From 73cf433e05f794b19bd895414318d7859dad7a65 Mon Sep 17 00:00:00 2001 From: FusionPBX Date: Wed, 5 Oct 2016 09:55:02 -0600 Subject: [PATCH] Update orm.php Escape single quotes in the data. --- resources/classes/orm.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/resources/classes/orm.php b/resources/classes/orm.php index a43880f22b..1b2e09776f 100644 --- a/resources/classes/orm.php +++ b/resources/classes/orm.php @@ -804,8 +804,8 @@ $sql .= "'".$_SERVER['REMOTE_ADDR']."', "; //$sql .= "'$transaction_type', "; $sql .= "now(), "; - $sql .= "'".json_encode($old_array, JSON_PRETTY_PRINT)."', "; - $sql .= "'".json_encode($new_array, JSON_PRETTY_PRINT)."', "; + $sql .= "'".check_str(json_encode($old_array, JSON_PRETTY_PRINT))."', "; + $sql .= "'".check_str(json_encode($new_array, JSON_PRETTY_PRINT))."', "; $sql .= "'".check_str(json_encode($this->message, JSON_PRETTY_PRINT))."' "; $sql .= ")"; $this->db->exec(check_sql($sql));