Changeset:
47c5817a8209
https://sourceforge.net/p/mrbs/hg-code/ci/47c5817a820922a39c2e08cff00f542b0700880c
Author:
John Beranek <[email protected]>
Date:
Sat Sep 17 18:39:45 2016 +0100
Log message:
Fixed SQL parameterisation in mrbsApproveEntry()
diffstat:
web/mrbs_sql.inc | 5 +++--
1 files changed, 3 insertions(+), 2 deletions(-)
diffs (25 lines):
diff -r c504cb7190d4 -r 47c5817a8209 web/mrbs_sql.inc
--- a/web/mrbs_sql.inc Sat Sep 17 18:31:25 2016 +0100
+++ b/web/mrbs_sql.inc Sat Sep 17 18:39:45 2016 +0100
@@ -1223,10 +1223,11 @@
// Then update the entry table. First of all we get a list of the
// start times that will be approved, then we do the approval.
$condition = "$id_column=? AND status&" . STATUS_AWAITING_APPROVAL . "!=0";
+ $sql_params = array($id);
$sql = "SELECT start_time
FROM $tbl_entry
WHERE $condition";
- $start_times = sql_query_array($sql,array($id));
+ $start_times = sql_query_array($sql, $sql_params);
if (($start_times !== FALSE) && (count($start_times) != 0))
{
@@ -1235,7 +1236,7 @@
ical_sequence=ical_sequence+1
WHERE $condition"; // PostgreSQL does not support LIMIT with
UPDATE
- if (sql_command($sql, $params) < 0)
+ if (sql_command($sql, $sql_params) < 0)
{
trigger_error(sql_error(), E_USER_WARNING);
fatal_error(FALSE, get_vocab("fatal_db_error"));
------------------------------------------------------------------------------
_______________________________________________
Mrbs-commits mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/mrbs-commits
