Skip to content
Permalink
Browse files Browse the repository at this point in the history
Fixed information disclosure by SQL injection
  • Loading branch information
luc committed Jul 1, 2007
1 parent 610d7bc commit 3e8f071
Showing 1 changed file with 3 additions and 3 deletions.
6 changes: 3 additions & 3 deletions search.php
Expand Up @@ -34,7 +34,7 @@


##### Show matching Domains first #######
$query = "SELECT * FROM domain AS a WHERE domain_name LIKE '%".$_GET['searchstring']."%' AND ".$allowed_domains1."') ORDER BY domain_name";
$query = "SELECT * FROM domain AS a WHERE domain_name LIKE '%".addslashes($_GET['searchstring'])."%' AND ".$allowed_domains1."') ORDER BY domain_name";
$result = $handle->query($query);
$cnt = $result->numRows();

Expand Down Expand Up @@ -105,15 +105,15 @@
print "</table>";

############ And now show the users matching the search query ###########
$query = "SELECT DISTINCT a.username, a.domain_name FROM virtual as v, accountuser as a WHERE ((v.username LIKE '%".$_GET['searchstring']."%') OR (v.alias LIKE '%".$_GET['searchstring']."%')) AND (v.username=a.username) AND ".$allowed_domains1."') ORDER BY username";
$query = "SELECT DISTINCT a.username, a.domain_name FROM virtual as v, accountuser as a WHERE ((v.username LIKE '%".addslashes($_GET['searchstring'])."%') OR (v.alias LIKE '%".addslashes($_GET['searchstring'])."%')) AND (v.username=a.username) AND ".$allowed_domains1."') ORDER BY username";
$result = $handle->query($query);
$total = $result->numRows();

print "<h3>"._("Total users matching").": ".$total."</h3>";
if (empty($row_pos)) {
$row_pos = 0;
}
$query = "SELECT DISTINCT a.* FROM virtual as v, accountuser as a WHERE ((v.username LIKE '%".$_GET['searchstring']."%') OR (v.alias LIKE '%".$_GET['searchstring']."%')) AND (v.username=a.username) AND ".$allowed_domains1."') ORDER BY username";
$query = "SELECT DISTINCT a.* FROM virtual as v, accountuser as a WHERE ((v.username LIKE '%".$_GET['searchstring']."%') OR (v.alias LIKE '%".addslashes($_GET['searchstring'])."%')) AND (v.username=a.username) AND ".$allowed_domains1."') ORDER BY username";
$result = $handle->limitQuery($query,$row_pos,10);
$cnt = $result->numRows();

Expand Down

0 comments on commit 3e8f071

Please sign in to comment.