How to fix 'APPSEC-1063' issue with collection join after the patch SUPEE-6788
-
29-09-2020 - |
Question
One of the files in an extension after the patch SUPEE-6788 is showing an issue related to APPSEC-1063.
$collection->join('catalog/product', 'product_id=`catalog/product`.entity_id')
->addFieldToFilter('`catalog/product`.type_id', array('in' => array('simple', 'virtual', 'downloadable')));
How do I need to change this code to make it compatible?
Solution
Remove the backticks ` . Magento now takes care of that which results in double backticks and an SQL error.
Since I am not sure if catalog/product.entity_id
will work like this, here is the code changed to using an alias as well:
$collection->join(
['catalog_product' => 'catalog/product'],
'product_id=catalog_product.entity_id'
)->addFieldToFilter(
'catalog_product.type_id',
['in' => ['simple', 'virtual', 'downloadable']]
);
Licensed under: CC-BY-SA with attribution
Not affiliated with magento.stackexchange