Skip to content
Permalink
Browse files Browse the repository at this point in the history
fixed sql injection issue
git-svn-id: http://www.pimcore.org/svn/pimcore/private/core/trunk@6460 1f8fe7d8-47f0-464c-8d0a-336f4953ab05
  • Loading branch information
memleak committed Apr 20, 2015
1 parent 9cd4084 commit 1c6692e
Showing 1 changed file with 3 additions and 2 deletions.
5 changes: 3 additions & 2 deletions pimcore/modules/admin/controllers/AssetController.php
Expand Up @@ -1584,7 +1584,8 @@ public function gridProxyAction() {
//TODO probably not needed
}
} else {
// get list of objects
$db = \Pimcore\Resource::get();
// get list of objects
$folder = Asset::getById($this->getParam("folderId"));


Expand Down Expand Up @@ -1665,7 +1666,7 @@ public function gridProxyAction() {
$field = "CONCAT(path,filename)";
}

$conditionFilters[] = $field . $operator . " '" . $value . "' ";
$conditionFilters[] = $field . $operator . " " . $db->quote($value);
}
}

Expand Down

0 comments on commit 1c6692e

Please sign in to comment.