tonyair/silverstripe-userforms
1
0
Fork 0
mirror of https://github.com/silverstripe/silverstripe-userforms.git synced 2024-10-22 17:05:42 +02:00
Code Issues Projects Releases Wiki Activity

Uncasted user input cause SQL issues

Browse Source
This commit is contained in:
Stephen Shkardoon 2013-03-24 23:30:44 +13:00
parent 6f1f3a2c40
commit 5c9a962b21
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
code/formfields/FieldEditor.php
View File

@ -180,7 +180,7 @@ class FieldEditor extends FormField {
$parentID = $this->form->getRecord()->ID; $parentID = $this->form->getRecord()->ID;
if($parentID) { if($parentID) {
$parentID = Convert::raw2sql($parentID); $parentID = (int)$parentID;
$sqlQuery = new SQLQuery(); $sqlQuery = new SQLQuery();
$sqlQuery = $sqlQuery $sqlQuery = $sqlQuery
@ -222,7 +222,7 @@ class FieldEditor extends FormField {
// work out the sort by getting the sort of the last field in the form +1 // work out the sort by getting the sort of the last field in the form +1
if($parent) { if($parent) {
$sql_parent = Convert::raw2sql($parent); $sql_parent = (int)$parent;
$sqlQuery = new SQLQuery(); $sqlQuery = new SQLQuery();
$sqlQuery = $sqlQuery $sqlQuery = $sqlQuery