Fix sql injection

2022-03-01 18:43:16 +01:00 · 2022-03-01 18:43:16 +01:00 · 762de973eb
commit 762de973eb
parent 20a3a429ed
1 changed files with 1 additions and 1 deletions
--- a/htdocs/core/lib/security.lib.php
+++ b/htdocs/core/lib/security.lib.php
@ -289,7 +289,7 @@ function restrictedArea($user, $features, $objectid = 0, $tableandshare = '', $f
 	}

 	if ($dbt_select != 'rowid' && $dbt_select != 'id') {
-		$objectid = "'".$objectid."'";
+		$objectid = "'".$db->escape($objectid)."'";
 	}

 	// Features/modules to check