From 92a0c9e4fba7513969da026eebf30b230a59f624 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Thu, 9 Dec 2021 10:00:42 +0100 Subject: [PATCH] Fix sql error in repair.php --- htdocs/install/repair.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/htdocs/install/repair.php b/htdocs/install/repair.php index ad3a3ca13a3..4aba1d10c4b 100644 --- a/htdocs/install/repair.php +++ b/htdocs/install/repair.php @@ -1178,9 +1178,9 @@ if ($ok && GETPOST('clean_perm_table', 'alpha')) { $listofmods = ''; foreach ($conf->modules as $key => $val) { - $listofmods .= ($listofmods ? ',' : '')."'".$val."'"; + $listofmods .= ($listofmods ? ',' : '')."'".$db->escape($val)."'"; } - $sql = 'SELECT id, libelle as label, module from '.MAIN_DB_PREFIX.'rights_def WHERE module NOT IN ('.$db->sanitize($listofmods).') AND id > 100000'; + $sql = 'SELECT id, libelle as label, module from '.MAIN_DB_PREFIX.'rights_def WHERE module NOT IN ('.$db->sanitize($listofmods, 1).') AND id > 100000'; $resql = $db->query($sql); if ($resql) { $num = $db->num_rows($resql);