lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

FIX XSS Vulnerability

Browse Source
This commit is contained in:
Laurent Destailleur 2020-04-15 02:32:55 +02:00
parent c3b8949e2e
commit 53ceef5b6a
1 changed files with 15 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
htdocs/admin/ldap.php
View File

@ -3,7 +3,7 @@
* Copyright (C) 2004 Sebastien Di Cintio <sdicintio@ressource-toi.org>
* Copyright (C) 2004 Benoit Mortier <benoit.mortier@opensides.be>
* Copyright (C) 2005-2017 Regis Houssin <regis.houssin@inodbox.com>
* Copyright (C) 2006-2011 Laurent Destailleur <eldy@users.sourceforge.net>
* Copyright (C) 2006-2020 Laurent Destailleur <eldy@users.sourceforge.net>
* Copyright (C) 2011-2013 Juanjo Menent <jmenent@2byte.es>
*
* This program is free software; you can redistribute it and/or modify
@ -23,7 +23,7 @@
/**
* \file htdocs/admin/ldap.php
* \ingroup ldap
* \brief Page d'administration/configuration du module Ldap
* \brief Page to setup module LDAP
*/
require '../main.inc.php';
@ -57,19 +57,19 @@ if (empty($reshook))
$error=0;
$db->begin();
if (! dolibarr_set_const($db, 'LDAP_SERVER_TYPE', GETPOST("type"), 'chaine', 0, '', $conf->entity)) $error++;
if (! dolibarr_set_const($db, 'LDAP_SERVER_PROTOCOLVERSION', GETPOST("LDAP_SERVER_PROTOCOLVERSION"), 'chaine', 0, '', $conf->entity)) $error++;
if (! dolibarr_set_const($db, 'LDAP_SERVER_HOST', GETPOST("host"), 'chaine', 0, '', $conf->entity)) $error++;
if (! dolibarr_set_const($db, 'LDAP_SERVER_HOST_SLAVE', GETPOST("slave"), 'chaine', 0, '', $conf->entity)) $error++;
if (! dolibarr_set_const($db, 'LDAP_SERVER_PORT', GETPOST("port"), 'chaine', 0, '', $conf->entity)) $error++;
if (! dolibarr_set_const($db, 'LDAP_SERVER_DN', GETPOST("dn"), 'chaine', 0, '', $conf->entity)) $error++;
if (! dolibarr_set_const($db, 'LDAP_ADMIN_DN', GETPOST("admin"), 'chaine', 0, '', $conf->entity)) $error++;
if (! dolibarr_set_const($db, 'LDAP_ADMIN_PASS', GETPOST("pass"), 'chaine', 0, '', $conf->entity)) $error++;
if (! dolibarr_set_const($db, 'LDAP_SERVER_USE_TLS', GETPOST("usetls"), 'chaine', 0, '', $conf->entity)) $error++;
if (! dolibarr_set_const($db, 'LDAP_SYNCHRO_ACTIVE', GETPOST("activesynchro"), 'chaine', 0, '', $conf->entity)) $error++;
if (! dolibarr_set_const($db, 'LDAP_CONTACT_ACTIVE', GETPOST("activecontact"), 'chaine', 0, '', $conf->entity)) $error++;
if (! dolibarr_set_const($db, 'LDAP_MEMBER_ACTIVE', GETPOST("activemembers"), 'chaine', 0, '', $conf->entity)) $error++;
if (! dolibarr_set_const($db, 'LDAP_MEMBER_TYPE_ACTIVE', GETPOST("activememberstypes"), 'chaine', 0, '', $conf->entity)) $error++;
if (! dolibarr_set_const($db, 'LDAP_SERVER_TYPE', GETPOST("type", 'aZ09'), 'chaine', 0, '', $conf->entity)) $error++;
if (! dolibarr_set_const($db, 'LDAP_SERVER_PROTOCOLVERSION', GETPOST("LDAP_SERVER_PROTOCOLVERSION", 'aZ09'), 'chaine', 0, '', $conf->entity)) $error++;
if (! dolibarr_set_const($db, 'LDAP_SERVER_HOST', GETPOST("host", 'alphanohtml'), 'chaine', 0, '', $conf->entity)) $error++;
if (! dolibarr_set_const($db, 'LDAP_SERVER_HOST_SLAVE', GETPOST("slave", 'alphanohtml'), 'chaine', 0, '', $conf->entity)) $error++;
if (! dolibarr_set_const($db, 'LDAP_SERVER_PORT', GETPOST("port", 'int'), 'chaine', 0, '', $conf->entity)) $error++;
if (! dolibarr_set_const($db, 'LDAP_SERVER_DN', GETPOST("dn", 'alphanohtml'), 'chaine', 0, '', $conf->entity)) $error++;
if (! dolibarr_set_const($db, 'LDAP_ADMIN_DN', GETPOST("admin", 'alphanohtml'), 'chaine', 0, '', $conf->entity)) $error++;
if (! dolibarr_set_const($db, 'LDAP_ADMIN_PASS', GETPOST("pass", 'none'), 'chaine', 0, '', $conf->entity)) $error++;
if (! dolibarr_set_const($db, 'LDAP_SERVER_USE_TLS', GETPOST("usetls", 'aZ09'), 'chaine', 0, '', $conf->entity)) $error++;
if (! dolibarr_set_const($db, 'LDAP_SYNCHRO_ACTIVE', GETPOST("activesynchro", 'aZ09'), 'chaine', 0, '', $conf->entity)) $error++;
if (! dolibarr_set_const($db, 'LDAP_CONTACT_ACTIVE', GETPOST("activecontact", 'aZ09'), 'chaine', 0, '', $conf->entity)) $error++;
if (! dolibarr_set_const($db, 'LDAP_MEMBER_ACTIVE', GETPOST("activemembers", 'aZ09'), 'chaine', 0, '', $conf->entity)) $error++;
if (! dolibarr_set_const($db, 'LDAP_MEMBER_TYPE_ACTIVE', GETPOST("activememberstypes", 'aZ09'), 'chaine', 0, '', $conf->entity)) $error++;
if (! $error)
{