From 5aaf8ff8f39768eb7498ce3de2ab9b8b8d07edf0 Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Wed, 15 Sep 2021 19:58:55 +0200
Subject: [PATCH] Fix sql

---
 .../class/conferenceorboothattendee.class.php                 | 2 +-
 htdocs/public/eventorganization/attendee_register.php         | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/htdocs/eventorganization/class/conferenceorboothattendee.class.php b/htdocs/eventorganization/class/conferenceorboothattendee.class.php
index 8203fee19f1..7d6de3b3713 100644
--- a/htdocs/eventorganization/class/conferenceorboothattendee.class.php
+++ b/htdocs/eventorganization/class/conferenceorboothattendee.class.php
@@ -392,7 +392,7 @@ class ConferenceOrBoothAttendee extends CommonObject
 	 * @param  string      $sortfield    Sort field
 	 * @param  int         $limit        limit
 	 * @param  int         $offset       Offset
-	 * @param  array       $filter       Filter array. Example array('field'=>'valueforlike', 'customurl'=>...)
+	 * @param  array       $filter       Filter array. Example array('field'=>'valueforlike', 'customurl'=>...). WARNING: customerurl must be a sanitized SQL string.
 	 * @param  string      $filtermode   Filter mode (AND or OR)
 	 * @return array|int                 int <0 if KO, array of pages if OK
 	 */
diff --git a/htdocs/public/eventorganization/attendee_register.php b/htdocs/public/eventorganization/attendee_register.php
index 515436f924a..42fde10e7de 100644
--- a/htdocs/public/eventorganization/attendee_register.php
+++ b/htdocs/public/eventorganization/attendee_register.php
@@ -251,10 +251,10 @@ if (empty($reshook) && $action == 'add' && (!empty($conference->id) && $conferen
 		$confattendee = new ConferenceOrBoothAttendee($db);
 
 		if ($type == 'global') {
-			$filter = array('t.fk_project'=>$id, 'customsql'=>'t.email="'.$email.'"');
+			$filter = array('t.fk_project'=>((int) $id), 'customsql'=>'t.email="'.$db->escape($email).'"');
 		}
 		if ($action == 'conf') {
-			$filter = array('t.fk_actioncomm'=>$id, 'customsql'=>'t.email="'.$email.'"');
+			$filter = array('t.fk_actioncomm'=>((int) $id), 'customsql'=>'t.email="'.$db->escape($email).'"');
 		}
 
 		// Check if there is already an attendee into table eventorganization_conferenceorboothattendee for same event (or conference/booth)