Skip to content
Browse files

Potential fix for SQL Injetion attacks on search.

  • Loading branch information...
1 parent a110e3b commit 133f4d5afa59c5397c2876760c329478f98f135a @Datawalke committed Jan 12, 2013
Showing with 4 additions and 2 deletions.
  1. +4 −2 app/models/post.php
View
6 app/models/post.php
@@ -225,10 +225,12 @@ public function monsterSearch($type, $page, $search) {
));
}
} else {
+ $escapedNeedle = $this->getDataSource()->value($type['needle']);
+
return $this->find(
'all', array(
'conditions' => array(
- "match(content, title) against ('" . $type['needle'] . "')",
+ "MATCH(Post.content, Post.title) against (" . $escapedNeedle . " IN BOOLEAN MODE)",
'Post.type' => 'question',
'Post.flags <' => $flag_check['Setting']['value']),
'contain' => array(
@@ -240,7 +242,7 @@ public function monsterSearch($type, $page, $search) {
)
),
'fields' => array(
- "match(content, title) against('" . $type['needle'] . "') as relevance",
+ "match(Post.content, Post.title) against(" . $escapedNeedle . ") as relevance",
'Post.title', 'Post.views', 'Post.url_title', 'Post.public_key',
'Post.timestamp', 'User.username', 'User.public_key', 'User.image',
'User.reputation'),

0 comments on commit 133f4d5

Please sign in to comment.
Something went wrong with that request. Please try again.