From b4ad2887a0104247687b46509f4d3ff2a2410caf Mon Sep 17 00:00:00 2001
From: Cedric GROSS <c.gross@kreiz-it.fr>
Date: Fri, 4 Jan 2013 13:01:48 +0100
Subject: [PATCH] Security fix emailing read and unsubscribe

unsubscribe can lead to email disclosure
---
 htdocs/public/emailing/mailing-read.php        | 3 +++
 htdocs/public/emailing/mailing-unsubscribe.php | 5 ++++-
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/htdocs/public/emailing/mailing-read.php b/htdocs/public/emailing/mailing-read.php
index 91267cd6628..d68e69821b4 100644
--- a/htdocs/public/emailing/mailing-read.php
+++ b/htdocs/public/emailing/mailing-read.php
@@ -41,6 +41,9 @@ if (empty($conf->global->MAILING_EMAIL_UNSUBSCRIBE)) accessforbidden('Option not
 
 if ($id!='')
 {
+	//escape id avoiding SQL Injection
+	$id=$db->escape($id);
+	
 	$statut='2';
 	$sql = "UPDATE ".MAIN_DB_PREFIX."mailing_cibles SET statut=".$statut." WHERE tag='".$id."'";
 	dol_syslog("public/emailing/mailing-read.php : Mail read : ".$sql, LOG_DEBUG);
diff --git a/htdocs/public/emailing/mailing-unsubscribe.php b/htdocs/public/emailing/mailing-unsubscribe.php
index ac261268a58..1a50fc899ef 100644
--- a/htdocs/public/emailing/mailing-unsubscribe.php
+++ b/htdocs/public/emailing/mailing-unsubscribe.php
@@ -29,7 +29,7 @@ define("NOLOGIN",1);		// This means this output page does not require to be logg
 define("NOCSRFCHECK",1);	// We accept to go on this page from external web site.
 
 require("../../main.inc.php");
-require_once(DOL_DOCUMENT_ROOT."/lib/company.lib.php");
+require_once(DOL_DOCUMENT_ROOT."/core/lib/company.lib.php");
 
 global $user, $conf, $langs;
 
@@ -48,6 +48,9 @@ if (empty($conf->global->MAILING_EMAIL_UNSUBSCRIBE)) accessforbidden('Option not
 
 if (($id!='') && ($unsuscrib=='1'))
 {
+	//escape id avoiding SQL Injection
+	$id=$db->escape($id);
+	
 	//Udate status of mail in Destinaries maling list
 	$statut='3';
 	$sql = "UPDATE ".MAIN_DB_PREFIX."mailing_cibles SET statut=".$statut." WHERE tag='".$id."'";