diff options
| author | Remi Collet <fedora@famillecollet.com> | 2015-12-03 17:33:05 +0100 |
|---|---|---|
| committer | Remi Collet <fedora@famillecollet.com> | 2015-12-03 17:33:05 +0100 |
| commit | db2d2d1f41ba372b825fd51ed65ed8c6f6fa4305 (patch) | |
| tree | 13321c9395369e3baa5657c26376fcb5de580521 /zoom.php | |
| parent | 46bc8623ddd543d750922df97c7c6428d5ce15a9 (diff) | |
add missing escape, thanks P.Allaert
Diffstat (limited to 'zoom.php')
| -rw-r--r-- | zoom.php | 9 |
1 files changed, 6 insertions, 3 deletions
@@ -100,7 +100,7 @@ if ( !isset($name) || !$name ) { FROM rpm LEFT JOIN packagist ON (packagist.rpmname=rpm.name) INNER JOIN repo ON (repo.main=rpm.repo_main AND repo.sub=rpm.repo_sub) - WHERE rpm.name='$name' + WHERE rpm.name=" . $uptable->escape($name) . " ORDER BY repo.id DESC, CAST(SUBSTRING_INDEX(rpm.ver,'.',1) AS SIGNED) DESC, CAST(SUBSTRING_INDEX(SUBSTRING_INDEX(rpm.ver,'.',2),'.',-1) AS SIGNED) DESC, @@ -112,9 +112,9 @@ if ( !isset($name) || !$name ) { $resrpm = $db->query($sql); $rpm = ($resrpm ? $resrpm->fetchObject() : false); - $up = $uptable->find(array('name'=>$name)); + $up = $uptable->find(array('name' => $name)); - $sql = "SELECT * FROM acls WHERE name = '$name'"; + $sql = "SELECT * FROM acls WHERE name = " . $uptable->escape($name); $resown=$db->query($sql); $owner = ($resown ? $resown->fetchObject() : false); @@ -125,6 +125,9 @@ if ( !isset($name) || !$name ) { $smarty->assign('page_title', 'Package: ' . $name); } + $summary = array(); + $packages = array(); + $fedpkg = false; if (!$rpm) { echo "<h1>$name not found</h1>\n"; } else { |