From 526558401680f5d8b402823dbd5d40fd17620980 Mon Sep 17 00:00:00 2001
From: Dries Buytaert <dries@buytaert.net>
Date: Wed, 5 May 2010 16:51:30 +0000
Subject: - Patch #769554 by jpmckinney, Berdir, cha0s: fixed trivial SQL
 injection(s) with SelectQuery.

---
 modules/openid/openid.module | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'modules/openid')

diff --git a/modules/openid/openid.module b/modules/openid/openid.module
index ebd63f0bb..45b6714b2 100644
--- a/modules/openid/openid.module
+++ b/modules/openid/openid.module
@@ -550,7 +550,7 @@ function openid_association($op_endpoint) {
 
   // Remove Old Associations:
   db_delete('openid_association')
-    ->condition('created + expires_in', REQUEST_TIME, '<')
+    ->where('created + expires_in < :request_time', array(':request_time' => REQUEST_TIME))
     ->execute();
 
   // Check to see if we have an association for this IdP already
-- 
cgit v1.2.3