lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix sql injection

Browse Source
This commit is contained in:
Laurent Destailleur 2018-03-12 20:26:47 +01:00
parent 3e1cc1f03f
commit 717a1daf28
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
htdocs/ticketsup/class/ticketsup.class.php
View File

@ -894,12 +894,12 @@ class Ticketsup extends CommonObject
if (!$error) {
$sql = "DELETE FROM " . MAIN_DB_PREFIX . "ticketsup_logs";
$sql .= " WHERE fk_track_id = '" . $this->track_id . "'";
$sql .= " WHERE fk_track_id = '" . $this->db->escape($this->track_id) . "'";
$resql = $this->db->query($sql);
}
if (!$error) {
$sql = "DELETE FROM " . MAIN_DB_PREFIX . "ticketsup_msg";
$sql .= " WHERE fk_track_id = '" . $this->track_id . "'";
$sql .= " WHERE fk_track_id = '" . $this->db->escape($this->track_id) . "'";
$resql = $this->db->query($sql);
}