From b6182b919f31b208b653672a496a8696ae917ce2 Mon Sep 17 00:00:00 2001
From: Jason Terry <jterry@bluehost.com>
Date: Tue, 20 Oct 2015 11:46:47 -0600
Subject: [PATCH] fix possible sql injection issue

---
 FS/FS/part_pkg.pm | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/FS/FS/part_pkg.pm b/FS/FS/part_pkg.pm
index 97bce45374..cc43f2f3c9 100644
--- a/FS/FS/part_pkg.pm
+++ b/FS/FS/part_pkg.pm
@@ -2289,7 +2289,8 @@ sub agent_pkgs_sql {
 
 sub _pkgs_sql {
   my( $class, @agentnums ) = @_;
-  my $agentnums = join(',', @agentnums);
+  my $dbh = dbh;
+  my $agentnums = join(',', map { $dbh->quote($_) } @agentnums);
 
   "
     (