From 3bc47ff4e95c9e443187d65490591499e7a3ff64 Mon Sep 17 00:00:00 2001 From: simnandez Date: Fri, 2 Mar 2012 14:53:49 +0100 Subject: [PATCH] Fix: Security --- htdocs/admin/prelevement.php | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/htdocs/admin/prelevement.php b/htdocs/admin/prelevement.php index 5d7659e454b..d128244c369 100644 --- a/htdocs/admin/prelevement.php +++ b/htdocs/admin/prelevement.php @@ -2,7 +2,7 @@ /* Copyright (C) 2005 Rodolphe Quiedeville * Copyright (C) 2005-2010 Laurent Destailleur * Copyright (C) 2005-2010 Regis Houssin - * Copyright (C) 2010-2011 Juanjo Menent + * Copyright (C) 2010-2012 Juanjo Menent * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -47,11 +47,11 @@ if ($action == "set") $db->begin(); for ($i = 0 ; $i < 2 ; $i++) { - $res = dolibarr_set_const($db, $_POST["nom$i"], $_POST["value$i"],'chaine',0,'',$conf->entity); + $res = dolibarr_set_const($db, GETPOST("nom$i",'alpha'), GETPOST("value$i",'alpha'),'chaine',0,'',$conf->entity); if (! $res > 0) $error++; } - $id=$_POST["PRELEVEMENT_ID_BANKACCOUNT"]; + $id=GETPOST('PRELEVEMENT_ID_BANKACCOUNT','int'); $account = new Account($db, $id); if($account->fetch($id)>0) @@ -90,7 +90,7 @@ if ($action == "set") if ($action == "addnotif") { $bon = new BonPrelevement($db); - $bon->AddNotification($db,$_POST["user"],$_POST["action"]); + $bon->AddNotification($db,GETPOST('user','int'),$action); Header("Location: prelevement.php"); exit; @@ -99,7 +99,7 @@ if ($action == "addnotif") if ($action == "deletenotif") { $bon = new BonPrelevement($db); - $bon->DeleteNotificationById($_GET["notif"]); + $bon->DeleteNotificationById(GETPOST('notif','int')); Header("Location: prelevement.php"); exit;