kenmirrors/grocy
1
0
Fork 0
mirror of https://github.com/grocy/grocy.git synced 2025-04-30 10:05:45 +00:00
Code Issues Projects Releases Wiki Activity

Fixed a (theoretical, not practically relevant for the target use case of Grocy) SQL injection possibility (closes #2259)

Browse Source
This commit is contained in:
Bernd Bestel 2023-06-22 15:07:47 +02:00
parent 297cc57244
commit c415e2f8da
No known key found for this signature in database
GPG Key ID: 71BD34C0D4891300
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
services/StockService.php
View File

@ -892,7 +892,7 @@ class StockService extends BaseService
return FindAllObjectsInArrayByPropertyValue($stockEntries, 'location_id', $locationId); return FindAllObjectsInArrayByPropertyValue($stockEntries, 'location_id', $locationId);
} }
public function GetProductStockLocations($productId, $allowSubproductSubstitution = false) public function GetProductStockLocations(int $productId, $allowSubproductSubstitution = false)
{ {
$sqlWhereProductId = 'product_id = ' . $productId; $sqlWhereProductId = 'product_id = ' . $productId;
if ($allowSubproductSubstitution) if ($allowSubproductSubstitution)