Mirrors/dolibarr
1
0
Fork 0
mirror of https://github.com/Dolibarr/dolibarr.git synced 2025-02-20 13:46:52 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fix security breach (SQL injection)

Browse Source
This commit is contained in:
fhenry 2013-05-10 15:04:16 +02:00
parent 3aa049b661
commit 9427e32e2e
1 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
htdocs/adherents/fiche.php
View File

@ -958,10 +958,11 @@ else
$adht = new AdherentType($db);
$adht->fetch($object->typeid);
$country=GETPOST('pays','int');
// We set country_id, and country_code, country of the chosen country
if (isset($_POST["pays"]) || $object->country_id)
if (!empty($country) || $object->country_id)
{
$sql = "SELECT rowid, code, libelle as label from ".MAIN_DB_PREFIX."c_pays where rowid = ".(isset($_POST["pays"])?$_POST["pays"]:$object->country_id);
$sql = "SELECT rowid, code, libelle as label from ".MAIN_DB_PREFIX."c_pays where rowid = ".(!empty($country)?$country:$object->country_id);
$resql=$db->query($sql);
if ($resql)
{