mirror of
https://github.com/silverstripe/silverstripe-framework
synced 2024-10-22 14:05:37 +02:00
BUG SQL Injection in CsvBulkLoader (fixes #6227)
Diff should speak for itself, looks like this will have to be implemented in all supported branches.
This commit is contained in:
parent
a8a10f8a1a
commit
143317cc86
@ -156,7 +156,7 @@ class CsvBulkLoader extends BulkLoader {
|
|||||||
return false;
|
return false;
|
||||||
//user_error("CsvBulkLoader:processRecord: Couldn't find duplicate identifier '{$fieldName}' in columns", E_USER_ERROR);
|
//user_error("CsvBulkLoader:processRecord: Couldn't find duplicate identifier '{$fieldName}' in columns", E_USER_ERROR);
|
||||||
}
|
}
|
||||||
$SQL_fieldValue = $record[$fieldName];
|
$SQL_fieldValue = Convert::raw2sql($record[$fieldName]);
|
||||||
$existingRecord = DataObject::get_one($this->objectClass, "\"$SQL_fieldName\" = '{$SQL_fieldValue}'");
|
$existingRecord = DataObject::get_one($this->objectClass, "\"$SQL_fieldName\" = '{$SQL_fieldValue}'");
|
||||||
if($existingRecord) return $existingRecord;
|
if($existingRecord) return $existingRecord;
|
||||||
} elseif(is_array($duplicateCheck) && isset($duplicateCheck['callback'])) {
|
} elseif(is_array($duplicateCheck) && isset($duplicateCheck['callback'])) {
|
||||||
|
Loading…
Reference in New Issue
Block a user