lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix: Too much sanitizing

Browse Source
This commit is contained in:
Laurent Destailleur 2012-11-03 00:47:09 +01:00
parent f8a9733b73
commit 8709933288
5 changed files with 13 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
htdocs/admin/commande.php
View File

@ -209,7 +209,8 @@ if ($action == 'set_COMMANDE_DRAFT_WATERMARK')
if ($action == 'set_COMMANDE_FREE_TEXT')
{
$freetext = GETPOST("COMMANDE_FREE_TEXT");
$freetext = GETPOST("COMMANDE_FREE_TEXT"); // No alpha here, we want exact string
$res = dolibarr_set_const($db, "COMMANDE_FREE_TEXT",$freetext,'chaine',0,'',$conf->entity);
if (! $res > 0) $error++;
@ -407,12 +408,12 @@ foreach ($dirmodels as $reldir)
}
closedir($handle);
arsort($filelist);
foreach($filelist as $file)
{
if (preg_match('/\.modules\.php$/i',$file) && preg_match('/^(pdf_|doc_)/',$file))
{
if (file_exists($dir.'/'.$file))
{
$name = substr($file, 4, dol_strlen($file) -16);

4
htdocs/admin/facture.php
View File

@ -254,9 +254,9 @@ if ($action == 'set_FACTURE_DRAFT_WATERMARK')
if ($action == 'set_FACTURE_FREE_TEXT')
{
$free = GETPOST('FACTURE_FREE_TEXT','alpha');
$freetext = GETPOST('FACTURE_FREE_TEXT'); // No alpha here, we want exact string
$res = dolibarr_set_const($db, "FACTURE_FREE_TEXT",$free,'chaine',0,'',$conf->entity);
$res = dolibarr_set_const($db, "FACTURE_FREE_TEXT",$freetext,'chaine',0,'',$conf->entity);
if (! $res > 0) $error++;

5
htdocs/admin/fournisseur.php
View File

@ -250,8 +250,9 @@ if ($action == 'addcat')
if ($action == 'set_SUPPLIER_INVOICE_FREE_TEXT')
{
$free = GETPOST('SUPPLIER_INVOICE_FREE_TEXT','alpha');
$res = dolibarr_set_const($db, "SUPPLIER_INVOICE_FREE_TEXT",$free,'chaine',0,'',$conf->entity);
$freetext = GETPOST('SUPPLIER_INVOICE_FREE_TEXT'); // No alpha here, we want exact string
$res = dolibarr_set_const($db, "SUPPLIER_INVOICE_FREE_TEXT",$freetext,'chaine',0,'',$conf->entity);
if (! $res > 0) $error++;

2
htdocs/admin/propal.php
View File

@ -130,7 +130,7 @@ if ($action == 'set_PROPALE_DRAFT_WATERMARK')
if ($action == 'set_PROPALE_FREE_TEXT')
{
$freetext = GETPOST('PROPALE_FREE_TEXT','alpha');
$freetext = GETPOST('PROPALE_FREE_TEXT'); // No alpha here, we want exact string
$res = dolibarr_set_const($db, "PROPALE_FREE_TEXT",$freetext,'chaine',0,'',$conf->entity);

5
htdocs/compta/bank/admin/bank.php
View File

@ -45,8 +45,9 @@ $action = GETPOST('action','alpha');
if ($action == 'set_BANK_CHEQUERECEIPT_FREE_TEXT')
{
$free = GETPOST('BANK_CHEQUERECEIPT_FREE_TEXT','alpha');
$res = dolibarr_set_const($db, "BANK_CHEQUERECEIPT_FREE_TEXT",$free,'chaine',0,'',$conf->entity);
$freetext = GETPOST('BANK_CHEQUERECEIPT_FREE_TEXT'); // No alpha here, we want exact string
$res = dolibarr_set_const($db, "BANK_CHEQUERECEIPT_FREE_TEXT",$freetext,'chaine',0,'',$conf->entity);
if (! $res > 0) $error++;