Changeset 4732


Ignore:
Timestamp:
07/14/11 13:52:40 (13 years ago)
Author:
airton
Message:

Ticket #2123 - SQL Injection no arquivo class.categories.inc.php

File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/phpgwapi/inc/class.categories.inc.php

    r577 r4732  
    253253                        } 
    254254 
    255  
     255                        $this->app_name = pg_escape_string($this->app_name); 
    256256                        $sql = "SELECT".$table_column."FROM phpgw_categories WHERE (cat_appname='" . $this->app_name. "' ". 
    257257                                        ($grant_cats ? " AND".$grant_cats : "") .($global_cats ? " OR".$global_cats: ""). 
Note: See TracChangeset for help on using the changeset viewer.