Skip to content
Permalink
Browse files Browse the repository at this point in the history
... Seriously we still had an SQL injection? ;_;
( http://jbovlaste.lojban.org/dict/listing.html?initial=u%27i failed with
an obvious injection error. )
  • Loading branch information
rlpowell committed Jun 2, 2018
1 parent 05426cd commit 6ff44c2
Showing 1 changed file with 2 additions and 1 deletion.
3 changes: 2 additions & 1 deletion dict/listing.html
Expand Up @@ -147,7 +147,8 @@
push @args, $type;
}
if(defined($initial)) {
push @conditions, "word LIKE '$initial%'";
push @conditions, "word LIKE ?";
push @args, ($initial . "%");
}

my $sql;
Expand Down

0 comments on commit 6ff44c2

Please sign in to comment.