Commit 600ea3de authored by Robert Lyon's avatar Robert Lyon Committed by Gerrit Code Review

Merge "Bug 1846653: Fix unsafe plans sql queries"

parents ead346d6 5d21a5a5
This diff is collapsed.
......@@ -153,9 +153,9 @@ class ReminderTools {
foreach ($remindedTasks as $remindedTask) {
$remindedTaskIds[] = $remindedTask->taskid;
}
$remindedTaskIdsString = implode(', ', $remindedTaskIds);
$sql = sprintf("UPDATE {artefact_plans_task} SET remindermailsent = 1 WHERE artefact IN (%s)", $remindedTaskIdsString);
$sql = "UPDATE {artefact_plans_task} SET remindermailsent = 1
WHERE artefact IN (" . implode(', ', array_map('db_quote', $remindedTaskIds)) . ")";
return execute_sql($sql);
}
}
\ No newline at end of file
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment