Skip to content
Permalink
Browse files Browse the repository at this point in the history
refactoring for security (www.ackcent.com)
  • Loading branch information
fmancardi committed Feb 5, 2020
1 parent 57d81ae commit d99bd82
Showing 1 changed file with 18 additions and 10 deletions.
28 changes: 18 additions & 10 deletions lib/functions/tree.class.php
Expand Up @@ -537,18 +537,26 @@ function: change_parent
*/
function change_parent($node_id, $parent_id)
{
$debugMsg='Class:' .__CLASS__ . ' - Method:' . __FUNCTION__ . ' :: ';
if( is_array($node_id) )
{
$id_list = implode(",",$node_id);
$debugMsg = 'Class:' .__CLASS__ . ' - Method:'
. __FUNCTION__ . ' :: ';

if (is_array($node_id)) {
$safeSet = array_map('intval',$node_id);
$id_list = implode(",",$safeSet);
$where_clause = " WHERE id IN ($id_list) ";
} else {
$safe = intval($node_id);
if ($safe <= 0) {
throw new Exception("BAD node_id", 1);
}
$where_clause=" WHERE id = $safe";
}
else
{
$where_clause=" WHERE id = {$node_id}";
}
$sql = "/* $debugMsg */ UPDATE {$this->object_table} " .
" SET parent_id = " . $this->db->prepare_int($parent_id) . " {$where_clause}";

$safeP = $this->db->prepare_int($parent_id);
$sql = "/* $debugMsg */
UPDATE {$this->object_table}
SET parent_id = $safeP
$where_clause ";

$result = $this->db->exec_query($sql);

Expand Down

0 comments on commit d99bd82

Please sign in to comment.