Fix escape

2026-02-07 16:41:48 +01:00 · 2020-09-19 23:11:38 +02:00
parent d38168f49e
commit 2c660504bb
23 changed files with 40 additions and 40 deletions
--- a/htdocs/admin/reception_setup.php
+++ b/htdocs/admin/reception_setup.php
@@ -301,7 +301,7 @@ $def = array();

 $sql = "SELECT nom";
 $sql .= " FROM ".MAIN_DB_PREFIX."document_model";
-$sql .= " WHERE type = '".$type."'";
+$sql .= " WHERE type = '".$db->escape($type)."'";
 $sql .= " AND entity = ".$conf->entity;

 $resql = $db->query($sql);