April 7, 2009 21:04 · February 3, 2009 00:05 · November 26, 2008 23:30
 function doSearch(query,page) {
  page = parseInt(page);
  if (!(page > 0)) {
    page = 1;
  }
  $("#results").text('');
  $.getJSON("http://tweepsearch.com/search.json?query=" + query + "&page="+page+"&count=5&callback=?",
    function(data){
      var content = "<table cellspacing='5'><td bgcolor='#e0e0e0' colspan='2' align='center'>Users matching <a target='_blank' href='http://tweepsearch.com/search?query=" + escape(query) + "'>" + $('<div/>').text(query).html() + "</a> from TweepSearch</td>";
      $.each(data, function(i,user) {
 curl -s http://twitter.com/statuses/user_timeline/dacort.xml?count=750 \
 | grep "<text>" | grep twitpic \
 | sed -n 's/.*\(twitpic.com\/[^ < ]\{4,5\}\).*/\1/gp' \
 | xargs curl -s | grep -E '(id="pic")|(Posted on)' \
 | sed 's/src="\//src="http:\/\/twitpic.com\//' \
 | sed 's/.*\(Posted on .*\)<.*/<br \/><br \/>\1<br \/>/g' \
 | awk ' { line[NR] = $0 } END { for (i=NR;i>0;i-- ) print line[i] }' \
 >> dacort.html
 --- activerecord/lib/active_record/base.rb
 +++ vuln/activerecord/lib/active_record/base.rb
 @@ -358,1 +359,2 @@ module ActiveRecord
 -        connection.add_limit!(sql, sanitize_sql(limit)) unless limit.nil?
 +        limit = sanitize_sql(limit) if limit.is_a? Array and limit.first.is_a? String
 +        connection.add_limit!(sql, limit) if limit
 
 
 --- activerecord/lib/active_record/connection_adapters/mysql_adapter.rb
 +++ vuln/activerecord/lib/active_record/connection_adapters/mysql_adapter.rb
	function doSearch(query,page) {
	page = parseInt(page);
	if (!(page > 0)) {
	page = 1;
	}
	$("#results").text('');
	$.getJSON("http://tweepsearch.com/search.json?query=" + query + "&page="+page+"&count=5&callback=?",
	function(data){
	var content = "<table cellspacing='5'><td bgcolor='#e0e0e0' colspan='2' align='center'>Users matching <a target='_blank' href='http://tweepsearch.com/search?query=" + escape(query) + "'>" + $('<div/>').text(query).html() + "</a> from TweepSearch</td>";
	$.each(data, function(i,user) {
	curl -s http://twitter.com/statuses/user_timeline/dacort.xml?count=750 \
	\| grep "<text>" \| grep twitpic \
	\| sed -n 's/.\(twitpic.com\/[^ < ]\{4,5\}\)./\1/gp' \
	\| xargs curl -s \| grep -E '(id="pic")\|(Posted on)' \
	\| sed 's/src="\//src="http:\/\/twitpic.com\//' \
	\| sed 's/.\(Posted on .\)<.*/<br \/><br \/>\1<br \/>/g' \
	\| awk ' { line[NR] = $0 } END { for (i=NR;i>0;i-- ) print line[i] }' \
	>> dacort.html
	--- activerecord/lib/active_record/base.rb
	+++ vuln/activerecord/lib/active_record/base.rb
	@@ -358,1 +359,2 @@ module ActiveRecord
	- connection.add_limit!(sql, sanitize_sql(limit)) unless limit.nil?
	+ limit = sanitize_sql(limit) if limit.is_a? Array and limit.first.is_a? String
	+ connection.add_limit!(sql, limit) if limit


	--- activerecord/lib/active_record/connection_adapters/mysql_adapter.rb
	+++ vuln/activerecord/lib/active_record/connection_adapters/mysql_adapter.rb