Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

BUG SQL Injection in CsvBulkLoader (fixes #6227)

Diff should speak for itself, looks like this will have to be implemented in all supported branches. 
  • Loading branch information...
commit 143317cc864636f46ff95d4a210a0b464efb7b27 1 parent a8a10f8
@ss23 ss23 authored
Showing with 2 additions and 2 deletions.
  1. +2 −2 dev/CsvBulkLoader.php
View
4 dev/CsvBulkLoader.php
@@ -156,7 +156,7 @@ public function findExistingObject($record) {
return false;
//user_error("CsvBulkLoader:processRecord: Couldn't find duplicate identifier '{$fieldName}' in columns", E_USER_ERROR);
}
- $SQL_fieldValue = $record[$fieldName];
+ $SQL_fieldValue = Convert::raw2sql($record[$fieldName]);
$existingRecord = DataObject::get_one($this->objectClass, "\"$SQL_fieldName\" = '{$SQL_fieldValue}'");
if($existingRecord) return $existingRecord;
} elseif(is_array($duplicateCheck) && isset($duplicateCheck['callback'])) {
@@ -189,4 +189,4 @@ public function hasHeaderRow() {
}
}
-?>
+?>
Please sign in to comment.
Something went wrong with that request. Please try again.