From f5f55dd449cd885a2f7e47b2ba102e4c5d610b3f Mon Sep 17 00:00:00 2001
From: KMityai <dkruglovn@gmail.com>
Date: Fri, 7 Jul 2023 15:58:04 +0300
Subject: [PATCH] added escaping for db query in method for getting zone

---
 .../system/library/retailcrm/lib/repository/DataRepository.php   | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/upload/system/library/retailcrm/lib/repository/DataRepository.php b/src/upload/system/library/retailcrm/lib/repository/DataRepository.php
index 74abcb7..62393b7 100644
--- a/src/upload/system/library/retailcrm/lib/repository/DataRepository.php
+++ b/src/upload/system/library/retailcrm/lib/repository/DataRepository.php
@@ -124,6 +124,7 @@ class DataRepository extends \retailcrm\Base {
      * @return array
      */
     public function getZoneByName($name) {
+        $name = $this->db->escape($name);
         $query = $this->db->query("SELECT * FROM `" . DB_PREFIX . "zone` WHERE name = '" . $name . "'");
 
         return $query->row;