From: Sven Schöling Date: Wed, 9 Dec 2009 11:46:45 +0000 (+0100) Subject: Autocompletion gegen Injection abgesichert. X-Git-Tag: release-2.6.1beta1~72^2~28 X-Git-Url: http://wagnertech.de/git?a=commitdiff_plain;h=c0d4be693473cecdde020a7c55cca7ca153a239e;p=kivitendo-erp.git Autocompletion gegen Injection abgesichert. --- diff --git a/bin/mozilla/ic.pl b/bin/mozilla/ic.pl index 346f7ad59..9b5b20a25 100644 --- a/bin/mozilla/ic.pl +++ b/bin/mozilla/ic.pl @@ -2016,7 +2016,7 @@ sub ajax_autocomplete { my $form = $main::form; my %myconfig = %main::myconfig; - $form->{column} ||= 'description'; + $form->{column} = 'description' unless $form->{column} =~ /^partnumber|description$/; $form->{$form->{column}} = $form->{q} || ''; $form->{limit} = ($form->{limit} * 1) || 10; $form->{searchitems} ||= '';