Escape the $data var in _manageData() using pSQL()

feloot · web-flow · commit 022d581e46ea · 2020-03-09T12:53:24.000+01:00
diff --git a/ps_googleanalytics.php b/ps_googleanalytics.php
@@ -767,7 +767,7 @@ protected function _manageData($data, $action)
                 return json_decode($dataretour,true);
         }
         if ($action == 'W') {
-            return Db::getInstance()->Execute('INSERT INTO `'._DB_PREFIX_.'ganalytics_data` (id_cart, id_shop, data) VALUES(\''.(int)$this->context->cart->id.'\',\''.(int)$this->context->shop->id.'\',\''.json_encode($data).'\') ON DUPLICATE KEY UPDATE data =\''.json_encode($data).'\' ;');
+            return Db::getInstance()->Execute('INSERT INTO `'._DB_PREFIX_.'ganalytics_data` (id_cart, id_shop, data) VALUES(\''.(int)$this->context->cart->id.'\',\''.(int)$this->context->shop->id.'\',\''.pSQL(json_encode($data)).'\') ON DUPLICATE KEY UPDATE data =\''.pSQL(json_encode($data)).'\' ;');
         }
         if ($action == 'A') {
             $dataretour = Db::getInstance()->getValue('SELECT data FROM `'._DB_PREFIX_.'ganalytics_data` WHERE id_cart = \''.(int)$this->context->cart->id.'\' AND id_shop = \''.(int)$this->context->shop->id.'\'');

Original file line number	Diff line number	Diff line change
`@@ -767,7 +767,7 @@ protected function _manageData($data, $action)`
`767`	`767`	`return json_decode($dataretour,true);`
`768`	`768`	`}`
`769`	`769`	`if ($action == 'W') {`
`770`		- return Db::getInstance()->Execute('INSERT INTO `'._DB_PREFIX_.'ganalytics_data` (id_cart, id_shop, data) VALUES(\''.(int)$this->context->cart->id.'\',\''.(int)$this->context->shop->id.'\',\''.json_encode($data).'\') ON DUPLICATE KEY UPDATE data =\''.json_encode($data).'\' ;');
	`770`	+ return Db::getInstance()->Execute('INSERT INTO `'._DB_PREFIX_.'ganalytics_data` (id_cart, id_shop, data) VALUES(\''.(int)$this->context->cart->id.'\',\''.(int)$this->context->shop->id.'\',\''.pSQL(json_encode($data)).'\') ON DUPLICATE KEY UPDATE data =\''.pSQL(json_encode($data)).'\' ;');
`771`	`771`	`}`
`772`	`772`	`if ($action == 'A') {`
`773`	`773`	$dataretour = Db::getInstance()->getValue('SELECT data FROM `'._DB_PREFIX_.'ganalytics_data` WHERE id_cart = \''.(int)$this->context->cart->id.'\' AND id_shop = \''.(int)$this->context->shop->id.'\'');