lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix escaping

Browse Source
This commit is contained in:
Laurent Destailleur 2023-03-20 21:38:56 +01:00
parent 0e6a3aa2be
commit f154e893d9
1 changed files with 4 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
htdocs/ticket/class/ticket.class.php
View File

@ -1872,20 +1872,18 @@ class Ticket extends CommonObject
{
$contacts = array();
// Generation requete recherche
// Forge the search SQL
$sql = "SELECT rowid FROM ".MAIN_DB_PREFIX."socpeople";
$sql .= " WHERE entity IN (".getEntity('contact').")";
if (!empty($socid)) {
$sql .= " AND fk_soc='".$this->db->escape($socid)."'";
$sql .= " AND fk_soc = ".((int) $socid);
}
if (!empty($email)) {
$sql .= " AND ";
if (!$case) {
$sql .= "email LIKE '".$this->db->escape($email)."'";
$sql .= "email = '".$this->db->escape($email)."'";
} else {
$sql .= "email LIKE BINARY '".$this->db->escape($email)."'";
$sql .= "email LIKE BINARY '".$this->db->escape($this->db->escapeforlike($email))."'";
}
}