Permalink
Browse files

BUGFIX Consistently using Convert::raw2sql() instead of DB::getConn()…

…->addslashes() or PHP's deprecated addslashes() for database escaping
  • Loading branch information...
1 parent aefda19 commit ad88e289070f73c1f2164933544ee5f17467a09d @chillu chillu committed Sep 15, 2011
Showing with 1 addition and 1 deletion.
  1. +1 −1 code/search/AdvancedSearchForm.php
@@ -82,7 +82,7 @@ public function getResults($numPerPage = 10) {
foreach($_REQUEST['OnlyShow'] as $section => $checked) {
$items = explode(",", $section);
foreach($items as $item) {
- $page = DataObject::get_one('SiteTree', "\"URLSegment\" = '" . DB::getConn()->addslashes($item) . "'");
+ $page = DataObject::get_one('SiteTree', "\"URLSegment\" = '" . Convert::raw2sql($item) . "'");
$pageList[] = $page->ID;
if(!$page) user_error("Can't find a page called '$item'", E_USER_WARNING);
$page->loadDescendantIDListInto($pageList);

0 comments on commit ad88e28

Please sign in to comment.