Permalink
Browse files

FIX Prevent SQLi when no URL filters are applied

  • Loading branch information...
1 parent b6194c3 commit 114df8a3a5e4800ef7586c5d9c8d79798fd2a11d @ss23 ss23 committed Mar 19, 2014
Showing with 2 additions and 1 deletion.
  1. +2 −1 code/model/SiteTree.php
View
@@ -1584,9 +1584,10 @@ public function validURLSegment() {
}
}
+ $segment = Convert::raw2sql($this->URLSegment);
$existingPage = DataObject::get_one(
'SiteTree',
- "\"URLSegment\" = '$this->URLSegment' $IDFilter $parentFilter"
+ "\"URLSegment\" = '$segment' $IDFilter $parentFilter"
);
if ($existingPage) {
return false;

0 comments on commit 114df8a

Please sign in to comment.