jimeh/zynapse
1
0
Fork 0
mirror of https://github.com/jimeh/zynapse.git synced 2026-02-19 07:06:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

fixed a odd sql inject issue with ActiveRecord's

Browse Source 
sql_quote() method
This commit is contained in:
Jim Myhrberg
2010-02-26 22:44:59 +02:00
parent 6c0c91e2a9
commit a2916d3ce0
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
vendor/zynapse/active_record.php vendored
View File

@@ -871,7 +871,7 @@ class ActiveRecord {
if ( ($field == 'integer' || $field == 'decimal') && preg_match('/^[0-9\-\.]+$/', $input) ) {
return $input;
} else {
return "'".addslashes($input)."'";
return "'".addslashes(urldecode($input))."'";
}
}