Skip to content

Commit

Permalink
fix: missing escaping in sql query
Browse files Browse the repository at this point in the history
  • Loading branch information
@eteubert
eteubert committed Feb 6, 2024
1 parent 79b3f7e commit b16b7a2
Showing 1 changed file with 2 additions and 3 deletions.
5 changes: 2 additions & 3 deletions model/base.php
View file
Expand Up @@ -210,9 +210,8 @@ public static function find_one_by_property( $property, $value ) {
$model = new $class();
$model->flag_as_not_new();

$row = $wpdb->get_row(
'SELECT * FROM ' . static::table_name() . ' WHERE ' . $property . ' = \'' . $value . '\' LIMIT 0,1'
);
$query = $wpdb->prepare('SELECT * FROM ' . static::table_name() . ' WHERE ' . $property . ' = \'%s\' LIMIT 0,1', $value);
$row = $wpdb->get_row($query);

if ( ! $row ) {
return null;
Expand Down

0 comments on commit b16b7a2

Please sign in to comment.