lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix: security

Browse Source 
Conflicts:
	htdocs/core/modules/mailings/contacts2.modules.php
This commit is contained in:
Regis Houssin 2013-04-10 13:00:05 +02:00 committed by Laurent Destailleur
parent f17ba4814e
commit 8118332dfb
1 changed files with 4 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
htdocs/core/modules/mailings/contacts2.modules.php
View File

@ -1,5 +1,6 @@
<?php
/* Copyright (C) 2011 François Cerbelle <francois@cerbelle.net>
/* Copyright (C) 2011 François Cerbelle <francois@cerbelle.net>
* Copyright (C) 2013 Regis Houssin <regis.houssin@capnetworks.com>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@ -87,7 +88,7 @@ class mailing_contacts2 extends MailingTargets
$sql.= " AND sp.no_email = 0";
//$sql.= " AND sp.poste != ''";
$sql.= " AND sp.entity IN (".getEntity('societe', 1).")";
if ($filtersarray[0]<>'all') $sql.= " AND sp.poste ='".$filtersarray[0]."'";
if ($filtersarray[0]<>'all') $sql.= " AND sp.poste ='".$this->db->escape($filtersarray[0])."'";
$sql.= " ORDER BY sp.name, sp.firstname";
$resql = $this->db->query($sql);
if ($resql)
@ -219,4 +220,4 @@ class mailing_contacts2 extends MailingTargets
}
?>
?>