From d59ee064382ca2d4a7a89516e3bc806cc1edb0a0 Mon Sep 17 00:00:00 2001 From: Florian Mortgat Date: Thu, 25 Feb 2021 14:51:57 +0100 Subject: [PATCH] FIX 11.0 - $this->socid injected in query without checking for empty value --- htdocs/contact/class/contact.class.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/contact/class/contact.class.php b/htdocs/contact/class/contact.class.php index dadb41179ca..030d2417853 100644 --- a/htdocs/contact/class/contact.class.php +++ b/htdocs/contact/class/contact.class.php @@ -1686,7 +1686,7 @@ class Contact extends CommonObject $this->db->begin(); - $sql = "DELETE FROM ".MAIN_DB_PREFIX."societe_contacts WHERE fk_soc=".$this->socid." AND fk_socpeople=".$this->id; ; + $sql = "DELETE FROM ".MAIN_DB_PREFIX."societe_contacts WHERE fk_soc=".intval($this->socid)." AND fk_socpeople=".$this->id; ; dol_syslog(__METHOD__, LOG_DEBUG); $result = $this->db->query($sql);