Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Check that field name in file_get_field is a valid field name

  • Loading branch information...
commit ffa334b68ed91d3c1b1f2efd926e722714cb9180 1 parent b05a105
grangeway grangeway authored
Showing with 4 additions and 5 deletions.
  1. +4 −5 core/file_api.php
9 core/file_api.php
View
@@ -540,13 +540,12 @@ function file_delete_local( $p_filename ) {
* @return string
*/
function file_get_field( $p_file_id, $p_field_name, $p_table = 'bug' ) {
- $c_field_name = db_prepare_string( $p_field_name );
$t_bug_file_table = db_get_table( $p_table . '_file' );
+ if( !db_field_exists( $p_field_name, $t_bug_file_table ) ) {
+ trigger_error( ERROR_DB_FIELD_NOT_FOUND, ERROR );
+ }
- # get info
- $query = "SELECT $c_field_name
- FROM $t_bug_file_table
- WHERE id=" . db_param();
+ $query = "SELECT $p_field_name FROM $t_bug_file_table WHERE id=" . db_param();
$result = db_query_bound( $query, array( (int) $p_file_id ), 1 );
return db_result( $result );
Please sign in to comment.
Something went wrong with that request. Please try again.