From 114df8a3a5e4800ef7586c5d9c8d79798fd2a11d Mon Sep 17 00:00:00 2001
From: Stephen Shkardoon <stephen@silverstripe.com>
Date: Wed, 19 Mar 2014 19:03:26 +1300
Subject: [PATCH] FIX Prevent SQLi when no URL filters are applied

---
 code/model/SiteTree.php | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/code/model/SiteTree.php b/code/model/SiteTree.php
index 5f27fd8a..02b51681 100644
--- a/code/model/SiteTree.php
+++ b/code/model/SiteTree.php
@@ -1584,9 +1584,10 @@ class SiteTree extends DataObject implements PermissionProvider,i18nEntityProvid
 			}
 		}
 		
+		$segment = Convert::raw2sql($this->URLSegment);
 		$existingPage = DataObject::get_one(
 			'SiteTree', 
-			"\"URLSegment\" = '$this->URLSegment' $IDFilter $parentFilter"
+			"\"URLSegment\" = '$segment' $IDFilter $parentFilter"
 		);
 		if ($existingPage) {
 			return false;