lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

FIX BlindBoolean SQL injection reported by Christian Weiler

Browse Source 
<sak1.s3curity@gmail.com>
This commit is contained in:
Laurent Destailleur 2020-06-15 15:08:52 +02:00
parent 1ba03566dc
commit 40e16672e3
6 changed files with 9 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
htdocs/accountancy/customer/card.php
View File

@ -34,8 +34,8 @@ $action = GETPOST('action', 'alpha');
$cancel = GETPOST('cancel', 'alpha');
$backtopage = GETPOST('backtopage', 'alpha');
$codeventil = GETPOST('codeventil');
$id = GETPOST('id');
$codeventil = GETPOST('codeventil', 'int');
$id = GETPOST('id', 'int');
// Security check
if ($user->socid > 0)

4
htdocs/accountancy/expensereport/card.php
View File

@ -38,8 +38,8 @@ $action = GETPOST('action', 'alpha');
$cancel = GETPOST('cancel', 'alpha');
$backtopage = GETPOST('backtopage', 'alpha');
$codeventil = GETPOST('codeventil');
$id = GETPOST('id');
$codeventil = GETPOST('codeventil', 'int');
$id = GETPOST('id', 'int');
// Security check
if ($user->socid > 0)

4
htdocs/accountancy/supplier/card.php
View File

@ -38,8 +38,8 @@ $action = GETPOST('action', 'alpha');
$cancel = GETPOST('cancel', 'alpha');
$backtopage = GETPOST('backtopage', 'alpha');
$codeventil = GETPOST('codeventil');
$id = GETPOST('id');
$codeventil = GETPOST('codeventil', 'int');
$id = GETPOST('id', 'int');
// Security check
if ($user->socid > 0)

2
htdocs/comm/mailing/info.php
View File

@ -27,7 +27,7 @@ require_once DOL_DOCUMENT_ROOT.'/comm/mailing/class/mailing.class.php';
require_once DOL_DOCUMENT_ROOT.'/core/lib/functions2.lib.php';
require_once DOL_DOCUMENT_ROOT.'/core/lib/emailing.lib.php';
$id = GETPOST('id');
$id = GETPOST('id', 'int');
// Load translation files required by the page
$langs->load("mails");

2
htdocs/compta/paiement/info.php
View File

@ -31,7 +31,7 @@ require_once DOL_DOCUMENT_ROOT.'/core/lib/payments.lib.php';
// Load translation files required by the page
$langs->loadLangs(array('bills', 'companies'));
$id = GETPOST('id');
$id = GETPOST('id', 'int');
$ref = GETPOST('ref', 'alpha');
$action = GETPOST('action', 'alpha');
$confirm = GETPOST('confirm', 'alpha');

2
htdocs/variants/ajax/get_attribute_values.php
View File

@ -28,7 +28,7 @@ require_once DOL_DOCUMENT_ROOT.'/variants/class/ProductAttributeValue.class.php'
header('Content-Type: application/json');
$id = GETPOST('id');
$id = GETPOST('id', 'int');
if (!$id) {
print json_encode(array(