From: Mike Rylander <mrylander@gmail.com>
Date: Wed, 3 Aug 2011 00:05:53 +0000 (-0400)
Subject: Quote container id param for safety
X-Git-Tag: sprint4-merge-nov22~5300
X-Git-Url: https://old-git.evergreen-ils.org/?a=commitdiff_plain;h=d567c2b5c278f3ec291228a902b5d1ca1a25d64f;p=working%2FEvergreen.git

Quote container id param for safety

Signed-off-by: Mike Rylander <mrylander@gmail.com>
---

diff --git a/Open-ILS/src/perlmods/lib/OpenILS/Application/Storage/Driver/Pg/QueryParser.pm b/Open-ILS/src/perlmods/lib/OpenILS/Application/Storage/Driver/Pg/QueryParser.pm
index d10016d5c9..7e93ab2beb 100644
--- a/Open-ILS/src/perlmods/lib/OpenILS/Application/Storage/Driver/Pg/QueryParser.pm
+++ b/Open-ILS/src/perlmods/lib/OpenILS/Application/Storage/Driver/Pg/QueryParser.pm
@@ -627,9 +627,8 @@ sub toSQL {
                       JOIN container.${class}_bucket c ON (c.id = ci.bucket)
                       $rec_join
                 WHERE c.btype = > . $self->QueryParser->quote_value($ctype) .
-                    qq< AND c.id = $cid
-                      AND (c.pub IS TRUE $perm_join)) container ON (container.container_item = mrd.id)
-            >;
+                    qq< AND c.id = > . $self->QueryParser->quote_value($cid) .
+                    qq< AND (c.pub IS TRUE $perm_join)) container ON (container.container_item = mrd.id) >;
         } else {$container = ''};
     } else {
         $container = '';