Skip to content
Permalink
Browse files Browse the repository at this point in the history
Fixed possible SQL Injection Vulnerability (Thanks to Fabio Carretto!)
  • Loading branch information
gizmocuz committed Mar 29, 2019
1 parent 9c9319a commit ee70db4
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion main/WebServer.cpp
Expand Up @@ -10772,7 +10772,7 @@ namespace http {
return;
}
std::vector<std::vector<std::string> > result;
result = m_sql.safe_queryBlob("SELECT Image FROM Floorplans WHERE ID=%s", idx.c_str());
result = m_sql.safe_queryBlob("SELECT Image FROM Floorplans WHERE ID=%d", atol(idx.c_str()));
if (result.empty())
return;
reply::set_content(&rep, result[0][0].begin(), result[0][0].end());
Expand Down

0 comments on commit ee70db4

Please sign in to comment.