[SS-2017-008] Fix SQL injection in search engine

This commit is contained in:
Daniel Hensby 2017-11-21 15:34:59 +00:00
parent e3bebfe453
commit ee356b1ad7
No known key found for this signature in database
GPG Key ID: B00D1E9767F0B06E

View File

@ -261,6 +261,9 @@ class PostgreSQLDatabase extends SS_Database {
* @return object DataObjectSet of result pages
*/
public function searchEngine($classesToSearch, $keywords, $start, $pageLength, $sortBy = "ts_rank DESC", $extraFilter = "", $booleanSearch = false, $alternativeFileFilter = "", $invertedMatch = false) {
$start = (int)$start;
$pageLength = (int)$pageLength;
//Fix the keywords to be ts_query compatitble:
//Spaces must have pipes
//@TODO: properly handle boolean operators here.