From af18e1b0431cc361b750099690a0870f60ab56e9 Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Thu, 25 Oct 2018 19:38:45 +0200
Subject: [PATCH] FIX XSS

---
 htdocs/expedition/stats/month.php | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/htdocs/expedition/stats/month.php b/htdocs/expedition/stats/month.php
index 27b01cc6f55..f716e06a5b2 100644
--- a/htdocs/expedition/stats/month.php
+++ b/htdocs/expedition/stats/month.php
@@ -27,6 +27,8 @@ require_once DOL_DOCUMENT_ROOT.'/expedition/class/expedition.class.php';
 require_once DOL_DOCUMENT_ROOT.'/expedition/class/expeditionstats.class.php';
 require_once DOL_DOCUMENT_ROOT.'/core/class/dolgraph.class.php';
 
+$year = GETPOST('year', 'int');
+
 
 /*
  * View
@@ -39,10 +41,10 @@ $HEIGHT=DolGraph::getDefaultGraphSizeForStats('height');
 
 $mesg = '';
 
-print load_fiche_titre($langs->trans("StatisticsOfSendings").' '.$_GET["year"], $mesg);
+print load_fiche_titre($langs->trans("StatisticsOfSendings").' '.$year, $mesg);
 
 $stats = new ExpeditionStats($db);
-$data = $stats->getNbExpeditionByMonth($_GET["year"]);
+$data = $stats->getNbExpeditionByMonth($year);
 
 dol_mkdir($conf->expedition->dir_temp);