Skip to content

Commit

Permalink
Fixed: Possible SQL injection
Browse files Browse the repository at this point in the history
  • Loading branch information
@nuxwin
nuxwin committed Jun 20, 2018
1 parent 0b01a3c commit eeb6eb5
Showing 1 changed file with 7 additions and 3 deletions.
10 changes: 7 additions & 3 deletions frontend/library/classes/Functions/Counting.php
View file
Expand Up @@ -193,11 +193,15 @@ public static function getSqlUsersCount(): int
*/
public static function getObjectsCount(string $table, string $objectIDfield, string $where = NULL, ?$params = []): int
{
$qb = Application::getInstance()->getEntityManager()->getConnection()->createQueryBuilder()->select("COUNT($objectIDfield)")->from($table);
$qb = Application::getInstance()
->getEntityManager()
->getConnection()
->createQueryBuilder()
->select("COUNT($objectIDfield)")
->from($table);

if ($where !== NULL) {
$qb->where($where);

if (!empty($params)) {
$qb->setParameters($params);
}
Expand Down Expand Up @@ -235,7 +239,7 @@ public static function getObjectsCounts(): array
*/
public static function getResellerClientsCount(int $resellerId): int
{
return static::getObjectsCount('imscp_user', 'userID', "createdBy = $resellerId");
return static::getObjectsCount('imscp_user', 'userID', 'createdBy = ?' [$resellerId]);
}

/**
Expand Down

0 comments on commit eeb6eb5

Please sign in to comment.