RetailCRM-Mirror/opencart-module
1
0
Fork 0
mirror of https://github.com/retailcrm/opencart-module.git synced 2024-11-22 05:06:07 +03:00
Code Issues Projects Releases Wiki Activity

Added query escaping in method for getting zone

Browse Source
This commit is contained in:
Uryvskiy Dima 2023-07-10 10:09:36 +03:00 committed by GitHub
commit a375804086
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 7 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
CHANGELOG.md
View File

@ -1,3 +1,6 @@
## v4.1.12
* Added escaping for db query in method for getting zone
## v4.1.11 ## v4.1.11
* Fixed the transfer of the weight offers * Fixed the transfer of the weight offers

2
VERSION
View File

@ -1 +1 @@
4.1.11 4.1.12

1
src/upload/system/library/retailcrm/lib/repository/DataRepository.php
View File

@ -124,6 +124,7 @@ class DataRepository extends \retailcrm\Base {
* @return array * @return array
*/ */
public function getZoneByName($name) { public function getZoneByName($name) {
$name = $this->db->escape($name);
$query = $this->db->query("SELECT * FROM `" . DB_PREFIX . "zone` WHERE name = '" . $name . "'"); $query = $this->db->query("SELECT * FROM `" . DB_PREFIX . "zone` WHERE name = '" . $name . "'");
return $query->row; return $query->row;

2
tests/system/lib/repository/DataRepositoryAdminTest.php
View File

@ -19,6 +19,8 @@ class DataRepositoryAdminTest extends TestCase {
$this->assertNotEmpty($zone); $this->assertNotEmpty($zone);
$this->assertNotEmpty($zone['zone_id']); $this->assertNotEmpty($zone['zone_id']);
$repository->getZoneByName('Rostov-na-Do\'nu');
} }
public function testGetCurrencyByCode() { public function testGetCurrencyByCode() {