projects
/
kivitendo-erp.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
| inline |
side by side
(parent:
66eb2bd
)
Paranoiasicherheitscheck in IR.pm
author
Sven Schöling
<s.schoeling@linet-services.de>
Tue, 6 Mar 2007 14:00:52 +0000
(14:00 +0000)
committer
Sven Schöling
<s.schoeling@linet-services.de>
Tue, 6 Mar 2007 14:00:52 +0000
(14:00 +0000)
SL/IS.pm
patch
|
blob
|
history
diff --git
a/SL/IS.pm
b/SL/IS.pm
index
6b9018d
..
1ee47f2
100644
(file)
--- a/
SL/IS.pm
+++ b/
SL/IS.pm
@@
-2230,6
+2230,10
@@
sub has_storno {
$main::lxdebug->leave_sub() and return 0 unless ($form->{id});
+ # make sure there's no funny stuff in $table
+ # ToDO: die when this happens and throw an error
+ $main::lxdebug->leave_sub() and return 0 if ($table =~ /\W/);
+
my $dbh = $form->dbconnect($myconfig);
my $query = qq|SELECT storno FROM $table WHERE id = ?|;