Changeset 4786


Ignore:
Timestamp:
07/19/11 08:35:15 (10 years ago)
Author:
roberto.santosjunior
Message:

Ticket #1820 - Incluído 'escape' para evitar sql injection, em class.categories.inc.php. r4632

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/phpgwapi/inc/class.categories.inc.php

    r4737 r4786  
    253253                        } 
    254254 
    255  
     255                        $this->app_name = pg_escape_string($this->app_name); 
    256256                        $sql = "SELECT".$table_column."FROM phpgw_categories WHERE (cat_appname='" . $this->app_name. "' ". 
    257257                                        ($grant_cats ? " AND".$grant_cats : "") .($global_cats ? " OR".$global_cats: ""). 
Note: See TracChangeset for help on using the changeset viewer.