lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix for bug #18801: les variables _GET et _POST ne doivent plus passer

Browse Source 
par strislashes, c'est deja fait en main.inc.php
This commit is contained in:
liedekef 2007-01-16 22:33:30 +00:00
parent a0149a378e
commit 6854dc40fd
3 changed files with 12 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
htdocs/compta/prelevement/liste_factures.php
View File

@ -104,7 +104,7 @@ if ($result)
print '<td class="liste_titre">';
print '<input size="8" class="flat" type="text" name="search_fac" value="'.$_GET["search_fac"].'">';
print '</td><td class="liste_titre">';
print '<input size="20" class="flat" type="text" name="search_nom" value="'.stripslashes($_GET["search_nom"]).'">';
print '<input size="20" class="flat" type="text" name="search_nom" value="'.$_GET["search_nom"].'">';
print '</td>';
print '<td class="liste_titre" colspan="2" align="right"><input type="image" class="liste_titre" src="'.DOL_URL_ROOT.'/theme/'.$conf->theme.'/img/search.png" name="button_search" alt="'.$langs->trans("Search").'"></td>';
print "</tr>\n";

2
htdocs/projet/liste.php
View File

@ -117,7 +117,7 @@ if ($resql)
print '<input type="text" class="flat" name="search_ref" value="'.$_GET["search_ref"].'">';
print '</td>';
print '<td valign="right">';
print '<input type="text" class="flat" name="search_label" value="'.stripslashes($_GET["search_label"]).'">';
print '<input type="text" class="flat" name="search_label" value="'.$_GET["search_label"].'">';
print '</td>';
print '<td valign="right">';
print '<input type="text" class="flat" name="search_societe" value="'.$_GET["search_societe"].'">';

20
htdocs/telephonie/client/new.php
View File

@ -278,18 +278,18 @@ if ($_POST["action"] == 'add')
/* Fin Verif Tarif */
$soc->nom = stripslashes($_POST["nom"]);
$soc->adresse = stripslashes($_POST["adresse"]);
$soc->cp = stripslashes($_POST["cp"]);
$soc->ville = stripslashes($_POST["ville"]);
$soc->pays_id = stripslashes($_POST["pays_id"]);
$soc->tel = stripslashes($_POST["tel"]);
$soc->fax = stripslashes($_POST["fax"]);
$soc->nom = $_POST["nom"];
$soc->adresse = $_POST["adresse"];
$soc->cp = $_POST["cp"];
$soc->ville = $_POST["ville"];
$soc->pays_id = $_POST["pays_id"];
$soc->tel = $_POST["tel"];
$soc->fax = $_POST["fax"];
$soc->url = ereg_replace( "http://", "", $_POST["url"] );
$soc->code_client = $_POST["code_client"];
$soc->code_fournisseur = stripslashes($_POST["code_fournisseur"]);
$soc->codeclient_modifiable = stripslashes($_POST["codeclient_modifiable"]);
$soc->codefournisseur_modifiable = stripslashes($_POST["codefournisseur_modifiable"]);
$soc->code_fournisseur = $_POST["code_fournisseur"];
$soc->codeclient_modifiable = $_POST["codeclient_modifiable"];
$soc->codefournisseur_modifiable = $_POST["codefournisseur_modifiable"];
$soc->client = 1;
$soc->fournisseur = 0;