We are no longer offering accounts on this server. Consider https://gitlab.freedesktop.org/ as a place to host projects.

Commit c5a710e0 authored by Joshua Wise's avatar Joshua Wise Committed by Evan Prodromou

Escape $tag passed to Profile::getTaggedSubscribers()

This patch escapes the $tag parameter in
Profile::getTaggedSubscribers(). The parameter is not escaped either
in actions/subscriptions.php or in actions/apiuserfollowers.php. So
there is a potential for SQL injection here.
parent 3fb2c06c
......@@ -682,7 +682,7 @@ class Profile extends Managed_DataObject
$profile = new Profile();
$tagged = array();
$cnt = $profile->query(sprintf($qry, $this->id, $this->id, $tag));
$cnt = $profile->query(sprintf($qry, $this->id, $this->id, $profile->escape($tag)));
while ($profile->fetch()) {
$tagged[] = clone($profile);
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment