Commit 76811dba authored by Mame Coumba Sall's avatar Mame Coumba Sall

Modif suggested by Kazuhiko to avoid SQL injection vulnerability

parent 7cafcbd1
......@@ -86,7 +86,7 @@ FROM\n
AND <dtml-var "query[\'where_expression\']">\n
</dtml-if>\n
AND\n
MATCH(SearchableText) AGAINST(<dtml-let reference="\'%s\' % reference"><dtml-sqlvar reference type=string></dtml-let> IN BOOLEAN MODE)\n
MATCH(SearchableText) AGAINST(<dtml-sqlvar reference type=string> IN BOOLEAN MODE)\n
AND\n
<dtml-sqltest reference op=ne type=string>\n
ORDER BY reference, language_order DESC, version DESC, revision DESC\n
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment