Properly escape filter in topiclist, so russian letters filtering would work

2014-01-05 13:50:03 +00:00
parent 4cff01c3a9
commit 266a72132c
1 changed files with 1 additions and 1 deletions
--- a/Sources/MessageIndex.php
+++ b/Sources/MessageIndex.php
@@ -35,7 +35,7 @@ function MessageIndex()
 	global $context, $options, $settings, $board_info, $user_info;

        if ( isset($_GET['filter']) AND ! empty($_GET['filter'])) {
-                $result = db_query("SELECT COUNT(ID_TOPIC) AS num_topics, GROUP_CONCAT(ID_TOPIC) AS topics FROM {$db_prefix}topic_index WHERE letter='".mysql_escape_string($_GET['filter'])."' AND ID_BOARD='$board'", __FILE__, __LINE__);
+                $result = db_query("SELECT COUNT(ID_TOPIC) AS num_topics, GROUP_CONCAT(ID_TOPIC) AS topics FROM {$db_prefix}topic_index WHERE letter='".mysql_real_escape_string($_GET['filter'])."' AND ID_BOARD='$board'", __FILE__, __LINE__);
                list ($board_info['num_topics'], $_filter) = mysql_fetch_row($result);
 		if ($board_info['num_topics'] > 0 )
 	                $_filter = "AND t.ID_TOPIC IN ($_filter)";