From 7fca6989ca04cb29274e57e5cac811d3ba5c9cc1 Mon Sep 17 00:00:00 2001
From: Marius Burkard <m.burkard@pixcept.de>
Date: Fri, 21 Feb 2020 15:16:01 +0100
Subject: [PATCH] - fixes #5541

---
 interface/lib/app.inc.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/interface/lib/app.inc.php b/interface/lib/app.inc.php
index e341a57943..e817fcbd44 100755
--- a/interface/lib/app.inc.php
+++ b/interface/lib/app.inc.php
@@ -356,8 +356,8 @@ class app {
 			$forwarded_host = (isset($_SERVER['HTTP_X_FORWARDED_HOST']) ? $_SERVER['HTTP_X_FORWARDED_HOST'] : null );
 			if($forwarded_host !== null && $forwarded_host !== $cookie_domain) {
 				// Just check for complete domain name and not auto subdomains
-				$sql = "SELECT domain_id from web_domain where domain = '$forwarded_host'";
-				$recs = $this->db->queryOneRecord($sql);
+				$sql = "SELECT domain_id from web_domain where domain = ?";
+				$recs = $this->db->queryOneRecord($sql, $forwarded_host);
 				if($recs !== null) {
 					$cookie_domain = $forwarded_host;
 				}
-- 
GitLab