Fixed implode() injection vulnerabilities.

diff --git a/includes/db/crm_contacts_db.inc b/includes/db/crm_contacts_db.inc
index 3f34b70e7d75ba2f4ecd5b3bf8aeee62da07b878..8e1c045e4b64ea2e3dbabf1349bf895a5f902692 100644 (file)
--- a/includes/db/crm_contacts_db.inc
+++ b/includes/db/crm_contacts_db.inc
@@ -150,6 +150,9 @@ function update_person_contacts($id, $cat_ids, $entity_id=null)
 
        $ret = db_query($sql, "Can't delete person contacts");
 
+       foreach($cat_ids as $n => $id)
+               $cat_ids[$n] = db_escape($id);
+
        if($ret && count($cat_ids)) {
                array_walk($cat_ids,'db_escape');
                $sql = "INSERT INTO ".TB_PREF."crm_contacts (person_id,type,action,entity_id)

diff --git a/sales/includes/db/cust_trans_details_db.inc b/sales/includes/db/cust_trans_details_db.inc
index 4300e94bed65ae836b7b7aa091b2d738e156993a..2656e54450c7177905a6da82034bfe4f41e1ba50 100644 (file)
--- a/sales/includes/db/cust_trans_details_db.inc
+++ b/sales/includes/db/cust_trans_details_db.inc
@@ -25,7 +25,7 @@ if (!is_array($debtor_trans_no))
 
        $tr=array();
        foreach ($debtor_trans_no as $trans_no)
-               $tr[] = 'debtor_trans_no='.$trans_no;
+               $tr[] = 'debtor_trans_no='.db_escape($trans_no);
 
        $sql .= implode(' OR ', $tr);