projects
/
Pman.Core
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
| inline |
side by side
(parent:
780822b
)
fix SQL injection
author
Alan
<alan@roojs.com>
Thu, 23 Mar 2023 02:47:53 +0000
(10:47 +0800)
committer
Alan
<alan@roojs.com>
Thu, 23 Mar 2023 02:47:53 +0000
(10:47 +0800)
DataObjects/Core_person.php
patch
|
blob
|
history
diff --git
a/DataObjects/Core_person.php
b/DataObjects/Core_person.php
index
80187c3
..
0a499a4
100644
(file)
--- a/
DataObjects/Core_person.php
+++ b/
DataObjects/Core_person.php
@@
-1051,7
+1051,7
@@
class Pman_Core_DataObjects_Core_person extends DB_DataObject
// #2307 Search Country!!
if (!empty($q['query']['in_country'])) {
// DB_DataObject::debugLevel(1);
- $inc = $
q['query']['in_country']
;
+ $inc = $
this->escape($q['query']['in_country'])
;
$this->whereAdd("$tn_p.countries LIKE '%{$inc}%'");
}