Revert: "Correct variable name" from 2014-02-09

During patch review by Tobias Mueller <muelli@cryptobitch.de>, Tobias
pointed out that the original commit referenced above seemed to make a
change that was inappropriate.  I reread my commit message and cannot
figure out why I made that change, at least, it doesn't make sense for
the reason I described, and Tobias is right that the escaped version
should be used here.

I've therefore corrected the problem and will test to see if any ill
effects occur.
This commit is contained in:
Bradley M. Kuhn 2015-05-14 15:38:11 -07:00
parent 61d0c39379
commit 2e24b827c3

View file

@ -476,7 +476,7 @@ function elec_get_votes_for_anon_token ($handle, $anon_token_id) {
$escaped_anon_token_id = mysql_real_escape_string ($anon_token_id, $handle); $escaped_anon_token_id = mysql_real_escape_string ($anon_token_id, $handle);
$query = "SELECT choice_id,preference FROM " . $votes_table; $query = "SELECT choice_id,preference FROM " . $votes_table;
$query .= " WHERE anon_id = $anon_token_id"; $query .= " WHERE anon_id = $escaped_anon_token_id";
/* -1 is not a valid value: it's the default value for referenda. /* -1 is not a valid value: it's the default value for referenda.
* It's a blank vote. There was a bug that let this choice be saved in the * It's a blank vote. There was a bug that let this choice be saved in the
* votes, but we don't need it there since we already have the anonymous * votes, but we don't need it there since we already have the anonymous