Commit 4a30da92 authored by Committed by Evan Prodromou
Escape argument to User::getTaggedSubscribers() to preven SQL injection
This change escapes the argument to User::getTaggedSubscribers() to prevent SQL injection attacks. Both code paths up the stack fail to escape this parameter, so this is a potential SQL injection attack.
Showing with 1 addition and 1 deletion