mirror of
https://github.com/silverstripe/silverstripe-postgresql
synced 2024-10-22 17:05:45 +02:00
[SS-2017-008] Fix SQL injection in search engine
This commit is contained in:
parent
e3bebfe453
commit
ee356b1ad7
@ -261,6 +261,9 @@ class PostgreSQLDatabase extends SS_Database {
|
|||||||
* @return object DataObjectSet of result pages
|
* @return object DataObjectSet of result pages
|
||||||
*/
|
*/
|
||||||
public function searchEngine($classesToSearch, $keywords, $start, $pageLength, $sortBy = "ts_rank DESC", $extraFilter = "", $booleanSearch = false, $alternativeFileFilter = "", $invertedMatch = false) {
|
public function searchEngine($classesToSearch, $keywords, $start, $pageLength, $sortBy = "ts_rank DESC", $extraFilter = "", $booleanSearch = false, $alternativeFileFilter = "", $invertedMatch = false) {
|
||||||
|
$start = (int)$start;
|
||||||
|
$pageLength = (int)$pageLength;
|
||||||
|
|
||||||
//Fix the keywords to be ts_query compatitble:
|
//Fix the keywords to be ts_query compatitble:
|
||||||
//Spaces must have pipes
|
//Spaces must have pipes
|
||||||
//@TODO: properly handle boolean operators here.
|
//@TODO: properly handle boolean operators here.
|
||||||
|
Loading…
Reference in New Issue
Block a user