ro/ForRo
1
0
Fork 0
forked from projects/thebadspace
Code Pull requests Activity

SQL Exploit Patch

Browse source 
Quick fix to patch up a common SQL exploit.
This commit is contained in:
Ro 2023-09-21 13:46:14 -07:00
parent 572f7c5027
commit 1c904e5e51
No known key found for this signature in database
GPG key ID: 29B551CDBD4D3B50
1 changed files with 1 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
app/Http/Controllers/FrontIndexController.php
View file

@ -34,9 +34,8 @@ class FrontIndexController extends Controller
$rawSearch = $terms; $rawSearch = $terms;
$terms = str_replace(",", "", $terms); $terms = str_replace(",", "", $terms);
$terms = str_replace(" ", "|", $terms); $terms = str_replace(" ", "|", $terms);
$raw = DB::select("SELECT * FROM searchlocations('$terms')"); $raw = DB::select("SELECT * FROM searchlocations(?)", [$terms]);
$results = []; $results = [];
foreach ($raw as $item) { foreach ($raw as $item) {
if ($item->block_count > 2) { if ($item->block_count > 2) {
array_push($results, $item); array_push($results, $item);