projects
/
fa-stable.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Attach Documents: fixed SQL injection vulnerability.
[fa-stable.git]
/
admin
/
db
/
transactions_db.inc
diff --git
a/admin/db/transactions_db.inc
b/admin/db/transactions_db.inc
index d343b7c4ba8522119d1e93688bd73101ff4d4244..f7d2d295ec6ff7177c44799ac7c63f56c3dd4c31 100644
(file)
--- a/
admin/db/transactions_db.inc
+++ b/
admin/db/transactions_db.inc
@@
-35,7
+35,7
@@
function get_sql_for_view_transactions($filtertype, $from, $to, &$trans_ref)
if ($type_name)
$sql .= ", t.$type_name as type";
$sql .= " FROM $table_name t LEFT JOIN ".TB_PREF."voided v ON"
if ($type_name)
$sql .= ", t.$type_name as type";
$sql .= " FROM $table_name t LEFT JOIN ".TB_PREF."voided v ON"
- ." t.$trans_no_name=v.id AND v.type=
$filtertype"
;
+ ." t.$trans_no_name=v.id AND v.type=
".db_escape($filtertype)
;
$sql .= " WHERE ISNULL(v.`memo_`)";
if ($from != null && $to != null)
$sql .= " WHERE ISNULL(v.`memo_`)";
if ($from != null && $to != null)