tonyair
/
silverstripe-userforms
mirror of https://github.com/silverstripe/silverstripe-userforms.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Update UserDefinedForm.php 

Casting to integer to prevent potential SQL injection.
This commit is contained in:
Frank Mullenger 2015-09-21 08:37:12 +12:00
parent cc7a674a7a
commit 2cea1ced31
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
code/model/UserDefinedForm.php
View File

@ -152,7 +152,7 @@ class UserDefinedForm extends Page {
);
// make sure a numeric not a empty string is checked against this int column for SQL server
$parentID = (!empty($self->ID)) ? $self->ID : 0;
$parentID = (!empty($self->ID)) ? (int)$self->ID : 0;
// get a list of all field names and values used for print and export CSV views of the GridField below.
$columnSQL = <<<SQL