aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorbrettp <brettp@36083f99-b078-4883-b0ff-0f9b5a30f544>2009-09-23 16:18:23 +0000
committerbrettp <brettp@36083f99-b078-4883-b0ff-0f9b5a30f544>2009-09-23 16:18:23 +0000
commitf1c82682b831ac7b0340746efac93495cf618c07 (patch)
treed86d511783d04749c0f2ff2c84f4422f6aa9de8f
parentf9e4047fabe515aa32e8997de66ae8bd7f15990d (diff)
downloadelgg-f1c82682b831ac7b0340746efac93495cf618c07.tar.gz
elgg-f1c82682b831ac7b0340746efac93495cf618c07.tar.bz2
Updated the user picker to avoid possible mysql injection attacks and to search only by leading chars.
git-svn-id: http://code.elgg.org/elgg/trunk@3494 36083f99-b078-4883-b0ff-0f9b5a30f544
-rw-r--r--engine/lib/input.php13
1 files changed, 9 insertions, 4 deletions
diff --git a/engine/lib/input.php b/engine/lib/input.php
index fd33cb3d7..49eb63f13 100644
--- a/engine/lib/input.php
+++ b/engine/lib/input.php
@@ -177,6 +177,11 @@
if (!$q = get_input('q')) {
exit;
}
+
+ $q = mysql_real_escape_string($q);
+
+ // replace mysql vars with escaped strings
+ $q = str_replace(array('_', '%'), array('\_', '\%'), $q);
$match_on = get_input('match_on', 'all');
if ($match_on == 'all' || $match_on[0] == 'all') {
@@ -214,7 +219,7 @@
WHERE e.guid = ue.guid
AND e.enabled = 'yes'
AND ue.banned = 'no'
- AND (ue.name LIKE '%$q%' OR ue.username LIKE '$q%')
+ AND (ue.name LIKE '$q%' OR ue.username LIKE '$q%')
LIMIT $limit
";
@@ -241,7 +246,7 @@
WHERE e.guid = ge.guid
AND e.enabled = 'yes'
$owner_where
- AND (ge.name LIKE '%$q%' OR ge.description LIKE '%$q%')
+ AND (ge.name LIKE '$q%' OR ge.description LIKE '%$q%')
LIMIT $limit
";
if ($entities = get_data($query)) {
@@ -268,7 +273,7 @@
AND e.guid = ue.guid
AND e.enabled = 'yes'
AND ue.banned = 'no'
- AND (ue.name LIKE '%$q%' OR ue.username LIKE '$q%')
+ AND (ue.name LIKE '$q%' OR ue.username LIKE '$q%')
LIMIT $limit
";
@@ -368,4 +373,4 @@
register_elgg_event_handler('init','system','input_init');
-?> \ No newline at end of file
+?>