Development

Changeset 1490

You must first sign up to be able to contribute.

Changeset 1490

Show
Ignore:
Timestamp:
06/21/06 10:39:48 (2 years ago)
Author:
fabien
Message:

fixed SQL Injection Vulnerability when using sfPropelAdminGenerator (closes #496)

Files:

Legend:

Unmodified
Added
Removed
Modified
Copied
Moved

  • trunk/data/generator/sfPropelAdmin/default/template/actions/actions.class.php

    r1484 r1490  
    327327    if ($sort_column = $this->getUser()->getAttribute('sort', null, 'sf_admin/<?php echo $this->getSingularName() ?>/sort')) 
    328328    { 
     329      $sort_column = Propel::getDB($c->getDbName())->quoteIdentifier($sort_column); 
    329330      if ($this->getUser()->getAttribute('type', null, 'sf_admin/<?php echo $this->getSingularName() ?>/sort') == 'asc') 
    330331      {