lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #16433 from ATM-Consulting/fix/11.0_contact_updateRoles_sql_injection_of_socid

Browse Source 
FIX 11.0 - $this->socid injected in query without checking for empty string
This commit is contained in:
Laurent Destailleur 2021-02-26 10:22:50 +01:00 committed by GitHub
commit 9db211b1a7
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
htdocs/contact/class/contact.class.php
View File

@ -1686,7 +1686,7 @@ class Contact extends CommonObject
$this->db->begin();
$sql = "DELETE FROM ".MAIN_DB_PREFIX."societe_contacts WHERE fk_soc=".$this->socid." AND fk_socpeople=".$this->id; ;
$sql = "DELETE FROM ".MAIN_DB_PREFIX."societe_contacts WHERE fk_soc=".intval($this->socid)." AND fk_socpeople=".$this->id; ;
dol_syslog(__METHOD__, LOG_DEBUG);
$result = $this->db->query($sql);