tmdinosaurcenter
/
tainacan
mirror of https://github.com/tainacan/tainacan
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

fix: avoid inject SQL in search

This commit is contained in:
vnmedeiros 2024-08-27 23:37:42 -03:00
parent c27fecf644
commit b87f3f4817
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/classes/api/endpoints/class-tainacan-rest-background-processes-controller.php
View File

@ -192,8 +192,8 @@ class REST_Background_Processes_Controller extends REST_Controller {
$process_type = ''; $process_type = '';
if (isset($request['search'])) { if (isset($request['search'])) {
$name = $request['search']; $name = $request['search'];
$process_type = "AND name LIKE '%$name%'"; $search_term_like = '%' . $wpdb->esc_like($name) . '%';
$process_type = $wpdb->prepare($process_type); $process_type = $wpdb->prepare("AND name LIKE %s", $search_term_like);
} }
$recent_q = ''; $recent_q = '';