Rooba
/
boinc
mirror of https://github.com/BOINC/boinc.git
1
0
Fork 0
Code Issues 1 Packages Projects Releases Wiki Activity

web: fix SQL injection in remote job submission

This commit is contained in:
Rytis Slatkevičius 2014-12-04 14:23:13 +02:00
parent 22ba609c3f
commit b960d78d9e
1 changed files with 1 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
html/user/submit_rpc_handler.php
View File

@ -302,6 +302,7 @@ function submit_batch($r) {
if (!$ret) xml_error(-1, "BOINC server: batch->update() failed");
} else {
$batch_name = (string)($r->batch->batch_name);
$batch_name = BoincDb::escape_string($batch_name);
$batch_id = BoincBatch::insert(
"(user_id, create_time, njobs, name, app_id, logical_end_time, state) values ($user->id, $now, $njobs, '$batch_name', $app->id, $let, ".BATCH_STATE_INIT.")"
);