From 2c297bbcc8fb5e093f2645d7b440c61ee3fc29c2 Mon Sep 17 00:00:00 2001
From: appchecker <appchecker@cnpo.ru>
Date: Thu, 7 Jul 2016 20:25:15 +0300
Subject: [PATCH] prevent SQLi

---
 htdocs/compta/bank/ligne.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/htdocs/compta/bank/ligne.php b/htdocs/compta/bank/ligne.php
index 873d71de81b..d426ace2636 100644
--- a/htdocs/compta/bank/ligne.php
+++ b/htdocs/compta/bank/ligne.php
@@ -83,13 +83,13 @@ if ($action == 'confirm_delete_categ' && $confirm == "yes" && $user->rights->ban
 
 if ($user->rights->banque->modifier && $action == 'class')
 {
-    $sql = "DELETE FROM ".MAIN_DB_PREFIX."bank_class WHERE lineid = ".$rowid." AND fk_categ = ".$_POST["cat1"];
+    $sql = "DELETE FROM ".MAIN_DB_PREFIX."bank_class WHERE lineid = ".$rowid." AND fk_categ = ".intval($_POST["cat1"]);
     if (! $db->query($sql))
     {
         dol_print_error($db);
     }
 
-    $sql = "INSERT INTO ".MAIN_DB_PREFIX."bank_class (lineid, fk_categ) VALUES (".$rowid.", ".$_POST["cat1"].")";
+    $sql = "INSERT INTO ".MAIN_DB_PREFIX."bank_class (lineid, fk_categ) VALUES (".$rowid.", ".intval($_POST["cat1"]).")";
     if (! $db->query($sql))
     {
         dol_print_error($db);
-- 
GitLab