Skip to content
Snippets Groups Projects
Commit 9427e32e authored by Florian Henry's avatar Florian Henry
Browse files

Fix security breach (SQL injection)

parent 3aa049b6
Branches
Tags
No related merge requests found
Show whitespace changes
Inline Side-by-side
htdocs/adherents/fiche.php
+ 3
2
View file @ 9427e32e
...@@ -958,10 +958,11 @@ else ...@@ -958,10 +958,11 @@ else
$adht = new AdherentType($db); $adht = new AdherentType($db);
$adht->fetch($object->typeid); $adht->fetch($object->typeid);
$country=GETPOST('pays','int');
// We set country_id, and country_code, country of the chosen country // We set country_id, and country_code, country of the chosen country
if (isset($_POST["pays"]) || $object->country_id) if (!empty($country) || $object->country_id)
{ {
$sql = "SELECT rowid, code, libelle as label from ".MAIN_DB_PREFIX."c_pays where rowid = ".(isset($_POST["pays"])?$_POST["pays"]:$object->country_id); $sql = "SELECT rowid, code, libelle as label from ".MAIN_DB_PREFIX."c_pays where rowid = ".(!empty($country)?$country:$object->country_id);
$resql=$db->query($sql); $resql=$db->query($sql);
if ($resql) if ($resql)
{ {
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment