phpBMS

Show
Ignore:
Timestamp:
01/06/10 22:48:56 (2 years ago)
Author:
brieb
Message:
  • Fixed more path disclosure and possible SQL injection bugs in the load search class
Files:
1 modified

Legend:

Unmodified
Added
Removed

  • trunk/phpbms/modules/bms/include/invoices.php

    r720 r725  
    649649                        $therecord = parent::getRecord($id, $useUuid); 
    650650 
     651                        if(!$therecord["id"]) 
     652                            $error = new appError(430, "Sales Order record '".$id."' does not exist", "No Record Available", true, true); 
     653 
    651654                        /** 
    652655                          *  If `type` is not an order and not a quote and payment information is being 
phpBMS vulnerability assesment provided by Orvant Inc. Copyright © 2010 Kreotek, LLC. All Rights reserved.