Condition Injection - Why addEncodedQuery Can't Safely Filter User Input
How user input concatenated into addEncodedQuery() can silently bypass your filters — one ^NQ rewrites the whole query — proven with a live 72-versus-0 row count.
How user input concatenated into addEncodedQuery() can silently bypass your filters — one ^NQ rewrites the whole query — proven with a live 72-versus-0 row count.