From 8e504058714fcbd2b9582ed263eb4ce2094867ad Mon Sep 17 00:00:00 2001
From: Stephen Shkardoon <stephen@silverstripe.com>
Date: Wed, 19 Mar 2014 19:05:13 +1300
Subject: [PATCH] FIX Prevent SQLi when no URL filters are applied

---
 code/model/SiteTree.php | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/code/model/SiteTree.php b/code/model/SiteTree.php
index a9d86895..f539ac94 100644
--- a/code/model/SiteTree.php
+++ b/code/model/SiteTree.php
@@ -1643,9 +1643,10 @@ class SiteTree extends DataObject implements PermissionProvider,i18nEntityProvid
 			return min($votes);
 		}
 
+		$segment = Convert::raw2sql($this->URLSegment);
 		$existingPage = DataObject::get_one(
 			'SiteTree', 
-			"\"SiteTree\".\"URLSegment\" = '$this->URLSegment' $IDFilter $parentFilter"
+			"\"SiteTree\".\"URLSegment\" = '$segment' $IDFilter $parentFilter"
 		);
 
 		return !($existingPage);