admin/Facilitor
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

SQL injection in toevoegen Notes

Browse Source 
svn path=/Website/trunk/; revision=35320
This commit is contained in:
Jos Groot Lipman
2017-09-14 13:24:19 +00:00
parent 7f99cdb4c5
commit ca4c22fdca
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
APPL/API2/model_notes.inc
View File

@@ -197,7 +197,7 @@ function model_notes(module)
//
var dbfields = api2.update_fields(params, this, jsondata); // Build updater
var wheres = [ this.id.dbs + " = " + the_key];
var wheres = [ this.fields.id.dbs + " = " + the_key];
wheres.push("prs_perslid = " + user_key);
var xxxUpd = buildTrackingUpdate(this.table, wheres.join(" AND " ), dbfields, { noValidateToken: true });
@@ -209,7 +209,7 @@ function model_notes(module)
this.REST_POST = function (params, jsondata) /* new note */
{
params.filter.parent_key = jsondata.parent;
params.filter.parent_key = parseInt(jsondata.parent, 10);
_check_authorization(params, "POST");
//
var dbfields = api2.update_fields(params, this, jsondata); // Build updater