Skip to content
Permalink
Browse files Browse the repository at this point in the history
Merge pull request from GHSA-p379-cxqh-q822
Fix executeS method making sure it does selection only
  • Loading branch information
mflasquin committed Apr 25, 2023
2 parents 023d9f1 + bf50dc8 commit d1d27dc
Showing 1 changed file with 1 addition and 5 deletions.
6 changes: 1 addition & 5 deletions classes/db/Db.php
Expand Up @@ -604,11 +604,7 @@ public function executeS($sql, $array = true, $use_cache = true)

// This method must be used only with queries which display results
if (!preg_match('#^\s*\(?\s*(select|show|explain|describe|desc|checksum)\s#i', $sql)) {
if (defined('_PS_MODE_DEV_') && _PS_MODE_DEV_) {
throw new PrestaShopDatabaseException('Db->executeS() must be used only with select, show, explain or describe queries');
}

return $this->execute($sql, $use_cache);
throw new PrestaShopDatabaseException('Db->executeS() must be used only with select, show, explain or describe queries');
}

$this->result = $this->query($sql);
Expand Down

0 comments on commit d1d27dc

Please sign in to comment.