From 3e795f3f87a602b8ea77759f89fe0cb791b616ae Mon Sep 17 00:00:00 2001 From: brettp Date: Mon, 9 Nov 2009 21:07:29 +0000 Subject: Sanitising strings to avoid sql insertion hacks. git-svn-id: http://code.elgg.org/elgg/trunk@3646 36083f99-b078-4883-b0ff-0f9b5a30f544 --- mod/search/search_hooks.php | 6 +++--- mod/search/start.php | 3 +++ 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/mod/search/search_hooks.php b/mod/search/search_hooks.php index 46a26b5ef..95ef3fc85 100644 --- a/mod/search/search_hooks.php +++ b/mod/search/search_hooks.php @@ -68,7 +68,7 @@ function search_objects_hook($hook, $type, $value, $params) { function search_groups_hook($hook, $type, $value, $params) { global $CONFIG; - $query = $params['query']; + $query = sanitise_string($params['query']); $join = "JOIN {$CONFIG->dbprefix}groups_entity ge ON e.guid = ge.guid"; $params['joins'] = array($join); @@ -116,7 +116,7 @@ function search_groups_hook($hook, $type, $value, $params) { function search_users_hook($hook, $type, $value, $params) { global $CONFIG; - $query = $params['query']; + $query = sanitise_string($params['query']); $join = "JOIN {$CONFIG->dbprefix}users_entity ue ON e.guid = ue.guid"; $params['joins'] = array($join); @@ -216,7 +216,7 @@ function search_custom_types_tags_hook($hook, $type, $value, $params) { function search_comments_hook($hook, $type, $value, $params) { global $CONFIG; - $query = $params['query']; + $query = sanitise_string($params['query']); $params['annotation_names'] = array('generic_comment', 'group_topic_post'); $params['joins'] = array( diff --git a/mod/search/start.php b/mod/search/start.php index 02f7da494..aa76c13b2 100644 --- a/mod/search/start.php +++ b/mod/search/start.php @@ -334,6 +334,7 @@ function search_get_where_sql($table, $fields, $params) { // switch to literal mode if (strlen($query) < $CONFIG->search_info['min_chars']) { $likes = array(); + $query = sanitise_string($query); foreach ($fields as $field) { $likes[] = "$field LIKE '%$query%'"; } @@ -352,6 +353,8 @@ function search_get_where_sql($table, $fields, $params) { if (strlen($query) < 6) { //$options .= ' WITH QUERY EXPANSION'; } + $query = sanitise_string($query); + // if query is shorter than the ft_min_word_len switch to literal mode. $fields_str = implode(',', $fields); //$where = "($table.guid = e.guid AND (MATCH ($fields_str) AGAINST ('$query' $options)))"; -- cgit v1.2.3