Alexander Nicolaysen Sørnes : Escape input in searchForApplication()
Chris Morgan
cmorgan at winehq.org
Tue Jun 17 18:28:25 CDT 2008
Module: appdb
Branch: master
Commit: e646626c4a6e6cceb445fa06379708565a0d8f7f
URL: http://source.winehq.org/git/appdb.git/?a=commit;h=e646626c4a6e6cceb445fa06379708565a0d8f7f
Author: Alexander Nicolaysen Sørnes <alex at thehandofagony.com>
Date: Wed Jun 18 00:19:28 2008 +0200
Escape input in searchForApplication()
---
include/util.php | 6 +++---
1 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/include/util.php b/include/util.php
index 4009d1c..55af094 100644
--- a/include/util.php
+++ b/include/util.php
@@ -462,12 +462,12 @@ function searchForApplication($search_words)
FROM appFamily
WHERE appName != 'NONAME'
AND appFamily.state = 'accepted'
- AND (appName LIKE '%" . $search_words . "%'
- OR keywords LIKE '%" . $search_words . "%'";
+ AND (appName LIKE '%?%'
+ OR keywords LIKE '%?%'";
$sQuery.=" ) ORDER BY appName";
- $hResult = query_appdb($sQuery);
+ $hResult = query_parameters($sQuery, $search_words, $search_words);
return $hResult;
}
More information about the wine-cvs
mailing list