MantisBT: master 88cefc7d

Author Committer Branch Timestamp Parent
dregad dregad master 2020-01-29 03:40:03 master d454e231
Affected Issues  0026636: Apostrophe in custom_field_string table causes upgrade from < 1.2.0 to fail

Use query parameters in install helper function

install_correct_multiselect_custom_fields_db_format() injected actual
field values in the update SQL queries, which is a potential source for
SQL injection, and causes the upgrade from MantisBT < 1.2.0 to fail when
custom_field_table contains an apostrophe.

Fixes 0026636

mod - core/install_helper_functions_api.php Diff File