search

chief-nerd / Tabbie2

The Tabbie2 project main repo
https://www.tabbie.org
19 stars 10 forks source link

Fix insecure queries #86

Closed frijjoasis closed 5 years ago

frijjoasis commented 6 years ago

Let Yii deal with potential bad guys by passing user input to it as a parameter. This ensures proper sanitisation. The excessive use of CONCAT is necessary so Yii doesn't recognise the % symbols as parameters.

chief-nerd commented 5 years ago

Thanks for the contribution! -- that was a critical fix