mirror/php-dibi
1
0
Fork 0
mirror of https://github.com/dg/dibi.git synced 2025-08-12 17:14:16 +02:00
Code Issues Releases Wiki Activity

fixed sql injection vulnerability through conditions and comments [closes #30]

Browse Source
This commit is contained in:
Filip Procházka
2011-01-24 18:53:07 +08:00
committed by David Grudl
parent af6352d0af
commit af715a8044
1 changed files with 4 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
dibi/libs/DibiTranslator.php
View File

@@ -182,6 +182,10 @@ final class DibiTranslator extends DibiObject
*/ */
public function formatValue($value, $modifier) public function formatValue($value, $modifier)
{ {
if ($this->comment) {
return "...";
}
// array processing (with or without modifier) // array processing (with or without modifier)
if ($value instanceof Traversable) { if ($value instanceof Traversable) {
$value = iterator_to_array($value); $value = iterator_to_array($value);