lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

prevent SQLi

Browse Source
This commit is contained in:
appchecker 2016-07-07 20:23:38 +03:00 committed by GitHub
parent 931089a924
commit 9895084627
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
htdocs/admin/menus/edit.php
View File

@ -243,7 +243,7 @@ if ($action == 'confirm_delete' && $_POST["confirm"] == 'yes')
{
$this->db->begin();
$sql = "DELETE FROM ".MAIN_DB_PREFIX."menu WHERE rowid = ".$_GET['menuId'];
$sql = "DELETE FROM ".MAIN_DB_PREFIX."menu WHERE rowid = ".intval($_GET['menuId']);
$db->query($sql);
if ($result == 0)
@ -312,7 +312,7 @@ if ($action == 'create')
$parent_rowid = $_GET['menuId'];
if ($_GET['menuId'])
{
$sql = "SELECT m.rowid, m.mainmenu, m.leftmenu, m.level, m.langs FROM ".MAIN_DB_PREFIX."menu as m WHERE m.rowid = ".$_GET['menuId'];
$sql = "SELECT m.rowid, m.mainmenu, m.leftmenu, m.level, m.langs FROM ".MAIN_DB_PREFIX."menu as m WHERE m.rowid = ".intval($_GET['menuId']);
$res = $db->query($sql);
if ($res)
{