PES-402: SQL fixes (#39)

Co-authored-by: Filip Jiskra <[email protected]> Co-authored-by: packeta <[email protected]>
Zasilkovna · Nov 23, 2021 · 78c989e · 78c989e
1 parent 2cc605c
commit 78c989e
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 2 deletions.
diff --git a/CHANGE_LOG.txt b/CHANGE_LOG.txt
@@ -2,7 +2,8 @@
       - Updated: Schema migration simplified by using GenericTableUpdater
       - Updated: Plugin tables are dropped during uninstall.
       - Added: Backup table for orders is added in case uninstall happens by mistake.
-
+      - Fixed: SQL escaping
+
 1.3.0 - Added: editable order weight
 
 1.2.0 - Added: packeta shipping method configuration

diff --git a/media/admin/com_virtuemart/controllers/zasilkovna.php b/media/admin/com_virtuemart/controllers/zasilkovna.php
@@ -73,7 +73,7 @@ public function save($data = 0)
         }
 
         $db = JFactory::getDBO();
-        $q = "UPDATE #__extensions SET custom_data='" . serialize($data) . "' WHERE element='zasilkovna'";
+        $q = "UPDATE #__extensions SET custom_data='" . $db->escape(serialize($data)) . "' WHERE element='zasilkovna'";
         $db->setQuery($q);
         $db->execute();