From 1b80f8358508b3dd660fe63834468d2836c8d58e Mon Sep 17 00:00:00 2001
From: prasad <prasad@vtiger.com>
Date: Thu, 12 Apr 2018 10:44:17 +0530
Subject: [PATCH] Sanitizing numeric value comparision

---
 include/QueryGenerator/QueryGenerator.php | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/include/QueryGenerator/QueryGenerator.php b/include/QueryGenerator/QueryGenerator.php
index c548e9396..b66c6b24f 100644
--- a/include/QueryGenerator/QueryGenerator.php
+++ b/include/QueryGenerator/QueryGenerator.php
@@ -1154,8 +1154,12 @@ class QueryGenerator {
 				$value = "'$value'";
 			}
 
-			if($this->isNumericType($field->getFieldDataType()) && empty($value)) {
-				$value = '0';
+			if($this->isNumericType($field->getFieldDataType())) {
+				if (empty($value)) {
+					$value = '0';
+				} else if (preg_match("/[^+\-0-9.]+/", $value)) {
+					$value = $db->quote($value);
+				}
 			}
 			$sql[] = "$sqlOperator $value";
 		}
@@ -1526,4 +1530,4 @@ class QueryGenerator {
 	}
 
 }
-?>
\ No newline at end of file
+?>
-- 
GitLab