mirror of
https://github.com/silverstripe/silverstripe-cms
synced 2024-10-22 08:05:56 +02:00
BUGFIX Consistently using Convert::raw2sql() instead of DB::getConn()->addslashes() or PHP's deprecated addslashes() for database escaping
This commit is contained in:
parent
aefda19ffa
commit
ad88e28907
@ -82,7 +82,7 @@ class AdvancedSearchForm extends SearchForm {
|
|||||||
foreach($_REQUEST['OnlyShow'] as $section => $checked) {
|
foreach($_REQUEST['OnlyShow'] as $section => $checked) {
|
||||||
$items = explode(",", $section);
|
$items = explode(",", $section);
|
||||||
foreach($items as $item) {
|
foreach($items as $item) {
|
||||||
$page = DataObject::get_one('SiteTree', "\"URLSegment\" = '" . DB::getConn()->addslashes($item) . "'");
|
$page = DataObject::get_one('SiteTree', "\"URLSegment\" = '" . Convert::raw2sql($item) . "'");
|
||||||
$pageList[] = $page->ID;
|
$pageList[] = $page->ID;
|
||||||
if(!$page) user_error("Can't find a page called '$item'", E_USER_WARNING);
|
if(!$page) user_error("Can't find a page called '$item'", E_USER_WARNING);
|
||||||
$page->loadDescendantIDListInto($pageList);
|
$page->loadDescendantIDListInto($pageList);
|
||||||
|
Loading…
Reference in New Issue
Block a user