Wavyzz/dolibarr
2
0
Fork 1
mirror of https://github.com/Dolibarr/dolibarr.git synced 2025-12-06 09:38:23 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fix sql injection when forging requests with IN

Browse Source
This commit is contained in:
Laurent Destailleur
2020-09-18 17:24:31 +02:00
parent 2d38644ae1
commit 4e2aff2cdc
16 changed files with 34 additions and 34 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
htdocs/core/lib/functions.lib.php
View File

@@ -95,7 +95,7 @@ function getEntity($element, $shared = 1, $currentobject = null)
$out = '';
$addzero = array('user', 'usergroup', 'c_email_templates', 'email_template', 'default_values');
if (in_array($element, $addzero)) $out .= '0,';
$out .= $conf->entity;
$out .= ((int) $conf->entity);
return $out;
}
}