tonyair/silverstripe-postgresql
1
0
Fork 0
mirror of https://github.com/silverstripe/silverstripe-postgresql synced 2024-10-22 17:05:45 +02:00
Code Issues Projects Releases Wiki Activity

Merge pull request #1 from silverstripe-security/patch/1.2/SS-2017-008

Browse Source 
[SS-2017-008] Fix SQL injection in search engine
This commit is contained in:
Damian Mooyman 2017-12-07 15:59:04 +13:00 committed by GitHub
commit aa16771922
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 3 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
code/PostgreSQLDatabase.php
View File

@ -261,6 +261,9 @@ class PostgreSQLDatabase extends SS_Database {
* @return object DataObjectSet of result pages * @return object DataObjectSet of result pages
*/ */
public function searchEngine($classesToSearch, $keywords, $start, $pageLength, $sortBy = "ts_rank DESC", $extraFilter = "", $booleanSearch = false, $alternativeFileFilter = "", $invertedMatch = false) { public function searchEngine($classesToSearch, $keywords, $start, $pageLength, $sortBy = "ts_rank DESC", $extraFilter = "", $booleanSearch = false, $alternativeFileFilter = "", $invertedMatch = false) {
$start = (int)$start;
$pageLength = (int)$pageLength;
//Fix the keywords to be ts_query compatitble: //Fix the keywords to be ts_query compatitble:
//Spaces must have pipes //Spaces must have pipes
//@TODO: properly handle boolean operators here. //@TODO: properly handle boolean operators here.