tonyair/silverstripe-mssql
1
0
Fork 0
mirror of https://github.com/silverstripe/silverstripe-mssql synced 2024-10-22 08:05:53 +02:00
Code Issues Projects Releases Wiki Activity

[SS-2017-008] Fix SQL injection in search engine

Browse Source
This commit is contained in:
Daniel Hensby 2017-11-22 11:52:50 +00:00
parent 0f8c146e99
commit ada270c884
No known key found for this signature in database
GPG Key ID: 5DE415D786BBB2FD
1 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
code/MSSQLDatabase.php
View File

@ -197,6 +197,8 @@ class MSSQLDatabase extends SS_Database
*/ */
public function searchEngine($classesToSearch, $keywords, $start, $pageLength, $sortBy = "Relevance DESC", $extraFilter = "", $booleanSearch = false, $alternativeFileFilter = "", $invertedMatch = false) public function searchEngine($classesToSearch, $keywords, $start, $pageLength, $sortBy = "Relevance DESC", $extraFilter = "", $booleanSearch = false, $alternativeFileFilter = "", $invertedMatch = false)
{ {
$start = (int)$start;
$pageLength = (int)$pageLength;
if (isset($objects)) { if (isset($objects)) {
$results = new ArrayList($objects); $results = new ArrayList($objects);
} else { } else {