SQL Exploit Patch

Quick fix to patch up a common SQL exploit.
1 year ago · 1c904e5e51
parent 572f7c5027
commit 1c904e5e51
1 changed files with 1 additions and 2 deletions
--- a/app/Http/Controllers/FrontIndexController.php
+++ b/app/Http/Controllers/FrontIndexController.php
@ -34,9 +34,8 @@ class FrontIndexController extends Controller
        $rawSearch = $terms;
        $terms     = str_replace(",", "", $terms);
        $terms     = str_replace(" ", "|", $terms);
-        $raw       = DB::select("SELECT * FROM searchlocations('$terms')");
+        $raw       = DB::select("SELECT * FROM searchlocations(?)", [$terms]);
        $results   = [];
-
        foreach ($raw as $item) {
            if ($item->block_count > 2) {
                array_push($results, $item);