[interchange] Prevent possible SQL injection problem.
Mike Heins
interchange-cvs at icdevgroup.org
Thu Feb 3 22:19:27 UTC 2011
commit 90b150ad7eb15cb96e3aa5dd1390e38e82f96908
Author: mike <mike at bill.heins.net>
Date: Thu Feb 3 17:18:22 2011 -0500
Prevent possible SQL injection problem.
lib/Vend/Table/DBI.pm | 5 +++--
1 files changed, 3 insertions(+), 2 deletions(-)
---
diff --git a/lib/Vend/Table/DBI.pm b/lib/Vend/Table/DBI.pm
index 05a8433..f40261c 100644
--- a/lib/Vend/Table/DBI.pm
+++ b/lib/Vend/Table/DBI.pm
@@ -1740,8 +1740,9 @@ sub delete_record {
);
return undef;
}
- $key = $s->[$DBI]->quote($key)
- unless exists $s->[$CONFIG]{NUMERIC}{$s->[$KEY]};
+ unless( exists $s->[$CONFIG]{NUMERIC}{$s->[$KEY]} and $key =~ /^\d+$/) {
+ $key = $s->[$WDBI]->quote($key)
+ }
$s->[$DBI]->do("delete from $s->[$TABLE] where $s->[$KEY] = $key");
}
More information about the interchange-cvs
mailing list