lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Sanitize for security.

Browse Source
This commit is contained in:
Laurent Destailleur 2015-04-18 20:43:52 +02:00
parent 21a6fd1cb4
commit 1598a5d3a6
1 changed files with 9 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
htdocs/filefunc.inc.php
View File

@ -66,12 +66,15 @@ $conffiletoshow = "htdocs/conf/conf.php";
//$conffile = "/etc/dolibarr/conf.php";
//$conffiletoshow = "/etc/dolibarr/conf.php";
//replace conf filename with "conf" parameter on url by GET
if (!empty($_GET['conf'])) {
setcookie('dolconf', $_GET['conf'],0,'/');
$conffile = 'conf/' . $_GET['conf'] . '.php';
} else {
$conffile = 'conf/' . (!empty($_COOKIE['dolconf']) ? $_COOKIE['dolconf'] : 'conf') . '.php';
// Replace conf filename with "conf" parameter on url by GET
if (GETPOST('conf'))
{
setcookie('dolconf', GETPOST('conf'),0,'/');
$conffile = 'conf/' . dol_sanitizeFileName(GETPOST('conf')) . '.php';
}
else
{
$conffile = 'conf/' . dol_sanitizeFileName((!empty($_COOKIE['dolconf']) ? $_COOKIE['dolconf'] : 'conf') . '.php');
}