FIX Prevent SQLi when no URL filters are applied

silverstripe · Mar 19, 2014 · 114df8a · 114df8a
1 parent b6194c3
commit 114df8a
Showing 1 changed file with 2 additions and 1 deletion.
diff --git a/code/model/SiteTree.php b/code/model/SiteTree.php
@@ -1584,9 +1584,10 @@ public function validURLSegment() {
 			}
 		}
 
+		$segment = Convert::raw2sql($this->URLSegment);
 		$existingPage = DataObject::get_one(
 			'SiteTree', 
-			"\"URLSegment\" = '$this->URLSegment' $IDFilter $parentFilter"
+			"\"URLSegment\" = '$segment' $IDFilter $parentFilter"
 		);
 		if ($existingPage) {
 			return false;