sec(Picklist) sanitize picklist values

tsolucio · Jun 2, 2023 · 5e87fbc · 5e87fbc
1 parent b3a7a26
commit 5e87fbc
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/modules/PickList/PickListAction.php b/modules/PickList/PickListAction.php
@@ -37,7 +37,7 @@
 			$id = $adb->getUniqueID("vtiger_$tableName");
 			$picklist_valueid = getUniquePicklistID();
 			$sql = "insert into vtiger_$tableName values (?,?,?,?)";
-			$adb->pquery($sql, array($id, $val, 1, $picklist_valueid));
+			$adb->pquery($sql, array($id, vtlib_purify($val), 1, $picklist_valueid));
 			//add the picklist values to the selected roles
 			foreach ($roles as $roleid) {
 				$sql ="select max(sortid)+1 as sortid