From: Florent Bruneau <florent.bruneau@polytechnique.org>
Date: Sun, 15 Feb 2009 09:30:45 +0000 (+0100)
Subject: Fix a SQL injection vulnerability on a public page o_O.
X-Git-Tag: xorg/0.10.1~49^2~18
X-Git-Url: http://git.polytechnique.org/?a=commitdiff_plain;h=b052bb3400c3f6089752005ae5c61695293e9015;p=platal.git

Fix a SQL injection vulnerability on a public page o_O.

Signed-off-by: Florent Bruneau <florent.bruneau@polytechnique.org>
---

diff --git a/modules/payment.php b/modules/payment.php
index 7545ae9..d1e8a0e 100644
--- a/modules/payment.php
+++ b/modules/payment.php
@@ -208,7 +208,7 @@ class PaymentModule extends PLModule
             $res = XDB::query("SELECT  rcb.text,c.id,c.text
                                  FROM  paiement.codeRCB AS rcb
                             LEFT JOIN  paiement.codeC   AS c ON rcb.codeC=c.id
-                                WHERE  rcb.id='$champ906'");
+                                WHERE  rcb.id={?}", $champ906);
             if (list($rcb_text, $c_id, $c_text) = $res->fetchOneRow()) {
                 cb_erreur("erreur lors du paiement : $c_text ($c_id)");
             } else{