SQL Exploit Patch
Quick fix to patch up a common SQL exploit.
This commit is contained in:
parent
572f7c5027
commit
1c904e5e51
1 changed files with 1 additions and 2 deletions
|
@ -34,9 +34,8 @@ class FrontIndexController extends Controller
|
||||||
$rawSearch = $terms;
|
$rawSearch = $terms;
|
||||||
$terms = str_replace(",", "", $terms);
|
$terms = str_replace(",", "", $terms);
|
||||||
$terms = str_replace(" ", "|", $terms);
|
$terms = str_replace(" ", "|", $terms);
|
||||||
$raw = DB::select("SELECT * FROM searchlocations('$terms')");
|
$raw = DB::select("SELECT * FROM searchlocations(?)", [$terms]);
|
||||||
$results = [];
|
$results = [];
|
||||||
|
|
||||||
foreach ($raw as $item) {
|
foreach ($raw as $item) {
|
||||||
if ($item->block_count > 2) {
|
if ($item->block_count > 2) {
|
||||||
array_push($results, $item);
|
array_push($results, $item);
|
||||||
|
|
Loading…
Reference in a new issue