r76613 MediaWiki - Code Review archive

Repository:	MediaWiki
Revision:	< r76612‎ \| r76613 \| r76614 >
Date:	01:01, 13 November 2010
Author:	awjrichards
Status:	deferred
Tags:
Comment:	Added 'addslashes' to fix unescaped string being stuck in the db
Modified paths:	/civicrm/trunk/sites/all/modules/queue2civicrm/queue2civicrm.module (modified) (history)

Diff [purge]

Index: civicrm/trunk/sites/all/modules/queue2civicrm/queue2civicrm.module
—	—	@@ -266,7 +266,7 @@
267	267	* When passing CiviCRM a state abbreviation, odd things can happen - like getting the right abbreviation, but the wrong state
268	268	* So we'll pull back the correct state/province name based off of a user's country/state abbreviation
269	269	*/
270		- $query = "SELECT s.name AS state_name FROM civicrm_country c, civicrm_state_province s WHERE s.country_id=c.id AND c.name='" . $msg['country'] . "' AND s.abbreviation='" . addslashes( $msg['state_province'] ) . "'";
	270	+ $query = "SELECT s.name AS state_name FROM civicrm_country c, civicrm_state_province s WHERE s.country_id=c.id AND c.name='" . addslashes( $msg['country'] ) . "' AND s.abbreviation='" . addslashes( $msg['state_province'] ) . "'";
271	271	$dao = CRM_Core_DAO::executeQuery( $query );
272	272	while ( $dao->fetch() ) {
273	273	$state = $dao->state_name;

19:44, 21 November 2010 Reedy (talk | contribs) changed the status of r76613 [removed: new added: deferred]