BUGFIX Consistently using Convert::raw2sql() instead of DB::getConn()->addslashes() or PHP's deprecated addslashes() for database escaping

This commit is contained in:
Ingo Schommer 2011-09-15 14:16:28 +02:00
parent aefda19ffa
commit ad88e28907

View File

@ -82,7 +82,7 @@ class AdvancedSearchForm extends SearchForm {
foreach($_REQUEST['OnlyShow'] as $section => $checked) { foreach($_REQUEST['OnlyShow'] as $section => $checked) {
$items = explode(",", $section); $items = explode(",", $section);
foreach($items as $item) { foreach($items as $item) {
$page = DataObject::get_one('SiteTree', "\"URLSegment\" = '" . DB::getConn()->addslashes($item) . "'"); $page = DataObject::get_one('SiteTree', "\"URLSegment\" = '" . Convert::raw2sql($item) . "'");
$pageList[] = $page->ID; $pageList[] = $page->ID;
if(!$page) user_error("Can't find a page called '$item'", E_USER_WARNING); if(!$page) user_error("Can't find a page called '$item'", E_USER_WARNING);
$page->loadDescendantIDListInto($pageList); $page->loadDescendantIDListInto($pageList);