fix(security): Correct SQL injection in freedomrss_search.php (refs #…

…6439)
dynacase-labs · Jun 9, 2016 · 750a9b3 · 750a9b3
1 parent 837ce01
commit 750a9b3
Showing 1 changed file with 3 additions and 4 deletions.
diff --git a/dynacase-webdesk-ui/Actions/WEBDESK/freedomrss_search.php b/dynacase-webdesk-ui/Actions/WEBDESK/freedomrss_search.php
@@ -16,10 +16,10 @@ function freedomrss_search(Action & $action)
     $user = GetHttpVars("user", $action->user->id);
     $lim = 10;
 
-    $filter[0] = "(title ~* '" . pg_escape_string($str) . "')";
+    $filter[0] = "(title ~* " . pg_escape_literal($str) . ")";
     $filter[1] = "(gui_isrss = 'yes')";
-    if ($sys == 1) $filter[2] = "(owner = " . pg_escape_string($user) . " or gui_sysrss = 'yes')";
-    else $filter[2] = "(owner = " . pg_escape_string($user) . ")";
+    if ($sys == 1) $filter[2] = "(owner = " . pg_escape_literal($user) . " or gui_sysrss = 'yes')";
+    else $filter[2] = "(owner = " . pg_escape_literal($user) . ")";
 
     $famids = array(
         "SEARCH",
@@ -67,4 +67,3 @@ function rssGetFamTitle($id)
     if (isset($t["title"])) return $t["title"];
     return "Family $id";
 }
-?>