Skip to content

Commit

Permalink
sec(Picklist) sanitize picklist values
Browse files Browse the repository at this point in the history
  • Loading branch information
joebordes committed Jun 2, 2023
1 parent b3a7a26 commit 5e87fbc
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion modules/PickList/PickListAction.php
Expand Up @@ -37,7 +37,7 @@
$id = $adb->getUniqueID("vtiger_$tableName");
$picklist_valueid = getUniquePicklistID();
$sql = "insert into vtiger_$tableName values (?,?,?,?)";
$adb->pquery($sql, array($id, $val, 1, $picklist_valueid));
$adb->pquery($sql, array($id, vtlib_purify($val), 1, $picklist_valueid));
//add the picklist values to the selected roles
foreach ($roles as $roleid) {
$sql ="select max(sortid)+1 as sortid
Expand Down

0 comments on commit 5e87fbc

Please sign in to comment.