BUGFIX Consistently using Convert::raw2sql() instead of DB::getConn()->addslashes() or PHP's deprecated addslashes() for database escaping

2024-10-22 11:05:53 +02:00 · 2011-09-15 14:16:28 +02:00 · 2011-09-15 14:16:28 +02:00 · ad88e28907
commit ad88e28907
parent aefda19ffa
1 changed files with 1 additions and 1 deletions
--- a/code/search/AdvancedSearchForm.php
+++ b/code/search/AdvancedSearchForm.php
@ -82,7 +82,7 @@ class AdvancedSearchForm extends SearchForm {
 	 		foreach($_REQUEST['OnlyShow'] as $section => $checked) {
 	 			$items = explode(",", $section);
 	 			foreach($items as $item) {
-	 				$page = DataObject::get_one('SiteTree', "\"URLSegment\" = '" . DB::getConn()->addslashes($item) . "'");
+	 				$page = DataObject::get_one('SiteTree', "\"URLSegment\" = '" . Convert::raw2sql($item) . "'");
 	 				$pageList[] = $page->ID;
 	 				if(!$page) user_error("Can't find a page called '$item'", E_USER_WARNING);
 	 				$page->loadDescendantIDListInto($pageList);