Web   ·   Wiki   ·   Activities   ·   Blog   ·   Lists   ·   Chat   ·   Meeting   ·   Bugs   ·   Git   ·   Translate   ·   Archive   ·   People   ·   Donate
summaryrefslogtreecommitdiffstats
path: root/site/cake/libs/model/datasources/dbo_source.php
diff options
context:
space:
mode:
Diffstat (limited to 'site/cake/libs/model/datasources/dbo_source.php')
-rw-r--r--site/cake/libs/model/datasources/dbo_source.php8
1 files changed, 6 insertions, 2 deletions
diff --git a/site/cake/libs/model/datasources/dbo_source.php b/site/cake/libs/model/datasources/dbo_source.php
index 4c1e6e4..150b0e7 100644
--- a/site/cake/libs/model/datasources/dbo_source.php
+++ b/site/cake/libs/model/datasources/dbo_source.php
@@ -1757,8 +1757,12 @@ class DboSource extends DataSource {
* @return boolean True if the table has a matching record, else false
*/
function hasAny($model, $sql) {
+ // bug 478041, escaping the fields properly
$sql = $this->conditions($sql);
- $out = $this->fetchRow("SELECT COUNT(" . $model->primaryKey . ") " . $this->alias . "count FROM " . $this->fullTableName($model) . ' ' . ($sql ? ' ' . $sql : 'WHERE 1 = 1'));
+ $pk = $model->escapeField($model->primaryKey);
+ $table = $this->fullTableName($model) . ' ' . $this->alias . $this->name($model->name);
+ $where = $sql ? $sql : 'WHERE 1 = 1';
+ $out = $this->fetchRow("SELECT COUNT({$pk}) {$this->alias} count FROM {$table} {$where}");
if (is_array($out)) {
return $out[0]['count'];
@@ -1887,4 +1891,4 @@ class DboSource extends DataSource {
return false;
}
}
-?> \ No newline at end of file
+?>
generated by cgit v0.9.1 at 2024-05-02 06:29:07 (GMT)