Fix SQL injection bug

author Jens Frank <jeluf@users.mediawiki.org>

Wed, 13 Oct 2004 21:30:18 +0000 (21:30 +0000)

committer Jens Frank <jeluf@users.mediawiki.org>

Wed, 13 Oct 2004 21:30:18 +0000 (21:30 +0000)
author Jens Frank <jeluf@users.mediawiki.org>
Wed, 13 Oct 2004 21:30:18 +0000 (21:30 +0000)
committer Jens Frank <jeluf@users.mediawiki.org>
Wed, 13 Oct 2004 21:30:18 +0000 (21:30 +0000)
diff --git a/includes/SpecialMaintenance.php b/includes/SpecialMaintenance.php

index 6f74bd5..3166c5a 100644 (file)
--- a/includes/SpecialMaintenance.php
+++ b/includes/SpecialMaintenance.php
@@ -269,7 +269,7 @@ function wfSpecialMissingLanguageLinks() {
  
         $sql = "SELECT cur_title FROM $cur " .
           "WHERE cur_namespace=0 AND cur_is_redirect=0 " .
-         "AND cur_title NOT LIKE '%/%' AND cur_text NOT LIKE '%[[{$thelang}:%' " .
+         "AND cur_title NOT LIKE '%/%' AND cur_text NOT LIKE '%[[" . wfStrencode( $thelang ) . ":%' " .
           "LIMIT {$offset}, {$limit}";
  
         $res = $dbr->query( $sql, $fname );
author	Jens Frank <jeluf@users.mediawiki.org>
	Wed, 13 Oct 2004 21:30:18 +0000 (21:30 +0000)
committer	Jens Frank <jeluf@users.mediawiki.org>
	Wed, 13 Oct 2004 21:30:18 +0000 (21:30 +0000)