Skip to content

Commit

Permalink
Correcting (trunk only) SQL injection issue in stored procedure inter…
Browse files Browse the repository at this point in the history 
…face.

git-svn-id: https://ledger-smb.svn.sourceforge.net/svnroot/ledger-smb/trunk@1615 4979c152-3d1c-0410-bac9-87ea11338e46
  • Loading branch information
einhverfr committed Sep 16, 2007
1 parent bc7aa50 commit 7dfd737
Showing 1 changed file with 3 additions and 0 deletions.
3 changes: 3 additions & 0 deletions LedgerSMB.pm
View file
Expand Up @@ -546,6 +546,9 @@ sub call_procedure {
my $order_by = $args{order_by};
my $argstr = "";
my @results;

$procname = $self->{dbh}->quote_identifier($procname);

for ( 1 .. scalar @call_args ) {
$argstr .= "?, ";
}
Expand Down

0 comments on commit 7dfd737

Please sign in to comment.