mirror_php/moodle
1
0
Fork 0
mirror of https://github.com/moodle/moodle.git synced 2025-01-19 14:27:22 +01:00
Code Issues Projects Releases Wiki Activity

[MDL-23130]

Browse Source 
Fixing problems of sql injection.
This commit is contained in:
Jordi Piguillem 2010-07-30 12:10:18 +00:00
parent b7315f3502
commit 75b986e7f5
1 changed files with 6 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
mod/wiki/locallib.php
View File

@ -499,9 +499,8 @@ function wiki_get_orphaned_pages($swid) {
*/
function wiki_search_title($swid, $search) {
global $DB;
// @TODO: Fix this query
return $DB->get_records_select('wiki_pages', "subwikiid=$swid AND title LIKE '%$search%'");
//return $DB->get_records_select('wiki_pages', "subwikiid = ? AND title LIKE '%?%'", array($swid, $search));
return $DB->get_records_select('wiki_pages', "subwikiid = ? AND title LIKE ?", array($swid, '%'.$search.'%'));
}
/**
@ -511,9 +510,8 @@ function wiki_search_title($swid, $search) {
*/
function wiki_search_content($swid, $search) {
global $DB;
// @TODO: Fix this query
return $DB->get_records_select('wiki_pages', "subwikiid=$swid AND cachedcontent LIKE '%$search%'");
//return $DB->get_records_select('wiki_pages', "subwikiid = ? AND cachedcontent LIKE '%?%'", array($swid, $search));
return $DB->get_records_select('wiki_pages', "subwikiid = ? AND cachedcontent LIKE ?", array($swid, '%'.$search.'%'));
}
/**
@ -523,9 +521,8 @@ function wiki_search_content($swid, $search) {
*/
function wiki_search_all($swid, $search) {
global $DB;
// @TODO: Fix this query
return $DB->get_records_select('wiki_pages', "subwikiid=$swid AND (cachedcontent LIKE '%$search%' OR title LIKE '%$search%')");
//return $DB->get_records_select('wiki_pages', "subwikiid = ? AND (cachedcontent LIKE '%?%' OR title LIKE '%?%')", array($swid, $search, $search));
return $DB->get_records_select('wiki_pages', "subwikiid = ? AND (cachedcontent LIKE ? OR title LIKE ?)", array($swid, '%'.$search.'%', '%'.$search.'%'));
}
/**