SQL Exploit Patch

Quick fix to patch up a common SQL exploit.
develop
Ro 1 year ago
parent 572f7c5027
commit 1c904e5e51
Signed by: are0h
GPG Key ID: 29B551CDBD4D3B50

@ -34,9 +34,8 @@ class FrontIndexController extends Controller
$rawSearch = $terms; $rawSearch = $terms;
$terms = str_replace(",", "", $terms); $terms = str_replace(",", "", $terms);
$terms = str_replace(" ", "|", $terms); $terms = str_replace(" ", "|", $terms);
$raw = DB::select("SELECT * FROM searchlocations('$terms')"); $raw = DB::select("SELECT * FROM searchlocations(?)", [$terms]);
$results = []; $results = [];
foreach ($raw as $item) { foreach ($raw as $item) {
if ($item->block_count > 2) { if ($item->block_count > 2) {
array_push($results, $item); array_push($results, $item);

Loading…
Cancel
Save