diff --git a/htdocs/install/repair.php b/htdocs/install/repair.php index 16ed758b1f8..0ab22571c03 100644 --- a/htdocs/install/repair.php +++ b/htdocs/install/repair.php @@ -1178,9 +1178,10 @@ if ($ok && GETPOST('clean_perm_table', 'alpha')) { $listofmods = ''; foreach ($conf->modules as $key => $val) { - $listofmods .= ($listofmods ? ',' : '')."'".$val."'"; + $listofmods .= ($listofmods ? ',' : '')."'".$db->escape($val)."'"; } - $sql = "SELECT id, libelle as label, module from ".MAIN_DB_PREFIX."rights_def WHERE module NOT IN (".$db->sanitize($listofmods).") AND id > 100000"; + $sql = 'SELECT id, libelle as label, module from '.MAIN_DB_PREFIX.'rights_def WHERE module NOT IN ('.$db->sanitize($listofmods, 1).') AND id > 100000'; + $resql = $db->query($sql); if ($resql) { $num = $db->num_rows($resql); diff --git a/htdocs/user/class/user.class.php b/htdocs/user/class/user.class.php index 58a38e8380b..2bb07dab48b 100644 --- a/htdocs/user/class/user.class.php +++ b/htdocs/user/class/user.class.php @@ -849,7 +849,7 @@ class User extends CommonObject $sql .= " FROM ".MAIN_DB_PREFIX."rights_def"; $sql .= " WHERE entity = ".((int) $entity); if (!empty($whereforadd) && $whereforadd != 'allmodules') { - $sql .= " AND (".$whereforadd.")"; // Note: parenthesis are important because wheretoand can contains OR. Also note that $whereforadd is already sanitized + $sql .= " AND (".$whereforadd.")"; // Note: parenthesis are important because whereforadd can contains OR. Also note that $whereforadd is already sanitized } $result = $this->db->query($sql); @@ -975,7 +975,7 @@ class User extends CommonObject $sql .= " FROM ".MAIN_DB_PREFIX."rights_def"; $sql .= " WHERE entity = ".((int) $entity); if (!empty($wherefordel) && $wherefordel != 'allmodules') { - $sql .= " AND ".$wherefordel; + $sql .= " AND (".$wherefordel.")"; // Note: parenthesis are important because wherefordel can contains OR. Also note that $wherefordel is already sanitized } // avoid admin can remove his own important rights