Skip to content
Permalink
Browse files Browse the repository at this point in the history
* htdocs/admin/save_roles.php: fixed SQL injection, yet again
  • Loading branch information
cyril-bouthors committed Sep 18, 2013
1 parent 7e86e1c commit 6cfeb2f
Showing 1 changed file with 1 addition and 0 deletions.
1 change: 1 addition & 0 deletions htdocs/admin/save_roles.php
Expand Up @@ -33,6 +33,7 @@
must_login();

if ($_GET['action'] == "delete") {
$_GET['id'] = mysql_real_escape_string($_GET['id']);
mysql_query("DELETE FROM webfinance_roles WHERE id_role=".$_GET['id']);
$_SESSION['message'] = _('Role deleted');
header("Location: preferences.php?tab=Role");
Expand Down

0 comments on commit 6cfeb2f

Please sign in to comment.