Merge branch 'ent-5322-SQL-Injection-leads-to-Login-Bypass' into 'develop'

Fixed injection sql in chart_generator

See merge request artica/pandorafms!3024
This commit is contained in:
Daniel Rodriguez 2020-01-24 10:52:02 +01:00
commit 6a35ffa01b
1 changed files with 1 additions and 1 deletions

View File

@ -70,7 +70,7 @@ class User
$this->sessions[$data['phpsessionid']] = 1;
$info = \db_get_row_filter(
'tsessions_php',
['id_session' => $data['phpsessionid']]
['id_session' => io_safe_input($data['phpsessionid'])]
);
if ($info !== false) {