Projekt

Allgemein

Profil

GX-Bug #55993 » ProductContentFixMySQLiFix.patch

Till Tepelmann, 03.04.2018 12:44

Unterschiede anzeigen:

src/gambio_updater/updates/v3.7.1.0/dependent.inc.php (date 1522751805000)
254 254
{
255 255
	foreach($results as $result)
256 256
	{
257
		$productContentsQuery = 'INSERT INTO `product_contents` (`name`) VALUE ("' . $result['content_name'] . '")';
257
		$productContentsQuery = 'INSERT INTO `product_contents` (`name`) VALUE ("' . $this->coo_mysqli->real_escape_string($result['content_name']) . '")';
258 258

  
259 259
		$this->query($productContentsQuery, true);
260 260
		// Abort import on error
......
278 278

  
279 279
		$productContentDescriptionQuery = 'INSERT INTO `product_content_descriptions` (`product_content_id`, `language_id`, `title`, `content`) VALUES ("'
280 280
		                                  . $productContentId . '", "' . $result['languages_id'] . '", "'
281
		                                  . $result['content_name'] . '", "'
281
		                                  . $this->real_escape_string($result['content_name']) . '", "'
282 282
		                                  . $this->real_escape_string($result['file_comment']) . '");';
283 283

  
284 284
		$this->query($productContentDescriptionQuery, true);
    (1-1/1)