mirror of
https://github.com/silverstripe/silverstripe-multiform
synced 2024-10-22 11:05:49 +02:00
BUGFIX SQL injection possibility fix on MultiForm->getSessionRecordByID()
This commit is contained in:
parent
f362ed07be
commit
80e71b5ccf
@ -257,8 +257,9 @@ abstract class MultiForm extends Form {
|
|||||||
* @param int|string $id The ID of the record to retrieve
|
* @param int|string $id The ID of the record to retrieve
|
||||||
* @return MultiFormSession
|
* @return MultiFormSession
|
||||||
*/
|
*/
|
||||||
function getSessionRecordByID($id) {
|
function getSessionRecordByID($id) {
|
||||||
return DataObject::get_one('MultiFormSession', "MultiFormSession.ID = $id AND IsComplete = 0");
|
$SQL_id = (int)$id;
|
||||||
|
return DataObject::get_one('MultiFormSession', "MultiFormSession.ID = {$SQL_id} AND IsComplete = 0");
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
Loading…
Reference in New Issue
Block a user