[Vtigercrm-commits] [vtiger-commits] r9780 - /vtigercrm/branches/5.0.3/modules/Settings/UpdateComboValues.php
vtigercrm-commits at vtiger.fosslabs.com
vtigercrm-commits at vtiger.fosslabs.com
Tue Nov 7 10:52:22 EST 2006
Author: richie
Date: Tue Nov 7 08:52:17 2006
New Revision: 9780
Log:
solution to escape sql injection. Fixes #2369
Modified:
vtigercrm/branches/5.0.3/modules/Settings/UpdateComboValues.php
Modified: vtigercrm/branches/5.0.3/modules/Settings/UpdateComboValues.php
==============================================================================
--- vtigercrm/branches/5.0.3/modules/Settings/UpdateComboValues.php (original)
+++ vtigercrm/branches/5.0.3/modules/Settings/UpdateComboValues.php Tue Nov 7 08:52:17 2006
@@ -38,7 +38,7 @@
if($tabname[1]!='')
$custom=true;
-for($i = 0; $i < $count; $i++)
+/*for($i = 0; $i < $count; $i++)
{
$pickArray[$i] = trim($pickArray[$i]);
if($pickArray[$i] != '')
@@ -50,6 +50,17 @@
$adb->query($query);
}
-}
+}*/
+/* ticket2369 fixed*/
+$columnName = $tableName;
+foreach ($pickArray as $index => $data) {
+ $data = trim($data);
+ if(!empty($data)){
+ $data = $adb->formatString("vtiger_$tableName",$columnName,$data);
+ $query = "insert into vtiger_$tableName values('',$data,$index,1)";
+ $adb->query($query);
+ }
+}
+
header("Location:index.php?action=SettingsAjax&module=Settings&directmode=ajax&file=PickList&fld_module=".$fld_module);
?>
More information about the vtigercrm-commits
mailing list