Escape argument to User::getTaggedSubscribers() to preven SQL injection
authorJoshua Wise <jwise@nvidia.com>
Tue, 16 Jul 2013 17:43:56 +0000 (10:43 -0700)
committerEvan Prodromou <evan@e14n.com>
Tue, 16 Jul 2013 18:34:40 +0000 (11:34 -0700)
commit01b972d1c4444b7a80f2c51573e9462ba378cfa0
tree5b7f11659f2f094b379d10f43aff048e9bd23870
parentf3a4598cb7c43371ba5976052114d8b1ed6e7ee1
Escape argument to User::getTaggedSubscribers() to preven SQL injection

This change escapes the argument to User::getTaggedSubscribers() to
prevent SQL injection attacks.

Both code paths up the stack fail to escape this parameter, so this is
a potential SQL injection attack.
classes/User.php