Skip to content
Permalink
Browse files Browse the repository at this point in the history
Merge pull request from GHSA-fghq-8h87-826g
Escape location and ids when setting location
  • Loading branch information
PierreRambaud committed Sep 24, 2020
2 parents 4b4290b + 41cedac commit 3fa0dfa
Showing 1 changed file with 8 additions and 8 deletions.
16 changes: 8 additions & 8 deletions classes/stock/StockAvailable.php
Expand Up @@ -395,17 +395,17 @@ public static function setLocation($id_product, $location, $id_shop = null, $id_
if ($existing_id > 0) {
Db::getInstance()->update(
'stock_available',
array('location' => $location),
'id_product = ' . $id_product .
(($id_product_attribute) ? ' AND id_product_attribute = ' . $id_product_attribute : '') .
['location' => pSQL($location)],
'id_product = ' . (int) $id_product .
(($id_product_attribute) ? ' AND id_product_attribute = ' . (int) $id_product_attribute : '') .
StockAvailable::addSqlShopRestriction(null, $id_shop)
);
} else {
$params = array(
'location' => $location,
'id_product' => $id_product,
'id_product_attribute' => $id_product_attribute,
);
$params = [
'location' => pSQL($location),
'id_product' => (int) $id_product,
'id_product_attribute' => (int) $id_product_attribute,
];

StockAvailable::addSqlShopParams($params, $id_shop);
Db::getInstance()->insert('stock_available', $params, false, true, Db::ON_DUPLICATE_KEY);
Expand Down

0 comments on commit 3fa0dfa

Please sign in to comment.