mirror of https://github.com/MISP/MISP
security: fix unescaped parameter leading to sqli
parent
f91fd30440
commit
20d9020b76
|
@ -174,7 +174,7 @@ class Log extends AppModel
|
|||
// cakephp ORM would escape "DATE" datatype in CAST expression
|
||||
$condnotinaction = "'" . implode("', '", $conditions['AND']['NOT']['action']) . "'";
|
||||
if (!empty($conditions['org'])) {
|
||||
$condOrg = ' AND org = "' . $conditions['org'] . '"';
|
||||
$condOrg = sprintf('AND org = %s', $this->getDataSource()->value($conditions['org']));
|
||||
} else {
|
||||
$condOrg = '';
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue