From 283c2a17dfcf0fd5c04989940ee88c6435d2faf6 Mon Sep 17 00:00:00 2001
From: wrongecho <marcus@itflow.org>
Date: Thu, 6 Nov 2025 16:44:34 +0000
Subject: [PATCH] sanitize after substr

---
 api/v1/clients/client_model.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/api/v1/clients/client_model.php b/api/v1/clients/client_model.php
index 8e822ba8..42321016 100644
--- a/api/v1/clients/client_model.php
+++ b/api/v1/clients/client_model.php
@@ -67,7 +67,7 @@ if (isset($_POST['client_tax_id_number'])) {
 }
 
 if (isset($_POST['client_abbreviation'])) {
-    $abbreviation = substr(sanitizeInput($_POST['client_abbreviation']), 0, 6);
+    $abbreviation = sanitizeInput(substr($_POST['client_abbreviation'], 0, 6));
 } elseif ($client_row) {
     $abbreviation = $client_row['client_abbreviation'];
 } else {