fanbinit/rhymix
1
0
Fork 0
mirror of https://github.com/Lastorder-DC/rhymix.git synced 2026-04-27 22:33:10 +09:00
Code Issues Projects Releases Packages Wiki Activity

Issue 1627: SQL Injection vulnerability in insert / update queries

Browse source 
git-svn-id: http://xe-core.googlecode.com/svn/branches/1.5.0@10371 201d5d3c-b55e-5fd7-737f-ddc643e51545
This commit is contained in:
ucorina 2012-03-07 16:05:37 +00:00
parent 0748cccdad
commit 593fee7b9f
3 changed files with 57 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

13
classes/xml/xmlquery/argument/Argument.class.php
View file

@ -66,12 +66,14 @@
}
function escapeValue($value){
if($this->getType() == 'column_name'){
$column_type = $this->getType();
if($column_type == 'column_name'){
$dbParser = DB::getParser();
return $dbParser->parseExpression($value);
}
if(!isset($value)) return null;
if(in_array($this->getType(), array('date', 'varchar', 'char','text', 'bigtext'))){
}
if(!isset($value)) return null;
if(in_array($column_type, array('date', 'varchar', 'char','text', 'bigtext'))){
if(!is_array($value))
$value = $this->_escapeStringValue ($value);
else {
@ -81,6 +83,9 @@
//$value[$i] = '\''.$value[$i].'\'';
}
}
if($column_type == 'number')
$value = (int)$value;
return $value;
}