From 07053d8605471b83c696b9431e84a69cf7b636f0 Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Tue, 24 Aug 2021 16:38:39 +0200
Subject: [PATCH] Fix sql injection

---
 htdocs/expedition/list.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/htdocs/expedition/list.php b/htdocs/expedition/list.php
index 1bb43ae9b5f..d28435092b2 100644
--- a/htdocs/expedition/list.php
+++ b/htdocs/expedition/list.php
@@ -320,7 +320,7 @@ if ($search_country) {
 	$sql .= " AND s.fk_pays IN (".$db->sanitize($search_country).')';
 }
 if ($search_shipping_method_id > 0) {
-	$sql .= " AND e.fk_shipping_method = ".$search_shipping_method_id;
+	$sql .= " AND e.fk_shipping_method = ".((int) $search_shipping_method_id);
 }
 if ($search_tracking) {
 	$sql .= natural_search("e.tracking_number", $search_tracking);