lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #941 from FHenry/3.3

Browse Source 
Fix security breach (SQL injection)
This commit is contained in:
Laurent Destailleur 2013-05-10 07:28:22 -07:00
commit cb3b0996ce
1 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
htdocs/adherents/fiche.php
View File

@ -958,10 +958,11 @@ else
$adht = new AdherentType($db);
$adht->fetch($object->typeid);
$country=GETPOST('pays','int');
// We set country_id, and country_code, country of the chosen country
if (isset($_POST["pays"]) || $object->country_id)
if (!empty($country) || $object->country_id)
{
$sql = "SELECT rowid, code, libelle as label from ".MAIN_DB_PREFIX."c_pays where rowid = ".(isset($_POST["pays"])?$_POST["pays"]:$object->country_id);
$sql = "SELECT rowid, code, libelle as label from ".MAIN_DB_PREFIX."c_pays where rowid = ".(!empty($country)?$country:$object->country_id);
$resql=$db->query($sql);
if ($resql)
{