Skip to content

Commit

Permalink
BUGFIX: escaped filename before querying with it - #ajoneil
Browse files Browse the repository at this point in the history 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.3@72190 467b73ca-7a2a-4603-9d3b-597d59a354a9
  • Loading branch information
Will Rossiter authored and Sam Minnee committed Feb 2, 2011
1 parent 027cf02 commit a2ffe58
Showing 1 changed file with 2 additions and 0 deletions.
2 changes: 2 additions & 0 deletions forms/HtmlEditorField.php
View file
Expand Up @@ -54,6 +54,8 @@ function Field() {
} else if($link[0] == '/') {
$broken = true;
} else if(ereg('^assets/',$link)) {
$link = str_replace(array('%20', '%5C', '%27'), array(' ', '\\', '\''), $link);
$link = Convert::raw2sql($link);
if(!DataObject::get_one("File", "Filename = '$link'", false)) {
$broken = true;
}
Expand Down

0 comments on commit a2ffe58

Please sign in to comment.