chamilo
/
chamilo-lms
mirror of https://github.com/chamilo/chamilo-lms/tree/1.11.x
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

Add int casting to secure query.

Browse Source
pull/2487/head
jmontoyaa 7 years ago
parent 20a2464a56
commit cd2a5650c1
1 changed files with 3 additions and 1 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 4
      main/inc/lib/document.lib.php

4
main/inc/lib/document.lib.php
Unescape View File

@ -3503,12 +3503,14 @@ class DocumentManager
$cleanedPath = $parentData['path'];
$num = substr_count($cleanedPath, '/');
$notLikeCondition = null;
$notLikeCondition = '';
for ($i = 1; $i <= $num; $i++) {
$repeat = str_repeat('/%', $i + 1);
$notLikeCondition .= " AND docs.path NOT LIKE '".Database::escape_string($cleanedPath.$repeat)."' ";
}
$folderId = (int) $folderId;
$folderCondition = " AND
docs.id <> $folderId AND
docs.path LIKE '".$cleanedPath."/%'

Write Preview
Loading…
Cancel
Save