lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix sql inj

Browse Source
This commit is contained in:
Laurent Destailleur 2020-09-24 15:38:27 +02:00
parent 48da6483e6
commit 2404856409
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
htdocs/compta/localtax/list.php
View File

@ -31,7 +31,7 @@ $langs->load("compta");
$socid = GETPOST('socid', 'int');
if ($user->socid) $socid = $user->socid;
$result = restrictedArea($user, 'tax', '', '', 'charges');
$ltt = GETPOST("localTaxType");
$ltt = GETPOST("localTaxType", 'int');
/*
@ -50,7 +50,7 @@ print load_fiche_titre($langs->transcountry($ltt == 2 ? "LT2Payments" : "LT1Paym
$sql = "SELECT rowid, amount, label, f.datev, f.datep";
$sql .= " FROM ".MAIN_DB_PREFIX."localtax as f ";
$sql .= " WHERE f.entity = ".$conf->entity." AND localtaxtype=".$db->escape($ltt);
$sql .= " WHERE f.entity = ".$conf->entity." AND localtaxtype = ".$db->escape($ltt);
$sql .= " ORDER BY datev DESC";
$result = $db->query($sql);