More sql sanitizing

2026-02-08 00:52:01 +01:00 · 2021-09-02 13:58:42 +02:00
parent cac1a7ba5f
commit b04ea59a51
23 changed files with 26 additions and 26 deletions
--- a/htdocs/core/class/defaultvalues.class.php
+++ b/htdocs/core/class/defaultvalues.class.php
@@ -279,7 +279,7 @@ class DefaultValues extends CommonObject
 			}
 		}
 		if (count($sqlwhere) > 0) {
-			$sql .= ' AND ('.implode(' '.$filtermode.' ', $sqlwhere).')';
+			$sql .= ' AND ('.implode(' '.$this->db->escape($filtermode).' ', $sqlwhere).')';
 		}

 		if (!empty($sortfield)) {