Skip to content

Commit

Permalink
Update getCurrency method validation
Browse files Browse the repository at this point in the history 
currency_id should not be escaped because it is supposed to always be an integrer.
  • Loading branch information
@mehdiRma10 @AJenbo
mehdiRma10 authored and AJenbo committed Feb 5, 2024
1 parent 884150f commit 59e1303
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion upload/catalog/model/localisation/currency.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,7 @@ public function editValueByCode(string $code, float $value): void {
* @return array<string, mixed>
*/
public function getCurrency(int $currency_id): array {
$query = $this->db->query("SELECT DISTINCT * FROM `" . DB_PREFIX . "currency` WHERE `currency_id` = '" . $this->db->escape($currency_id) . "'");
$query = $this->db->query("SELECT DISTINCT * FROM `" . DB_PREFIX . "currency` WHERE `currency_id` = '" . (int)$currency_id . "'");

return $query->row;
}
Expand Down

0 comments on commit 59e1303

Please sign in to comment.