mirror of
https://github.com/silverstripe/silverstripe-framework
synced 2024-10-22 14:05:37 +02:00
[SS-2018-020] Ensure that table names are escaped to prevent possible SQL injection
This commit is contained in:
parent
466e7cf142
commit
74698af402
@ -8,6 +8,7 @@ use LogicException;
|
||||
use SilverStripe\Core\ClassInfo;
|
||||
use SilverStripe\Core\Config\Config;
|
||||
use SilverStripe\Core\Config\Configurable;
|
||||
use SilverStripe\Core\Convert;
|
||||
use SilverStripe\Core\Injector\Injectable;
|
||||
use SilverStripe\Core\Injector\Injector;
|
||||
use SilverStripe\Dev\TestOnly;
|
||||
@ -127,7 +128,7 @@ class DataObjectSchema
|
||||
$tables = $this->getTableNames();
|
||||
$class = ClassInfo::class_name($class);
|
||||
if (isset($tables[$class])) {
|
||||
return $tables[$class];
|
||||
return Convert::raw2sql($tables[$class]);
|
||||
}
|
||||
return null;
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user