From 7e32cc28145274ddfc30fb791012d26c1278bd38 Mon Sep 17 00:00:00 2001
From: Christian F <christian.feldkirchner@pimcore.com>
Date: Thu, 20 Apr 2023 11:51:21 +0200
Subject: [PATCH] fixed sql injection in translation api (#14952)

---
 bundles/AdminBundle/Controller/Admin/TranslationController.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/bundles/AdminBundle/Controller/Admin/TranslationController.php b/bundles/AdminBundle/Controller/Admin/TranslationController.php
index b531d2c21bd..f92a618fe11 100644
--- a/bundles/AdminBundle/Controller/Admin/TranslationController.php
+++ b/bundles/AdminBundle/Controller/Admin/TranslationController.php
@@ -650,7 +650,7 @@ protected function getGridFilterCondition(Request $request, $tableName, $languag
                 }
 
                 if ($field && $value) {
-                    $condition = $field . ' ' . $operator . ' ' . $db->quote($value);
+                    $condition = $db->quoteIdentifier($field) . ' ' . $operator . ' ' . $db->quote($value);
 
                     if ($languageMode) {
                         $conditions[$fieldname] = $condition;