tonyair/silverstripe-blog
1
0
Fork 0
mirror of https://github.com/silverstripe/silverstripe-blog synced 2024-10-22 11:05:58 +02:00
Code Issues Projects Releases Wiki Activity

Escape $stage

Browse Source 
Although I don't *think* this is vulnerable, the $stage variable ultimately comes from a $_GET variable so should be escaped. Without this the security remains weak and could cause issues if the Versioned code is changed.
This commit is contained in:
Michael Strong 2015-06-03 10:46:35 +12:00
parent bfeddba670
commit 459468cc67
1 changed files with 1 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
code/extensions/BlogFilter.php
View File

@ -23,6 +23,7 @@ class BlogFilter extends Lumberjack {
$stage = '_' . $stage;
}
$stage = Convert::raw2sql($stage);
$dataQuery = $staged->dataQuery()
->innerJoin('BlogPost', sprintf('"BlogPost%s"."ID" = "SiteTree%s"."ID"', $stage, $stage))
->where(sprintf('"PublishDate" < \'%s\'', Convert::raw2sql(SS_Datetime::now())));