Web   ·   Wiki   ·   Activities   ·   Blog   ·   Lists   ·   Chat   ·   Meeting   ·   Bugs   ·   Git   ·   Translate   ·   Archive   ·   People   ·   Donate
summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorwclouser@mozilla.com <wclouser@mozilla.com@4eb1ac78-321c-0410-a911-ec516a8615a5>2009-06-10 17:28:41 (GMT)
committer wclouser@mozilla.com <wclouser@mozilla.com@4eb1ac78-321c-0410-a911-ec516a8615a5>2009-06-10 17:28:41 (GMT)
commite3b282413aa99904d8b611da06907dc74e508600 (patch)
tree448a550638d2c6a5b3d879806c82c0200b33cc4b
parent3c2b5ff798285f71b100dadd349cf073a4ebb02f (diff)
sanitize query terms
git-svn-id: http://svn.mozilla.org/addons/trunk@27480 4eb1ac78-321c-0410-a911-ec516a8615a5
Diffstat
-rw-r--r--site/app/controllers/components/search.php4
1 files changed, 2 insertions, 2 deletions
diff --git a/site/app/controllers/components/search.php b/site/app/controllers/components/search.php
index 25393d6..20f25ab 100644
--- a/site/app/controllers/components/search.php
+++ b/site/app/controllers/components/search.php
@@ -186,7 +186,7 @@ class SearchComponent extends Object {
// now initialize compoents of SQL query
$_selects = $_orderby = $_joins = $_where = array();
- $_orderby[] = '(LOWER(a.name) = \''.$terms.'\') DESC';
+ $_orderby[] = '(LOWER(a.name) = \''.$this->controller->Sanitize->sql($terms).'\') DESC';
$_orderby[] = '(a.status='.STATUS_PUBLIC.') DESC'; // show public add-ons first
$_orderby[] = "(a.name LIKE '%".implode(' ', $_termarray)."%') DESC"; // sort exact name hits first
@@ -402,7 +402,7 @@ class SearchComponent extends Object {
// now initialize compoents of SQL query
$_selects = $_orderby = $_where = array();
- $_orderby[] = '(LOWER(c.name) = \''.$terms.'\') DESC';
+ $_orderby[] = '(LOWER(c.name) = \''.$this->controller->Sanitize->sql($terms).'\') DESC';
$_orderby[] = "(c.name LIKE '%".implode(' ', $_termarray)."%') DESC"; // sort exact name hits first
if (!$locale) {
generated by cgit v0.9.1 at 2024-05-02 19:13:22 (GMT)