tonyair/silverstripe-multiform
1
0
Fork 0
mirror of https://github.com/silverstripe/silverstripe-multiform synced 2024-10-22 11:05:49 +02:00
Code Issues Projects Releases Wiki Activity

BUGFIX SQL injection possibility fix on MultiForm->getSessionRecordByID()

Browse Source
This commit is contained in:
Sean Harvey 2008-07-09 06:34:28 +00:00
parent f362ed07be
commit 80e71b5ccf
1 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
code/MultiForm.php
View File

@ -257,8 +257,9 @@ abstract class MultiForm extends Form {
* @param int|string $id The ID of the record to retrieve
* @return MultiFormSession
*/
function getSessionRecordByID($id) {
return DataObject::get_one('MultiFormSession', "MultiFormSession.ID = $id AND IsComplete = 0");
function getSessionRecordByID($id) {
$SQL_id = (int)$id;
return DataObject::get_one('MultiFormSession', "MultiFormSession.ID = {$SQL_id} AND IsComplete = 0");
}
/**