sortablefile icon indicating copy to clipboard operation
sortablefile copied to clipboard

Published 20 hours ago verified publisher icon bummzack

First parameter of `assign` in SQLUpdate not escaped

Open NoLdman opened this issue 5 years ago • 0 comments

In https://github.com/bummzack/sortablefile/blob/0028923180b10d7613ff239a0fd56acdf96872ab/src/Forms/SortableUploadField.php#L199 the first parameter of assign isn't escaped, which causes SilverStripe-Installations with PostgreSQL databases to cast the column to lower-case (i.e. "sortorder").

Shouldn't it be escaped as follows?

->assign("\"$sortColumn\"", $sort++)

NoLdman avatar Jan 20 '20 14:01 NoLdman