From 59accd3b57a4932388de365b2b9c4c16a362798f Mon Sep 17 00:00:00 2001
From: Justin Mitchell <arthur@sucs.org>
Date: Fri, 30 Jan 2015 16:57:12 +0000
Subject: [PATCH] remove addslashes usage in path building

---
 htdocs/index.php | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/htdocs/index.php b/htdocs/index.php
index 8dfa21f..9d9ebe1 100644
--- a/htdocs/index.php
+++ b/htdocs/index.php
@@ -111,11 +111,14 @@ while (end($pathlist) === "") array_pop($pathlist);
 $smarty->assign_by_ref("pathlist", $pathlist);
 $path = '';
 $query = "select * from pagemap where path='/' ";
+$params = array();
 foreach($pathlist as $item) {
 	if ($item && $item != '/') {
-	$query .= "or path = '".addslashes($path)."/*' ";
-	$path .= "/$item";
-	$query .= "or path = '".addslashes($path)."' ";
+		$query .= "or path=? ";
+		$params[] = $path."/*";
+		$path .= "/$item";
+		$query .= "or path=? ";
+		$params[] = $path;
 	}
 }
 
@@ -123,7 +126,7 @@ foreach($pathlist as $item) {
 $smarty->assign_by_ref("path", $path);
 
 $query .= "order by depth desc";
-$pagemap = $DB->GetAll($query);
+$pagemap = $DB->GetAll($query, $params);
 //echo $query;
 if (!$pagemap) $smarty->assign("error", $DB->ErrorMsg());
 if (!$pagemap || count($pagemap)<1) {
-- 
GitLab