lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

FIX use sanitize instead escape

Browse Source
This commit is contained in:
Regis Houssin 2022-03-22 12:27:36 +01:00
parent ca3a4839e5
commit 5adcdd6b4e
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
htdocs/core/customreports.php
View File

@ -565,7 +565,7 @@ if (!empty($search_measures) && !empty($search_xaxis)) {
$tmpval = explode('.', $val);
//var_dump($arrayofxaxis[$val]['table']);
if (! in_array($arrayofxaxis[$val]['table'], $listoftablesalreadyadded)) { // We do not add join for main table already added
$sql .= ' INNER JOIN '.MAIN_DB_PREFIX.$arrayofxaxis[$val]['table'].' as '.$db->escape($tmpval[0]);
$sql .= ' INNER JOIN '.MAIN_DB_PREFIX.$arrayofxaxis[$val]['table'].' as '.$db->sanitize($tmpval[0]);
$listoftablesalreadyadded[$arrayofxaxis[$val]['table']] = $arrayofxaxis[$val]['table'];
}
} else {