From 9427e32e2ed54c1a2bc519a88c057207836df489 Mon Sep 17 00:00:00 2001
From: fhenry <florian.henry@open-concept.pro>
Date: Fri, 10 May 2013 15:04:16 +0200
Subject: [PATCH] Fix security breach (SQL injection)

---
 htdocs/adherents/fiche.php | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/htdocs/adherents/fiche.php b/htdocs/adherents/fiche.php
index 02e0af3a768..57aa72e70ca 100644
--- a/htdocs/adherents/fiche.php
+++ b/htdocs/adherents/fiche.php
@@ -958,10 +958,11 @@ else
 		$adht = new AdherentType($db);
 		$adht->fetch($object->typeid);
 
+		$country=GETPOST('pays','int');
 		// We set country_id, and country_code, country of the chosen country
-		if (isset($_POST["pays"]) || $object->country_id)
+		if (!empty($country) || $object->country_id)
 		{
-			$sql = "SELECT rowid, code, libelle as label from ".MAIN_DB_PREFIX."c_pays where rowid = ".(isset($_POST["pays"])?$_POST["pays"]:$object->country_id);
+			$sql = "SELECT rowid, code, libelle as label from ".MAIN_DB_PREFIX."c_pays where rowid = ".(!empty($country)?$country:$object->country_id);
 			$resql=$db->query($sql);
 			if ($resql)
 			{
-- 
GitLab