X-Git-Url: https://delta.frontaccounting.com/gitweb/?a=blobdiff_plain;f=admin%2Fprint_profiles.php;h=02e3701c55a9a2af8b13a55c1f5f53a16614ca96;hb=45a035785b9a820621da56dec93078b3ccd9832e;hp=f22c19416920932ed1fb5ef11d32a1d955c93818;hpb=4d4371fb200bb27fd6b680ebd2d1aaa450a0be7e;p=fa-stable.git

diff --git a/admin/print_profiles.php b/admin/print_profiles.php
index f22c1941..02e3701c 100644
--- a/admin/print_profiles.php
+++ b/admin/print_profiles.php
@@ -9,8 +9,8 @@
     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  
     See the License here <http://www.gnu.org/licenses/gpl-3.0.html>.
 ***********************************************************************/
-$page_security = 15;
-$path_to_root="..";
+$page_security = 'SA_PRINTPROFILE';
+$path_to_root = "..";
 include($path_to_root . "/includes/session.inc");
 include($path_to_root . "/admin/db/printers_db.inc");
 include($path_to_root . "/includes/ui.inc");
@@ -77,7 +77,7 @@ function check_delete($name)
 {
 // check if selected profile is used by any user
 	if ($name=='') return 0; // cannot delete system default profile
-	$sql = "SELECT * FROM ".TB_PREF."users WHERE print_profile='$name'";
+	$sql = "SELECT * FROM ".TB_PREF."users WHERE print_profile=".db_escape($name);
 	$res = db_query($sql,'cannot check printing profile usage');
 	return db_num_rows($res);
 }