[interchange] Prevent possible SQL injection problem.

Mike Heins interchange-cvs at icdevgroup.org
Thu Feb 3 22:19:27 UTC 2011


commit 90b150ad7eb15cb96e3aa5dd1390e38e82f96908
Author: mike <mike at bill.heins.net>
Date:   Thu Feb 3 17:18:22 2011 -0500

    Prevent possible SQL injection problem.

 lib/Vend/Table/DBI.pm |    5 +++--
 1 files changed, 3 insertions(+), 2 deletions(-)
---
diff --git a/lib/Vend/Table/DBI.pm b/lib/Vend/Table/DBI.pm
index 05a8433..f40261c 100644
--- a/lib/Vend/Table/DBI.pm
+++ b/lib/Vend/Table/DBI.pm
@@ -1740,8 +1740,9 @@ sub delete_record {
 						);
 		return undef;
 	}
-	$key = $s->[$DBI]->quote($key)
-		unless exists $s->[$CONFIG]{NUMERIC}{$s->[$KEY]};
+    unless( exists $s->[$CONFIG]{NUMERIC}{$s->[$KEY]} and $key =~ /^\d+$/) {
+		$key = $s->[$WDBI]->quote($key)
+	}
     $s->[$DBI]->do("delete from $s->[$TABLE] where $s->[$KEY] = $key");
 }
 



More information about the interchange-cvs mailing list