lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

FIX Param joinfiles not sanitized

Browse Source
This commit is contained in:
Laurent Destailleur 2020-11-26 23:05:49 +01:00
parent 61c0c7f0a6
commit 4114201da9
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
htdocs/admin/mails_templates.php
View File

@ -325,7 +325,7 @@ if (empty($reshook)) {
}
} elseif ($keycode == 'content') {
$sql .= "'".$db->escape(GETPOST($keycode, 'restricthtml'))."'";
} elseif (in_array($keycode, array('joinfile', 'private', 'position'))) {
} elseif (in_array($keycode, array('joinfiles', 'private', 'position'))) {
$sql .= (int) GETPOST($keycode, 'int');
} else {
$sql .= "'".$db->escape(GETPOST($keycode, 'nohtml'))."'";
@ -385,7 +385,7 @@ if (empty($reshook)) {
}
} elseif ($keycode == 'content') {
$sql .= "'".$db->escape(GETPOST($keycode, 'restricthtml'))."'";
} elseif (in_array($keycode, array('joinfile', 'private', 'position'))) {
} elseif (in_array($keycode, array('joinfiles', 'private', 'position'))) {
$sql .= (int) GETPOST($keycode, 'int');
} else {
$sql .= "'".$db->escape(GETPOST($keycode, 'nohtml'))."'";
@ -417,7 +417,7 @@ if (empty($reshook)) {
$sql = "DELETE from ".$tabname[$id]." WHERE ".$rowidcol."=".((int) $rowid);
if (!$user->admin) { // A non admin user can only edit its own template
$sql .= " AND fk_user = ".((int) $user->id;
$sql .= " AND fk_user = ".((int) $user->id);
}
dol_syslog("delete", LOG_DEBUG);
$result = $db->query($sql);