sanitize special search term before normalizing

author Sarah Hoffmann <lonvia@denofr.de>

Thu, 5 Oct 2017 22:22:27 +0000 (00:22 +0200)

committer Sarah Hoffmann <lonvia@denofr.de>

Thu, 5 Oct 2017 22:22:27 +0000 (00:22 +0200)
author Sarah Hoffmann <lonvia@denofr.de>
Thu, 5 Oct 2017 22:22:27 +0000 (00:22 +0200)
committer Sarah Hoffmann <lonvia@denofr.de>
Thu, 5 Oct 2017 22:22:27 +0000 (00:22 +0200)
diff --git a/lib/Geocode.php b/lib/Geocode.php

index bd0f5b625d78b2695652a7ebbfa4c02c3819c2b6..d96aaac2ff9a55b898910e673067e5ec2a8a19a1 100644 (file)
--- a/lib/Geocode.php
+++ b/lib/Geocode.php
@@ -1061,7 +1061,7 @@ class Geocode
                      continue;
                  }
  
-                $sToken = chksql($this->oDB->getOne("SELECT make_standard_name('".$aSpecialTerm[1]."') AS string"));
+                $sToken = chksql($this->oDB->getOne("SELECT make_standard_name('".pg_escape_string($aSpecialTerm[1])."') AS string"));
                  $sSQL = 'SELECT * ';
                  $sSQL .= 'FROM ( ';
                  $sSQL .= '   SELECT word_id, word_token, word, class, type, country_code, operator';
author	Sarah Hoffmann <lonvia@denofr.de>
	Thu, 5 Oct 2017 22:22:27 +0000 (00:22 +0200)
committer	Sarah Hoffmann <lonvia@denofr.de>
	Thu, 5 Oct 2017 22:22:27 +0000 (00:22 +0200)