Permalink
Browse files

[MDL-23130]

Fixing problems of sql injection.
  • Loading branch information...
1 parent b7315f3 commit 75b986e7f54d747e65aaae7568f255ad1af853d5 Jordi Piguillem committed Jul 30, 2010
Showing with 6 additions and 9 deletions.
  1. +6 −9 mod/wiki/locallib.php
View
@@ -499,9 +499,8 @@ function wiki_get_orphaned_pages($swid) {
*/
function wiki_search_title($swid, $search) {
global $DB;
- // @TODO: Fix this query
- return $DB->get_records_select('wiki_pages', "subwikiid=$swid AND title LIKE '%$search%'");
- //return $DB->get_records_select('wiki_pages', "subwikiid = ? AND title LIKE '%?%'", array($swid, $search));
+
+ return $DB->get_records_select('wiki_pages', "subwikiid = ? AND title LIKE ?", array($swid, '%'.$search.'%'));
}
/**
@@ -511,9 +510,8 @@ function wiki_search_title($swid, $search) {
*/
function wiki_search_content($swid, $search) {
global $DB;
- // @TODO: Fix this query
- return $DB->get_records_select('wiki_pages', "subwikiid=$swid AND cachedcontent LIKE '%$search%'");
- //return $DB->get_records_select('wiki_pages', "subwikiid = ? AND cachedcontent LIKE '%?%'", array($swid, $search));
+
+ return $DB->get_records_select('wiki_pages', "subwikiid = ? AND cachedcontent LIKE ?", array($swid, '%'.$search.'%'));
}
/**
@@ -523,9 +521,8 @@ function wiki_search_content($swid, $search) {
*/
function wiki_search_all($swid, $search) {
global $DB;
- // @TODO: Fix this query
- return $DB->get_records_select('wiki_pages', "subwikiid=$swid AND (cachedcontent LIKE '%$search%' OR title LIKE '%$search%')");
- //return $DB->get_records_select('wiki_pages', "subwikiid = ? AND (cachedcontent LIKE '%?%' OR title LIKE '%?%')", array($swid, $search, $search));
+
+ return $DB->get_records_select('wiki_pages', "subwikiid = ? AND (cachedcontent LIKE ? OR title LIKE ?)", array($swid, '%'.$search.'%', '%'.$search.'%'));
}
/**

0 comments on commit 75b986e

Please sign in to comment.