From fc6857004eeabf6963a9b2856f51db8842c00b70 Mon Sep 17 00:00:00 2001
From: einhverfr <einhverfr@4979c152-3d1c-0410-bac9-87ea11338e46>
Date: Tue, 7 Oct 2008 16:32:47 +0000
Subject: Correcting Sadashiva's patch for SQL-injection and maintainability
 concerns.

git-svn-id: https://ledger-smb.svn.sourceforge.net/svnroot/ledger-smb/branches/1.2@2354 4979c152-3d1c-0410-bac9-87ea11338e46
---
 LedgerSMB/AM.pm | 14 +++-----------
 1 file changed, 3 insertions(+), 11 deletions(-)

diff --git a/LedgerSMB/AM.pm b/LedgerSMB/AM.pm
index 1d209358..bb4984a7 100755
--- a/LedgerSMB/AM.pm
+++ b/LedgerSMB/AM.pm
@@ -1420,22 +1420,14 @@ sub save_defaults {
 				    $sth_defcheck->execute() || $form->dberror("execute defaults $_");
 			            while(my $found1=$sth_defcheck->fetchrow()){$found=$found1;}
 				    
-				    if($val ne '') 
-				    {
-					  if($found)
+					if($found)
 					  {
-						$dbh->do("update defaults set value='$val' where setting_key='$_';");
+						$dbh->do("update defaults set value=" . $dbh->quote($val) . " where setting_key='$_';");
 					  }
 					  else
 					  {
-						$dbh->do("insert into defaults(value,setting_key) values('$val','$_');"); 
+						$dbh->do("insert into defaults(value,setting_key) values(" . $dbh->quote($val) . ",'$_');"); 
 					  }
-				    }
-				    else
-				    {
-					  if($found){$dbh->do("delete from defaults where setting_key='$_';")};      	
-
-				    }
 
         }
 
-- 
cgit v1.2.3