From 0a26be3f04559f5f49a9b84d3cfefa9adf256478 Mon Sep 17 00:00:00 2001
From: fhenry <florian.henry@open-concept.pro>
Date: Fri, 10 May 2013 15:11:49 +0200
Subject: [PATCH] Fix security leak

---
 htdocs/adherents/fiche.php | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/htdocs/adherents/fiche.php b/htdocs/adherents/fiche.php
index 52f2c3fb13e..05833bbce10 100644
--- a/htdocs/adherents/fiche.php
+++ b/htdocs/adherents/fiche.php
@@ -931,9 +931,10 @@ else
 		$adht->fetch($object->typeid);
 
 		// We set country_id, and country_code, country of the chosen country
-		if (isset($_POST["country"]) || $object->country_id)
+		$country=GETPOST('country','int');
+		if (!empty($country) || $object->country_id)
 		{
-			$sql = "SELECT rowid, code, libelle as label from ".MAIN_DB_PREFIX."c_pays where rowid = ".(isset($_POST["country"])?$_POST["country"]:$object->country_id);
+			$sql = "SELECT rowid, code, libelle as label from ".MAIN_DB_PREFIX."c_pays where rowid = ".(!empty($country)?$country:$object->country_id);
 			$resql=$db->query($sql);
 			if ($resql)
 			{