Congegni/sintonia
7
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

CC-5121: fix some SQL statements not being escaped/prepared

Browse source
This commit is contained in:
denise 2013-05-09 15:53:12 -04:00
parent 21df9013ee
commit 40eb51b892
7 changed files with 87 additions and 65 deletions
Download patch file Download diff file Expand all files Collapse all files

2
airtime_mvc/application/models/Locale.php
View file

@ -6,7 +6,7 @@ class Application_Model_Locale
{
$con = Propel::getConnection();
$sql = "SELECT * FROM cc_locale";
$res = $con->query($sql)->fetchAll();
$res = Application_Common_Database::prepareAndExecute($sql);
$out = array();
foreach ($res as $r) {
$out[$r["locale_code"]] = $r["locale_lang"];