fixed sql injection in translation api (#14952)

pimcore · Apr 20, 2023 · 7e32cc2 · 7e32cc2
1 parent 707cff5
commit 7e32cc2
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/bundles/AdminBundle/Controller/Admin/TranslationController.php b/bundles/AdminBundle/Controller/Admin/TranslationController.php
@@ -650,7 +650,7 @@ protected function getGridFilterCondition(Request $request, $tableName, $languag
                 }
 
                 if ($field && $value) {
-                    $condition = $field . ' ' . $operator . ' ' . $db->quote($value);
+                    $condition = $db->quoteIdentifier($field) . ' ' . $operator . ' ' . $db->quote($value);
 
                     if ($languageMode) {
                         $conditions[$fieldname] = $condition;