diff options
Diffstat (limited to 'site/cake/libs/model/datasources/dbo_source.php')
-rw-r--r-- | site/cake/libs/model/datasources/dbo_source.php | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/site/cake/libs/model/datasources/dbo_source.php b/site/cake/libs/model/datasources/dbo_source.php index 4c1e6e4..150b0e7 100644 --- a/site/cake/libs/model/datasources/dbo_source.php +++ b/site/cake/libs/model/datasources/dbo_source.php @@ -1757,8 +1757,12 @@ class DboSource extends DataSource { * @return boolean True if the table has a matching record, else false */ function hasAny($model, $sql) { + // bug 478041, escaping the fields properly $sql = $this->conditions($sql); - $out = $this->fetchRow("SELECT COUNT(" . $model->primaryKey . ") " . $this->alias . "count FROM " . $this->fullTableName($model) . ' ' . ($sql ? ' ' . $sql : 'WHERE 1 = 1')); + $pk = $model->escapeField($model->primaryKey); + $table = $this->fullTableName($model) . ' ' . $this->alias . $this->name($model->name); + $where = $sql ? $sql : 'WHERE 1 = 1'; + $out = $this->fetchRow("SELECT COUNT({$pk}) {$this->alias} count FROM {$table} {$where}"); if (is_array($out)) { return $out[0]['count']; @@ -1887,4 +1891,4 @@ class DboSource extends DataSource { return false; } } -?>
\ No newline at end of file +?> |