From d89955047b9e257dcb154fcd7baa376b41e77c2a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Rapha=C3=ABl=20Doursenaud?= <rdoursenaud@gpcsolutions.fr>
Date: Thu, 11 Jun 2015 10:37:30 +0200
Subject: [PATCH] FIX #3009: Better filtering to prevent SQL injection

---
 htdocs/product/liste.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/htdocs/product/liste.php b/htdocs/product/liste.php
index 69453cb2a50..99b80644310 100644
--- a/htdocs/product/liste.php
+++ b/htdocs/product/liste.php
@@ -49,8 +49,8 @@ $sall=GETPOST("sall");
 $type=GETPOST("type","int");
 $search_sale = GETPOST("search_sale");
 $search_categ = GETPOST("search_categ",'int');
-$tosell = GETPOST("tosell");
-$tobuy = GETPOST("tobuy");
+$tosell = GETPOST("tosell", 'int');
+$tobuy = GETPOST("tobuy", 'int');
 $fourn_id = GETPOST("fourn_id",'int');
 $catid = GETPOST('catid','int');