Escape argument to User::getTaggedSubscribers() to preven SQL injection

This change escapes the argument to User::getTaggedSubscribers() to
prevent SQL injection attacks.

Both code paths up the stack fail to escape this parameter, so this is
a potential SQL injection attack.
This commit is contained in:
Joshua Wise 2013-07-16 10:43:56 -07:00 committed by Evan Prodromou
parent e54cb6958a
commit 4a30da924a

View File

@ -736,7 +736,7 @@ class User extends Managed_DataObject
$profile = new Profile();
$cnt = $profile->query(sprintf($qry, $this->id, $tag));
$cnt = $profile->query(sprintf($qry, $this->id, $profile->escape($tag)));
return $profile;
}