tonyair/silverstripe-blog
1
0
Fork 0
mirror of https://github.com/silverstripe/silverstripe-blog synced 2024-10-22 11:05:58 +02:00
Code Issues Projects Releases Wiki Activity

BUGFIX Fixed some potential security issues in BlogHolder page type

Browse Source
This commit is contained in:
Sean Harvey 2008-11-06 00:36:58 +00:00
parent c3c97201d4
commit 224fe02c3b
1 changed files with 16 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
code/BlogHolder.php
View File

@ -66,9 +66,8 @@ class BlogHolder extends Page {
$dateCheck = '';
if($tag) {
$SQL_tag = addslashes($tag);
$SQL_tag = str_replace(array("\\",'_','%',"'"), array("\\\\","\\_","\\%","\\'"), $tag);
$tagCheck = "AND `BlogEntry`.Tags LIKE '%$tag%'";
$SQL_tag = Convert::raw2sql($tag);
$tagCheck = "AND `BlogEntry`.Tags LIKE '%$SQL_tag%'";
}
if($date) {
@ -95,9 +94,8 @@ class BlogHolder extends Page {
*/
function ShowTag() {
if(Director::urlParam('Action') == 'tag') {
return Director::urlParam('ID');
return Convert::raw2xml(Director::urlParam('ID'));
}
return isset($_GET['tag']) ? $_GET['tag'] : false;
}
/**
@ -112,7 +110,7 @@ class BlogHolder extends Page {
$id = 0;
if(Director::urlParam('ID')) {
$id = Director::urlParam('ID');
$id = (int) Director::urlParam('ID');
}
$codeparser = new BBCodeParser();
@ -228,11 +226,6 @@ class BlogHolder_Controller extends Page_Controller {
$tag = '';
$date = '';
if(isset($_GET['tag'])) {
$tag = $_GET['tag'];
}
if(Director::urlParams()) {
if(Director::urlParam('Action') == 'tag') {
$tag = Director::urlParam('ID');
@ -271,6 +264,7 @@ class BlogHolder_Controller extends Page_Controller {
return $output;
}
function tag() {
if($this->ShowTag()) {
return array(