BUGFIX Fixed some potential security issues in BlogHolder page type

code/BlogHolder.php

@@ -66,9 +66,8 @@ class BlogHolder extends Page {
 		$dateCheck = '';
 		
 		if($tag) {
-			$SQL_tag = addslashes($tag);
+			$SQL_tag = Convert::raw2sql($tag);
-			$SQL_tag = str_replace(array("\\",'_','%',"'"), array("\\\\","\\_","\\%","\\'"), $tag);
+			$tagCheck = "AND `BlogEntry`.Tags LIKE '%$SQL_tag%'";
-			$tagCheck = "AND `BlogEntry`.Tags LIKE '%$tag%'";
 		}
 		
 		if($date) {
@@ -95,9 +94,8 @@ class BlogHolder extends Page {
 	 */
 	function ShowTag() {
 		if(Director::urlParam('Action') == 'tag') {
-			return Director::urlParam('ID');
+			return Convert::raw2xml(Director::urlParam('ID'));
 		}
-		return isset($_GET['tag']) ? $_GET['tag'] : false;
 	}
 	
 	/**
@@ -112,7 +110,7 @@ class BlogHolder extends Page {
 					
 		$id = 0;
 		if(Director::urlParam('ID')) {
-			$id = Director::urlParam('ID');
+			$id = (int) Director::urlParam('ID');
 		}
 		
 		$codeparser = new BBCodeParser();
@@ -228,11 +226,6 @@ class BlogHolder_Controller extends Page_Controller {
 		$tag = '';
 		$date = '';
 		
-		if(isset($_GET['tag'])) {
-			$tag = $_GET['tag'];
-		}
-		
-		
 		if(Director::urlParams()) {
 			if(Director::urlParam('Action') == 'tag') {
 				$tag = Director::urlParam('ID');
@@ -271,6 +264,7 @@ class BlogHolder_Controller extends Page_Controller {
 		
 		return $output;
 	}
+	
 	function tag() {
 		if($this->ShowTag()) {
 			return array(