From 5a3d271829b93e5f1d53033bd3d0df8da225b81e Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Sat, 6 May 2023 11:46:11 +0200
Subject: [PATCH] Fix sanitize

---
 htdocs/core/boxes/box_project.php               | 2 +-
 htdocs/core/boxes/box_project_opportunities.php | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/htdocs/core/boxes/box_project.php b/htdocs/core/boxes/box_project.php
index a6b0c74e97a..1208ab4f95d 100644
--- a/htdocs/core/boxes/box_project.php
+++ b/htdocs/core/boxes/box_project.php
@@ -106,7 +106,7 @@ class box_project extends ModeleBoxes
 			$sql .= " FROM ".MAIN_DB_PREFIX."projet as p";
 			$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s on p.fk_soc = s.rowid";
 			$sql .= " WHERE p.entity IN (".getEntity('project').")"; // Only current entity or severals if permission ok
-			$sql .= " AND p.fk_statut = ".$projectstatic::STATUS_VALIDATED; // Only open projects
+			$sql .= " AND p.fk_statut = ".((int) $projectstatic::STATUS_VALIDATED); // Only open projects
 			if (empty($user->rights->projet->all->lire)) {
 				$sql .= " AND p.rowid IN (".$this->db->sanitize($projectsListId).")"; // public and assigned to, or restricted to company for external users
 			}
diff --git a/htdocs/core/boxes/box_project_opportunities.php b/htdocs/core/boxes/box_project_opportunities.php
index c3a9dbec215..c1ff71b2088 100644
--- a/htdocs/core/boxes/box_project_opportunities.php
+++ b/htdocs/core/boxes/box_project_opportunities.php
@@ -111,7 +111,7 @@ class box_project_opportunities extends ModeleBoxes
 			$sql .= " WHERE p.entity IN (".getEntity('project').")"; // Only current entity or severals if permission ok
 			$sql .= " AND p.usage_opportunity = 1";
 			$sql .= " AND p.fk_opp_status > 0";
-			$sql .= " AND p.fk_statut IN (".$projectstatic::STATUS_DRAFT.", ".$projectstatic::STATUS_VALIDATED.")"; // draft and open projects
+			$sql .= " AND p.fk_statut IN (".$this->db->sanitize($projectstatic::STATUS_DRAFT.",".$projectstatic::STATUS_VALIDATED).")"; // draft and open projects
 			//$sql .= " AND p.fk_statut = ".((int) $projectstatic::STATUS_VALIDATED); // Only open projects
 			if (empty($user->rights->projet->all->lire)) {
 				$sql .= " AND p.rowid IN (".$this->db->sanitize($projectsListId).")"; // public and assigned to, or restricted to company for external users