lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix: Sanitize data 2

Browse Source
This commit is contained in:
Laurent Destailleur 2012-03-27 18:36:32 +02:00
parent 28cf1345e0
commit 0c225372d6
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
htdocs/admin/tools/export.php
View File

@ -102,7 +102,7 @@ $time_start = time();
// MYSQL
if ($what == 'mysql')
{
$cmddump=$_POST["mysqldump"];
$cmddump=GETPOST("mysqldump"); // Do not sanitize here with 'alpha', will be sanitize later by escapeshellarg
if ($cmddump)
{
dolibarr_set_const($db, 'SYSTEMTOOLS_MYSQLDUMP', $cmddump,'chaine',0,'',$conf->entity);
@ -265,7 +265,7 @@ if ($what == 'mysqlnobin')
// POSTGRESQL
if ($what == 'postgresql')
{
$cmddump=$_POST["postgresqldump"];
$cmddump=GETPOST("postgresqldump"); // Do not sanitize here with 'alpha', will be sanitize later by escapeshellarg
if ($cmddump)
{
dolibarr_set_const($db, 'SYSTEMTOOLS_POSTGRESQLDUMP', $cmddump,'chaine',0,'',$conf->entity);
@ -295,7 +295,7 @@ if ($what == 'postgresql')
if (GETPOST("drop")) $param.=" --add-drop-table";
if (! GETPOST("sql_data")) $param.=" -s";
}
if ($_POST["sql_data"])
if (GETPOST("sql_data"))
{
if (! GETPOST("sql_structure")) $param.=" -a";
if (GETPOST("showcolumns")) $param.=" -c";