lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

FIX CVE-2020-7994

Browse Source
This commit is contained in:
Laurent Destailleur 2020-02-02 15:01:57 +01:00
parent bd322dc12e
commit 967d97ccd7
4 changed files with 29 additions and 30 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
htdocs/admin/company.php
View File

@ -95,15 +95,15 @@ if (($action == 'update' && !GETPOST("cancel", 'alpha'))
dolibarr_set_const($db, "MAIN_INFO_SOCIETE_NOM", GETPOST("nom", 'nohtml'), 'chaine', 0, '', $conf->entity);
dolibarr_set_const($db, "MAIN_INFO_SOCIETE_ADDRESS", GETPOST("MAIN_INFO_SOCIETE_ADDRESS", 'nohtml'), 'chaine', 0, '', $conf->entity);
dolibarr_set_const($db, "MAIN_INFO_SOCIETE_TOWN", GETPOST("MAIN_INFO_SOCIETE_TOWN", 'nohtml'), 'chaine', 0, '', $conf->entity);
dolibarr_set_const($db, "MAIN_INFO_SOCIETE_ZIP", GETPOST("MAIN_INFO_SOCIETE_ZIP", 'alpha'), 'chaine', 0, '', $conf->entity);
dolibarr_set_const($db, "MAIN_INFO_SOCIETE_REGION", GETPOST("region_code", 'alpha'), 'chaine', 0, '', $conf->entity);
dolibarr_set_const($db, "MAIN_INFO_SOCIETE_ZIP", GETPOST("MAIN_INFO_SOCIETE_ZIP", 'alphanohtml'), 'chaine', 0, '', $conf->entity);
dolibarr_set_const($db, "MAIN_INFO_SOCIETE_REGION", GETPOST("region_code", 'alphanohtml'), 'chaine', 0, '', $conf->entity);
dolibarr_set_const($db, "MAIN_MONNAIE", GETPOST("currency", 'aZ09'), 'chaine', 0, '', $conf->entity);
dolibarr_set_const($db, "MAIN_INFO_SOCIETE_TEL", GETPOST("tel", 'alpha'), 'chaine', 0, '', $conf->entity);
dolibarr_set_const($db, "MAIN_INFO_SOCIETE_FAX", GETPOST("fax", 'alpha'), 'chaine', 0, '', $conf->entity);
dolibarr_set_const($db, "MAIN_INFO_SOCIETE_MAIL", GETPOST("mail", 'alpha'), 'chaine', 0, '', $conf->entity);
dolibarr_set_const($db, "MAIN_INFO_SOCIETE_WEB", GETPOST("web", 'alpha'), 'chaine', 0, '', $conf->entity);
dolibarr_set_const($db, "MAIN_INFO_SOCIETE_TEL", GETPOST("tel", 'alphanohtml'), 'chaine', 0, '', $conf->entity);
dolibarr_set_const($db, "MAIN_INFO_SOCIETE_FAX", GETPOST("fax", 'alphanohtml'), 'chaine', 0, '', $conf->entity);
dolibarr_set_const($db, "MAIN_INFO_SOCIETE_MAIL", GETPOST("mail", 'alphanohtml'), 'chaine', 0, '', $conf->entity);
dolibarr_set_const($db, "MAIN_INFO_SOCIETE_WEB", GETPOST("web", 'alphanohtml'), 'chaine', 0, '', $conf->entity);
dolibarr_set_const($db, "MAIN_INFO_SOCIETE_NOTE", GETPOST("note", 'none'), 'chaine', 0, '', $conf->entity);
dolibarr_set_const($db, "MAIN_INFO_SOCIETE_GENCOD", GETPOST("barcode", 'alpha'), 'chaine', 0, '', $conf->entity);
dolibarr_set_const($db, "MAIN_INFO_SOCIETE_GENCOD", GETPOST("barcode", 'alphanohtml'), 'chaine', 0, '', $conf->entity);
$dirforimage = $conf->mycompany->dir_output.'/logos/';

2
htdocs/admin/const.php
View File

@ -40,7 +40,7 @@ $update=GETPOST('update', 'alpha');
$delete=GETPOST('delete', 'none'); // Do not use alpha here
$debug=GETPOST('debug', 'int');
$consts=GETPOST('const', 'array');
$constname=GETPOST('constname', 'alpha');
$constname=GETPOST('constname', 'alphanohtml');
$constvalue=GETPOST('constvalue', 'none'); // We shoul dbe able to send everything here
$constnote=GETPOST('constnote', 'alpha');

24
htdocs/admin/defaultvalues.php
View File

@ -1,5 +1,5 @@
<?php
/* Copyright (C) 2017-2018 Laurent Destailleur <eldy@users.sourceforge.net>
/* Copyright (C) 2017-2020 Laurent Destailleur <eldy@users.sourceforge.net>
* Copyright (C) 2017-2018 Regis Houssin <regis.houssin@inodbox.com>
*
* This program is free software; you can redistribute it and/or modify
@ -52,15 +52,15 @@ $pagenext = $page + 1;
if (!$sortfield) $sortfield = 'page,param';
if (!$sortorder) $sortorder = 'ASC';
$defaulturl = GETPOST('defaulturl');
$defaultkey = GETPOST('defaultkey', 'alpha');
$defaultvalue = GETPOST('defaultvalue');
$defaulturl = GETPOST('defaulturl', 'alphanohtml');
$defaultkey = GETPOST('defaultkey', 'alphanohtml');
$defaultvalue = GETPOST('defaultvalue', 'none');
$defaulturl = preg_replace('/^\//', '', $defaulturl);
$urlpage = GETPOST('urlpage');
$key = GETPOST('key');
$value = GETPOST('value');
$urlpage = GETPOST('urlpage', 'alphanohtml');
$key = GETPOST('key', 'alphanohtml');
$value = GETPOST('value', 'none');
// Initialize technical object to manage hooks of page. Note that conf->hooks_modules contains array of hook context
$hookmanager->initHooks(array('admindefaultvalues', 'globaladmin'));
@ -210,9 +210,9 @@ print load_fiche_titre($langs->trans("DefaultValues"), $enabledisablehtml, 'titl
print '<span class="opacitymedium">'.$langs->trans("DefaultValuesDesc")."</span><br>\n";
print "<br>\n";
if (!empty($contextpage) && $contextpage != $_SERVER["PHP_SELF"]) $param .= '&contextpage='.$contextpage;
if ($limit > 0 && $limit != $conf->liste_limit) $param .= '&limit='.$limit;
if ($optioncss != '') $param .= '&optioncss='.$optioncss;
if (!empty($contextpage) && $contextpage != $_SERVER["PHP_SELF"]) $param .= '&contextpage='.urlencode($contextpage);
if ($limit > 0 && $limit != $conf->liste_limit) $param .= '&limit='.urlencode($limit);
if ($optioncss != '') $param .= '&optioncss='.urlencode($optioncss);
if ($defaulturl) $param .= '&defaulturl='.urlencode($defaulturl);
if ($defaultkey) $param .= '&defaultkey='.urlencode($defaultkey);
if ($defaultvalue) $param .= '&defaultvalue='.urlencode($defaultvalue);
@ -359,7 +359,7 @@ if ($result)
// Page
print '<td>';
if ($action != 'edit' || GETPOST('rowid') != $obj->rowid) print $obj->page;
if ($action != 'edit' || GETPOST('rowid', 'int') != $obj->rowid) print $obj->page;
else print '<input type="text" name="urlpage" value="'.dol_escape_htmltag($obj->page).'">';
print '</td>'."\n";
@ -378,7 +378,7 @@ if ($result)
print '<input type="hidden" name="const['.$i.'][name]" value="'.$obj->transkey.'">';
print '<input type="text" id="value_'.$i.'" class="flat inputforupdate" size="30" name="const['.$i.'][value]" value="'.dol_escape_htmltag($obj->transvalue).'">';
*/
if ($action != 'edit' || GETPOST('rowid') != $obj->rowid) print $obj->value;
if ($action != 'edit' || GETPOST('rowid') != $obj->rowid) print dol_escape_htmltag($obj->value);
else print '<input type="text" name="value" value="'.dol_escape_htmltag($obj->value).'">';
print '</td>';
}

19
htdocs/admin/translation.php
View File

@ -1,5 +1,5 @@
<?php
/* Copyright (C) 2007-2016 Laurent Destailleur <eldy@users.sourceforge.net>
/* Copyright (C) 2007-2020 Laurent Destailleur <eldy@users.sourceforge.net>
* Copyright (C) 2009-2017 Regis Houssin <regis.houssin@inodbox.com>
* Copyright (C) 2017 Frédéric France <frederic.france@free.fr>
*
@ -35,9 +35,9 @@ if (!$user->admin) accessforbidden();
$id = GETPOST('rowid', 'int');
$action = GETPOST('action', 'alpha');
$langcode = GETPOST('langcode', 'alpha');
$transkey = GETPOST('transkey', 'alpha');
$transvalue = GETPOST('transvalue', 'alpha');
$langcode = GETPOST('langcode', 'alphanohtml');
$transkey = GETPOST('transkey', 'alphanohtml');
$transvalue = GETPOST('transvalue', 'none');
$mode = GETPOST('mode', 'aZ09') ?GETPOST('mode', 'aZ09') : 'overwrite';
@ -190,7 +190,6 @@ if ($action == 'delete')
/*
* View
*/
@ -231,9 +230,9 @@ print '<span class="opacitymedium">'.$form->textwithpicto($langs->trans("Current
print '<br>';
if (! empty($contextpage) && $contextpage != $_SERVER["PHP_SELF"]) $param.='&contextpage='.$contextpage;
if ($limit > 0 && $limit != $conf->liste_limit) $param.='&limit='.$limit;
if ($optioncss != '') $param.='&optioncss='.$optioncss;
if (! empty($contextpage) && $contextpage != $_SERVER["PHP_SELF"]) $param.='&contextpage='.urlencode($contextpage);
if ($limit > 0 && $limit != $conf->liste_limit) $param.='&limit='.urlencode($limit);
if ($optioncss != '') $param.='&optioncss='.urlencode($optioncss);
if ($langcode) $param.='&langcode='.urlencode($langcode);
if ($transkey) $param.='&transkey='.urlencode($transkey);
if ($transvalue) $param.='&transvalue='.urlencode($transvalue);
@ -348,11 +347,11 @@ if ($mode == 'overwrite')
*/
if ($action == 'edit' && $obj->rowid == GETPOST('rowid', 'int'))
{
print '<input type="text" class="quatrevingtpercent" name="transvalue" value="'.$obj->transvalue.'">';
print '<input type="text" class="quatrevingtpercent" name="transvalue" value="'.dol_escape_htmltag($obj->transvalue).'">';
}
else
{
print $obj->transvalue;
print dol_escape_htmltag($obj->transvalue);
}
print '</td>';