From: Alan <alan@roojs.com>
Date: Thu, 23 Mar 2023 02:47:53 +0000 (+0800)
Subject: fix SQL injection
X-Git-Url: http://git.roojs.org/?p=Pman.Core;a=commitdiff_plain;h=775d38953fd7d413b7687ef6d1e97548ed9d88c5

fix SQL injection
---

diff --git a/DataObjects/Core_person.php b/DataObjects/Core_person.php
index 80187c3c..0a499a41 100644
--- a/DataObjects/Core_person.php
+++ b/DataObjects/Core_person.php
@@ -1051,7 +1051,7 @@ class Pman_Core_DataObjects_Core_person extends DB_DataObject
         // #2307 Search Country!!
         if (!empty($q['query']['in_country'])) {
             // DB_DataObject::debugLevel(1);
-            $inc = $q['query']['in_country'];
+            $inc = $this->escape($q['query']['in_country']);
             $this->whereAdd("$tn_p.countries LIKE '%{$inc}%'");
         }