diff --git a/htdocs/core/db/mssql.class.php b/htdocs/core/db/mssql.class.php index 64124d086e1..63ff3e9c20e 100644 --- a/htdocs/core/db/mssql.class.php +++ b/htdocs/core/db/mssql.class.php @@ -528,8 +528,8 @@ class DoliDBMssql if (! $return) $return.=' ORDER BY '; else $return.=','; - $return.=$val; - if ($sortorder) $return.=' '.$sortorder; + $return.=preg_replace('/[^0-9a-z_\.]/i','',$val); + if ($sortorder) $return.=' '.preg_replace('/[^0-9a-z]/i','',$sortorder); } return $return; } diff --git a/htdocs/core/db/mysql.class.php b/htdocs/core/db/mysql.class.php index eb124c36e59..08b3c6199a7 100644 --- a/htdocs/core/db/mysql.class.php +++ b/htdocs/core/db/mysql.class.php @@ -509,8 +509,8 @@ class DoliDBMysql if (! $return) $return.=' ORDER BY '; else $return.=','; - $return.=$val; - if ($sortorder) $return.=' '.$sortorder; + $return.=preg_replace('/[^0-9a-z_\.]/i','',$val); + if ($sortorder) $return.=' '.preg_replace('/[^0-9a-z]/i','',$sortorder); } return $return; } diff --git a/htdocs/core/db/mysqli.class.php b/htdocs/core/db/mysqli.class.php index 0dd93b12400..493068890ad 100644 --- a/htdocs/core/db/mysqli.class.php +++ b/htdocs/core/db/mysqli.class.php @@ -522,8 +522,8 @@ class DoliDBMysqli if (! $return) $return.=' ORDER BY '; else $return.=','; - $return.=$val; - if ($sortorder) $return.=' '.$sortorder; + $return.=preg_replace('/[^0-9a-z_\.]/i','',$val); + if ($sortorder) $return.=' '.preg_replace('/[^0-9a-z]/i','',$sortorder); } return $return; } diff --git a/htdocs/core/db/pgsql.class.php b/htdocs/core/db/pgsql.class.php index ec57989b090..af5a339dd54 100644 --- a/htdocs/core/db/pgsql.class.php +++ b/htdocs/core/db/pgsql.class.php @@ -666,8 +666,8 @@ class DoliDBPgsql if (! $return) $return.=' ORDER BY '; else $return.=','; - $return.=$val; - if ($sortorder) $return.=' '.$sortorder; + $return.=preg_replace('/[^0-9a-z_\.]/i','',$val); + if ($sortorder) $return.=' '.preg_replace('/[^0-9a-z]/i','',$sortorder); } return $return; } diff --git a/htdocs/user/fiche.php b/htdocs/user/fiche.php index c8d07ec46fe..7d57125eb3b 100644 --- a/htdocs/user/fiche.php +++ b/htdocs/user/fiche.php @@ -36,6 +36,11 @@ if ($conf->ldap->enabled) require_once(DOL_DOCUMENT_ROOT."/core/class/ldap.class if ($conf->adherent->enabled) require_once(DOL_DOCUMENT_ROOT."/adherents/class/adherent.class.php"); if (! empty($conf->multicompany->enabled)) dol_include_once("/multicompany/class/actions_multicompany.class.php"); +$id = GETPOST('id','int'); +$action = GETPOST("action"); +$group = GETPOST("group","int",3); +$confirm = GETPOST("confirm"); + // Define value to know what current user can do on users $canadduser=($user->admin || $user->rights->user->user->creer); $canreaduser=($user->admin || $user->rights->user->user->lire); @@ -48,18 +53,6 @@ if (! empty($conf->global->MAIN_USE_ADVANCED_PERMS)) $canreadgroup=($user->admin || $user->rights->user->group_advance->read); $caneditgroup=($user->admin || $user->rights->user->group_advance->write); } - -//Multicompany in mode transversal -if(! empty($conf->multicompany->enabled) && $conf->entity > 1 && $conf->global->MULTICOMPANY_TRANSVERSE_MODE) -{ - accessforbidden(); -} - -$id = GETPOST("id"); -$action = GETPOST("action"); -$group = GETPOST("group","int",3); -$confirm = GETPOST("confirm"); - // Define value to know what current user can do on properties of edited user if ($id) { @@ -70,6 +63,12 @@ if ($id) || (($user->id != $id) && $user->rights->user->user->password) ); } +//Multicompany in mode transversal +if(! empty($conf->multicompany->enabled) && $conf->entity > 1 && $conf->global->MULTICOMPANY_TRANSVERSE_MODE) +{ + accessforbidden(); +} + // Security check $socid=0; if ($user->societe_id > 0) $socid = $user->societe_id; diff --git a/htdocs/user/index.php b/htdocs/user/index.php index 13637d30ba7..3d019c1a71c 100644 --- a/htdocs/user/index.php +++ b/htdocs/user/index.php @@ -36,7 +36,7 @@ $langs->load("companies"); $socid=0; if ($user->societe_id > 0) $socid = $user->societe_id; -$sall=isset($_GET["sall"])?$_GET["sall"]:$_POST["sall"]; +$sall=GETPOST("sall"); $sortfield = GETPOST("sortfield",'alpha'); $sortorder = GETPOST("sortorder",'alpha'); @@ -52,6 +52,7 @@ if (! $sortorder) $sortorder="ASC"; $userstatic=new User($db); $companystatic = new Societe($db); + /* * View */ @@ -81,8 +82,8 @@ if ($_POST["search_user"]) { $sql.= " AND (u.login like '%".$_POST["search_user"]."%' OR u.name like '%".$_POST["search_user"]."%' OR u.firstname like '%".$_POST["search_user"]."%')"; } -if ($sall) $sql.= " AND (u.login like '%".$sall."%' OR u.name like '%".$sall."%' OR u.firstname like '%".$sall."%' OR u.email like '%".$sall."%' OR u.note like '%".$sall."%')"; -if ($sortfield) $sql.=" ORDER BY $sortfield $sortorder"; +if ($sall) $sql.= " AND (u.login like '%".$db->escape($sall)."%' OR u.name like '%".$db->escape($sall)."%' OR u.firstname like '%".$db->escape($sall)."%' OR u.email like '%".$db->escape($sall)."%' OR u.note like '%".$db->escape($sall)."%')"; +$sql.=$db->order($sortfield,$sortorder); $result = $db->query($sql); if ($result) diff --git a/htdocs/user/info.php b/htdocs/user/info.php index bb69ec84cca..d3c72db39a5 100644 --- a/htdocs/user/info.php +++ b/htdocs/user/info.php @@ -29,7 +29,7 @@ require_once(DOL_DOCUMENT_ROOT."/user/class/user.class.php"); $langs->load("users"); // Security check -$id = isset($_GET["id"])?$_GET["id"]:''; +$id = GETPOST('id','int'); $fuser = new User($db); $fuser->fetch($id); diff --git a/htdocs/user/note.php b/htdocs/user/note.php index 01fd68c6362..e395a47dc46 100644 --- a/htdocs/user/note.php +++ b/htdocs/user/note.php @@ -26,8 +26,8 @@ require("../main.inc.php"); require_once(DOL_DOCUMENT_ROOT.'/core/lib/usergroups.lib.php'); require_once(DOL_DOCUMENT_ROOT.'/user/class/user.class.php'); -$action=isset($_GET["action"])?$_GET["action"]:(isset($_POST["action"])?$_POST["action"]:""); -$id=isset($_GET["id"])?$_GET["id"]:(isset($_POST["id"])?$_POST["id"]:""); +$action=GETPOST('action'); +$id=GETPOST('id','int'); $langs->load("companies"); $langs->load("members"); diff --git a/htdocs/user/param_ihm.php b/htdocs/user/param_ihm.php index 6c41f551fe1..daa8024d5b4 100644 --- a/htdocs/user/param_ihm.php +++ b/htdocs/user/param_ihm.php @@ -32,30 +32,31 @@ $langs->load("admin"); $langs->load("users"); $langs->load("languages"); +$id=GETPOST('id','int'); + // Defini si peux lire/modifier permisssions $canreaduser=($user->admin || $user->rights->user->user->lire); -if ($_REQUEST["id"]) +if ($id) { - // $user est le user qui edite, $_REQUEST["id"] est l'id de l'utilisateur edite - $caneditfield=( (($user->id == $_REQUEST["id"]) && $user->rights->user->self->creer) - || (($user->id != $_REQUEST["id"]) && $user->rights->user->user->creer)); + // $user est le user qui edite, $id est l'id de l'utilisateur edite + $caneditfield=( (($user->id == $id) && $user->rights->user->self->creer) + || (($user->id != $id) && $user->rights->user->user->creer)); } // Security check $socid=0; if ($user->societe_id > 0) $socid = $user->societe_id; $feature2 = (($socid && $user->rights->user->self->creer)?'':'user'); -if ($user->id == $_REQUEST["id"]) // A user can always read its own card +if ($user->id == $id) // A user can always read its own card { $feature2=''; $canreaduser=1; } -$result = restrictedArea($user, 'user', $_REQUEST["id"], '', $feature2); -if ($user->id <> $_REQUEST["id"] && ! $canreaduser) accessforbidden(); +$result = restrictedArea($user, 'user', $id, '', $feature2); +if ($user->id <> $id && ! $canreaduser) accessforbidden(); -$id=! empty($_GET["id"])?$_GET["id"]:$_POST["id"]; $dirtop = "../core/menus/standard"; $dirleft = "../core/menus/standard"; diff --git a/htdocs/user/perms.php b/htdocs/user/perms.php index 5a5f374949a..8c3cd5de551 100644 --- a/htdocs/user/perms.php +++ b/htdocs/user/perms.php @@ -30,7 +30,7 @@ require_once(DOL_DOCUMENT_ROOT."/core/lib/usergroups.lib.php"); $langs->load("users"); $langs->load("admin"); -$id=GETPOST("id"); +$id=GETPOST('id','int'); $action=GETPOST("action"); $confirm=GETPOST("confirm"); $module=GETPOST("module");