mirror of
https://github.com/silverstripe/silverstripe-userforms.git
synced 2024-10-22 17:05:42 +02:00
Merge pull request #105 from ss23/patch-1
Uncasted user input cause SQL issues
This commit is contained in:
commit
8fb39f846e
@ -180,7 +180,7 @@ class FieldEditor extends FormField {
|
|||||||
$parentID = $this->form->getRecord()->ID;
|
$parentID = $this->form->getRecord()->ID;
|
||||||
|
|
||||||
if($parentID) {
|
if($parentID) {
|
||||||
$parentID = Convert::raw2sql($parentID);
|
$parentID = (int)$parentID;
|
||||||
|
|
||||||
$sqlQuery = new SQLQuery();
|
$sqlQuery = new SQLQuery();
|
||||||
$sqlQuery = $sqlQuery
|
$sqlQuery = $sqlQuery
|
||||||
@ -222,7 +222,7 @@ class FieldEditor extends FormField {
|
|||||||
|
|
||||||
// work out the sort by getting the sort of the last field in the form +1
|
// work out the sort by getting the sort of the last field in the form +1
|
||||||
if($parent) {
|
if($parent) {
|
||||||
$sql_parent = Convert::raw2sql($parent);
|
$sql_parent = (int)$parent;
|
||||||
|
|
||||||
$sqlQuery = new SQLQuery();
|
$sqlQuery = new SQLQuery();
|
||||||
$sqlQuery = $sqlQuery
|
$sqlQuery = $sqlQuery
|
||||||
|
Loading…
Reference in New Issue
Block a user