lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix SQLi reported by op7ica

Browse Source
This commit is contained in:
Laurent Destailleur 2018-03-15 01:33:46 +01:00
parent 6a70d268e0
commit 4957ea9178
11 changed files with 108 additions and 108 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
htdocs/accountancy/bookkeeping/card.php
View File

@ -153,13 +153,13 @@ else if ($action == "add") {
$book->label_operation= $label_operation;
$book->debit = $debit;
$book->credit = $credit;
$book->doc_date = GETPOST('doc_date');
$book->doc_type = GETPOST('doc_type');
$book->doc_date = GETPOST('doc_date','alpha');
$book->doc_type = GETPOST('doc_type','alpha');
$book->piece_num = $piece_num;
$book->doc_ref = GETPOST('doc_ref');
$book->code_journal = GETPOST('code_journal');
$book->fk_doc = GETPOST('fk_doc');
$book->fk_docdet = GETPOST('fk_docdet');
$book->doc_ref = GETPOST('doc_ref','alpha');
$book->code_journal = GETPOST('code_journal','alpha');
$book->fk_doc = GETPOST('fk_doc','alpha');
$book->fk_docdet = GETPOST('fk_docdet','alpha');
if (floatval($debit) != 0.0) {
$book->montant = $debit;
@ -210,7 +210,7 @@ else if ($action == "confirm_create") {
$book = new BookKeeping($db);
if (! GETPOST('code_journal') || GETPOST('code_journal') == '-1') {
if (! GETPOST('code_journal','alpha') || GETPOST('code_journal','alpha') == '-1') {
setEventMessages($langs->trans('ErrorFieldRequired', $langs->transnoentitiesnoconv("Journal")), null, 'errors');
$action='create';
$error++;
@ -226,11 +226,11 @@ else if ($action == "confirm_create") {
$book->label_compte = '';
$book->debit = 0;
$book->credit = 0;
$book->doc_date = $date_start = dol_mktime(0, 0, 0, GETPOST('doc_datemonth'), GETPOST('doc_dateday'), GETPOST('doc_dateyear'));
$book->doc_type = GETPOST('doc_type');
$book->piece_num = GETPOST('next_num_mvt');
$book->doc_ref = GETPOST('doc_ref');
$book->code_journal = GETPOST('code_journal');
$book->doc_date = $date_start = dol_mktime(0, 0, 0, GETPOST('doc_datemonth','int'), GETPOST('doc_dateday','int'), GETPOST('doc_dateyear','int'));
$book->doc_type = GETPOST('doc_type','alpha');
$book->piece_num = GETPOST('next_num_mvt','alpha');
$book->doc_ref = GETPOST('doc_ref','alpha');
$book->code_journal = GETPOST('code_journal','alpha');
$book->fk_doc = 0;
$book->fk_docdet = 0;
$book->montant = 0;
@ -265,8 +265,8 @@ if ($action == 'setdate') {
}
if ($action == 'setjournal') {
$journaldoc = trim(GETPOST('code_journal'));
$result = $object->updateByMvt($piece_num,'code_journal',$journaldoc,$mode);
$journaldoc = trim(GETPOST('code_journal','alpha'));
$result = $object->updateByMvt($piece_num, 'code_journal', $journaldoc, $mode);
if ($result < 0) {
setEventMessages($object->error, $object->errors, 'errors');
} else {
@ -279,7 +279,7 @@ if ($action == 'setjournal') {
}
if ($action == 'setdocref') {
$refdoc = trim(GETPOST('doc_ref'));
$refdoc = trim(GETPOST('doc_ref','alpha'));
$result = $object->updateByMvt($piece_num,'doc_ref',$refdoc,$mode);
if ($result < 0) {
setEventMessages($object->error, $object->errors, 'errors');
@ -476,11 +476,11 @@ if ($action == 'create')
print '<input type="hidden" name="token" value="' . $_SESSION ['newtoken'] . '">';
print '<input type="hidden" name="action" value="setdocref">';
print '<input type="hidden" name="mode" value="'.$mode.'">';
print '<input type="text" size="20" name="doc_ref" value="'.$book->doc_ref.'">';
print '<input type="text" size="20" name="doc_ref" value="'.dol_escape_htmltag($book->doc_ref).'">';
print '<input type="submit" class="button" value="' . $langs->trans('Modify') . '">';
print '</form>';
} else {
print $book->doc_ref ;
print $book->doc_ref ;
}
print '</td>';
print '</tr>';

2
htdocs/accountancy/class/bookkeeping.class.php
View File

@ -1254,7 +1254,7 @@ class BookKeeping extends CommonObject
// first check if line not yet in bookkeeping
$sql = "DELETE";
$sql .= " FROM " . MAIN_DB_PREFIX . $this->table_element;
$sql .= " WHERE piece_num = " . $piecenum;
$sql .= " WHERE piece_num = " . (int) $piecenum;
$sql .= " AND entity IN (" . getEntity('accountancy') . ")";
$resql = $this->db->query($sql);

96
htdocs/adherents/card.php
View File

@ -298,38 +298,38 @@ if (empty($reshook))
$object->oldcopy = clone $object;
// Change values
$object->civility_id = trim($_POST["civility_id"]);
$object->firstname = trim($_POST["firstname"]);
$object->lastname = trim($_POST["lastname"]);
$object->login = trim($_POST["login"]);
$object->pass = trim($_POST["pass"]);
$object->civility_id = trim(GETPOST("civility_id",'alpha'));
$object->firstname = trim(GETPOST("firstname",'alpha'));
$object->lastname = trim(GETPOST("lastname",'alpha'));
$object->login = trim(GETPOST("login",'alpha'));
$object->pass = trim(GETPOST("pass",'alpha'));
$object->societe = trim($_POST["societe"]);
$object->company = trim($_POST["societe"]);
$object->societe = trim(GETPOST("societe",'alpha'));
$object->company = trim(GETPOST("societe",'alpha'));
$object->address = trim($_POST["address"]);
$object->zip = trim($_POST["zipcode"]);
$object->town = trim($_POST["town"]);
$object->state_id = $_POST["state_id"];
$object->country_id = $_POST["country_id"];
$object->address = trim(GETPOST("address",'alpha'));
$object->zip = trim(GETPOST("zipcode",'alpha'));
$object->town = trim(GETPOST("town",'alpha'));
$object->state_id = GETPOST("state_id",'int');
$object->country_id = GETPOST("country_id",'int');
$object->phone = trim($_POST["phone"]);
$object->phone_perso = trim($_POST["phone_perso"]);
$object->phone_mobile= trim($_POST["phone_mobile"]);
$object->email = trim($_POST["member_email"]);
$object->skype = trim($_POST["skype"]);
$object->phone = trim(GETPOST("phone",'alpha'));
$object->phone_perso = trim(GETPOST("phone_perso",'alpha'));
$object->phone_mobile= trim(GETPOST("phone_mobile",'alpha'));
$object->email = trim(GETPOST("member_email",'alpha'));
$object->skype = trim(GETPOST("skype",'alpha'));
$object->birth = $birthdate;
$object->typeid = $_POST["typeid"];
//$object->note = trim($_POST["comment"]);
$object->morphy = $_POST["morphy"];
$object->typeid = GETPOST("typeid",'int');
//$object->note = trim(GETPOST("comment"]);
$object->morphy = GETPOST("morphy",'alpha');
if (GETPOST('deletephoto')) $object->photo='';
elseif (! empty($_FILES['photo']['name'])) $object->photo = dol_sanitizeFileName($_FILES['photo']['name']);
// Get status and public property
$object->statut = $_POST["statut"];
$object->public = $_POST["public"];
$object->statut = GETPOST("statut",'alpha');
$object->public = GETPOST("public",'alpha');
// Fill array 'array_options' with data from add form
$ret = $extrafields->setOptionalsFromPost($extralabels,$object);
@ -445,32 +445,32 @@ if (empty($reshook))
$datesubscription=dol_mktime(12, 0, 0, $_POST["remonth"], $_POST["reday"], $_POST["reyear"]);
}
$typeid=$_POST["typeid"];
$civility_id=$_POST["civility_id"];
$lastname=$_POST["lastname"];
$firstname=$_POST["firstname"];
$societe=$_POST["societe"];
$address=$_POST["address"];
$zip=$_POST["zipcode"];
$town=$_POST["town"];
$state_id=$_POST["state_id"];
$country_id=$_POST["country_id"];
$typeid=GETPOST("typeid",'int');
$civility_id=GETPOST("civility_id",'int');
$lastname=GETPOST("lastname",'alpha');
$firstname=GETPOST("firstname",'alpha');
$societe=GETPOST("societe",'alpha');
$address=GETPOST("address",'alpha');
$zip=GETPOST("zipcode",'alpha');
$town=GETPOST("town",'alpha');
$state_id=GETPOST("state_id",'int');
$country_id=GETPOST("country_id",'int');
$phone=$_POST["phone"];
$phone_perso=$_POST["phone_perso"];
$phone_mobile=$_POST["phone_mobile"];
$skype=$_POST["member_skype"];
$email=$_POST["member_email"];
$login=$_POST["member_login"];
$pass=$_POST["password"];
$photo=$_POST["photo"];
//$comment=$_POST["comment"];
$morphy=$_POST["morphy"];
$subscription=$_POST["subscription"];
$public=$_POST["public"];
$phone=GETPOST("phone",'alpha');
$phone_perso=GETPOST("phone_perso",'alpha');
$phone_mobile=GETPOST("phone_mobile",'alpha');
$skype=GETPOST("member_skype",'alpha');
$email=GETPOST("member_email",'alpha');
$login=GETPOST("member_login",'alpha');
$pass=GETPOST("password",'alpha');
$photo=GETPOST("photo",'alpha');
//$comment=GETPOST("comment",'none');
$morphy=GETPOST("morphy",'alpha');
$subscription=GETPOST("subscription",'alpha');
$public=GETPOST("public",'alpha');
$userid=$_POST["userid"];
$socid=$_POST["socid"];
$userid=GETPOST("userid",'int');
$socid=GETPOST("socid",'int');
$object->civility_id = $civility_id;
$object->firstname = $firstname;
@ -1093,14 +1093,14 @@ else
$morphys["phy"] = $langs->trans("Physical");
$morphys["mor"] = $langs->trans("Morale");
print '<tr><td><span class="fieldrequired">'.$langs->trans("Nature").'</span></td><td>';
print $form->selectarray("morphy", $morphys, isset($_POST["morphy"])?$_POST["morphy"]:$object->morphy);
print $form->selectarray("morphy", $morphys, (GETPOSTISSET("morphy")?GETPOST("morphy",'alpha'):$object->morphy));
print "</td></tr>";
// Type
print '<tr><td class="fieldrequired">'.$langs->trans("Type").'</td><td>';
if ($user->rights->adherent->creer)
{
print $form->selectarray("typeid", $adht->liste_array(), (isset($_POST["typeid"])?$_POST["typeid"]:$object->typeid));
print $form->selectarray("typeid", $adht->liste_array(), (GETPOSTISSET("typeid")?GETPOST("typeid",'int'):$object->typeid));
}
else
{

4
htdocs/adherents/class/adherent.class.php
View File

@ -439,8 +439,8 @@ class Adherent extends CommonObject
$sql.= ", note_public = ".($this->note_public?"'".$this->db->escape($this->note_public)."'":"null");
$sql.= ", photo = ".($this->photo?"'".$this->db->escape($this->photo)."'":"null");
$sql.= ", public = '".$this->db->escape($this->public)."'";
$sql.= ", statut = ".$this->statut;
$sql.= ", fk_adherent_type = ".$this->typeid;
$sql.= ", statut = ".$this->db->escape($this->statut);
$sql.= ", fk_adherent_type = ".$this->db->escape($this->typeid);
$sql.= ", morphy = '".$this->db->escape($this->morphy)."'";
$sql.= ", birth = ".($this->birth?"'".$this->db->idate($this->birth)."'":"null");
if ($this->datefin) $sql.= ", datefin = '".$this->db->idate($this->datefin)."'"; // Must be modified only when deleting a subscription

2
htdocs/adherents/class/adherent_type.class.php
View File

@ -265,7 +265,7 @@ class AdherentType extends CommonObject
{
$sql = "SELECT d.rowid, d.libelle as label, d.statut, d.subscription, d.mail_valid, d.note, d.vote";
$sql .= " FROM ".MAIN_DB_PREFIX."adherent_type as d";
$sql .= " WHERE d.rowid = ".$rowid;
$sql .= " WHERE d.rowid = ".(int) $rowid;
dol_syslog("Adherent_type::fetch", LOG_DEBUG);

36
htdocs/adherents/list.php
View File

@ -42,23 +42,23 @@ $toselect = GETPOST('toselect', 'array');
// Security check
$result=restrictedArea($user,'adherent');
$filter=GETPOST("filter");
$statut=GETPOST("statut");
$search=GETPOST("search");
$search_ref=GETPOST("search_ref");
$search_lastname=GETPOST("search_lastname");
$search_firstname=GETPOST("search_firstname");
$search_login=GETPOST("search_login");
$search_address=GETPOST("search_address");
$search_zip=GETPOST("search_zip");
$search_town=GETPOST("search_town");
$search_state=GETPOST("search_state");
$search_country=GETPOST("search_country");
$search_phone=GETPOST("search_phone");
$search_phone_perso=GETPOST("search_phone_perso");
$search_phone_mobile=GETPOST("search_phone_mobile");
$search_type=GETPOST("search_type");
$search_email=GETPOST("search_email");
$filter=GETPOST("filter",'alpha');
$statut=GETPOST("statut",'alpha');
$search=GETPOST("search",'alpha');
$search_ref=GETPOST("search_ref",'alpha');
$search_lastname=GETPOST("search_lastname",'alpha');
$search_firstname=GETPOST("search_firstname",'alpha');
$search_login=GETPOST("search_login",'alpha');
$search_address=GETPOST("search_address",'alpha');
$search_zip=GETPOST("search_zip",'alpha');
$search_town=GETPOST("search_town",'alpha');
$search_state=GETPOST("search_state",'alpha');
$search_country=GETPOST("search_country",'alpha');
$search_phone=GETPOST("search_phone",'alpha');
$search_phone_perso=GETPOST("search_phone_perso",'alpha');
$search_phone_mobile=GETPOST("search_phone_mobile",'alpha');
$search_type=GETPOST("search_type",'alpha');
$search_email=GETPOST("search_email",'alpha');
$search_categ = GETPOST("search_categ",'int');
$catid = GETPOST("catid",'int');
$optioncss = GETPOST('optioncss','alpha');
@ -288,7 +288,7 @@ if ($num == 1 && ! empty($conf->global->MAIN_SEARCH_DIRECT_OPEN_IF_ONLY_ONE) &&
llxHeader('',$langs->trans("Member"),'EN:Module_Foundations|FR:Module_Adh&eacute;rents|ES:M&oacute;dulo_Miembros');
$titre=$langs->trans("MembersList");
if (isset($_GET["statut"]))
if (GETPOSTISSET("statut"))
{
if ($statut == '-1,1') { $titre=$langs->trans("MembersListQualified"); }
if ($statut == '-1') { $titre=$langs->trans("MembersListToValid"); }

6
htdocs/admin/company.php
View File

@ -339,18 +339,18 @@ if ($action == 'edit' || $action == 'updateedit')
print '<tr class="oddeven"><td class="fieldrequired"><label for="selectcountry_id">'.$langs->trans("Country").'</label></td><td class="maxwidthonsmartphone">';
//if (empty($country_selected)) $country_selected=substr($langs->defaultlang,-2); // By default, country of localization
print $form->select_country($mysoc->country_id,'country_id');
print $form->select_country($mysoc->country_id, 'country_id');
if ($user->admin) print info_admin($langs->trans("YouCanChangeValuesForThisListFromDictionarySetup"),1);
print '</td></tr>'."\n";
print '<tr class="oddeven"><td><label for="state_id">'.$langs->trans("State").'</label></td><td class="maxwidthonsmartphone">';
$formcompany->select_departement($conf->global->MAIN_INFO_SOCIETE_STATE,$mysoc->country_code,'state_id');
$formcompany->select_departement($conf->global->MAIN_INFO_SOCIETE_STATE, $mysoc->country_code, 'state_id');
print '</td></tr>'."\n";
print '<tr class="oddeven"><td><label for="currency">'.$langs->trans("CompanyCurrency").'</label></td><td>';
print $form->selectCurrency($conf->currency,"currency");
print $form->selectCurrency($conf->currency, "currency");
print '</td></tr>'."\n";

2
htdocs/bookmarks/card.php
View File

@ -35,7 +35,7 @@ if (! $user->rights->bookmark->lire) {
restrictedArea($user, 'bookmarks');
}
$id=GETPOST("id");
$id=GETPOST("id",'int');
$action=GETPOST("action","alpha");
$title=GETPOST("title","alpha");
$url=GETPOST("url","alpha");

28
htdocs/compta/stats/casoc.php
View File

@ -63,18 +63,18 @@ if (! empty($conf->comptabilite->enabled)) $result=restrictedArea($user,'compta'
if (! empty($conf->accounting->enabled)) $result=restrictedArea($user,'accounting','','','comptarapport');
// Date range
$year=GETPOST("year");
$month=GETPOST("month");
$search_societe = GETPOST("search_societe");
$search_zip = GETPOST("search_zip");
$search_town = GETPOST("search_town");
$search_country = GETPOST("search_country");
$date_startyear = GETPOST("date_startyear");
$date_startmonth = GETPOST("date_startmonth");
$date_startday = GETPOST("date_startday");
$date_endyear = GETPOST("date_endyear");
$date_endmonth = GETPOST("date_endmonth");
$date_endday = GETPOST("date_endday");
$year=GETPOST("year",'int');
$month=GETPOST("month",'int');
$search_societe = GETPOST("search_societe",'alpha');
$search_zip = GETPOST("search_zip",'alpha');
$search_town = GETPOST("search_town",'alpha');
$search_country = GETPOST("search_country",'alpha');
$date_startyear = GETPOST("date_startyear",'alpha');
$date_startmonth = GETPOST("date_startmonth",'alpha');
$date_startday = GETPOST("date_startday",'alpha');
$date_endyear = GETPOST("date_endyear",'alpha');
$date_endmonth = GETPOST("date_endmonth",'alpha');
$date_endday = GETPOST("date_endday",'alpha');
if (empty($year))
{
$year_current = strftime("%Y",dol_now());
@ -85,8 +85,8 @@ if (empty($year))
$month_current = strftime("%m",dol_now());
$year_start = $year;
}
$date_start=dol_mktime(0,0,0,$_REQUEST["date_startmonth"],$_REQUEST["date_startday"],$_REQUEST["date_startyear"]);
$date_end=dol_mktime(23,59,59,$_REQUEST["date_endmonth"],$_REQUEST["date_endday"],$_REQUEST["date_endyear"]);
$date_start=dol_mktime(0,0,0,GETPOST("date_startmonth"),GETPOST("date_startday"),GETPOST("date_startyear"));
$date_end=dol_mktime(23,59,59,GETPOST("date_endmonth"),GETPOST("date_endday"),GETPOST("date_endyear"));
// Quarter
if (empty($date_start) || empty($date_end)) // We define date_start and date_end
{

2
htdocs/langs/en_US/categories.lang
View File

@ -16,7 +16,7 @@ MembersCategoriesArea=Members tags/categories area
ContactsCategoriesArea=Contacts tags/categories area
AccountsCategoriesArea=Accounts tags/categories area
ProjectsCategoriesArea=Projects tags/categories area
SubCats=Subcategories
SubCats=Sub-categories
CatList=List of tags/categories
NewCategory=New tag/category
ModifCat=Modify tag/category

4
htdocs/societe/class/societe.class.php
View File

@ -980,9 +980,9 @@ class Societe extends CommonObject
$sql .= ", code_fournisseur = ".(! empty($this->code_fournisseur)?"'".$this->db->escape($this->code_fournisseur)."'":"null");
$sql .= ", code_compta_fournisseur = ".(! empty($this->code_compta_fournisseur)?"'".$this->db->escape($this->code_compta_fournisseur)."'":"null");
}
$sql .= ", fk_user_modif = ".(! empty($user->id)?"'".$user->id."'":"null");
$sql .= ", fk_user_modif = ".($user->id > 0 ? $user->id:"null");
$sql .= ", fk_multicurrency = ".(int) $this->fk_multicurrency;
$sql .= ', multicurrency_code = \''.$this->db->escape($this->multicurrency_code)."'";
$sql .= ", multicurrency_code = '".$this->db->escape($this->multicurrency_code)."'";
$sql .= " WHERE rowid = '" . $id ."'";
$resql=$this->db->query($sql);