From 14d9bf032295b4c651d22eca758c4c490790cf31 Mon Sep 17 00:00:00 2001 From: Thomas Negre Date: Tue, 1 Mar 2022 09:17:56 +0100 Subject: [PATCH] fix non-sanitize string in SQL request --- htdocs/contrat/class/contrat.class.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/htdocs/contrat/class/contrat.class.php b/htdocs/contrat/class/contrat.class.php index aea577cccda..b051c69e252 100644 --- a/htdocs/contrat/class/contrat.class.php +++ b/htdocs/contrat/class/contrat.class.php @@ -2144,12 +2144,12 @@ class Contrat extends CommonObject $sql .= " FROM ".MAIN_DB_PREFIX."contrat as c"; if (!empty($product_categories)) { $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."contratdet as cd ON cd.fk_contrat = c.rowid"; - $sql .= " INNER JOIN ".MAIN_DB_PREFIX."categorie_product as cp ON cp.fk_product = cd.fk_product AND cp.fk_categorie IN (".implode(', ', $product_categories).")"; + $sql .= " INNER JOIN ".MAIN_DB_PREFIX."categorie_product as cp ON cp.fk_product = cd.fk_product AND cp.fk_categorie IN (".$this->db->sanitize(implode(', ', $product_categories)).")"; } $sql .= " WHERE c.fk_soc =".((int) $this->socid); $sql .= ($option == 'others') ? " AND c.rowid <> ".((int) $this->id) : ""; - $sql .= (!empty($status)) ? " AND c.statut IN (".implode(', ', $status).")" : ""; - $sql .= (!empty($line_status)) ? " AND cd.statut IN (".implode(', ', $line_status).")" : ""; + $sql .= (!empty($status)) ? " AND c.statut IN (".$this->db->sanitize(implode(', ', $status)).")" : ""; + $sql .= (!empty($line_status)) ? " AND cd.statut IN (".$this->db->sanitize(implode(', ', $line_status)).")" : ""; $sql .= " GROUP BY c.rowid"; dol_syslog(get_class($this)."::getOtherContracts()", LOG_DEBUG);