fix: prevenzione sql injection

loviuz · loviuz · commit 1ab6734fcca4 · 2025-12-29T17:27:08.000+01:00
diff --git a/modules/stampe/actions.php b/modules/stampe/actions.php
@@ -23,7 +23,7 @@
 switch (post('op')) {
     case 'update':
         if (!empty(intval(post('predefined'))) && !empty(post('module'))) {
-            $dbo->query('UPDATE `zz_prints` SET `predefined` = 0 WHERE `id_module` = '.post('module'));
+            $dbo->query('UPDATE `zz_prints` SET `predefined` = 0 WHERE `id_module` = '.prepare(post('module')));
         }
         $print->options = post('options');
         $print->order = post('order');

Original file line number	Diff line number	Diff line change
`@@ -23,7 +23,7 @@`
`23`	`23`	`switch (post('op')) {`
`24`	`24`	`case 'update':`
`25`	`25`	`if (!empty(intval(post('predefined'))) && !empty(post('module'))) {`
`26`		- $dbo->query('UPDATE `zz_prints` SET `predefined` = 0 WHERE `id_module` = '.post('module'));
	`26`	+ $dbo->query('UPDATE `zz_prints` SET `predefined` = 0 WHERE `id_module` = '.prepare(post('module')));
`27`	`27`	`}`
`28`	`28`	`$print->options = post('options');`
`29`	`29`	`$print->order = post('order');`