Wavyzz/dolibarr-fork
2
0
Fork 0
forked from Wavyzz/dolibarr
Code Pull Requests Activity

Fix: security

Browse Source
This commit is contained in:
Regis Houssin
2013-04-10 11:55:15 +02:00
parent bc1469ff29
commit 2c51b51a88
1 changed files with 3 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
htdocs/core/modules/mailings/contacts2.modules.php
View File

@@ -1,5 +1,6 @@
<?php <?php
/* Copyright (C) 2011 François Cerbelle <francois@cerbelle.net> /* Copyright (C) 2011 François Cerbelle <francois@cerbelle.net>
* Copyright (C) 2013 Regis Houssin <regis.houssin@capnetworks.com>
* *
* This program is free software; you can redistribute it and/or modify * This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by * it under the terms of the GNU General Public License as published by
@@ -87,7 +88,7 @@ class mailing_contacts2 extends MailingTargets
$sql.= " AND sp.no_email = 0"; $sql.= " AND sp.no_email = 0";
//$sql.= " AND sp.poste != ''"; //$sql.= " AND sp.poste != ''";
$sql.= " AND sp.entity IN (".getEntity('societe', 1).")"; $sql.= " AND sp.entity IN (".getEntity('societe', 1).")";
if ($filtersarray[0]<>'all') $sql.= " AND sp.poste ='".$filtersarray[0]."'"; if ($filtersarray[0]<>'all') $sql.= " AND sp.poste ='".$this->db->escape($filtersarray[0])."'";
$sql.= " ORDER BY sp.lastname, sp.firstname"; $sql.= " ORDER BY sp.lastname, sp.firstname";
$resql = $this->db->query($sql); $resql = $this->db->query($sql);
if ($resql) if ($resql)