Wavyzz/dolibarr
2
0
Fork 1
mirror of https://github.com/Dolibarr/dolibarr.git synced 2026-02-08 00:52:01 +01:00
Code Issues Packages Projects Releases Wiki Activity

Add some protection for SQL injection

Browse Source
This commit is contained in:
Laurent Destailleur
2021-03-22 13:31:06 +01:00
parent 6063b02bf4
commit ca1715df96
69 changed files with 113 additions and 132 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
htdocs/commande/class/api_orders.class.php
View File

@@ -191,7 +191,7 @@ class Orders extends DolibarrApi
}
// Insert sale filter
if ($search_sale > 0) {
$sql .= " AND sc.fk_user = ".$search_sale;
$sql .= " AND sc.fk_user = ".((int) $search_sale);
}
// Add sql filters
if ($sqlfilters) {