Added a todo

author Joe Murray <joe.murray@jmaconsulting.biz>

Fri, 8 Jan 2016 22:20:07 +0000 (17:20 -0500)

committer Joe Murray <joe.murray@jmaconsulting.biz>

Fri, 8 Jan 2016 22:20:07 +0000 (17:20 -0500)
author Joe Murray <joe.murray@jmaconsulting.biz>
Fri, 8 Jan 2016 22:20:07 +0000 (17:20 -0500)
committer Joe Murray <joe.murray@jmaconsulting.biz>
Fri, 8 Jan 2016 22:20:07 +0000 (17:20 -0500)
diff --git a/CRM/Utils/SQL/Select.php b/CRM/Utils/SQL/Select.php

index a45bfa57291628aa127b1fe6b269577880353436..e130e5799456fe9a37dea7093fdfcb7902993f88 100644 (file)
--- a/CRM/Utils/SQL/Select.php
+++ b/CRM/Utils/SQL/Select.php
@@ -464,6 +464,7 @@ class CRM_Utils_SQL_Select implements ArrayAccess {
              $parts = array_map(array($select, 'escapeString'), $values);
              return implode(', ', $parts);
  
+          // TODO: ensure all uses of this un-escaped literal are safe
            case '!':
              return implode(', ', $values);
author	Joe Murray <joe.murray@jmaconsulting.biz>
	Fri, 8 Jan 2016 22:20:07 +0000 (17:20 -0500)
committer	Joe Murray <joe.murray@jmaconsulting.biz>
	Fri, 8 Jan 2016 22:20:07 +0000 (17:20 -0500)