From 4ee6c1810ef54af0613053cf252fa30fd9e84f9f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Rapha=C3=ABl=20Doursenaud?= <rdoursenaud@gpcsolutions.fr>
Date: Thu, 11 Jun 2015 10:38:29 +0200
Subject: [PATCH] FIX #3009: Better filtering to prevent SQL injection

---
 htdocs/product/list.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/htdocs/product/list.php b/htdocs/product/list.php
index 8212722bf57..b5caf210904 100644
--- a/htdocs/product/list.php
+++ b/htdocs/product/list.php
@@ -49,8 +49,8 @@ $sall=GETPOST("sall");
 $type=GETPOST("type","int");
 $search_sale = GETPOST("search_sale");
 $search_categ = GETPOST("search_categ",'int');
-$tosell = GETPOST("tosell");
-$tobuy = GETPOST("tobuy");
+$tosell = GETPOST("tosell", 'int');
+$tobuy = GETPOST("tobuy", 'int');
 $fourn_id = GETPOST("fourn_id",'int');
 $catid = GETPOST('catid','int');