mirror of
https://github.com/silverstripe/silverstripe-cms
synced 2024-10-22 08:05:56 +02:00
FIX Prevent SQLi when no URL filters are applied
This commit is contained in:
parent
b6194c304d
commit
114df8a3a5
@ -1584,9 +1584,10 @@ class SiteTree extends DataObject implements PermissionProvider,i18nEntityProvid
|
||||
}
|
||||
}
|
||||
|
||||
$segment = Convert::raw2sql($this->URLSegment);
|
||||
$existingPage = DataObject::get_one(
|
||||
'SiteTree',
|
||||
"\"URLSegment\" = '$this->URLSegment' $IDFilter $parentFilter"
|
||||
"\"URLSegment\" = '$segment' $IDFilter $parentFilter"
|
||||
);
|
||||
if ($existingPage) {
|
||||
return false;
|
||||
|
Loading…
Reference in New Issue
Block a user