Skip to content
Permalink
Browse files Browse the repository at this point in the history
Addressed an sql vulnerability in invoices.php for bogus post paramet…
…ers for sorting.
  • Loading branch information
anuko committed May 5, 2023
1 parent 010a05a commit 8a7367d
Show file tree
Hide file tree
Showing 2 changed files with 2 additions and 2 deletions.
2 changes: 1 addition & 1 deletion initialize.php
Expand Up @@ -21,7 +21,7 @@
die("mysqli_report function is not available."); // No point to continue as mysqli will not work.
}

define("APP_VERSION", "1.22.11.5780");
define("APP_VERSION", "1.22.11.5781");
define("APP_DIR", dirname(__FILE__));
define("LIBRARY_DIR", APP_DIR."/WEB-INF/lib");
define("TEMPLATE_DIR", APP_DIR."/WEB-INF/templates");
Expand Down
2 changes: 1 addition & 1 deletion invoices.php
Expand Up @@ -76,7 +76,7 @@
if (!ttInvoiceHelper::validSortOrder($sort_order_2)) $err->add($i18n->get('error.field'), $i18n->get('label.sort'));
if ($sort_option_1 == $sort_option_2) $err->add($i18n->get('error.field'), $i18n->get('label.sort'));

if($request->getParameter('sorting_changed')) {
if($err->no() && $request->getParameter('sorting_changed')) {
// User changed sorting. Get invoices sorted accordingly.
$sort_options = array('sort_option_1'=>$sort_option_1,
'sort_order_1'=>$sort_order_1,
Expand Down

0 comments on commit 8a7367d

Please sign in to comment.