admin/Facilitor
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

mgt-generic: voorkom latere sql-injection op tabelnaam, ook al is het alleen FACFAC

Browse Source 
svn path=/Website/branches/v2017.1/; revision=34389
This commit is contained in:
Jos Groot Lipman
2017-06-21 15:44:07 +00:00
parent 3bb2c43e98
commit 96f5c6fddd
1 changed files with 2 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
APPL/API2/model_generic.inc
View File

@@ -235,6 +235,8 @@ function model_generic(table, autfunction)
oRs.MoveNext();
}
oRs.Close();
if (!model.nrfields)
abort_with_warning("No columns found for {0}".format(table)); // voorkomt ook latere sql-injection op tabelnaam
api2.generic_REST(model);