Commit 26a7752c authored by David_Rothstein's avatar David_Rothstein
Browse files

SA-CORE-2014-005 by Stefan Horst, greggles, larowlan, David_Rothstein, klausi:...

SA-CORE-2014-005 by Stefan Horst, greggles, larowlan, David_Rothstein, klausi: Fixed SQL injection vulnerability
parent 90e884ad
......@@ -736,7 +736,7 @@ protected function expandArguments(&$query, &$args) {
// to expand it out into a comma-delimited set of placeholders.
foreach (array_filter($args, 'is_array') as $key => $data) {
$new_keys = array();
foreach ($data as $i => $value) {
foreach (array_values($data) as $i => $value) {
// This assumes that there are no other placeholders that use the same
// name. For example, if the array placeholder is defined as :example
// and there is already an :example_2 placeholder, this will generate
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment