mirror of
https://github.com/silverstripe/silverstripe-multiform
synced 2024-10-22 11:05:49 +02:00
BUGFIX SQL injection possibility fix on MultiForm->getSessionRecordByID()
This commit is contained in:
parent
f362ed07be
commit
80e71b5ccf
@ -258,7 +258,8 @@ abstract class MultiForm extends Form {
|
||||
* @return MultiFormSession
|
||||
*/
|
||||
function getSessionRecordByID($id) {
|
||||
return DataObject::get_one('MultiFormSession', "MultiFormSession.ID = $id AND IsComplete = 0");
|
||||
$SQL_id = (int)$id;
|
||||
return DataObject::get_one('MultiFormSession', "MultiFormSession.ID = {$SQL_id} AND IsComplete = 0");
|
||||
}
|
||||
|
||||
/**
|
||||
|
Loading…
Reference in New Issue
Block a user