Skip to content
Permalink
Browse files Browse the repository at this point in the history
fix potential SQL injection
  • Loading branch information
himiklab committed Oct 6, 2014
1 parent 55460df commit a117e0f
Showing 1 changed file with 3 additions and 0 deletions.
3 changes: 3 additions & 0 deletions JqGridAction.php
Expand Up @@ -259,6 +259,9 @@ protected function addSearchOptionsRecursively($query, $searchData)
}

foreach ($searchData['rules'] as $rule) {
if (!$this->model->hasAttribute($rule['field'])) {
throw new BadRequestHttpException('Unknown attribute');
}
switch ($rule['op']) {
case 'eq':
$query->$groupCondition([$rule['field'] => $rule['data']]);
Expand Down

0 comments on commit a117e0f

Please sign in to comment.