Merge pull request #3011 from GPCsolutions/3.7-3009

FIX #3009: Better filtering to prevent SQL injection

Merge pull request #3011 from GPCsolutions/3.7-3009
567dece6 · Juanjo Menent · 10d27ea5 · 4ee6c181 · 567dece6
Commit 567dece6 authored 9 years ago by Juanjo Menent
--- a/htdocs/product/list.php
+++ b/htdocs/product/list.php
@@ -49,8 +49,8 @@ $sall=GETPOST("sall");
 $type=GETPOST("type","int");
 $search_sale = GETPOST("search_sale");
 $search_categ = GETPOST("search_categ",'int');
-$tosell = GETPOST("tosell");
-$tobuy = GETPOST("tobuy");
+$tosell = GETPOST("tosell", 'int');
+$tobuy = GETPOST("tobuy", 'int');
 $fourn_id = GETPOST("fourn_id",'int');
 $catid = GETPOST('catid','int');