Skip to content

Commit

Permalink
Merge pull request #1 from silverstripe-security/pulls/2.1/ss-2018-016
Browse files Browse the repository at this point in the history 
[SS-2018-016] Group table name is escaped to prevent possibility of SQL injection
  • Loading branch information
@robbieaverill
robbieaverill authored Jul 24, 2018
2 parents 7e1c2eb + 4b6804e commit bf2c81d
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion src/Extensions/GroupSubsites.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -47,7 +47,7 @@ public function requireDefaultRecords()
}
// Migration for Group.SubsiteID data from when Groups only had a single subsite
$schema = DataObject::getSchema();
$groupTable = $schema->tableName(Group::class);
$groupTable = Convert::raw2sql($schema->tableName(Group::class));
$groupFields = DB::field_list($groupTable);

// Detection of SubsiteID field is the trigger for old-style-subsiteID migration
Expand Down

0 comments on commit bf2c81d

Please sign in to comment.