diff options
| author | David Rothstein <drothstein@gmail.com> | 2014-10-15 10:31:54 -0400 |
|---|---|---|
| committer | David Rothstein <drothstein@gmail.com> | 2014-10-15 10:31:54 -0400 |
| commit | 26a7752c34321fd9cb889308f507ca6bdb777f08 (patch) | |
| tree | beecf7c4761b33225195978ed87ff9b002052a2e /includes/database | |
| parent | 90e884ad0f7f2cf269d953f7d70966de9fd821ff (diff) | |
| download | brdo-26a7752c34321fd9cb889308f507ca6bdb777f08.tar.gz brdo-26a7752c34321fd9cb889308f507ca6bdb777f08.tar.bz2 | |
SA-CORE-2014-005 by Stefan Horst, greggles, larowlan, David_Rothstein, klausi: Fixed SQL injection vulnerability
Diffstat (limited to 'includes/database')
| -rw-r--r-- | includes/database/database.inc | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/includes/database/database.inc b/includes/database/database.inc index f78098bc0..01b638584 100644 --- a/includes/database/database.inc +++ b/includes/database/database.inc @@ -736,7 +736,7 @@ abstract class DatabaseConnection extends PDO { // to expand it out into a comma-delimited set of placeholders. foreach (array_filter($args, 'is_array') as $key => $data) { $new_keys = array(); - foreach ($data as $i => $value) { + foreach (array_values($data) as $i => $value) { // This assumes that there are no other placeholders that use the same // name. For example, if the array placeholder is defined as :example // and there is already an :example_2 placeholder, this will generate |