FIX sanitize setup params
This commit is contained in:
Laurent Destailleur
parent
5d121b2d3a
commit
6b3e5e2085
@ -75,6 +75,12 @@ else
|
||||
if (GETPOST('button_removefilter_x','alpha') || GETPOST('button_removefilter.x','alpha') ||GETPOST('button_removefilter','alpha')) // All tests are required to be compatible with all browsers
|
||||
{
|
||||
$search_event = '';
|
||||
$action = '';
|
||||
}
|
||||
|
||||
if (GETPOST('button_search_x','alpha') || GETPOST('button_search.x','alpha') ||GETPOST('button_search','alpha')) // To avoid the save when we click on search
|
||||
{
|
||||
$action = '';
|
||||
}
|
||||
|
||||
if ($action == "save" && empty($cancel))
|
||||
@ -106,34 +112,6 @@ if ($action == "save" && empty($cancel))
|
||||
}
|
||||
}
|
||||
|
||||
if (preg_match('/set_(.*)/',$action,$reg))
|
||||
{
|
||||
$code=$reg[1];
|
||||
$value=(GETPOST($code) ? GETPOST($code) : 1);
|
||||
if (dolibarr_set_const($db, $code, $value, 'chaine', 0, '', $conf->entity) > 0)
|
||||
{
|
||||
Header("Location: ".$_SERVER["PHP_SELF"]);
|
||||
exit;
|
||||
}
|
||||
else
|
||||
{
|
||||
dol_print_error($db);
|
||||
}
|
||||
}
|
||||
|
||||
if (preg_match('/del_(.*)/',$action,$reg))
|
||||
{
|
||||
$code=$reg[1];
|
||||
if (dolibarr_del_const($db, $code, $conf->entity) > 0)
|
||||
{
|
||||
Header("Location: ".$_SERVER["PHP_SELF"]);
|
||||
exit;
|
||||
}
|
||||
else
|
||||
{
|
||||
dol_print_error($db);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
|
||||
@ -52,10 +52,10 @@ $type = 'action';
|
||||
|
||||
include DOL_DOCUMENT_ROOT.'/core/actions_setmoduleoptions.inc.php';
|
||||
|
||||
if (preg_match('/set_(.*)/',$action,$reg))
|
||||
if (preg_match('/set_([a-z0-9_\-]+)/i',$action,$reg))
|
||||
{
|
||||
$code=$reg[1];
|
||||
$value=(GETPOST($code) ? GETPOST($code) : 1);
|
||||
$value=(GETPOST($code, 'alpha') ? GETPOST($code, 'alpha') : 1);
|
||||
if (dolibarr_set_const($db, $code, $value, 'chaine', 0, '', $conf->entity) > 0)
|
||||
{
|
||||
Header("Location: ".$_SERVER["PHP_SELF"]);
|
||||
@ -67,7 +67,7 @@ if (preg_match('/set_(.*)/',$action,$reg))
|
||||
}
|
||||
}
|
||||
|
||||
if (preg_match('/del_(.*)/',$action,$reg))
|
||||
if (preg_match('/del_([a-z0-9_\-]+)/i',$action,$reg))
|
||||
{
|
||||
$code=$reg[1];
|
||||
if (dolibarr_del_const($db, $code, $conf->entity) > 0)
|
||||
|
||||
@ -47,10 +47,10 @@ $type = 'action';
|
||||
|
||||
include DOL_DOCUMENT_ROOT.'/core/actions_setmoduleoptions.inc.php';
|
||||
|
||||
if (preg_match('/set_(.*)/',$action,$reg))
|
||||
if (preg_match('/set_([a-z0-9_\-]+)/i',$action,$reg))
|
||||
{
|
||||
$code=$reg[1];
|
||||
$value=(GETPOST($code) ? GETPOST($code) : 1);
|
||||
$value=(GETPOST($code, 'alpha') ? GETPOST($code, 'alpha') : 1);
|
||||
if (dolibarr_set_const($db, $code, $value, 'chaine', 0, '', $conf->entity) > 0)
|
||||
{
|
||||
Header("Location: ".$_SERVER["PHP_SELF"]);
|
||||
@ -62,7 +62,7 @@ if (preg_match('/set_(.*)/',$action,$reg))
|
||||
}
|
||||
}
|
||||
|
||||
if (preg_match('/del_(.*)/',$action,$reg))
|
||||
if (preg_match('/del_([a-z0-9_\-]+)/i',$action,$reg))
|
||||
{
|
||||
$code=$reg[1];
|
||||
if (dolibarr_del_const($db, $code, $conf->entity) > 0)
|
||||
|
||||
@ -33,7 +33,7 @@ if (! $user->admin) accessforbidden();
|
||||
/*
|
||||
* Action
|
||||
*/
|
||||
if (preg_match('/set_(.*)/',$action,$reg))
|
||||
if (preg_match('/set_([a-z0-9_\-]+)/i',$action,$reg))
|
||||
{
|
||||
$code=$reg[1];
|
||||
if (dolibarr_set_const($db, $code, 1, 'chaine', 0, '', $conf->entity) > 0)
|
||||
@ -47,7 +47,7 @@ if (preg_match('/set_(.*)/',$action,$reg))
|
||||
}
|
||||
}
|
||||
|
||||
if (preg_match('/del_(.*)/',$action,$reg))
|
||||
if (preg_match('/del_([a-z0-9_\-]+)/i',$action,$reg))
|
||||
{
|
||||
$code=$reg[1];
|
||||
if (dolibarr_del_const($db, $code, $conf->entity) > 0)
|
||||
|
||||
@ -48,10 +48,11 @@ $action = GETPOST('action', 'alpha');
|
||||
*/
|
||||
|
||||
|
||||
if (preg_match('/set_(.*)/',$action,$reg))
|
||||
if (preg_match('/set_([a-z0-9_\-]+)/i',$action,$reg))
|
||||
{
|
||||
$code=$reg[1];
|
||||
if (dolibarr_set_const($db, $code, GETPOST($code), 'chaine', 0, '', $conf->entity) > 0)
|
||||
$value=(GETPOST($code, 'alpha') ? GETPOST($code, 'alpha') : 1);
|
||||
if (dolibarr_set_const($db, $code, $value, 'chaine', 0, '', $conf->entity) > 0)
|
||||
{
|
||||
header("Location: ".$_SERVER["PHP_SELF"]);
|
||||
exit;
|
||||
@ -62,7 +63,7 @@ if (preg_match('/set_(.*)/',$action,$reg))
|
||||
}
|
||||
}
|
||||
|
||||
if (preg_match('/del_(.*)/',$action,$reg))
|
||||
if (preg_match('/del_([a-z0-9_\-]+)/i',$action,$reg))
|
||||
{
|
||||
$code=$reg[1];
|
||||
if (dolibarr_del_const($db, $code, 0) > 0)
|
||||
|
||||
@ -51,36 +51,7 @@ if (GETPOST('sendit') && ! empty($conf->global->MAIN_UPLOAD_DOC))
|
||||
dol_add_file_process($upload_dir, 0, 0, 'userfile');
|
||||
}
|
||||
|
||||
if (preg_match('/set_(.*)/',$action,$reg))
|
||||
{
|
||||
$code=$reg[1];
|
||||
$value=(GETPOST($code, 'alpha') ? GETPOST($code, 'alpha') : 1);
|
||||
if (dolibarr_set_const($db, $code, $value, 'chaine', 0, '', $conf->entity) > 0)
|
||||
{
|
||||
Header("Location: ".$_SERVER["PHP_SELF"]);
|
||||
exit;
|
||||
}
|
||||
else
|
||||
{
|
||||
dol_print_error($db);
|
||||
}
|
||||
}
|
||||
|
||||
else if (preg_match('/del_(.*)/',$action,$reg))
|
||||
{
|
||||
$code=$reg[1];
|
||||
if (dolibarr_del_const($db, $code, $conf->entity) > 0)
|
||||
{
|
||||
Header("Location: ".$_SERVER["PHP_SELF"]);
|
||||
exit;
|
||||
}
|
||||
else
|
||||
{
|
||||
dol_print_error($db);
|
||||
}
|
||||
}
|
||||
|
||||
else if ($action == 'updateform')
|
||||
if ($action == 'updateform')
|
||||
{
|
||||
$antivircommand = GETPOST('MAIN_ANTIVIRUS_COMMAND','none'); // Use GETPOST none because we must accept ". Example c:\Progra~1\ClamWin\bin\clamscan.exe
|
||||
$antivirparam = GETPOST('MAIN_ANTIVIRUS_PARAM','none'); // Use GETPOST none because we must accept ". Example --database="C:\Program Files (x86)\ClamWin\lib"
|
||||
|
||||
@ -43,10 +43,10 @@ $action=GETPOST('action','alpha');
|
||||
* Actions
|
||||
*/
|
||||
|
||||
if (preg_match('/set_(.*)/',$action,$reg))
|
||||
if (preg_match('/set_([a-z0-9_\-]+)/i',$action,$reg))
|
||||
{
|
||||
$code=$reg[1];
|
||||
$value=(GETPOST($code) ? GETPOST($code) : 1);
|
||||
$value=(GETPOST($code, 'alpha') ? GETPOST($code, 'alpha') : 1);
|
||||
if (dolibarr_set_const($db, $code, $value, 'chaine', 0, '', $conf->entity) > 0)
|
||||
{
|
||||
Header("Location: ".$_SERVER["PHP_SELF"]);
|
||||
@ -58,7 +58,7 @@ if (preg_match('/set_(.*)/',$action,$reg))
|
||||
}
|
||||
}
|
||||
|
||||
else if (preg_match('/del_(.*)/',$action,$reg))
|
||||
else if (preg_match('/del_([a-z0-9_\-]+)/i',$action,$reg))
|
||||
{
|
||||
$code=$reg[1];
|
||||
if (dolibarr_del_const($db, $code, $conf->entity) > 0)
|
||||
|
||||
@ -86,7 +86,7 @@ elseif ($action == 'setdoc')
|
||||
}
|
||||
$res = true;
|
||||
}
|
||||
elseif (preg_match('/set_(.*)/',$action,$reg))
|
||||
elseif (preg_match('/set_([a-z0-9_\-]+)/i',$action,$reg))
|
||||
{
|
||||
$code=$reg[1];
|
||||
if (dolibarr_set_const($db, $code, 1, 'chaine', 0, '', $conf->entity) > 0)
|
||||
@ -100,7 +100,7 @@ elseif (preg_match('/set_(.*)/',$action,$reg))
|
||||
}
|
||||
}
|
||||
|
||||
elseif (preg_match('/del_(.*)/',$action,$reg))
|
||||
elseif (preg_match('/del_([a-z0-9_\-]+)/i',$action,$reg))
|
||||
{
|
||||
$code=$reg[1];
|
||||
if (dolibarr_del_const($db, $code, $conf->entity) > 0)
|
||||
|
||||
@ -83,7 +83,7 @@ elseif ($action == 'setdoc')
|
||||
}
|
||||
$res = true;
|
||||
}
|
||||
elseif (preg_match('/set_(.*)/',$action,$reg))
|
||||
elseif (preg_match('/set_([a-z0-9_\-]+)/i',$action,$reg))
|
||||
{
|
||||
$code=$reg[1];
|
||||
if (dolibarr_set_const($db, $code, 1, 'chaine', 0, '', $conf->entity) > 0)
|
||||
@ -97,7 +97,7 @@ elseif (preg_match('/set_(.*)/',$action,$reg))
|
||||
}
|
||||
}
|
||||
|
||||
elseif (preg_match('/del_(.*)/',$action,$reg))
|
||||
elseif (preg_match('/del_([a-z0-9_\-]+)/i',$action,$reg))
|
||||
{
|
||||
$code=$reg[1];
|
||||
if (dolibarr_del_const($db, $code, $conf->entity) > 0)
|
||||
|
||||
@ -38,7 +38,7 @@ $action=GETPOST('action','aZ09');
|
||||
* Actions
|
||||
*/
|
||||
|
||||
if (preg_match('/set_(.*)/',$action,$reg))
|
||||
if (preg_match('/set_([a-z0-9_\-]+)/i',$action,$reg))
|
||||
{
|
||||
$code=$reg[1];
|
||||
if (dolibarr_set_const($db, $code, 1, 'chaine', 0, '', $conf->entity) > 0)
|
||||
@ -52,7 +52,7 @@ if (preg_match('/set_(.*)/',$action,$reg))
|
||||
}
|
||||
}
|
||||
|
||||
if (preg_match('/del_(.*)/',$action,$reg))
|
||||
if (preg_match('/del_([a-z0-9_\-]+)/i',$action,$reg))
|
||||
{
|
||||
$code=$reg[1];
|
||||
if (dolibarr_del_const($db, $code, $conf->entity) > 0)
|
||||
|
||||
@ -42,7 +42,7 @@ $action=GETPOST('action','alpha');
|
||||
/*
|
||||
* Action
|
||||
*/
|
||||
if (preg_match('/set_(.*)/',$action,$reg))
|
||||
if (preg_match('/set_([a-z0-9_\-]+)/i',$action,$reg))
|
||||
{
|
||||
$code=$reg[1];
|
||||
if (dolibarr_set_const($db, $code, 1, 'yesno', 0, '', $conf->entity) > 0)
|
||||
@ -56,7 +56,7 @@ if (preg_match('/set_(.*)/',$action,$reg))
|
||||
}
|
||||
}
|
||||
|
||||
if (preg_match('/del_(.*)/',$action,$reg))
|
||||
if (preg_match('/del_([a-z0-9_\-]+)/i',$action,$reg))
|
||||
{
|
||||
$code=$reg[1];
|
||||
if (dolibarr_del_const($db, $code, $conf->entity) > 0)
|
||||
|
||||
Loading…
Reference in New Issue
Block a user