Skip to content
Permalink
Browse files Browse the repository at this point in the history
fix security vulnerability in order search and editor preview; report…
…ed by fyth
  • Loading branch information
dleffler committed Nov 3, 2016
1 parent 66f72dc commit 3b3557e
Show file tree
Hide file tree
Showing 2 changed files with 3 additions and 1 deletion.
Expand Up @@ -171,7 +171,7 @@ function preview()
$demo->skin = 'lightgray';
}
} else {
$demo = self::getEditorSettings($this->params['id'], $this->params['editor']);
$demo = self::getEditorSettings($this->params['id'], expString::escape($this->params['editor']));
}
assign_to_template(
array(
Expand Down
2 changes: 2 additions & 0 deletions framework/modules/ecommerce/controllers/orderController.php
Expand Up @@ -2133,6 +2133,7 @@ public function search() {
// global $db, $user;
global $db;

$this->params['query'] = expString::escape($this->params['query']);
$sql = "select DISTINCT(a.id) as id, a.firstname as firstname, a.middlename as middlename, a.lastname as lastname, a.organization as organization, a.email as email ";
$sql .= "from " . $db->prefix . "addresses as a "; //R JOIN " .
//$db->prefix . "billingmethods as bm ON bm.addresses_id=a.id ";
Expand All @@ -2156,6 +2157,7 @@ public function search_external() {
// global $db, $user;
global $db;

$this->params['query'] = expString::escape($this->params['query']);
$sql = "select DISTINCT(a.id) as id, a.source as source, a.firstname as firstname, a.middlename as middlename, a.lastname as lastname, a.organization as organization, a.email as email ";
$sql .= "from " . $db->prefix . "external_addresses as a "; //R JOIN " .
//$db->prefix . "billingmethods as bm ON bm.addresses_id=a.id ";
Expand Down

0 comments on commit 3b3557e

Please sign in to comment.