Commit 5d21a5a5 authored by Robert Lyon's avatar Robert Lyon

Bug 1846653: Fix unsafe plans sql queries

behatnotneeded

Change-Id: Ie6bafc19ae6ad865a75538a4cae49019a7df5eb3
Signed-off-by: Robert Lyon's avatarRobert Lyon <robertl@catalyst.net.nz>
parent 04ea83c9
This diff is collapsed.
......@@ -153,9 +153,9 @@ class ReminderTools {
foreach ($remindedTasks as $remindedTask) {
$remindedTaskIds[] = $remindedTask->taskid;
}
$remindedTaskIdsString = implode(', ', $remindedTaskIds);
$sql = sprintf("UPDATE {artefact_plans_task} SET remindermailsent = 1 WHERE artefact IN (%s)", $remindedTaskIdsString);
$sql = "UPDATE {artefact_plans_task} SET remindermailsent = 1
WHERE artefact IN (" . implode(', ', array_map('db_quote', $remindedTaskIds)) . ")";
return execute_sql($sql);
}
}
\ No newline at end of file
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment