[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
SF.net SVN: ledger-smb:[2354] branches/1.2/LedgerSMB/AM.pm
- Subject: SF.net SVN: ledger-smb:[2354] branches/1.2/LedgerSMB/AM.pm
- From: ..hidden..
- Date: Tue, 07 Oct 2008 16:32:48 +0000
Revision: 2354
http://ledger-smb.svn.sourceforge.net/ledger-smb/?rev=2354&view=rev
Author: einhverfr
Date: 2008-10-07 16:32:47 +0000 (Tue, 07 Oct 2008)
Log Message:
-----------
Correcting Sadashiva's patch for SQL-injection and maintainability concerns.
Modified Paths:
--------------
branches/1.2/LedgerSMB/AM.pm
Modified: branches/1.2/LedgerSMB/AM.pm
===================================================================
--- branches/1.2/LedgerSMB/AM.pm 2008-10-07 16:19:44 UTC (rev 2353)
+++ branches/1.2/LedgerSMB/AM.pm 2008-10-07 16:32:47 UTC (rev 2354)
@@ -1420,23 +1420,15 @@
$sth_defcheck->execute() || $form->dberror("execute defaults $_");
while(my $found1=$sth_defcheck->fetchrow()){$found=$found1;}
- if($val ne '')
- {
- if($found)
+ if($found)
{
- $dbh->do("update defaults set value='$val' where setting_key='$_';");
+ $dbh->do("update defaults set value=" . $dbh->quote($val) . " where setting_key='$_';");
}
else
{
- $dbh->do("insert into defaults(value,setting_key) values('$val','$_');");
+ $dbh->do("insert into defaults(value,setting_key) values(" . $dbh->quote($val) . ",'$_');");
}
- }
- else
- {
- if($found){$dbh->do("delete from defaults where setting_key='$_';")};
- }
-
}
}
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.