On Sun 27 Sep 2009 20:59 -0700, elij wrote:
Fix for maintainer search ticket: FS#15947 Also http://mailman.archlinux.org/pipermail/aur-dev/2009-September/000892.html --- web/lib/aurjson.class.php | 41 ++++++++++++++++++++++++++++++++++------- 1 files changed, 34 insertions(+), 7 deletions(-)
diff --git a/web/lib/aurjson.class.php b/web/lib/aurjson.class.php index 5b9ecd1..3af41be 100644 --- a/web/lib/aurjson.class.php +++ b/web/lib/aurjson.class.php @@ -128,13 +127,13 @@ class AurJSON { // just using sprintf to coerce the pqd to an int // should handle sql injection issues, since sprintf will // bork if not an int, or convert the string to a number 0 - $query_stub = sprintf("ID=%d",$pqdata); + $query_stub = "ID={$pqdata}"; } else { if(get_magic_quotes_gpc()) { $pqdata = stripslashes($pqdata); } - $query_stub = sprintf("Name=\"%s\"", + $query_stub = printf("Name=\"%s\"", mysql_real_escape_string($pqdata)); }
Hah. printf returns an integer, but we really want a string here. I've pushed the fix. (Change to sprintf again) Cheers.