lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

FIX : js injection in stockmovement.php

Browse Source
This commit is contained in:
lmarcouiller 2022-07-25 10:49:19 +02:00
parent 3262426b84
commit 1e282aaded
1 changed files with 5 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
htdocs/product/stock/massstockmove.php
View File

@ -336,11 +336,11 @@ if ($action == 'importCSV' && !empty($user->rights->stock->mouvement->creer)) {
continue;
}
//var_dump($data);
$tmp_id_sw = $data[$i][0]['val'];
$tmp_id_tw = $data[$i][1]['val'];
$tmp_id_product = $data[$i][2]['val'];
$tmp_qty = $data[$i][3]['val'];
$tmp_batch = $data[$i][4]['val'];
$tmp_id_sw = dol_escape_htmltag($data[$i][0]['val']);
$tmp_id_tw = dol_escape_htmltag($data[$i][1]['val']);
$tmp_id_product = dol_escape_htmltag($data[$i][2]['val']);
$tmp_qty = dol_escape_htmltag($data[$i][3]['val']);
$tmp_batch = dol_escape_htmltag($data[$i][4]['val']);
if (!is_numeric($tmp_id_product)) {
$result = fetchref($productstatic, $tmp_id_product);