- Improving security by added -limit_to xxx to all im_opt_val calls

c595d9b1 · Frank Bergmann · 6c064344 · c595d9b1
Commit c595d9b1 authored Jun 11, 2020 by Frank Bergmann
Hide whitespace changes
Inline Side-by-side

Showing with 1 addition and 1 deletion

intranet-dynfield-procs.tcl tcl/intranet-dynfield-procs.tcl +1 -1

No files found.
--- a/tcl/intranet-dynfield-procs.tcl
+++ b/tcl/intranet-dynfield-procs.tcl
@@ -356,7 +356,7 @@ ad_proc -public im_dynfield::search_sql_criteria_from_form {
 		text - textarea - richtext {
 		    # Create a "like" search
 		    # lappend criteria "$attribute_table_name.$attribute_name like '%:$attribute_name%'"
-		    # lappend criteria "lower($attribute_table_name.$attribute_name) like '%\[string tolower \[string map {' {} \] {} \[ {} \$ {}} \[im_opt_val $attribute_name\]\]\]%'"
+		    # lappend criteria "lower($attribute_table_name.$attribute_name) like '%\[string tolower \[string map {' {} \] {} \[ {} \$ {}} \[im_opt_val -limit_to nohtml $attribute_name\]\]\]%'"

 		    lappend criteria "lower($attribute_table_name.$attribute_name) like '%'||:${attribute_name}||'%'"