From: Brion Vibber <brion@users.mediawiki.org>
Date: Mon, 22 Aug 2005 23:30:12 +0000 (+0000)
Subject: * (bug 3227) Fix SQL injection introduced in experimental code
X-Git-Tag: 1.6.0~1837
X-Git-Url: http://git.cyclocoop.org/%7B%24www_url%7Dadmin/compta/operations/?a=commitdiff_plain;h=8f0317681fd7afba7a74957cac75945869d4aaa2;p=lhc%2Fweb%2Fwiklou.git

* (bug 3227) Fix SQL injection introduced in experimental code
---

diff --git a/RELEASE-NOTES b/RELEASE-NOTES
index 988bf2481a..1a2d7ef738 100644
--- a/RELEASE-NOTES
+++ b/RELEASE-NOTES
@@ -44,6 +44,7 @@ Misc work going on.....
 * (bug 3216) Don't show empty warning page when no warnings.
 * (bug 3218) Use proper quoting on history Compare Revisions button
 * (bug 3220) Fix escaping of block URLs in Recentchanges
+* (bug 3227) Fix SQL injection introduced in experimental code
 
 
 === Caveats ===
diff --git a/includes/EditPage.php b/includes/EditPage.php
index 827740b841..df6d3a29cd 100644
--- a/includes/EditPage.php
+++ b/includes/EditPage.php
@@ -949,10 +949,10 @@ END
 			       'log_comment',
 			       'log_params',
 			       'user_name', ),
-			array( 'log_namespace="' . $this->mTitle->getNamespace() . '"',
-			       'log_title="' . $this->mTitle->getDBkey() . '"',
-			       'log_type="delete"',
-			       'log_action="delete"',
+			array( 'log_namespace' => $this->mTitle->getNamespace(),
+			       'log_title' => $this->mTitle->getDBkey(),
+			       'log_type' => 'delete',
+			       'log_action' => 'delete',
 			       'user_id=log_user' ),
 			$fname,
 			array( 'LIMIT' => 1, 'ORDER BY' => 'log_timestamp DESC' ) );