Escape argument to prevent SQL injection attack in
authorJoshua Wise <jwise@nvidia.com>
Tue, 16 Jul 2013 17:47:29 +0000 (10:47 -0700)
committerEvan Prodromou <evan@e14n.com>
Tue, 16 Jul 2013 17:47:29 +0000 (10:47 -0700)
commit89ba820246978d01bfd56501a6a12f1ae5384090
tree1cb90ce4169281f5bd5814c9a131fde6e4228a59
parent4a30da924a52b16fb863649e5f5da14b26ab70c4
Escape argument to prevent SQL injection attack in
User::getTaggedSubscriptions()

This change escapes the $tag argument to prevent a SQL injection
attack in User::getTaggedSubscriptions(). The parameter was not
escaped higher up the stack, so this vulnerability could be exploited.
classes/User.php