Skip to content
Permalink
Browse files Browse the repository at this point in the history
Fix security breach (SQL injection)
  • Loading branch information
FHenry committed May 10, 2013
1 parent 3aa049b commit 9427e32
Showing 1 changed file with 3 additions and 2 deletions.
5 changes: 3 additions & 2 deletions htdocs/adherents/fiche.php
Expand Up @@ -958,10 +958,11 @@ function initfieldrequired()
$adht = new AdherentType($db);
$adht->fetch($object->typeid);

$country=GETPOST('pays','int');
// We set country_id, and country_code, country of the chosen country
if (isset($_POST["pays"]) || $object->country_id)
if (!empty($country) || $object->country_id)
{
$sql = "SELECT rowid, code, libelle as label from ".MAIN_DB_PREFIX."c_pays where rowid = ".(isset($_POST["pays"])?$_POST["pays"]:$object->country_id);
$sql = "SELECT rowid, code, libelle as label from ".MAIN_DB_PREFIX."c_pays where rowid = ".(!empty($country)?$country:$object->country_id);
$resql=$db->query($sql);
if ($resql)
{
Expand Down

0 comments on commit 9427e32

Please sign in to comment.