james/fembooru
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Properly escape tags while building query

Browse Source 
Could it really be that easy?
This commit is contained in:
Justin Brewer 2013-09-25 23:39:40 -05:00
parent 55bfa4cfd7
commit 7be1f9e637
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
ext/tag_editcloud/main.php
View File

@ -83,7 +83,7 @@ class TagEditCloud extends Extension {
array("tag_min1" => $tags_min, "tag_min2" => $tags_min, "limit" => $max_count));
break;
case 'r':
$relevant_tags = "'".implode("','",array_diff($image->get_tag_array(),$ignore_tags))."'";
$relevant_tags = implode(",",array_map(array($database,"escape"),array_diff($image->get_tag_array(),$ignore_tags)));
$tag_data = $database->get_all("SELECT t2.tag AS tag, COUNT(image_id) AS count, FLOOR(LN(LN(COUNT(image_id) - :tag_min1 + 1)+1)*150)/200 AS scaled
FROM image_tags it1 JOIN image_tags it2 USING(image_id) JOIN tags t1 ON it1.tag_id = t1.id JOIN tags t2 ON it2.tag_id = t2.id
WHERE t1.count >= :tag_min2 AND t1.tag IN($relevant_tags) GROUP BY t2.tag ORDER BY count DESC LIMIT :limit",