Escape $tag passed to Profile::getTaggedSubscribers()
This patch escapes the $tag parameter in Profile::getTaggedSubscribers(). The parameter is not escaped either in actions/subscriptions.php or in actions/apiuserfollowers.php. So there is a potential for SQL injection here.
This commit is contained in:
parent
3fb2c06cba
commit
c5a710e081
@ -682,7 +682,7 @@ class Profile extends Managed_DataObject
|
||||
$profile = new Profile();
|
||||
$tagged = array();
|
||||
|
||||
$cnt = $profile->query(sprintf($qry, $this->id, $this->id, $tag));
|
||||
$cnt = $profile->query(sprintf($qry, $this->id, $this->id, $profile->escape($tag)));
|
||||
|
||||
while ($profile->fetch()) {
|
||||
$tagged[] = clone($profile);
|
||||
|
Loading…
Reference in New Issue
Block a user