makary/phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-06-08 20:38:52 +00:00
Code Issues Projects Releases Packages Wiki Activity

[ticket/16870] Ensure to properly escape values when running db:migrate

Browse source 
PHPBB3-16870
This commit is contained in:
Marc Alexander 2021-09-08 20:24:44 +02:00
parent 8c25f3a9f7
commit bbcac37e30
No known key found for this signature in database
GPG key ID: 50E0D2423696F995
1 changed files with 2 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
phpBB/phpbb/config/db.php
View file

@ -170,8 +170,8 @@ class db extends config
if (!isset($this->config[$key])) if (!isset($this->config[$key]))
{ {
$sql = 'INSERT INTO ' . $this->table . ' ' . $this->db->sql_build_array('INSERT', array( $sql = 'INSERT INTO ' . $this->table . ' ' . $this->db->sql_build_array('INSERT', array(
'config_name' => $key, 'config_name' => $this->db->sql_escape($key),
'config_value' => $new_value, 'config_value' => $this->db->sql_escape($new_value),
'is_dynamic' => ($use_cache) ? 0 : 1)); 'is_dynamic' => ($use_cache) ? 0 : 1));
$this->db->sql_query($sql); $this->db->sql_query($sql);
} }