diff options
author | ctrlaltca <ctrlaltca@gmail.com> | 2014-08-26 16:59:21 +0200 |
---|---|---|
committer | ctrlaltca <ctrlaltca@gmail.com> | 2014-08-26 16:59:21 +0200 |
commit | 74b31be9515eddfa63005d6760614badfaba9fea (patch) | |
tree | 47c952901dcb5eccd6dd8b7c6ee7e0b6bf176510 /demos/blog/protected/Common/BlogDataModule.php | |
parent | 2b11341614ac4a15be697fa8acad07055154ac54 (diff) | |
parent | 0c5026b55cde5c104f10686afd8b441568175d38 (diff) |
Backports for Prado 3.2.4
Diffstat (limited to 'demos/blog/protected/Common/BlogDataModule.php')
-rwxr-xr-x | demos/blog/protected/Common/BlogDataModule.php | 7 |
1 files changed, 3 insertions, 4 deletions
diff --git a/demos/blog/protected/Common/BlogDataModule.php b/demos/blog/protected/Common/BlogDataModule.php index a6312dcb..384ee83d 100755 --- a/demos/blog/protected/Common/BlogDataModule.php +++ b/demos/blog/protected/Common/BlogDataModule.php @@ -6,7 +6,6 @@ * @link http://www.pradosoft.com/ * @copyright Copyright © 2006 PradoSoft * @license http://www.pradosoft.com/license/ - * @version $Id: BlogDataModule.php 3189 2012-07-12 12:16:21Z ctrlaltca $ */ /** @@ -236,7 +235,7 @@ class BlogDataModule extends TModule public function queryPosts($postFilter,$categoryFilter,$orderBy,$limit) { - //FIXME this is insecure by design since it misses proper escaping + //FIXME this is insecure by design since it misses proper escaping $filter=''; if($postFilter!=='') $filter.=" AND $postFilter"; @@ -301,7 +300,7 @@ class BlogDataModule extends TModule public function queryPostCount($postFilter,$categoryFilter) { - //FIXME this is insecure by design since it misses proper escaping + //FIXME this is insecure by design since it misses proper escaping $filter=''; if($postFilter!=='') $filter.=" AND $postFilter"; @@ -424,7 +423,7 @@ class BlogDataModule extends TModule public function queryComments($filter,$orderBy,$limit) { - //FIXME this is insecure by design since it misses proper escaping + //FIXME this is insecure by design since it misses proper escaping if($filter!=='') $filter='WHERE '.$filter; $sql="SELECT * FROM tblComments $filter $orderBy $limit"; |