From: Sven Schöling <s.schoeling@linet-services.de>
Date: Wed, 9 Dec 2009 11:46:45 +0000 (+0100)
Subject: Autocompletion gegen Injection abgesichert.
X-Git-Tag: release-2.6.1beta1~72^2~28
X-Git-Url: http://wagnertech.de/git?a=commitdiff_plain;h=c0d4be693473cecdde020a7c55cca7ca153a239e;p=kivitendo-erp.git

Autocompletion gegen Injection abgesichert.
---

diff --git a/bin/mozilla/ic.pl b/bin/mozilla/ic.pl
index 346f7ad59..9b5b20a25 100644
--- a/bin/mozilla/ic.pl
+++ b/bin/mozilla/ic.pl
@@ -2016,7 +2016,7 @@ sub ajax_autocomplete {
   my $form     = $main::form;
   my %myconfig = %main::myconfig;
 
-  $form->{column}        ||= 'description';
+  $form->{column}          = 'description'     unless $form->{column} =~ /^partnumber|description$/;
   $form->{$form->{column}} = $form->{q}           || '';
   $form->{limit}           = ($form->{limit} * 1) || 10;
   $form->{searchitems}   ||= '';