From d7d4e546bbf0f2d13ff86287b0a0fdd9b88f1c64 Mon Sep 17 00:00:00 2001
From: Janusz Dobrowolski <janusz@frontaccounting.eu>
Date: Thu, 11 Nov 2010 09:58:56 +0000
Subject: [PATCH] Fixed implode() injection vulnerabilities.

---
 includes/db/crm_contacts_db.inc             | 3 +++
 sales/includes/db/cust_trans_details_db.inc | 2 +-
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/includes/db/crm_contacts_db.inc b/includes/db/crm_contacts_db.inc
index 3f34b70e..8e1c045e 100644
--- a/includes/db/crm_contacts_db.inc
+++ b/includes/db/crm_contacts_db.inc
@@ -150,6 +150,9 @@ function update_person_contacts($id, $cat_ids, $entity_id=null)
 
 	$ret = db_query($sql, "Can't delete person contacts");
 
+	foreach($cat_ids as $n => $id)
+		$cat_ids[$n] = db_escape($id);
+
 	if($ret && count($cat_ids)) {
 		array_walk($cat_ids,'db_escape');
 		$sql = "INSERT INTO ".TB_PREF."crm_contacts (person_id,type,action,entity_id)
diff --git a/sales/includes/db/cust_trans_details_db.inc b/sales/includes/db/cust_trans_details_db.inc
index 4300e94b..2656e544 100644
--- a/sales/includes/db/cust_trans_details_db.inc
+++ b/sales/includes/db/cust_trans_details_db.inc
@@ -25,7 +25,7 @@ if (!is_array($debtor_trans_no))
 
 	$tr=array();
 	foreach ($debtor_trans_no as $trans_no)
-		$tr[] = 'debtor_trans_no='.$trans_no;
+		$tr[] = 'debtor_trans_no='.db_escape($trans_no);
 
 	$sql .= implode(' OR ', $tr);
 
-- 
2.30.2