tonyair/silverstripe-userforms
1
0
Fork 0
mirror of https://github.com/silverstripe/silverstripe-userforms.git synced 2024-06-25 05:59:24 +02:00
Code Issues Projects Releases Wiki Activity

Merge pull request #345 from frankmullenger/frankmullenger-sql-patch

Browse Source 
FIX: Casting to integer to prevent potential SQL injection.
This commit is contained in:
Damian Mooyman 2015-09-21 09:10:28 +12:00
commit 606b20bf72
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
code/model/UserDefinedForm.php
View File

@ -152,7 +152,7 @@ class UserDefinedForm extends Page {
);
// make sure a numeric not a empty string is checked against this int column for SQL server
$parentID = (!empty($self->ID)) ? $self->ID : 0;
$parentID = (!empty($self->ID)) ? (int)$self->ID : 0;
// get a list of all field names and values used for print and export CSV views of the GridField below.
$columnSQL = <<<SQL