Potential SQL injection in Local_group::setNickname()
authorJoshua Wise <jwise@nvidia.com>
Tue, 16 Jul 2013 17:09:16 +0000 (10:09 -0700)
committerEvan Prodromou <evan@e14n.com>
Tue, 16 Jul 2013 17:11:26 +0000 (10:11 -0700)
commit3fb2c06cba19106c2621921379704d18b37d1810
tree36a77d379ad85b79aaa8632bf1ee4b6acedfd5b9
parent4092ee1bd14d599357eb5ea25a29de71c325d703
Potential SQL injection in Local_group::setNickname()

This change escapes a parameter in Local_group::setNickname(). Review
of the code paths that call this function sanitize the parameter
higher up the stack, but it's escaped here to prevent mistakes later.

Note that nickname parameters are normally alphanum strings, so
there's not much danger in double-escaping them.
classes/Local_group.php