Fixed injection sql in chart_generator

2025-07-31 01:35:36 +02:00 · 2020-01-23 10:40:55 +01:00 · 2020-01-23 10:40:55 +01:00 · 9f9cc9beda
commit 9f9cc9beda
parent 2447514c41
1 changed files with 1 additions and 1 deletions
--- a/pandora_console/include/lib/User.php
+++ b/pandora_console/include/lib/User.php
@ -70,7 +70,7 @@ class User
                $this->sessions[$data['phpsessionid']] = 1;
                $info = \db_get_row_filter(
                    'tsessions_php',
-                    ['id_session' => $data['phpsessionid']]
+                    ['id_session' => io_safe_input($data['phpsessionid'])]
                );
                if ($info !== false) {