projects / civicrm-core.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 804f8b8)
Also escape subtype to fix POC#2 found by Patrick
authorSeamus Lee <seamuslee001@gmail.com>
Sun, 28 Apr 2019 22:32:58 +0000 (08:32 +1000)
committerSeamus Lee <seamuslee001@gmail.com>
Wed, 15 May 2019 20:25:18 +0000 (06:25 +1000)
CRM/Core/BAO/CustomField.php patch | blob | blame | history

diff --git a/CRM/Core/BAO/CustomField.php b/CRM/Core/BAO/CustomField.php
index 6dd3d5b208c345ae3cc4fba20c2228a32354aaa0..f8483021a3de5f6b81637cac58aa24239ffaec08 100644 (file)
--- a/CRM/Core/BAO/CustomField.php
+++ b/CRM/Core/BAO/CustomField.php
@@ -599,7 +599,7 @@ class CRM_Core_BAO_CustomField extends CRM_Core_DAO_CustomField {
         if (!empty($customDataSubType)) {
           $subtypeClause = array();
           foreach ($customDataSubType as $subtype) {
-            $subtype = CRM_Core_DAO::VALUE_SEPARATOR . $subtype . CRM_Core_DAO::VALUE_SEPARATOR;
+            $subtype = CRM_Core_DAO::VALUE_SEPARATOR . CRM_Utils_Type::escape($subtype, 'String') . CRM_Core_DAO::VALUE_SEPARATOR;
             $subtypeClause[] = "$cgTable.extends_entity_column_value LIKE '%{$subtype}%'";
           }
           if (!$onlySubType) {