mirror of
https://github.com/silverstripe/silverstripe-framework
synced 2024-10-22 14:05:37 +02:00
Merge pull request #1308 from ss23/patch-10
BUG SQL Injection in CsvBulkLoader (fixes #6227)
This commit is contained in:
commit
5cad7fe9e3
@ -156,7 +156,7 @@ class CsvBulkLoader extends BulkLoader {
|
||||
return false;
|
||||
//user_error("CsvBulkLoader:processRecord: Couldn't find duplicate identifier '{$fieldName}' in columns", E_USER_ERROR);
|
||||
}
|
||||
$SQL_fieldValue = $record[$fieldName];
|
||||
$SQL_fieldValue = Convert::raw2sql($record[$fieldName]);
|
||||
$existingRecord = DataObject::get_one($this->objectClass, "\"$SQL_fieldName\" = '{$SQL_fieldValue}'");
|
||||
if($existingRecord) return $existingRecord;
|
||||
} elseif(is_array($duplicateCheck) && isset($duplicateCheck['callback'])) {
|
||||
@ -189,4 +189,4 @@ class CsvBulkLoader extends BulkLoader {
|
||||
}
|
||||
|
||||
}
|
||||
?>
|
||||
?>
|
||||
|
Loading…
Reference in New Issue
Block a user