[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

SF.net SVN: ledger-smb: [1615] trunk/LedgerSMB.pm

Subject: SF.net SVN: ledger-smb: [1615] trunk/LedgerSMB.pm
From: ..hidden..
Date: Sat, 15 Sep 2007 20:09:46 -0700

Revision: 1615
          http://ledger-smb.svn.sourceforge.net/ledger-smb/?rev=1615&view=rev
Author:   einhverfr
Date:     2007-09-15 20:09:45 -0700 (Sat, 15 Sep 2007)

Log Message:
-----------
Correcting (trunk only) SQL injection issue in stored procedure interface.

Modified Paths:
--------------
    trunk/LedgerSMB.pm

Modified: trunk/LedgerSMB.pm
===================================================================
--- trunk/LedgerSMB.pm	2007-09-16 02:47:11 UTC (rev 1614)
+++ trunk/LedgerSMB.pm	2007-09-16 03:09:45 UTC (rev 1615)
@@ -546,6 +546,9 @@
     my $order_by = $args{order_by};
     my $argstr   = "";
     my @results;
+
+    $procname = $self->{dbh}->quote_identifier($procname);
+
     for ( 1 .. scalar @call_args ) {
         $argstr .= "?, ";
     }


This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.

Prev by Date: SF.net SVN: ledger-smb: [1614] trunk
Next by Date: SF.net SVN: ledger-smb: [1616] trunk/LedgerSMB/DBObject/Report.pm
Previous by thread: SF.net SVN: ledger-smb: [1614] trunk
Next by thread: SF.net SVN: ledger-smb: [1616] trunk/LedgerSMB/DBObject/Report.pm
Index(es):
- Date
- Thread