fix: avoid inject SQL in search
This commit is contained in:
parent
c27fecf644
commit
b87f3f4817
|
@ -192,8 +192,8 @@ class REST_Background_Processes_Controller extends REST_Controller {
|
||||||
$process_type = '';
|
$process_type = '';
|
||||||
if (isset($request['search'])) {
|
if (isset($request['search'])) {
|
||||||
$name = $request['search'];
|
$name = $request['search'];
|
||||||
$process_type = "AND name LIKE '%$name%'";
|
$search_term_like = '%' . $wpdb->esc_like($name) . '%';
|
||||||
$process_type = $wpdb->prepare($process_type);
|
$process_type = $wpdb->prepare("AND name LIKE %s", $search_term_like);
|
||||||
}
|
}
|
||||||
|
|
||||||
$recent_q = '';
|
$recent_q = '';
|
||||||
|
|
Loading…
Reference in New Issue