From 2c183fe279cf34753c0b56942ba749743a57f264 Mon Sep 17 00:00:00 2001 From: Philippe GRAND Date: Thu, 21 Nov 2019 09:22:44 +0100 Subject: [PATCH 1/3] fix : invoid sql injection --- htdocs/commande/list.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/commande/list.php b/htdocs/commande/list.php index 1de1e64e0c7..9e34c745fab 100644 --- a/htdocs/commande/list.php +++ b/htdocs/commande/list.php @@ -80,7 +80,7 @@ $search_total_ttc = GETPOST('search_total_ttc', 'alpha'); $search_categ_cus = trim(GETPOST("search_categ_cus", 'int')); $optioncss = GETPOST('optioncss', 'alpha'); $billed = GETPOST('billed', 'int'); -$viewstatut = GETPOST('viewstatut'); +$viewstatut = GETPOST('viewstatut', 'int'); $search_btn = GETPOST('button_search', 'alpha'); $search_remove_btn = GETPOST('button_removefilter', 'alpha'); $search_project_ref = GETPOST('search_project_ref', 'alpha'); From 54d67de538b017aa47dbce26d103c75e3bd37244 Mon Sep 17 00:00:00 2001 From: Philippe GRAND Date: Thu, 21 Nov 2019 09:44:13 +0100 Subject: [PATCH 2/3] fix : invoid sql injection --- htdocs/accountancy/bookkeeping/balance.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/accountancy/bookkeeping/balance.php b/htdocs/accountancy/bookkeeping/balance.php index 02174ea2524..86ec1162832 100644 --- a/htdocs/accountancy/bookkeeping/balance.php +++ b/htdocs/accountancy/bookkeeping/balance.php @@ -38,7 +38,7 @@ require_once DOL_DOCUMENT_ROOT.'/core/class/html.formother.class.php'; // Load translation files required by the page $langs->loadLangs(array("accountancy")); -$page = GETPOST("page"); +$page = GETPOST("page", 'int'); $sortorder = GETPOST("sortorder", 'alpha'); $sortfield = GETPOST("sortfield", 'alpha'); $action = GETPOST('action', 'aZ09'); From 9996c1ca7a9e19b89b0a6c4f122c11a4d43c4f41 Mon Sep 17 00:00:00 2001 From: Philippe GRAND Date: Thu, 21 Nov 2019 09:49:53 +0100 Subject: [PATCH 3/3] fix : invoid sql injection --- htdocs/accountancy/bookkeeping/list.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/htdocs/accountancy/bookkeeping/list.php b/htdocs/accountancy/bookkeeping/list.php index d898be2b208..0db4c7b6c24 100644 --- a/htdocs/accountancy/bookkeeping/list.php +++ b/htdocs/accountancy/bookkeeping/list.php @@ -575,8 +575,8 @@ if ($action == 'delmouv') { } if ($action == 'delbookkeepingyear') { $form_question = array(); - $delyear = GETPOST('delyear'); - $deljournal = GETPOST('deljournal'); + $delyear = GETPOST('delyear', 'int'); + $deljournal = GETPOST('deljournal', 'alpha'); if (empty($delyear)) { $delyear = dol_print_date(dol_now(), '%Y');