Commit 4a30da92 authored by Joshua Wise's avatar Joshua Wise Committed by Evan Prodromou

Escape argument to User::getTaggedSubscribers() to preven SQL injection

This change escapes the argument to User::getTaggedSubscribers() to
prevent SQL injection attacks.

Both code paths up the stack fail to escape this parameter, so this is
a potential SQL injection attack.
parent e54cb695
......@@ -736,7 +736,7 @@ class User extends Managed_DataObject
$profile = new Profile();
$cnt = $profile->query(sprintf($qry, $this->id, $tag));
$cnt = $profile->query(sprintf($qry, $this->id, $profile->escape($tag)));
return $profile;
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment