pref/feeds.php | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/classes/pref/feeds.php b/classes/pref/feeds.php index 595d29577..167ddabf4 100755 --- a/classes/pref/feeds.php +++ b/classes/pref/feeds.php @@ -324,7 +324,7 @@ class Pref_Feeds extends Handler_Protected { if ($debug) _debug("$prefix C: $item_id P: $parent_id"); - $bare_item_id = substr($item_id, strpos($item_id, ':')+1); + $bare_item_id = $this->dbh->escape_string(substr($item_id, strpos($item_id, ':')+1)); if ($item_id != 'root') { if ($parent_id && $parent_id != 'root') { @@ -346,7 +346,7 @@ class Pref_Feeds extends Handler_Protected { if ($cat && is_array($cat)) { foreach ($cat as $item) { $id = $item['_reference']; - $bare_id = substr($id, strpos($id, ':')+1); + $bare_id = $this->dbh->escape_string(substr($id, strpos($id, ':')+1)); if ($debug) _debug("$prefix [$order_id] $id/$bare_id"); |