Escape $tag passed to Profile::getTaggedSubscribers()
authorJoshua Wise <jwise@nvidia.com>
Tue, 16 Jul 2013 17:14:38 +0000 (10:14 -0700)
committerEvan Prodromou <evan@e14n.com>
Tue, 16 Jul 2013 17:14:38 +0000 (10:14 -0700)
commitc5a710e081079ae79ac84aa3628314bb803c0aed
tree13a6628148cfce5aeb8a5ec43a2f4837f32f327c
parent3fb2c06cba19106c2621921379704d18b37d1810
Escape $tag passed to Profile::getTaggedSubscribers()

This patch escapes the $tag parameter in
Profile::getTaggedSubscribers(). The parameter is not escaped either
in actions/subscriptions.php or in actions/apiuserfollowers.php. So
there is a potential for SQL injection here.
classes/Profile.php