Correcting (trunk only) SQL injection issue in stored procedure interface.

git-svn-id: https://ledger-smb.svn.sourceforge.net/svnroot/ledger-smb/trunk@1615 4979c152-3d1c-0410-bac9-87ea11338e46
author: einhverfr <einhverfr@4979c152-3d1c-0410-bac9-87ea11338e46> 2007-09-16 03:09:45 +0000
committer: einhverfr <einhverfr@4979c152-3d1c-0410-bac9-87ea11338e46> 2007-09-16 03:09:45 +0000
commit: 7dfd737d1389215622de711c147be436d4247daf (patch)
tree: b807fa181caeca6ac1d23eb109f2c47848494300
parent: bc7aa50d96c4f70e3f44bf41e4976424d8928564 (diff)
1 files changed, 3 insertions, 0 deletions
diff --git a/LedgerSMB.pm b/LedgerSMB.pm
index f61ae9a8..502b81e6 100755
--- a/LedgerSMB.pm
+++ b/LedgerSMB.pm
@@ -546,6 +546,9 @@ sub call_procedure {
     my $order_by = $args{order_by};
     my $argstr   = "";
     my @results;
+
+    $procname = $self->{dbh}->quote_identifier($procname);
+
     for ( 1 .. scalar @call_args ) {
         $argstr .= "?, ";
     }
author	einhverfr <einhverfr@4979c152-3d1c-0410-bac9-87ea11338e46>	2007-09-16 03:09:45 +0000
committer	einhverfr <einhverfr@4979c152-3d1c-0410-bac9-87ea11338e46>	2007-09-16 03:09:45 +0000
commit	7dfd737d1389215622de711c147be436d4247daf (patch)
tree	b807fa181caeca6ac1d23eb109f2c47848494300
parent	bc7aa50d96c4f70e3f44bf41e4976424d8928564 (diff)