Created
October 15, 2014 16:03
-
-
Save skwashd/4099aba0488dff7ddb4f to your computer and use it in GitHub Desktop.
SA-CORE-2014-005
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| From 26a7752c34321fd9cb889308f507ca6bdb777f08 Mon Sep 17 00:00:00 2001 | |
| From: David Rothstein | |
| Date: Wed, 15 Oct 2014 14:31:54 +0000 | |
| Subject: SA-CORE-2014-005 by Stefan Horst, greggles, larowlan, David_Rothstein, klausi: Fixed SQL injection vulnerability | |
| --- | |
| diff --git a/includes/database/database.inc b/includes/database/database.inc | |
| index f78098b..01b6385 100644 | |
| --- a/includes/database/database.inc | |
| +++ b/includes/database/database.inc | |
| @@ -736,7 +736,7 @@ abstract class DatabaseConnection extends PDO { | |
| // to expand it out into a comma-delimited set of placeholders. | |
| foreach (array_filter($args, 'is_array') as $key => $data) { | |
| $new_keys = array(); | |
| - foreach ($data as $i => $value) { | |
| + foreach (array_values($data) as $i => $value) { | |
| // This assumes that there are no other placeholders that use the same | |
| // name. For example, if the array placeholder is defined as :example | |
| // and there is already an :example_2 placeholder, this will generate | |
| -- | |
| cgit v0.9.2 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment