forked from projects/thebadspace
SQL Exploit Patch
Quick fix to patch up a common SQL exploit.
This commit is contained in:
parent
572f7c5027
commit
1c904e5e51
1 changed files with 1 additions and 2 deletions
|
@ -34,9 +34,8 @@ class FrontIndexController extends Controller
|
|||
$rawSearch = $terms;
|
||||
$terms = str_replace(",", "", $terms);
|
||||
$terms = str_replace(" ", "|", $terms);
|
||||
$raw = DB::select("SELECT * FROM searchlocations('$terms')");
|
||||
$raw = DB::select("SELECT * FROM searchlocations(?)", [$terms]);
|
||||
$results = [];
|
||||
|
||||
foreach ($raw as $item) {
|
||||
if ($item->block_count > 2) {
|
||||
array_push($results, $item);
|
||||
|
|
Loading…
Reference in a new issue