Skip to content

Commit 3fa0dfa

Browse files
Merge pull request from GHSA-fghq-8h87-826g
Escape location and ids when setting location
2 parents 4b4290b + 41cedac commit 3fa0dfa

File tree

1 file changed

+8
-8
lines changed

1 file changed

+8
-8
lines changed

Diff for: classes/stock/StockAvailable.php

+8-8
Original file line numberDiff line numberDiff line change
@@ -395,17 +395,17 @@ public static function setLocation($id_product, $location, $id_shop = null, $id_
395395
if ($existing_id > 0) {
396396
Db::getInstance()->update(
397397
'stock_available',
398-
array('location' => $location),
399-
'id_product = ' . $id_product .
400-
(($id_product_attribute) ? ' AND id_product_attribute = ' . $id_product_attribute : '') .
398+
['location' => pSQL($location)],
399+
'id_product = ' . (int) $id_product .
400+
(($id_product_attribute) ? ' AND id_product_attribute = ' . (int) $id_product_attribute : '') .
401401
StockAvailable::addSqlShopRestriction(null, $id_shop)
402402
);
403403
} else {
404-
$params = array(
405-
'location' => $location,
406-
'id_product' => $id_product,
407-
'id_product_attribute' => $id_product_attribute,
408-
);
404+
$params = [
405+
'location' => pSQL($location),
406+
'id_product' => (int) $id_product,
407+
'id_product_attribute' => (int) $id_product_attribute,
408+
];
409409

410410
StockAvailable::addSqlShopParams($params, $id_shop);
411411
Db::getInstance()->insert('stock_available', $params, false, true, Db::ON_DUPLICATE_KEY);

0 commit comments

Comments
 (0)