FIX Prevent SQLi when no URL filters are applied

This commit is contained in:
Stephen Shkardoon 2014-03-19 19:03:26 +13:00
parent b6194c304d
commit 114df8a3a5

View File

@ -1584,9 +1584,10 @@ class SiteTree extends DataObject implements PermissionProvider,i18nEntityProvid
}
}
$segment = Convert::raw2sql($this->URLSegment);
$existingPage = DataObject::get_one(
'SiteTree',
"\"URLSegment\" = '$this->URLSegment' $IDFilter $parentFilter"
"\"URLSegment\" = '$segment' $IDFilter $parentFilter"
);
if ($existingPage) {
return false;