Escape argument to prevent SQL injection attack in
authorJoshua Wise <jwise@nvidia.com>
Tue, 16 Jul 2013 17:47:29 +0000 (10:47 -0700)
committerEvan Prodromou <evan@e14n.com>
Tue, 16 Jul 2013 18:34:15 +0000 (11:34 -0700)
commitf3a4598cb7c43371ba5976052114d8b1ed6e7ee1
tree997c3e20abaf09af2f6a6092191040785ef0373c
parentb2c5b9de52ba4c3dac7d557978d27186dee01312
Escape argument to prevent SQL injection attack in
User::getTaggedSubscriptions()

This change escapes the $tag argument to prevent a SQL injection
attack in User::getTaggedSubscriptions(). The parameter was not
escaped higher up the stack, so this vulnerability could be exploited.
classes/User.php