Potential SQL injection in Local_group::setNickname()
authorJoshua Wise <jwise@nvidia.com>
Tue, 16 Jul 2013 17:09:16 +0000 (10:09 -0700)
committerEvan Prodromou <evan@e14n.com>
Tue, 16 Jul 2013 17:09:16 +0000 (10:09 -0700)
commit783e400d941264ac6c949994e5a28972ccc2754a
tree01b83ce8ff3a544086ea181f469ad910e782036d
parent540b90dbd9add21e4f0184d97bfa7f16d78c1e29
Potential SQL injection in Local_group::setNickname()

This change escapes a parameter in Local_group::setNickname(). Review
of the code paths that call this function sanitize the parameter
higher up the stack, but it's escaped here to prevent mistakes later.

Note that nickname parameters are normally alphanum strings, so
there's not much danger in double-escaping them.
classes/Local_group.php