From 90ae24e1d905ee20915b65a8d6d82d94d0694edc Mon Sep 17 00:00:00 2001
From: =?utf8?q?Sven=20Sch=C3=B6ling?= <s.schoeling@googlemail.com>
Date: Sun, 5 Dec 2021 19:16:52 +0100
Subject: [PATCH] Form: get_history sql escaping

---
 SL/Form.pm | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/SL/Form.pm b/SL/Form.pm
index 2e9458956..a01e9a8c6 100644
--- a/SL/Form.pm
+++ b/SL/Form.pm
@@ -2956,7 +2956,7 @@ sub get_history {
       qq|SELECT h.employee_id, h.itime::timestamp(0) AS itime, h.addition, h.what_done, emp.name, h.snumbers, h.trans_id AS id | .
       qq|FROM history_erp h | .
       qq|LEFT JOIN employee emp ON (emp.id = h.employee_id) | .
-      qq|WHERE (trans_id = | . $trans_id . qq|) $restriction | .
+      qq|WHERE (trans_id = | . $dbh->quote($trans_id) . qq|) $restriction | .
       $order;
 
     my $sth = $dbh->prepare($query) || $self->dberror($query);
-- 
2.20.1