summaryrefslogtreecommitdiffstats
path: root/lib/api/kolab_api_service_type.php
diff options
context:
space:
mode:
authorAleksander Machniak <alec@alec.pl>2012-10-03 12:17:30 +0200
committerAleksander Machniak <alec@alec.pl>2012-10-03 12:17:30 +0200
commitbf2c04c26ce94ab5b8bb6d2696057ec827d1b121 (patch)
treed27a34371a16631edf28a5db3675f62823fe6bae /lib/api/kolab_api_service_type.php
parent9bc91d0f2089a39bde28767add34d31ec8017226 (diff)
downloadwebadmin-bf2c04c26ce94ab5b8bb6d2696057ec827d1b121.tar.gz
Fix DB column names escaping in SQL queries
Diffstat (limited to 'lib/api/kolab_api_service_type.php')
-rw-r--r--lib/api/kolab_api_service_type.php8
1 files changed, 4 insertions, 4 deletions
diff --git a/lib/api/kolab_api_service_type.php b/lib/api/kolab_api_service_type.php
index 11d9387..794de16 100644
--- a/lib/api/kolab_api_service_type.php
+++ b/lib/api/kolab_api_service_type.php
@@ -92,11 +92,11 @@ class kolab_api_service_type extends kolab_api_service
$query['used_for'] = $postdata['used_for'] == 'hosted' ? 'hosted' : null;
}
- $query = array_map(array($this->db, 'escape'), $query);
+ $query = array_map(array($this->db, 'escape'), $query);
+ $columns = array_map(array($this->db, 'escape_identifier'), array_keys($query));
$this->db->query("INSERT INTO {$type}_types"
- . " (" . implode(',', array_keys($query)) . ")"
- . " VALUES (" . implode(',', $query) . ")");
+ . " (" . implode(', ', $columns) . ") VALUES (" . implode(', ', $query) . ")");
if (!($id = $this->db->last_insert_id())) {
return false;
@@ -175,7 +175,7 @@ class kolab_api_service_type extends kolab_api_service
}
foreach ($query as $idx => $value) {
- $query[$idx] = $idx . " = " . $this->db->escape($value);
+ $query[$idx] = $this->db->escape_identifier($idx) . " = " . $this->db->escape($value);
}
$result = $this->db->query("UPDATE {$type}_types SET "