projects
/
kivitendo-erp.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
| inline |
side by side
(parent:
2e7ea27
)
SQL-Injection vermeiden. Fix für Revisionen 2936, 2937.
author
Moritz Bunkus
<m.bunkus@linet-services.de>
Wed, 14 Nov 2007 10:08:32 +0000
(10:08 +0000)
committer
Moritz Bunkus
<m.bunkus@linet-services.de>
Wed, 14 Nov 2007 10:08:32 +0000
(10:08 +0000)
SL/IS.pm
patch
|
blob
|
history
diff --git
a/SL/IS.pm
b/SL/IS.pm
index
2cf1482
..
8ecddff
100644
(file)
--- a/
SL/IS.pm
+++ b/
SL/IS.pm
@@
-1513,7
+1513,13
@@
sub get_customer {
}
my $cid = conv_i($form->{customer_id});
- my $payment_id = ($form->{payment_id}) ? "($form->{payment_id} = pt.id) OR" : "";
+ my $payment_id;
+
+ if ($form->{payment_id}) {
+ $payment_id = "(pt.id = ?) OR";
+ push @values, conv_i($form->{payment_id});
+ }
+
# get customer
$query =
qq|SELECT