From 9996c1ca7a9e19b89b0a6c4f122c11a4d43c4f41 Mon Sep 17 00:00:00 2001
From: Philippe GRAND <philippe.grand@atoo-net.com>
Date: Thu, 21 Nov 2019 09:49:53 +0100
Subject: [PATCH] fix : invoid sql injection

---
 htdocs/accountancy/bookkeeping/list.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/htdocs/accountancy/bookkeeping/list.php b/htdocs/accountancy/bookkeeping/list.php
index d898be2b208..0db4c7b6c24 100644
--- a/htdocs/accountancy/bookkeeping/list.php
+++ b/htdocs/accountancy/bookkeeping/list.php
@@ -575,8 +575,8 @@ if ($action == 'delmouv') {
 }
 if ($action == 'delbookkeepingyear') {
 	$form_question = array();
-	$delyear = GETPOST('delyear');
-	$deljournal = GETPOST('deljournal');
+	$delyear = GETPOST('delyear', 'int');
+	$deljournal = GETPOST('deljournal', 'alpha');
 
 	if (empty($delyear)) {
 		$delyear = dol_print_date(dol_now(), '%Y');