From 2a84afeee40e44ff540dff2d9ae5e8b6c0fd9dd1 Mon Sep 17 00:00:00 2001 From: All-3kcis Date: Fri, 25 Sep 2015 16:31:55 +0200 Subject: [PATCH] fix dangerous sql injection #3327 --- htdocs/user/card.php | 4 ++-- htdocs/user/class/user.class.php | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/htdocs/user/card.php b/htdocs/user/card.php index 5724101ec1b..3762b85775a 100644 --- a/htdocs/user/card.php +++ b/htdocs/user/card.php @@ -384,12 +384,12 @@ if ($action == 'update' && ! $_POST["cancel"]) } else { - $object->entity = (empty($_POST["entity"]) ? 0 : $_POST["entity"]); + $object->entity = (GETPOST('entity', 'int') ? 0 : GETPOST('entity', 'int')); } } else { - $object->entity = (empty($_POST["entity"]) ? 0 : $_POST["entity"]); + $object->entity = (GETPOST('entity', 'int') ? 0 : GETPOST('entity', 'int')); } if (GETPOST('deletephoto')) $object->photo=''; diff --git a/htdocs/user/class/user.class.php b/htdocs/user/class/user.class.php index 34c3084e12d..db92c7f243a 100644 --- a/htdocs/user/class/user.class.php +++ b/htdocs/user/class/user.class.php @@ -1217,7 +1217,7 @@ class User extends CommonObject if (isset($this->salary) || $this->salary != '') $sql.= ", salary= ".($this->salary != ''?"'".$this->db->escape($this->salary)."'":"null"); if (isset($this->salaryextra) || $this->salaryextra != '') $sql.= ", salaryextra= ".($this->salaryextra != ''?"'".$this->db->escape($this->salaryextra)."'":"null"); $sql.= ", weeklyhours= ".($this->weeklyhours != ''?"'".$this->db->escape($this->weeklyhours)."'":"null"); - $sql.= ", entity = '".$this->entity."'"; + $sql.= ", entity = '".$this->db->escape($this->entity)."'"; $sql.= " WHERE rowid = ".$this->id; dol_syslog(get_class($this)."::update", LOG_DEBUG);