Security update merged from 2.1.

[fa-stable.git] / reporting / rep705.php

diff --git a/reporting/rep705.php b/reporting/rep705.php
index 4361b6e7cea3ee10d63448dbe11a05e58e5aa958..faf815f44c9c1aef9cab03e72606cc4911926447 100644 (file)
--- a/reporting/rep705.php
+++ b/reporting/rep705.php
@@ -62,9 +62,9 @@ function getPeriods($year, $account, $dimension, $dimension2)
                        FROM ".TB_PREF."gl_trans
                                WHERE account='$account'";
        if ($dimension > 0)
-               $sql .= " AND dimension_id = $dimension";
+               $sql .= " AND dimension_id = ".db_escape($dimension);
        if ($dimension2 > 0)
-               $sql .= " AND dimension2_id = $dimension2";
+               $sql .= " AND dimension2_id = ".db_escape($dimension2);
 
        $result = db_query($sql, "Transactions for account $account could not be calculated");