BUGFIX SQL injection possibility fix on MultiForm->getSessionRecordByID()

This commit is contained in:
Sean Harvey 2008-07-09 06:34:28 +00:00
parent f362ed07be
commit 80e71b5ccf

View File

@ -257,8 +257,9 @@ abstract class MultiForm extends Form {
* @param int|string $id The ID of the record to retrieve * @param int|string $id The ID of the record to retrieve
* @return MultiFormSession * @return MultiFormSession
*/ */
function getSessionRecordByID($id) { function getSessionRecordByID($id) {
return DataObject::get_one('MultiFormSession', "MultiFormSession.ID = $id AND IsComplete = 0"); $SQL_id = (int)$id;
return DataObject::get_one('MultiFormSession', "MultiFormSession.ID = {$SQL_id} AND IsComplete = 0");
} }
/** /**