projects
/
kivitendo-erp.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
| inline |
side by side
(parent:
42a1047
)
Form: get_history sql escaping
author
Sven Schöling
<s.schoeling@googlemail.com>
Sun, 5 Dec 2021 18:16:52 +0000
(19:16 +0100)
committer
Sven Schöling
<s.schoeling@googlemail.com>
Sun, 5 Dec 2021 18:28:04 +0000
(19:28 +0100)
SL/Form.pm
patch
|
blob
|
history
diff --git
a/SL/Form.pm
b/SL/Form.pm
index
2e94589
..
a01e9a8
100644
(file)
--- a/
SL/Form.pm
+++ b/
SL/Form.pm
@@
-2956,7
+2956,7
@@
sub get_history {
qq|SELECT h.employee_id, h.itime::timestamp(0) AS itime, h.addition, h.what_done, emp.name, h.snumbers, h.trans_id AS id | .
qq|FROM history_erp h | .
qq|LEFT JOIN employee emp ON (emp.id = h.employee_id) | .
- qq|WHERE (trans_id = | . $
trans_id
. qq|) $restriction | .
+ qq|WHERE (trans_id = | . $
dbh->quote($trans_id)
. qq|) $restriction | .
$order;
my $sth = $dbh->prepare($query) || $self->dberror($query);