# HG changeset patch
# User Dan
# Date 1190222802 14400
# Node ID 13561bde2e2ce55a83e965937b463c12e6f021e2
# Parent  3bce0c320e80db097320d68e186a683da4901482
SECURITY: Fix unescaped SQL in paths.php rebuild_page_index()

diff -r 3bce0c320e80 -r 13561bde2e2c includes/paths.php
--- a/includes/paths.php	Tue Sep 18 17:27:55 2007 -0400
+++ b/includes/paths.php	Wed Sep 19 13:26:42 2007 -0400
@@ -745,8 +745,13 @@
     {
       return false;
     }
+    foreach ( $cache as $key => $_unused )
+    {
+      $cache[$key] = $db->escape( $cache[$key] );
+    }
     $cache = "query LIKE '%" . implode ( "%' OR query LIKE '%", $cache ) . "%'";
-    $db->sql_query('DELETE FROM '.table_prefix.'search_cache WHERE '.$cache);
+    $sql = 'DELETE FROM '.table_prefix.'search_cache WHERE '.$cache;
+    $db->sql_query($sql);
     
     $query = $db->sql_query('SELECT word,page_names FROM '.table_prefix.'search_index WHERE '.$keys.';');