Skip to content

Commit

Permalink
[security] string escaping in LTree converter (Q.Schuler)
Browse files Browse the repository at this point in the history
  • Loading branch information
@chanmix51
chanmix51 committed Jan 8, 2014
1 parent 5d0f223 commit 1fc3fef
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion Pomm/Converter/PgLTree.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,6 @@ public function fromPg($data, $type = null)
*/
public function toPg($data, $type = null)
{
return sprintf("'%s'::ltree", join('.', $data));
return sprintf("'%s'::ltree", \pg_escape_string(join('.', $data)));
}
}

0 comments on commit 1fc3fef

Please sign in to comment.