oqapi/webgui
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

took additional measures to prevent sql injection

Browse source
This commit is contained in:
JT Smith 2004-05-02 16:15:33 +00:00
parent 045997bc93
commit a293678acd
10 changed files with 29 additions and 32 deletions
Download patch file Download diff file Expand all files Collapse all files

4
lib/WebGUI/Wobject/DataForm.pm
View file

@ -452,7 +452,7 @@ sub uiLevel {
sub www_deleteEntry {
return WebGUI::Privilege::insufficient() unless (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
my $entryId = $session{form}{entryId};
WebGUI::SQL->write("delete from DataForm_entry where DataForm_entryId=".$entryId);
WebGUI::SQL->write("delete from DataForm_entry where DataForm_entryId=".quote($entryId));
$session{form}{entryId} = 'list';
return $_[0]->www_view();
}
@ -880,7 +880,7 @@ sub www_process {
$var->{error_loop} = \@errors;
$var = $_[0]->getRecordTemplateVars($var);
if ($hadErrors && !$updating) {
WebGUI::SQL->write("delete from DataForm_entryData where DataForm_entryId=".$entryId);
WebGUI::SQL->write("delete from DataForm_entryData where DataForm_entryId=".quote($entryId));
$_[0]->deleteCollateral("DataForm_entry","DataForm_entryId",$entryId);
$_[0]->www_view($var);
} else {