lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix: minor vulnerabilities

Browse Source
This commit is contained in:
Regis Houssin 2012-10-20 09:05:24 +02:00
parent 878d5612a1
commit 7e94d8ae52
7 changed files with 55 additions and 52 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
htdocs/admin/modules.php
View File

@ -31,9 +31,10 @@ require_once(DOL_DOCUMENT_ROOT."/core/lib/admin.lib.php");
$langs->load("errors");
$langs->load("admin");
$mode=isset($_GET["mode"])?GETPOST("mode"):(isset($_SESSION['mode'])?$_SESSION['mode']:0);
$mode=GETPOST('mode', 'alpha')?GETPOST('mode', 'alpha'):(isset($_SESSION['mode'])?$_SESSION['mode']:0);
$mesg=GETPOST("mesg");
$action=GETPOST('action');
$action=GETPOST('action', 'alpha');
$value=GETPOST('value', 'alpha');
if (!$user->admin) accessforbidden();
@ -44,7 +45,7 @@ if (!$user->admin) accessforbidden();
if ($action == 'set' && $user->admin)
{
$result=activateModule($_GET["value"]);
$result=activateModule($value);
$mesg='';
if ($result) $mesg=$result;
Header("Location: modules.php?mode=".$mode."&mesg=".urlencode($mesg));
@ -53,7 +54,7 @@ if ($action == 'set' && $user->admin)
if ($action == 'reset' && $user->admin)
{
$result=unActivateModule($_GET["value"]);
$result=unActivateModule($value);
$mesg='';
if ($result) $mesg=$result;
Header("Location: modules.php?mode=".$mode."&mesg=".urlencode($mesg));
@ -128,9 +129,9 @@ foreach ($modulesdir as $dir)
{
$mesg="Error: Module ".$modName." was found twice: Into ".$modNameLoaded[$modName]." and ".$dir.". You probably have an old file on your disk.<br>";
dol_syslog($mesg, LOG_ERR);
continue;
continue;
}
try
{
$res=include_once($dir.$file);

10
htdocs/externalsite/frames.php
View File

@ -34,11 +34,11 @@ if (empty($conf->global->EXTERNALSITE_URL))
llxFooter();
}
$mainmenu=GETPOST('mainmenu');
$leftmenu=GETPOST('leftmenu');
$idmenu=GETPOST('idmenu');
$theme=GETPOST('theme');
$codelang=GETPOST('lang');
$mainmenu=GETPOST('mainmenu', 'alpha');
$leftmenu=GETPOST('leftmenu', 'alpha');
$idmenu=GETPOST('idmenu', 'int');
$theme=GETPOST('theme', 'alpha');
$codelang=GETPOST('lang', 'alpha');
print "
<html>

2
htdocs/index.php
View File

@ -30,7 +30,7 @@ require_once(DOL_DOCUMENT_ROOT."/core/class/html.formother.class.php");
// If not defined, we select menu "home"
if (! isset($_GET["mainmenu"])) $_GET["mainmenu"]="home";
$_GET['mainmenu']=GETPOST('mainmenu', 'alpha')?GETPOST('mainmenu', 'alpha'):'home';
$action=GETPOST('action');

32
htdocs/user/class/user.class.php
View File

@ -282,7 +282,7 @@ class User extends CommonObject
* @param string $allperms Ajouter tous les droits du module allmodule, perms allperms
* @return int > 0 if OK, < 0 if KO
*/
function addrights($rid,$allmodule='',$allperms='')
function addrights($rid, $allmodule='', $allperms='')
{
global $conf;
@ -292,13 +292,13 @@ class User extends CommonObject
$this->db->begin();
if ($rid)
if (! empty($rid))
{
// Si on a demande ajout d'un droit en particulier, on recupere
// les caracteristiques (module, perms et subperms) de ce droit.
$sql = "SELECT module, perms, subperms";
$sql.= " FROM ".MAIN_DB_PREFIX."rights_def";
$sql.= " WHERE id = '".$rid."'";
$sql.= " WHERE id = '".$this->escape($rid)."'";
$sql.= " AND entity = ".$conf->entity;
$result=$this->db->query($sql);
@ -314,21 +314,21 @@ class User extends CommonObject
}
// Where pour la liste des droits a ajouter
$whereforadd="id=".$rid;
$whereforadd="id=".$this->escape($rid);
// Ajout des droits induits
if ($subperms) $whereforadd.=" OR (module='$module' AND perms='$perms' AND (subperms='lire' OR subperms='read'))";
else if ($perms) $whereforadd.=" OR (module='$module' AND (perms='lire' OR perms='read') AND subperms IS NULL)";
if (! empty($subperms)) $whereforadd.=" OR (module='$module' AND perms='$perms' AND (subperms='lire' OR subperms='read'))";
else if (! empty($perms)) $whereforadd.=" OR (module='$module' AND (perms='lire' OR perms='read') AND subperms IS NULL)";
}
else {
// On a pas demande un droit en particulier mais une liste de droits
// sur la base d'un nom de module de de perms
// Where pour la liste des droits a ajouter
if ($allmodule) $whereforadd="module='$allmodule'";
if ($allperms) $whereforadd=" AND perms='$allperms'";
if (! empty($allmodule)) $whereforadd="module='".$this->escape($allmodule)."'";
if (! empty($allperms)) $whereforadd=" AND perms='".$this->escape($allperms)."'";
}
// Ajout des droits trouves grace au critere whereforadd
if ($whereforadd)
if (! empty($whereforadd))
{
//print "$module-$perms-$subperms";
$sql = "SELECT id";
@ -381,7 +381,7 @@ class User extends CommonObject
* @param string $allperms Retirer tous les droits du module allmodule, perms allperms
* @return int > 0 if OK, < 0 if OK
*/
function delrights($rid,$allmodule='',$allperms='')
function delrights($rid, $allmodule='', $allperms='')
{
global $conf;
@ -390,13 +390,13 @@ class User extends CommonObject
$this->db->begin();
if ($rid)
if (! empty($rid))
{
// Si on a demande supression d'un droit en particulier, on recupere
// les caracteristiques module, perms et subperms de ce droit.
$sql = "SELECT module, perms, subperms";
$sql.= " FROM ".MAIN_DB_PREFIX."rights_def";
$sql.= " WHERE id = '".$rid."'";
$sql.= " WHERE id = '".$this->escape($rid)."'";
$sql.= " AND entity = ".$conf->entity;
$result=$this->db->query($sql);
@ -412,7 +412,7 @@ class User extends CommonObject
}
// Where pour la liste des droits a supprimer
$wherefordel="id=".$rid;
$wherefordel="id=".$this->escape($rid);
// Suppression des droits induits
if ($subperms=='lire' || $subperms=='read') $wherefordel.=" OR (module='$module' AND perms='$perms' AND subperms IS NOT NULL)";
if ($perms=='lire' || $perms=='read') $wherefordel.=" OR (module='$module')";
@ -420,12 +420,12 @@ class User extends CommonObject
else {
// On a demande suppression d'un droit sur la base d'un nom de module ou perms
// Where pour la liste des droits a supprimer
if ($allmodule) $wherefordel="module='$allmodule'";
if ($allperms) $wherefordel=" AND perms='$allperms'";
if (! empty($allmodule)) $wherefordel="module='".$this->escape($allmodule)."'";
if (! empty($allperms)) $wherefordel=" AND perms='".$this->escape($allperms)."'";
}
// Suppression des droits selon critere defini dans wherefordel
if ($wherefordel)
if (! empty($wherefordel))
{
//print "$module-$perms-$subperms";
$sql = "SELECT id";

28
htdocs/user/class/usergroup.class.php
View File

@ -229,7 +229,7 @@ class UserGroup extends CommonObject
* @param string $allperms Ajouter tous les droits du module allmodule, perms allperms
* @return int > 0 if OK, < 0 if KO
*/
function addrights($rid,$allmodule='',$allperms='')
function addrights($rid, $allmodule='', $allperms='')
{
global $conf;
@ -239,13 +239,13 @@ class UserGroup extends CommonObject
$this->db->begin();
if ($rid)
if (! empty($rid))
{
// Si on a demande ajout d'un droit en particulier, on recupere
// les caracteristiques (module, perms et subperms) de ce droit.
$sql = "SELECT module, perms, subperms";
$sql.= " FROM ".MAIN_DB_PREFIX."rights_def";
$sql.= " WHERE id = '".$rid."'";
$sql.= " WHERE id = '".$this->escape($rid)."'";
$sql.= " AND entity = ".$conf->entity;
$result=$this->db->query($sql);
@ -261,7 +261,7 @@ class UserGroup extends CommonObject
}
// Where pour la liste des droits a ajouter
$whereforadd="id=".$rid;
$whereforadd="id=".$this->escape($rid);
// Ajout des droits induits
if ($subperms) $whereforadd.=" OR (module='$module' AND perms='$perms' AND (subperms='lire' OR subperms='read'))";
else if ($perms) $whereforadd.=" OR (module='$module' AND (perms='lire' OR perms='read') AND subperms IS NULL)";
@ -272,12 +272,12 @@ class UserGroup extends CommonObject
}
else {
// Where pour la liste des droits a ajouter
if ($allmodule) $whereforadd="module='$allmodule'";
if ($allperms) $whereforadd=" AND perms='$allperms'";
if (! empty($allmodule)) $whereforadd="module='".$this->escape($allmodule)."'";
if (! empty($allperms)) $whereforadd=" AND perms='".$this->escape($allperms)."'";
}
// Ajout des droits de la liste whereforadd
if ($whereforadd)
if (! empty($whereforadd))
{
//print "$module-$perms-$subperms";
$sql = "SELECT id";
@ -330,7 +330,7 @@ class UserGroup extends CommonObject
* @param string $allperms Retirer tous les droits du module allmodule, perms allperms
* @return int > 0 if OK, < 0 if OK
*/
function delrights($rid,$allmodule='',$allperms='')
function delrights($rid, $allmodule='', $allperms='')
{
global $conf;
@ -339,13 +339,13 @@ class UserGroup extends CommonObject
$this->db->begin();
if ($rid)
if (! empty($rid))
{
// Si on a demande supression d'un droit en particulier, on recupere
// les caracteristiques module, perms et subperms de ce droit.
$sql = "SELECT module, perms, subperms";
$sql.= " FROM ".MAIN_DB_PREFIX."rights_def";
$sql.= " WHERE id = '".$rid."'";
$sql.= " WHERE id = '".$this->escape($rid)."'";
$sql.= " AND entity = ".$conf->entity;
$result=$this->db->query($sql);
@ -361,7 +361,7 @@ class UserGroup extends CommonObject
}
// Where pour la liste des droits a supprimer
$wherefordel="id=".$rid;
$wherefordel="id=".$this->escape($rid);
// Suppression des droits induits
if ($subperms=='lire' || $subperms=='read') $wherefordel.=" OR (module='$module' AND perms='$perms' AND subperms IS NOT NULL)";
if ($perms=='lire' || $perms=='read') $wherefordel.=" OR (module='$module')";
@ -372,12 +372,12 @@ class UserGroup extends CommonObject
}
else {
// Where pour la liste des droits a supprimer
if ($allmodule) $wherefordel="module='$allmodule'";
if ($allperms) $wherefordel=" AND perms='$allperms'";
if (! empty($allmodule)) $wherefordel="module='".$this->escape($allmodule)."'";
if (! empty($allperms)) $wherefordel=" AND perms='".$this->escape($allperms)."'";
}
// Suppression des droits de la liste wherefordel
if ($wherefordel)
if (! empty($wherefordel))
{
//print "$module-$perms-$subperms";
$sql = "SELECT id";

15
htdocs/user/group/perms.php
View File

@ -33,9 +33,10 @@ $langs->load("users");
$langs->load("admin");
$id=GETPOST('id','int');
$action=GETPOST("action");
$confirm=GETPOST("confirm");
$module=GETPOST("module");
$action=GETPOST('action', 'alpha');
$confirm=GETPOST('confirm', 'alpha');
$module=GETPOST('module', 'alpha');
$rights=GETPOST('rights', 'int');
// Defini si peux lire les permissions
$canreadperms=($user->admin || $user->rights->user->user->lire);
@ -60,14 +61,14 @@ if ($action == 'addrights' && $caneditperms)
{
$editgroup = new Usergroup($db);
$result=$editgroup->fetch($id);
if ($result > 0) $editgroup->addrights($_GET["rights"],$module);
if ($result > 0) $editgroup->addrights($rights, $module);
}
if ($action == 'delrights' && $caneditperms)
{
$editgroup = new Usergroup($db);
$result=$editgroup->fetch($id);
if ($result > 0) $editgroup->delrights($_GET["rights"],$module);
if ($result > 0) $editgroup->delrights($rights, $module);
}
@ -160,7 +161,7 @@ if ($id)
{
$sql.= " AND r.entity IN (0,".$conf->entity.")";
}
$sql.= " AND ugr.fk_usergroup = ".$fgroup->id;
$result=$db->query($sql);
@ -250,7 +251,7 @@ if ($id)
$i = 0;
$var = true;
$oldmod = '';
$num = $db->num_rows($result);
while ($i < $num)

7
htdocs/user/perms.php
View File

@ -34,7 +34,8 @@ $langs->load("admin");
$id=GETPOST('id', 'int');
$action=GETPOST('action', 'alpha');
$confirm=GETPOST('confirm', 'alpha');
$module=GETPOST('module');
$module=GETPOST('module', 'alpha');
$rights=GETPOST('rights', 'int');
if (! isset($id) || empty($id)) accessforbidden();
@ -70,7 +71,7 @@ if ($action == 'addrights' && $caneditperms)
{
$edituser = new User($db);
$edituser->fetch($id);
$edituser->addrights($_GET["rights"],$module);
$edituser->addrights($rights, $module);
// Si on a touche a ses propres droits, on recharge
if ($id == $user->id)
@ -84,7 +85,7 @@ if ($action == 'delrights' && $caneditperms)
{
$edituser = new User($db);
$edituser->fetch($id);
$edituser->delrights($_GET["rights"],$module);
$edituser->delrights($rights, $module);
// Si on a touche a ses propres droits, on recharge
if ($id == $user->id)