Drupal
/
drupal
mirror of https://git.drupalcode.org/project/drupal.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Properly escape SQL table.

8.0.x
Larry Garfield 2012-09-28 11:34:24 -05:00 committed by effulgentsia
parent 07a81f6dd5
commit e2f99d4ec8
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
core/lib/Drupal/Core/Routing/PathMatcher.php
View File

@ -62,7 +62,7 @@ class PathMatcher implements InitialMatcherInterface {
$ancestors = $this->getCandidateOutlines($parts);
$routes = $this->connection->query("SELECT name, route FROM {{$this->tableName}} WHERE pattern_outline IN (:patterns) ORDER BY fit", array(
$routes = $this->connection->query("SELECT name, route FROM {" . $this->connection->escapeTable($this->tableName) . "} WHERE pattern_outline IN (:patterns) ORDER BY fit", array(
':patterns' => $ancestors,
))
->fetchAllKeyed();