Escape query parameters in Profile_tag::getTagged()
authorJoshua Wise <jwise@nvidia.com>
Tue, 16 Jul 2013 17:35:44 +0000 (10:35 -0700)
committerEvan Prodromou <evan@e14n.com>
Tue, 16 Jul 2013 17:35:44 +0000 (10:35 -0700)
commite54cb6958a90934ecfffcfd0074e7dc09d96c13b
treeb26619f3c87686569c83efabe4c62a81d7cebd87
parent5b118b3781d888a97f713b32e76a8604e1e4c0f5
Escape query parameters in Profile_tag::getTagged()

This patch escapes query parameters in Profile_tag::getTagged(). This
is an extra security step; since these parameters come out of the
database, it's unlikely that they would have dangerous data in them.
classes/Profile_tag.php