lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

FIX SQL Injection CWE-89

Browse Source
This commit is contained in:
Laurent Destailleur 2018-04-06 17:22:14 +02:00
parent 1009a629d9
commit 1623fea618
2 changed files with 4 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
htdocs/expensereport/list.php
View File

@ -72,7 +72,7 @@ $search_user = GETPOST('search_user','int');
$search_amount_ht = GETPOST('search_amount_ht','alpha');
$search_amount_vat = GETPOST('search_amount_vat','alpha');
$search_amount_ttc = GETPOST('search_amount_ttc','alpha');
$search_status = (GETPOST('search_status','alpha')!=''?GETPOST('search_status','alpha'):GETPOST('statut','alpha'));
$search_status = (GETPOST('search_status','intcomma')!=''?GETPOST('search_status','intcomma'):GETPOST('statut','intcomma'));
$month_start = GETPOST("month_start","int");
$year_start = GETPOST("year_start","int");
$month_end = GETPOST("month_end","int");
@ -305,11 +305,7 @@ if ($search_amount_ttc != '') $sql.= natural_search('d.total_ttc', $search_amoun
// User
if ($search_user != '' && $search_user >= 0) $sql.= " AND u.rowid = '".$db->escape($search_user)."'";
// Status
if ($search_status != '' && $search_status >= 0)
{
if (strstr($search_status, ',')) $sql.=" AND d.fk_statut IN (".$db->escape($search_status).")";
else $sql.=" AND d.fk_statut = ".$search_status;
}
if ($search_status != '' && $search_status >= 0) $sql.=" AND d.fk_statut IN (".$db->escape($search_status).")";
// RESTRICT RIGHTS
if (empty($user->rights->expensereport->readall) && empty($user->rights->expensereport->lire_tous)
&& (empty($conf->global->MAIN_USE_ADVANCED_PERMS) || empty($user->rights->expensereport->writeall_advance)))

4
htdocs/holiday/list.php
View File

@ -85,7 +85,7 @@ if (! $sortorder) $sortorder="DESC";
$sall = trim((GETPOST('search_all', 'alphanohtml')!='')?GETPOST('search_all', 'alphanohtml'):GETPOST('sall', 'alphanohtml'));
$search_ref = GETPOST('search_ref','alpha');
$search_ref = GETPOST('search_ref','alphanohtml');
$search_day_create = GETPOST('search_day_create','int');
$search_month_create = GETPOST('search_month_create','int');
$search_year_create = GETPOST('search_year_create','int');
@ -185,7 +185,7 @@ $order = $db->order($sortfield,$sortorder).$db->plimit($limit + 1, $offset);
// Ref
if(!empty($search_ref))
{
$filter.= " AND cp.rowid = ".$db->escape($search_ref);
$filter.= " AND cp.rowid = ".(int) $db->escape($search_ref);
}
// Start date