From 661071286e5817e937e828e65250160ca885c248 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marcos=20Garci=CC=81a?= Date: Wed, 8 May 2013 17:23:41 +0200 Subject: [PATCH 1/2] Typo in skeleton module class --- dev/skeletons/modMyModule.class.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dev/skeletons/modMyModule.class.php b/dev/skeletons/modMyModule.class.php index 149228d5ce4..db7a4b81711 100644 --- a/dev/skeletons/modMyModule.class.php +++ b/dev/skeletons/modMyModule.class.php @@ -178,7 +178,7 @@ class modMyModule extends DolibarrModules // Main menu entries - $this->menus = array(); // List of menus to add + $this->menu = array(); // List of menus to add $r=0; // Add here entries to declare new menus From 9427e32e2ed54c1a2bc519a88c057207836df489 Mon Sep 17 00:00:00 2001 From: fhenry Date: Fri, 10 May 2013 15:04:16 +0200 Subject: [PATCH 2/2] Fix security breach (SQL injection) --- htdocs/adherents/fiche.php | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/htdocs/adherents/fiche.php b/htdocs/adherents/fiche.php index 02e0af3a768..57aa72e70ca 100644 --- a/htdocs/adherents/fiche.php +++ b/htdocs/adherents/fiche.php @@ -958,10 +958,11 @@ else $adht = new AdherentType($db); $adht->fetch($object->typeid); + $country=GETPOST('pays','int'); // We set country_id, and country_code, country of the chosen country - if (isset($_POST["pays"]) || $object->country_id) + if (!empty($country) || $object->country_id) { - $sql = "SELECT rowid, code, libelle as label from ".MAIN_DB_PREFIX."c_pays where rowid = ".(isset($_POST["pays"])?$_POST["pays"]:$object->country_id); + $sql = "SELECT rowid, code, libelle as label from ".MAIN_DB_PREFIX."c_pays where rowid = ".(!empty($country)?$country:$object->country_id); $resql=$db->query($sql); if ($resql) {