lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Better security fix: Using GETPOST does not fix all cases, also the real

Browse Source 
bug (missing escaping information when using it) was not fixed.
This commit is contained in:
Laurent Destailleur 2012-10-09 11:42:38 +02:00
parent 72a1194d14
commit 1725561c34
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
htdocs/user/group/index.php
View File

@ -34,8 +34,8 @@ if (! empty($conf->global->MAIN_USE_ADVANCED_PERMS))
$langs->load("users");
$sall=GETPOST('sall', 'alpha');
$search_group=GETPOST('search_group','alpha');
$sall=GETPOST('sall');
$search_group=GETPOST('search_group');
$sortfield = GETPOST('sortfield','alpha');
$sortorder = GETPOST('sortorder','alpha');
@ -82,7 +82,7 @@ if ($resql)
$num = $db->num_rows($resql);
$i = 0;
$param="search_group=".$search_group."&sall=".$sall;
$param="search_group=".urlencode($search_group)."&sall=".urlencode($sall);
print '<table class="noborder" width="100%">';
print '<tr class="liste_titre">';
print_liste_field_titre($langs->trans("Group"),$_SERVER["PHP_SELF"],"g.nom",$param,"","",$sortfield,$sortorder);