diff --git a/CHANGES.md b/CHANGES.md
index cb2ac54c7..24ac364a3 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -1,6 +1,10 @@
 # CHANGES
 ## RosarioSIS Student Information System
 
+Changes in 8.9.4
+----------------
+- Fix SQL injection sanitize all `$_REQUEST` keys in Warehouse.php, thanks to @nhienit2010
+
 Changes in 8.9.3
 ----------------
 - Fix stored XSS security issue: do not allow unsanitized SVG in FileUpload.fnc.php, thanks to @scgajge12 & @crowdoverflow
diff --git a/Warehouse.php b/Warehouse.php
index 581c13dc9..f2f8343ce 100644
--- a/Warehouse.php
+++ b/Warehouse.php
@@ -191,11 +191,11 @@ function array_rwalk( &$array, $function )
 		if ( is_array( $array[$key[$i]] ) )
 		{
 			array_rwalk( $array[$key[$i]], $function );
-
-			continue;
 		}
-
-		$array[$key[$i]] = $function( $array[$key[$i]] );
+		else
+		{
+			$array[$key[$i]] = $function( $array[$key[$i]] );
+		}
 
 		// Key is also passed through $function function.
 		$fkey = $function( $key[$i] );