Skip to content
Permalink
Browse files Browse the repository at this point in the history
Merge pull request from GHSA-p379-cxqh-q822
Fix executeS method making sure it does selection only
  • Loading branch information
mflasquin committed Apr 25, 2023
2 parents 82cebe6 + 2372088 commit 0f2a9b7
Showing 1 changed file with 1 addition and 5 deletions.
6 changes: 1 addition & 5 deletions classes/db/Db.php
Expand Up @@ -603,11 +603,7 @@ public function executeS($sql, $array = true, $use_cache = true)

// This method must be used only with queries which display results
if (!preg_match('#^\s*\(?\s*(select|show|explain|describe|desc)\s#i', $sql)) {
if (defined('_PS_MODE_DEV_') && _PS_MODE_DEV_) {
throw new PrestaShopDatabaseException('Db->executeS() must be used only with select, show, explain or describe queries');
}

return $this->execute($sql, $use_cache);
throw new PrestaShopDatabaseException('Db->executeS() must be used only with select, show, explain or describe queries');
}

$this->result = $this->query($sql);
Expand Down

1 comment on commit 0f2a9b7

@Cedric331
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Does this fix the CVE-2023-30839 security flaw?

Please sign in to comment.