Skip to content

Commit ee70db4

Browse files
committed
Fixed possible SQL Injection Vulnerability (Thanks to Fabio Carretto!)
1 parent 9c9319a commit ee70db4

File tree

1 file changed

+1
-1
lines changed

1 file changed

+1
-1
lines changed

Diff for: main/WebServer.cpp

+1-1
Original file line numberDiff line numberDiff line change
@@ -10772,7 +10772,7 @@ namespace http {
1077210772
return;
1077310773
}
1077410774
std::vector<std::vector<std::string> > result;
10775-
result = m_sql.safe_queryBlob("SELECT Image FROM Floorplans WHERE ID=%s", idx.c_str());
10775+
result = m_sql.safe_queryBlob("SELECT Image FROM Floorplans WHERE ID=%d", atol(idx.c_str()));
1077610776
if (result.empty())
1077710777
return;
1077810778
reply::set_content(&rep, result[0][0].begin(), result[0][0].end());

0 commit comments

Comments
 (0)