Commit 5b118b37 authored by Committed by Evan Prodromou
Escape SQL parameter in Profile_tag::moveTag()
This change adds additional escapes for arguments to Profile_tag::moveTag(). The arguments are canonicalized in the API and Web UI paths higher up the stack, but this change makes sure that no other paths can introduce SQL injection errors.
Showing with 5 additions and 2 deletions