FIX Prevent SQLi when no URL filters are applied

2014-03-19 19:03:26 +13:00 · 2014-03-19 19:03:26 +13:00 · 114df8a3a5
parent b6194c304d
commit 114df8a3a5
1 changed files with 2 additions and 1 deletions
--- a/code/model/SiteTree.php
+++ b/code/model/SiteTree.php
@ -1584,9 +1584,10 @@ class SiteTree extends DataObject implements PermissionProvider,i18nEntityProvid
 			}
 		}
 		
+		$segment = Convert::raw2sql($this->URLSegment);
 		$existingPage = DataObject::get_one(
 			'SiteTree', 
-			"\"URLSegment\" = '$this->URLSegment' $IDFilter $parentFilter"
+			"\"URLSegment\" = '$segment' $IDFilter $parentFilter"
 		);
 		if ($existingPage) {
 			return false;