From 1fa915384134dc8ebff87b36a2ee0b99b76bcd7a Mon Sep 17 00:00:00 2001
From: =?utf8?q?Sven=20Sch=C3=B6ling?= <s.schoeling@linet-services.de>
Date: Tue, 6 Mar 2007 14:00:52 +0000
Subject: [PATCH] Paranoiasicherheitscheck in IR.pm

---
 SL/IS.pm | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/SL/IS.pm b/SL/IS.pm
index 6b9018d95..1ee47f209 100644
--- a/SL/IS.pm
+++ b/SL/IS.pm
@@ -2230,6 +2230,10 @@ sub has_storno {
 
   $main::lxdebug->leave_sub() and return 0 unless ($form->{id});
 
+  # make sure there's no funny stuff in $table
+  # ToDO: die when this happens and throw an error
+  $main::lxdebug->leave_sub() and return 0 if ($table =~ /\W/);
+
   my $dbh = $form->dbconnect($myconfig);
 
   my $query = qq|SELECT storno FROM $table WHERE id = ?|;
-- 
2.20.1