From d567c2b5c278f3ec291228a902b5d1ca1a25d64f Mon Sep 17 00:00:00 2001
From: Mike Rylander <mrylander@gmail.com>
Date: Tue, 2 Aug 2011 20:05:53 -0400
Subject: [PATCH] Quote container id param for safety

Signed-off-by: Mike Rylander <mrylander@gmail.com>
---
 .../lib/OpenILS/Application/Storage/Driver/Pg/QueryParser.pm         | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/Open-ILS/src/perlmods/lib/OpenILS/Application/Storage/Driver/Pg/QueryParser.pm b/Open-ILS/src/perlmods/lib/OpenILS/Application/Storage/Driver/Pg/QueryParser.pm
index d10016d5c9..7e93ab2beb 100644
--- a/Open-ILS/src/perlmods/lib/OpenILS/Application/Storage/Driver/Pg/QueryParser.pm
+++ b/Open-ILS/src/perlmods/lib/OpenILS/Application/Storage/Driver/Pg/QueryParser.pm
@@ -627,9 +627,8 @@ sub toSQL {
                       JOIN container.${class}_bucket c ON (c.id = ci.bucket)
                       $rec_join
                 WHERE c.btype = > . $self->QueryParser->quote_value($ctype) .
-                    qq< AND c.id = $cid
-                      AND (c.pub IS TRUE $perm_join)) container ON (container.container_item = mrd.id)
-            >;
+                    qq< AND c.id = > . $self->QueryParser->quote_value($cid) .
+                    qq< AND (c.pub IS TRUE $perm_join)) container ON (container.container_item = mrd.id) >;
         } else {$container = ''};
     } else {
         $container = '';
-- 
2.11.0