Commit 3e91f6c9 authored by Seamus Lee's avatar Seamus Lee

Fix security/core#51 by paramatising the Event Type part of the wuere clause

parent 7175292e
......@@ -517,7 +517,8 @@ ORDER BY start_date desc
if (is_array($value)) {
$type = implode(',', $value);
}
$clauses[] = "event_type_id IN ({$type})";
$clauses[] = "event_type_id IN (%2)";
$params[2] = [$type, 'String'];
}
$eventsByDates = $this->get('eventsByDates');
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment