How to fix 'APPSEC-1063' issue with collection join after the patch SUPEE-6788

magento.stackexchange https://magento.stackexchange.com/questions/110554

Question

One of the files in an extension after the patch SUPEE-6788 is showing an issue related to APPSEC-1063.

$collection->join('catalog/product', 'product_id=`catalog/product`.entity_id')
    ->addFieldToFilter('`catalog/product`.type_id', array('in' => array('simple', 'virtual', 'downloadable')));

How do I need to change this code to make it compatible?

Was it helpful?

Solution

Remove the backticks ` . Magento now takes care of that which results in double backticks and an SQL error.

Since I am not sure if catalog/product.entity_id will work like this, here is the code changed to using an alias as well:

$collection->join(
    ['catalog_product' => 'catalog/product'],
    'product_id=catalog_product.entity_id'
)->addFieldToFilter(
     'catalog_product.type_id',
     ['in' => ['simple', 'virtual', 'downloadable']]
);
Licensed under: CC-BY-SA with attribution
Not affiliated with magento.stackexchange
scroll top