From: Sarah Hoffmann <lonvia@denofr.de>
Date: Thu, 5 Oct 2017 22:22:27 +0000 (+0200)
Subject: sanitize special search term before normalizing
X-Git-Tag: v3.1.0~55
X-Git-Url: https://git.openstreetmap.org/nominatim.git/commitdiff_plain/f8d55b5448b6be721a6ea05567930fe244ead7d1

sanitize special search term before normalizing
---

diff --git a/lib/Geocode.php b/lib/Geocode.php
index bd0f5b62..d96aaac2 100644
--- a/lib/Geocode.php
+++ b/lib/Geocode.php
@@ -1061,7 +1061,7 @@ class Geocode
                     continue;
                 }
 
-                $sToken = chksql($this->oDB->getOne("SELECT make_standard_name('".$aSpecialTerm[1]."') AS string"));
+                $sToken = chksql($this->oDB->getOne("SELECT make_standard_name('".pg_escape_string($aSpecialTerm[1])."') AS string"));
                 $sSQL = 'SELECT * ';
                 $sSQL .= 'FROM ( ';
                 $sSQL .= '   SELECT word_id, word_token, word, class, type, country_code, operator';