Merge pull request #119 from madflow/token-sql-injection-vulnerability

Fixed issue: CDbCommand "Syntax error or access violation" with token
LimeSurvey · Sep 5, 2013 · 91ec43b · 91ec43b
2 parents faa775d + 18dda0f
commit 91ec43b
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/application/controllers/survey/index.php b/application/controllers/survey/index.php
@@ -602,8 +602,8 @@ function sendreq(surveyid)
         if (!isset($_SESSION['survey_'.$surveyid]['srid']) && $thissurvey['anonymized'] == "N" && $thissurvey['active'] == "Y" && isset($token) && $token !='')
         {
             // load previous answers if any (dataentry with nosubmit)
-            $sQuery="SELECT id,submitdate,lastpage FROM {$thissurvey['tablename']} WHERE {$thissurvey['tablename']}.token='{$token}' order by id desc";
-            $aRow = Yii::app()->db->createCommand($sQuery)->queryRow();
+            $sQuery="SELECT id,submitdate,lastpage FROM {$thissurvey['tablename']} WHERE {$thissurvey['tablename']}.token=:token order by id desc";
+            $aRow = Yii::app()->db->createCommand($sQuery)->bindValues(array(':token' => $token))->queryRow();
             if ( $aRow )
             {
                 if(($aRow['submitdate']==''  && $thissurvey['tokenanswerspersistence'] == 'Y' )|| ($aRow['submitdate']!='' && $thissurvey['alloweditaftercompletion'] == 'Y'))