diff options
author | wclouser@mozilla.com <wclouser@mozilla.com@4eb1ac78-321c-0410-a911-ec516a8615a5> | 2009-06-10 17:28:41 (GMT) |
---|---|---|
committer | wclouser@mozilla.com <wclouser@mozilla.com@4eb1ac78-321c-0410-a911-ec516a8615a5> | 2009-06-10 17:28:41 (GMT) |
commit | e3b282413aa99904d8b611da06907dc74e508600 (patch) | |
tree | 448a550638d2c6a5b3d879806c82c0200b33cc4b | |
parent | 3c2b5ff798285f71b100dadd349cf073a4ebb02f (diff) |
sanitize query terms
git-svn-id: http://svn.mozilla.org/addons/trunk@27480 4eb1ac78-321c-0410-a911-ec516a8615a5
-rw-r--r-- | site/app/controllers/components/search.php | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/site/app/controllers/components/search.php b/site/app/controllers/components/search.php index 25393d6..20f25ab 100644 --- a/site/app/controllers/components/search.php +++ b/site/app/controllers/components/search.php @@ -186,7 +186,7 @@ class SearchComponent extends Object { // now initialize compoents of SQL query $_selects = $_orderby = $_joins = $_where = array(); - $_orderby[] = '(LOWER(a.name) = \''.$terms.'\') DESC'; + $_orderby[] = '(LOWER(a.name) = \''.$this->controller->Sanitize->sql($terms).'\') DESC'; $_orderby[] = '(a.status='.STATUS_PUBLIC.') DESC'; // show public add-ons first $_orderby[] = "(a.name LIKE '%".implode(' ', $_termarray)."%') DESC"; // sort exact name hits first @@ -402,7 +402,7 @@ class SearchComponent extends Object { // now initialize compoents of SQL query $_selects = $_orderby = $_where = array(); - $_orderby[] = '(LOWER(c.name) = \''.$terms.'\') DESC'; + $_orderby[] = '(LOWER(c.name) = \''.$this->controller->Sanitize->sql($terms).'\') DESC'; $_orderby[] = "(c.name LIKE '%".implode(' ', $_termarray)."%') DESC"; // sort exact name hits first if (!$locale) { |