We are no longer offering accounts on this server. Consider https://gitlab.freedesktop.org/ as a place to host projects.

Commit 89ba8202 authored by Joshua Wise's avatar Joshua Wise Committed by Evan Prodromou

Escape argument to prevent SQL injection attack in


This change escapes the $tag argument to prevent a SQL injection
attack in User::getTaggedSubscriptions(). The parameter was not
escaped higher up the stack, so this vulnerability could be exploited.
parent 4a30da92
......@@ -758,7 +758,7 @@ class User extends Managed_DataObject
$profile = new Profile();
$profile->query(sprintf($qry, $this->id, $tag));
$profile->query(sprintf($qry, $this->id, $profile->escape($tag)));
return $profile;
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment