lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

FIX XSS

Browse Source 
Conflicts:
	htdocs/viewimage.php
This commit is contained in:
Laurent Destailleur 2019-01-31 10:16:49 +01:00
parent 231395dab8
commit 484b4371c1
2 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
htdocs/document.php
View File

@ -81,7 +81,7 @@ require_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php';
$encoding = '';
$action=GETPOST('action','alpha');
$original_file=GETPOST('file','alpha'); // Do not use urldecode here ($_GET are already decoded by PHP).
$original_file=GETPOST('file','alphanohtml'); // Do not use urldecode here ($_GET are already decoded by PHP).
$hashp=GETPOST('hashp','aZ09');
$modulepart=GETPOST('modulepart','alpha');
$urlsource=GETPOST('urlsource','alpha');

2
htdocs/viewimage.php
View File

@ -62,7 +62,7 @@ require_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php';
$action=GETPOST('action','alpha');
$original_file=GETPOST("file",'alpha');
$original_file=GETPOST('file','alphanohtml'); // Do not use urldecode here ($_GET are already decoded by PHP).
$modulepart=GETPOST('modulepart','alpha');
$urlsource=GETPOST("urlsource",'alpha');
$entity=GETPOST('entity','int')?GETPOST('entity','int'):$conf->entity;