fmsystem-commits
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Fmsystem-commits] [13791] booking: avoid sql-injection


From: Sigurd Nes
Subject: [Fmsystem-commits] [13791] booking: avoid sql-injection
Date: Thu, 27 Aug 2015 12:27:30 +0000

Revision: 13791
          http://svn.sv.gnu.org/viewvc/?view=rev&root=fmsystem&revision=13791
Author:   sigurdne
Date:     2015-08-27 12:27:29 +0000 (Thu, 27 Aug 2015)
Log Message:
-----------
booking: avoid sql-injection

Modified Paths:
--------------
    trunk/booking/inc/class.socommon.inc.php

Modified: trunk/booking/inc/class.socommon.inc.php
===================================================================
--- trunk/booking/inc/class.socommon.inc.php    2015-08-27 00:12:15 UTC (rev 
13790)
+++ trunk/booking/inc/class.socommon.inc.php    2015-08-27 12:27:29 UTC (rev 
13791)
@@ -708,7 +708,10 @@
                                        }
                                }
                        }
-                       $this->db->query(join($update_queries, ";\n"), 
__LINE__, __FILE__);
+                       foreach($update_queries as $update_query)
+                       {
+                               $this->db->query($update_query, __LINE__, 
__FILE__);
+                       }
                        $receipt['id'] = $id;
                        $receipt['message'][] = array('msg'=>lang('Entity %1 
has been updated', $entry['id']));
                        return $receipt;




reply via email to

[Prev in Thread] Current Thread [Next in Thread]