Fixed issue #9720: SQL injection vulnerability in data entry

LimeSurvey · Jun 26, 2015 · 09ff3be · 09ff3be · Shnoulle · Jun 26, 2015
1 parent 11c233f
commit 09ff3be
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/application/controllers/admin/dataentry.php b/application/controllers/admin/dataentry.php
@@ -1716,7 +1716,7 @@ public function insert()
                         {
                             if (isset($usesleft) && $usesleft<=1)
                             {
-                                $utquery .= "SET usesleft=usesleft-1, completed='$submitdate'\n";
+                                $utquery .= "SET usesleft=usesleft-1, completed=".dbQuoteAll($submitdate);
                             }
                             else
                             {