lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix security leak

Browse Source
This commit is contained in:
fhenry 2013-05-10 15:11:49 +02:00
parent 358f051b8e
commit 0a26be3f04
1 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
htdocs/adherents/fiche.php
View File

@ -931,9 +931,10 @@ else
$adht->fetch($object->typeid);
// We set country_id, and country_code, country of the chosen country
if (isset($_POST["country"]) || $object->country_id)
$country=GETPOST('country','int');
if (!empty($country) || $object->country_id)
{
$sql = "SELECT rowid, code, libelle as label from ".MAIN_DB_PREFIX."c_pays where rowid = ".(isset($_POST["country"])?$_POST["country"]:$object->country_id);
$sql = "SELECT rowid, code, libelle as label from ".MAIN_DB_PREFIX."c_pays where rowid = ".(!empty($country)?$country:$object->country_id);
$resql=$db->query($sql);
if ($resql)
{