Changeset: 47c5817a8209 https://sourceforge.net/p/mrbs/hg-code/ci/47c5817a820922a39c2e08cff00f542b0700880c Author: John Beranek <jbera...@users.sourceforge.net> Date: Sat Sep 17 18:39:45 2016 +0100 Log message:
Fixed SQL parameterisation in mrbsApproveEntry() diffstat: web/mrbs_sql.inc | 5 +++-- 1 files changed, 3 insertions(+), 2 deletions(-) diffs (25 lines): diff -r c504cb7190d4 -r 47c5817a8209 web/mrbs_sql.inc --- a/web/mrbs_sql.inc Sat Sep 17 18:31:25 2016 +0100 +++ b/web/mrbs_sql.inc Sat Sep 17 18:39:45 2016 +0100 @@ -1223,10 +1223,11 @@ // Then update the entry table. First of all we get a list of the // start times that will be approved, then we do the approval. $condition = "$id_column=? AND status&" . STATUS_AWAITING_APPROVAL . "!=0"; + $sql_params = array($id); $sql = "SELECT start_time FROM $tbl_entry WHERE $condition"; - $start_times = sql_query_array($sql,array($id)); + $start_times = sql_query_array($sql, $sql_params); if (($start_times !== FALSE) && (count($start_times) != 0)) { @@ -1235,7 +1236,7 @@ ical_sequence=ical_sequence+1 WHERE $condition"; // PostgreSQL does not support LIMIT with UPDATE - if (sql_command($sql, $params) < 0) + if (sql_command($sql, $sql_params) < 0) { trigger_error(sql_error(), E_USER_WARNING); fatal_error(FALSE, get_vocab("fatal_db_error")); ------------------------------------------------------------------------------ _______________________________________________ Mrbs-commits mailing list Mrbs-commits@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/mrbs-commits