From da756f940dc6dc047b9d3e9de73c51c7ed8976ab Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@users.sourceforge.net>
Date: Tue, 11 Sep 2007 17:30:36 +0000
Subject: [PATCH] Sec: Corrige injection SQL

---
 htdocs/user.class.php | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/htdocs/user.class.php b/htdocs/user.class.php
index a7baf3d87bf..8e8c31cd07d 100644
--- a/htdocs/user.class.php
+++ b/htdocs/user.class.php
@@ -121,6 +121,9 @@ class User
 	{
 		global $conf;
 
+		// Nettoyage parametres
+		$login=trim($login);
+		
 		// Recupere utilisateur
 		$sql = "SELECT u.rowid, u.name, u.firstname, u.email, u.office_phone, u.office_fax, u.user_mobile,";
 		$sql.= " u.admin, u.login, u.webcal_login, u.note,";
@@ -135,11 +138,11 @@ class User
 		if ($conf->ldap->enabled && $conf->global->LDAP_SYNCHRO_ACTIVE == 'ldap2dolibarr' && $this->search_sid != '')
 		{
 			// permet une recherche du user par son SID ActiveDirectory ou Samba
-			$sql .= " WHERE (u.ldap_sid = '".$this->search_sid."' || u.login = '".$login."') LIMIT 1";
+			$sql .= " WHERE (u.ldap_sid = '".$this->search_sid."' || u.login = '".addslashes($login)."') LIMIT 1";
 		}
 		else if ($login)
 		{
-			$sql .= " WHERE u.login = '".$login."'";
+			$sql .= " WHERE u.login = '".addslashes($login)."'";
 		}
 		else
 		{