lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Update project.class.php

Browse Source 
escape ref of project if as ' is typed inside as ref (crazy user)
This commit is contained in:
BENKE Charles 2014-02-21 22:39:45 +01:00
parent 92a8fde88b
commit 42ffb4b3e7
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
htdocs/projet/class/project.class.php
View File

@ -198,7 +198,7 @@ class Project extends CommonObject
if (dol_strlen(trim($this->ref)) > 0)
{
$sql = "UPDATE " . MAIN_DB_PREFIX . "projet SET";
$sql.= " ref='" . $this->ref . "'";
$sql.= " ref='" . $this->db->escape($this->ref) . "'";
$sql.= ", title = '" . $this->db->escape($this->title) . "'";
$sql.= ", description = '" . $this->db->escape($this->description) . "'";
$sql.= ", fk_soc = " . ($this->socid > 0 ? $this->socid : "null");