Skip to content

Commit

Permalink
CRM-19641
Browse files Browse the repository at this point in the history
  • Loading branch information
seamuslee001 committed Nov 15, 2016
1 parent 77eaee4 commit 78c187f
Showing 1 changed file with 4 additions and 3 deletions.
7 changes: 4 additions & 3 deletions CRM/Case/XMLProcessor/Report.php
Original file line number Diff line number Diff line change
Expand Up @@ -666,10 +666,10 @@ public function getActivityTypeCustomSQL($activityTypeID, $dateFormat = NULL) {
$query = "
SELECT label, value
FROM civicrm_option_value
WHERE option_group_id = {$dao->optionGroupID}
WHERE option_group_id = %1
";

$option = CRM_Core_DAO::executeQuery($query);
$option = CRM_Core_DAO::executeQuery($query, array(1 => array($dao->optionGroupID, 'Positive')));
while ($option->fetch()) {
$dataType = $dao->dataType;
if ($dataType == 'Int' || $dataType == 'Float') {
Expand All @@ -688,8 +688,9 @@ public function getActivityTypeCustomSQL($activityTypeID, $dateFormat = NULL) {

foreach ($sql as $tableName => $values) {
$columnNames = implode(',', $values);
$tableName = CRM_Utils_Type::escape($tableName, 'MysqlColumnNameOrAlias');
$sql[$tableName] = "
SELECT '{$groupTitle[$tableName]}' as groupTitle, $columnNames
SELECT '" . CRM_Core_DAO::escapeString($groupTitle[$tableName]) . "' as groupTitle, $columnNames

This comment has been minimized.

Copy link
@xurizaemon

xurizaemon Nov 23, 2016

Member

@seamuslee001 I think this just reads weird, but it caught my eye so thought I'd ask. Does this not double-escape the input? Since we do

$tableName = CRM_Utils_Type::escape($tableName, 'MysqlColumnNameOrAlias');

then

CRM_Core_DAO::escapeString($groupTitle[$tableName])

Oh weird, I see. OK. Are the keys in $groupTitle array really SQL-escaped?

This comment has been minimized.

Copy link
@seamuslee001

seamuslee001 Nov 23, 2016

Author Contributor

urg point

FROM $tableName
WHERE entity_id = %1
";
Expand Down

0 comments on commit 78c187f

Please sign in to comment.