AS1024/itflow
1
0
Fork 0
mirror of https://github.com/itflow-org/itflow synced 2026-02-28 10:54:52 +00:00
Code Issues Packages Projects Releases Wiki Activity

Security Added some mysql escapes to some get vars in api and guest view invoice and quote

Browse Source
This commit is contained in:
johnny@pittpc.com
2019-08-28 21:54:27 -04:00
parent 0e451056b4
commit bbf8756882
3 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
api.php
View File

@@ -3,7 +3,7 @@
<?php
//Check Key
if(isset($_GET['api_key'])){
$config_api_key = $_GET['api_key'];
$config_api_key = mysqli_real_escape_string($mysqli,$_GET['api_key']);
$sql = mysqli_query($mysqli,"SELECT * FROM settings, companies WHERE settings.company_id = companies.company_id AND settings.config_api_key = '$config_api_key'");