From 1c904e5e5197f4002725fde9376db86054086131 Mon Sep 17 00:00:00 2001
From: Ro <are0h@ubiqueros.com>
Date: Thu, 21 Sep 2023 13:46:14 -0700
Subject: [PATCH] SQL Exploit Patch

Quick fix to patch up a common SQL exploit.
---
 app/Http/Controllers/FrontIndexController.php | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/app/Http/Controllers/FrontIndexController.php b/app/Http/Controllers/FrontIndexController.php
index b8b058e..4e92fef 100644
--- a/app/Http/Controllers/FrontIndexController.php
+++ b/app/Http/Controllers/FrontIndexController.php
@@ -34,9 +34,8 @@ class FrontIndexController extends Controller
         $rawSearch = $terms;
         $terms     = str_replace(",", "", $terms);
         $terms     = str_replace(" ", "|", $terms);
-        $raw       = DB::select("SELECT * FROM searchlocations('$terms')");
+        $raw       = DB::select("SELECT * FROM searchlocations(?)", [$terms]);
         $results   = [];
-
         foreach ($raw as $item) {
             if ($item->block_count > 2) {
                 array_push($results, $item);