From 5b53d1c5cf606af5be5e245289061ae5847dffcd Mon Sep 17 00:00:00 2001
From: antonin_tdj <50403308+ibuiv@users.noreply.github.com>
Date: Sat, 26 Nov 2022 09:30:40 +0100
Subject: [PATCH] add cast to avoid sql injection (eldy asked)

add cast to avoid sql injection (eldy asked)
---
 htdocs/core/lib/company.lib.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/htdocs/core/lib/company.lib.php b/htdocs/core/lib/company.lib.php
index bc51a7884cc..51106b8568d 100644
--- a/htdocs/core/lib/company.lib.php
+++ b/htdocs/core/lib/company.lib.php
@@ -1123,7 +1123,7 @@ function show_contacts($conf, $langs, $db, $object, $backtopage = '', $showuserl
 	$sql .= " FROM ".MAIN_DB_PREFIX."socpeople as t";
 	$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."socpeople_extrafields as ef on (t.rowid = ef.fk_object)";
 	$sql .= " WHERE t.fk_soc = ".((int) $object->id);
-	$sql .= " AND ((t.fk_user_creat = ".$user->id." AND t.priv = 1) OR t.priv = 0)";
+	$sql .= " AND ((t.fk_user_creat = ".(int) $user->id." AND t.priv = 1) OR t.priv = 0)";
 	if ($search_rowid) {
 		$sql .= natural_search('t.rowid', $search_rowid);
 	}