Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Use query parameters in install helper function
install_correct_multiselect_custom_fields_db_format() injected actual field values in the update SQL queries, which is a potential source for SQL injection, and causes the upgrade from MantisBT < 1.2.0 to fail when custom_field_table contains an apostrophe. Fixes #26636
- Loading branch information