Skip to content
Permalink
Browse files Browse the repository at this point in the history
Fixed SQLi bug described in https://code.google.com/p/weblabyrinth/is…
…sues/detail?id=1 -- Whoops...
  • Loading branch information
bbj@mayhemiclabs.com committed May 7, 2011
1 parent bc89921 commit 60793fd
Showing 1 changed file with 5 additions and 4 deletions.
9 changes: 5 additions & 4 deletions labyrinth.inc.php
Expand Up @@ -45,11 +45,12 @@ public function Labyrinth($ip,$useragent){
global $config;
mt_srand(Labyrinth::MakeSeed());

$this->crawler_ip = $ip;
$this->crawler_useragent = $useragent;

$this->dbhandle = new SQLiteDatabase($config['tracking_db']);
$this->crawler_info = $this->dbhandle->query("SELECT crawler_ip FROM crawlers WHERE crawler_ip='$ip' AND crawler_useragent='$useragent'");

$this->crawler_ip = sqlite_escape_string($ip);
$this->crawler_useragent = sqlite_escape_string($useragent);

$this->crawler_info = $this->dbhandle->query("SELECT crawler_ip FROM crawlers WHERE crawler_ip='$this->ip' AND crawler_useragent='$this->useragent'");
}

function CheckForSearchEngines(){
Expand Down

0 comments on commit 60793fd

Please sign in to comment.