Fix sql injection

2021-01-25 12:40:52 +01:00 · 2021-01-25 12:40:52 +01:00 · 0861c639ae
commit 0861c639ae
parent 470cd5c682
1 changed files with 1 additions and 1 deletions
--- a/htdocs/core/class/commonobject.class.php
+++ b/htdocs/core/class/commonobject.class.php
@ -3678,7 +3678,7 @@ abstract class CommonObject

 		global $db;

-		$sql = 'SELECT '.$field_select.' FROM '.MAIN_DB_PREFIX.$table_element.' WHERE '.$field_where.' = '.$fk_object_where;
+		$sql = 'SELECT '.$field_select.' FROM '.MAIN_DB_PREFIX.$table_element.' WHERE '.$field_where.' = '.((int) $fk_object_where);
 		$resql = $db->query($sql);

 		$TRes = array();