r4544 MediaWiki - Code Review archive

Repository:	MediaWiki
Revision:	< r4543‎ \| r4544 \| r4545 >
Date:	19:17, 6 August 2004
Author:	vibber
Status:	old
Tags:
Comment:	Protect against SQL insertion attacks in page move category update.
Modified paths:	/trunk/phase3/includes/Title.php (modified) (history)

Diff [purge]

Index: trunk/phase3/includes/Title.php
—	—	@@ -902,7 +902,9 @@
903	903	# Fixing category links (those without piped 'alternate' names) to be sorted under the new title
904	904
905	905	$dbw =& wfGetDB( DB_MASTER );
906		~~- $sql = "UPDATE categorylinks SET cl_sortkey=\"" . $nt->getPrefixedText() . "\" WHERE cl_from=\"" .$this->getArticleID() . "\" AND cl_sortkey=\"" . $this->getPrefixedText() . "\"" ;~~
	906	+ $sql = "UPDATE categorylinks SET cl_sortkey=" . $dbw->addQuotes( $nt->getPrefixedText() ) .
	907	+ " WHERE cl_from=" . $dbw->addQuotes( $this->getArticleID() ) .
	908	+ " AND cl_sortkey=" . $dbw->addQuotes( $this->getPrefixedText() );
907	909	$dbw->query( $sql, "SpecialMovepage::doSubmit" );
908	910
909	911

01:56, 13 October 2010 😂 (talk | contribs) changed the status of r4544 [removed: new added: old]