Fix escaping

2026-02-07 16:41:48 +01:00 · 2020-09-20 02:30:53 +02:00
parent fa86b62198
commit f57b4fd2fd
19 changed files with 74 additions and 72 deletions
--- a/htdocs/fourn/commande/list.php
+++ b/htdocs/fourn/commande/list.php
@@ -294,9 +294,9 @@ if (empty($reshook))
 				$sql .= ", targettype";
 				$sql .= ") VALUES (";
 				$sql .= $id_order;
-				$sql .= ", '".$object->origin."'";
+				$sql .= ", '".$db->escape($object->origin)."'";
 				$sql .= ", ".$object->id;
-				$sql .= ", '".$object->element."'";
+				$sql .= ", '".$db->escape($object->element)."'";
 				$sql .= ")";

 				if (!$db->query($sql))