dépôts / lhc / web / wiklou.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 232cb19) | patch
SECURITY: Fix handling of CommentStore and insertSelect
authorBrad Jorsch <bjorsch@wikimedia.org>
Mon, 18 Sep 2017 14:14:02 +0000 (10:14 -0400)
committerTim Starling <tstarling@wikimedia.org>
Mon, 18 Sep 2017 23:32:29 +0000 (09:32 +1000)
commitd3642413a1c589466a9fc508737ab8c6f70d8439
tree58bf9215f354ca2d302f579762d80f7784274e10tree | snapshot
parent232cb19c0a27ee306984bda5bcd5c6c1815734e2commit | diff
SECURITY: Fix handling of CommentStore and insertSelect

CommentStore->insert() takes the raw comment, not quoted, and returns
fields appropriate for passing as $a to IDatabase->insert() or $values
to ->update(). Such fields need to be passed through
IDatabase->addQuotes() to be appropriate for passing in $varMap to
IDatabase->insertSelect().

Change-Id: Ie64b279ee7cf9c8c396af385e46c826e0597ab1e
includes/filerepo/file/LocalFile.php diff | blob | history
Wiklou, le Wiki du Wiklou