Fixed issue #9720: SQL injection vulnerability in data entry

LimeSurvey · Jun 26, 2015 · 65d7174 · 65d7174
1 parent 239d843
commit 65d7174
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/application/controllers/admin/dataentry.php b/application/controllers/admin/dataentry.php
@@ -1716,7 +1716,7 @@ public function insert()
                         {
                             if (isset($usesleft) && $usesleft<=1)
                             {
-                                $utquery .= "SET usesleft=usesleft-1, completed='$submitdate'\n";
+                                $utquery .= "SET usesleft=usesleft-1, completed=".dbQuoteAll($submitdate);
                             }
                             else
                             {