From c415e2f8da190495cc370a7c6d183bd8aef8f3c7 Mon Sep 17 00:00:00 2001 From: Bernd Bestel Date: Thu, 22 Jun 2023 15:07:47 +0200 Subject: [PATCH] Fixed a (theoretical, not practically relevant for the target use case of Grocy) SQL injection possibility (closes #2259) --- services/StockService.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/services/StockService.php b/services/StockService.php index 9e753c21..16cb468c 100644 --- a/services/StockService.php +++ b/services/StockService.php @@ -892,7 +892,7 @@ class StockService extends BaseService return FindAllObjectsInArrayByPropertyValue($stockEntries, 'location_id', $locationId); } - public function GetProductStockLocations($productId, $allowSubproductSubstitution = false) + public function GetProductStockLocations(int $productId, $allowSubproductSubstitution = false) { $sqlWhereProductId = 'product_id = ' . $productId; if ($allowSubproductSubstitution)