BUGFIX SQL injection possibility fix on MultiForm->getSessionRecordByID()

This commit is contained in:
Sean Harvey 2008-07-09 06:34:28 +00:00
parent f362ed07be
commit 80e71b5ccf

View File

@ -258,7 +258,8 @@ abstract class MultiForm extends Form {
* @return MultiFormSession
*/
function getSessionRecordByID($id) {
return DataObject::get_one('MultiFormSession', "MultiFormSession.ID = $id AND IsComplete = 0");
$SQL_id = (int)$id;
return DataObject::get_one('MultiFormSession', "MultiFormSession.ID = {$SQL_id} AND IsComplete = 0");
}
/**