From 661071286e5817e937e828e65250160ca885c248 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marcos=20Garci=CC=81a?= Date: Wed, 8 May 2013 17:23:41 +0200 Subject: [PATCH 1/4] Typo in skeleton module class --- dev/skeletons/modMyModule.class.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dev/skeletons/modMyModule.class.php b/dev/skeletons/modMyModule.class.php index 149228d5ce4..db7a4b81711 100644 --- a/dev/skeletons/modMyModule.class.php +++ b/dev/skeletons/modMyModule.class.php @@ -178,7 +178,7 @@ class modMyModule extends DolibarrModules // Main menu entries - $this->menus = array(); // List of menus to add + $this->menu = array(); // List of menus to add $r=0; // Add here entries to declare new menus From 9427e32e2ed54c1a2bc519a88c057207836df489 Mon Sep 17 00:00:00 2001 From: fhenry Date: Fri, 10 May 2013 15:04:16 +0200 Subject: [PATCH 2/4] Fix security breach (SQL injection) --- htdocs/adherents/fiche.php | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/htdocs/adherents/fiche.php b/htdocs/adherents/fiche.php index 02e0af3a768..57aa72e70ca 100644 --- a/htdocs/adherents/fiche.php +++ b/htdocs/adherents/fiche.php @@ -958,10 +958,11 @@ else $adht = new AdherentType($db); $adht->fetch($object->typeid); + $country=GETPOST('pays','int'); // We set country_id, and country_code, country of the chosen country - if (isset($_POST["pays"]) || $object->country_id) + if (!empty($country) || $object->country_id) { - $sql = "SELECT rowid, code, libelle as label from ".MAIN_DB_PREFIX."c_pays where rowid = ".(isset($_POST["pays"])?$_POST["pays"]:$object->country_id); + $sql = "SELECT rowid, code, libelle as label from ".MAIN_DB_PREFIX."c_pays where rowid = ".(!empty($country)?$country:$object->country_id); $resql=$db->query($sql); if ($resql) { From 526a80dd202bbca396687a502d52c27e06e97fff Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Sat, 11 May 2013 15:04:17 +0200 Subject: [PATCH 3/4] Sec: Param not escaped Fix: Bad return error --- htdocs/core/lib/barcode.lib.php | 27 +++++++++++++++++---------- 1 file changed, 17 insertions(+), 10 deletions(-) diff --git a/htdocs/core/lib/barcode.lib.php b/htdocs/core/lib/barcode.lib.php index f83ea5f433c..67b51748d3e 100644 --- a/htdocs/core/lib/barcode.lib.php +++ b/htdocs/core/lib/barcode.lib.php @@ -74,11 +74,11 @@ function barcode_print($code, $encoding="ANY", $scale = 2 ,$mode = "png") dol_syslog("barcode.lib.php::barcode_print $code $encoding $scale $mode"); $bars=barcode_encode($code,$encoding); - - if (! $bars) + if (! $bars || ! empty($bars['error'])) { // DOLCHANGE LDR Return error message instead of array - $error='Bad Value '.$code.' for encoding '.$encoding; + if (empty($bars['error'])) $error='Bad Value '.$code.' for encoding '.$encoding; + else $error=$bars['error']; dol_syslog('barcode.lib.php::barcode_print '.$error, LOG_ERR); return $error; } @@ -133,7 +133,7 @@ function barcode_encode($code,$encoding) dol_syslog("barcode.lib.php::barcode_encode Use barcode_encode_ean"); $bars=barcode_encode_ean($code, $encoding); } - else if (file_exists($genbarcode_loc)) + else if (file_exists($genbarcode_loc)) // For example C39 { /* use genbarcode */ dol_syslog("barcode.lib.php::barcode_encode Use genbarcode ".$genbarcode_loc." code=".$code." encoding=".$encoding); @@ -252,10 +252,11 @@ function barcode_encode_genbarcode($code,$encoding) $code=preg_replace("/[\\\|]/", "_", $code); $command=escapeshellarg($genbarcode_loc); - $paramclear=" \"".str_replace("\"", "\\\"",$code)."\" \"".str_replace("\"", "\\\"",strtoupper($encoding))."\""; - + //$paramclear=" \"".str_replace("\"", "\\\"",$code)."\" \"".str_replace("\"", "\\\"",strtoupper($encoding))."\""; + $paramclear=" ".escapeshellarg($code)." ".escapeshellarg(strtoupper($encoding)); + $fullcommandclear=$command." ".$paramclear." 2>&1"; - //print $fullcommandclear."
\n"; + //print $fullcommandclear."
\n";exit; dol_syslog("Run command ".$fullcommandclear); $fp=popen($fullcommandclear, "r"); @@ -273,14 +274,20 @@ function barcode_encode_genbarcode($code,$encoding) } //var_dump($bars); $ret=array( - "encoding" => trim($encoding), "bars" => trim($bars), - "text" => trim($text) + "text" => trim($text), + "encoding" => trim($encoding), + "error" => "" ); //var_dump($ret); - if (!$ret['encoding']) return false; + if (preg_match('/permission denied/i',$ret['bars'])) + { + $ret['error']=$ret['bars']; $ret['bars']=''; + return $ret; + } if (!$ret['bars']) return false; if (!$ret['text']) return false; + if (!$ret['encoding']) return false; return $ret; } From 8a90598b23e1b2689848187941f7a96b04907005 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Sat, 11 May 2013 15:12:42 +0200 Subject: [PATCH 4/4] Fix: Escape entities --- htdocs/core/lib/functions.lib.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/htdocs/core/lib/functions.lib.php b/htdocs/core/lib/functions.lib.php index 71dbfbc1b2b..bacda98845d 100644 --- a/htdocs/core/lib/functions.lib.php +++ b/htdocs/core/lib/functions.lib.php @@ -2100,10 +2100,10 @@ function dol_print_error($db='',$error='') $out.="".$langs->trans("PHP").": ".phpversion()."
\n"; //phpinfo(); // This is to show location of php.ini file } - $out.="".$langs->trans("Server").": ".$_SERVER["SERVER_SOFTWARE"]."
\n";; + $out.="".$langs->trans("Server").": ".$_SERVER["SERVER_SOFTWARE"]."
\n"; $out.="
\n"; - $out.="".$langs->trans("RequestedUrl").": ".$_SERVER["REQUEST_URI"]."
\n";; - $out.="".$langs->trans("Referer").": ".(isset($_SERVER["HTTP_REFERER"])?$_SERVER["HTTP_REFERER"]:'')."
\n";; + $out.="".$langs->trans("RequestedUrl").": ".dol_htmlentities($_SERVER["REQUEST_URI"],ENT_COMPAT,'UTF-8')."
\n"; + $out.="".$langs->trans("Referer").": ".(isset($_SERVER["HTTP_REFERER"])?dol_htmlentities($_SERVER["HTTP_REFERER"],ENT_COMPAT,'UTF-8'):'')."
\n"; $out.="".$langs->trans("MenuManager").": ".$conf->top_menu."
\n"; $out.="
\n"; $syslog.="url=".$_SERVER["REQUEST_URI"];