diff options
| author | Christian Fowler <spider@viovio.com> | 2009-08-03 20:40:21 +0000 |
|---|---|---|
| committer | Christian Fowler <spider@viovio.com> | 2009-08-03 20:40:21 +0000 |
| commit | 50dc5edbfabbea7adb45a7e1102c9c87afbc361d (patch) | |
| tree | 185592fcf56aa5bff65884fefa753eb61da291c4 | |
| parent | 20262f48b269a575f238708c1b2ecc14250f1810 (diff) | |
| download | tags-50dc5edbfabbea7adb45a7e1102c9c87afbc361d.tar.gz tags-50dc5edbfabbea7adb45a7e1102c9c87afbc361d.tar.bz2 tags-50dc5edbfabbea7adb45a7e1102c9c87afbc361d.zip | |
bounds checking on tag name length
| -rwxr-xr-x | LibertyTag.php | 14 |
1 files changed, 8 insertions, 6 deletions
diff --git a/LibertyTag.php b/LibertyTag.php index f7d1e91..35ad2bb 100755 --- a/LibertyTag.php +++ b/LibertyTag.php @@ -1,6 +1,6 @@ <?php /** - * @version $Header: /cvsroot/bitweaver/_bit_tags/LibertyTag.php,v 1.47 2009/05/04 12:35:37 lsces Exp $ + * @version $Header: /cvsroot/bitweaver/_bit_tags/LibertyTag.php,v 1.48 2009/08/03 20:40:21 spiderr Exp $ * @package tags * * @copyright Copyright (c) 2004-2006, bitweaver.org @@ -139,6 +139,12 @@ class LibertyTag extends LibertyBase { $ret = FALSE; $selectSql = ''; $joinSql = ''; $whereSql = ''; $bindVars = array(); + + // Bounds checking on tag name length + if( !empty( $pParamHash['tag'] ) && strlen( $pParamHash['tag'] ) > 64 ) { + $pParamHash['tag'] = substr( $pParamHash['tag'], 0, 64 ); + } + // if tag_id supplied, use that if( !empty( $pParamHash['tag_id'] ) && is_numeric( $pParamHash['tag_id'] )) { $whereSql .= "WHERE tg.`tag_id` = ?"; @@ -148,11 +154,7 @@ class LibertyTag extends LibertyBase { $bindVars[] = $pParamHash['tag']; } - $query = " - SELECT tg.* - FROM `".BIT_DB_PREFIX."tags` tg - $whereSql"; - + $query = " SELECT tg.* FROM `".BIT_DB_PREFIX."tags` tg $whereSql"; if ( $result = $this->mDb->getRow( $query, $bindVars ) ){ $pParamHash['tag_id'] = $result['tag_id']; $this->mTagId = $result['tag']; |