Conservancy/voting
6
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Revert: "Correct variable name" from 2014-02-09

Browse source 
During patch review by Tobias Mueller <muelli@cryptobitch.de>, Tobias
pointed out that the original commit referenced above seemed to make a
change that was inappropriate.  I reread my commit message and cannot
figure out why I made that change, at least, it doesn't make sense for
the reason I described, and Tobias is right that the escaped version
should be used here.

I've therefore corrected the problem and will test to see if any ill
effects occur.
This commit is contained in:
Bradley M. Kuhn 2015-05-14 15:38:11 -07:00
parent 61d0c39379
commit 2e24b827c3
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
vote/include/election-sql.php
View file

@ -476,7 +476,7 @@ function elec_get_votes_for_anon_token ($handle, $anon_token_id) {
$escaped_anon_token_id = mysql_real_escape_string ($anon_token_id, $handle);
$query = "SELECT choice_id,preference FROM " . $votes_table;
$query .= " WHERE anon_id = $anon_token_id";
$query .= " WHERE anon_id = $escaped_anon_token_id";
/* -1 is not a valid value: it's the default value for referenda.
* It's a blank vote. There was a bug that let this choice be saved in the
* votes, but we don't need it there since we already have the anonymous