Private GIT

Skip to content
Snippets Groups Projects
Commit 98c4ea5e authored by Stephane Chapron's avatar Stephane Chapron
Browse files

Fix SQL injection in Graph Template

parent 99ad8e78
Branches
Tags 2.8.0
No related merge requests found
Show whitespace changes
Inline Side-by-side
www/include/views/graphTemplates/listGraphTemplates.php
+ 2
2
View file @ 98c4ea5e
...@@ -43,7 +43,7 @@ $SearchTool = null; ...@@ -43,7 +43,7 @@ $SearchTool = null;
$search = ''; $search = '';
if (isset($_POST['searchGT']) && $_POST['searchGT']) { if (isset($_POST['searchGT']) && $_POST['searchGT']) {
$search = $_POST['searchGT']; $search = $_POST['searchGT'];
$SearchTool = " WHERE name LIKE '%".$search."%'"; $SearchTool = " WHERE name LIKE '%" . $pearDB->escape($search) . "%'";
} }
$res = $pearDB->query("SELECT COUNT(*) FROM giv_graphs_template".$SearchTool); $res = $pearDB->query("SELECT COUNT(*) FROM giv_graphs_template".$SearchTool);
...@@ -140,7 +140,7 @@ $o2 = $form->getElement('o2'); ...@@ -140,7 +140,7 @@ $o2 = $form->getElement('o2');
$o2->setValue(null); $o2->setValue(null);
$tpl->assign('limit', $limit); $tpl->assign('limit', $limit);
$tpl->assign('searchGT', $search); $tpl->assign('searchGT', htmlentities($search));
/* /*
* Apply a template definition * Apply a template definition
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment

Another place to be (or not)