From 96c1814793bba17ba56d83d7b29d584cd6b2f97d Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Thu, 27 Sep 2018 11:33:28 +0200
Subject: [PATCH] FIX XSS vulnerability reported by Mary Princy E

---
 htdocs/admin/company.php | 38 +++++++++++++++++++-------------------
 1 file changed, 19 insertions(+), 19 deletions(-)

diff --git a/htdocs/admin/company.php b/htdocs/admin/company.php
index 949038b4413..9b312e7e228 100644
--- a/htdocs/admin/company.php
+++ b/htdocs/admin/company.php
@@ -327,20 +327,20 @@ if ($action == 'edit' || $action == 'updateedit')
 	// Name
 
 	print '<tr class="oddeven"><td class="fieldrequired"><label for="name">'.$langs->trans("CompanyName").'</label></td><td>';
-	print '<input name="nom" id="name" class="minwidth200" value="'. ($conf->global->MAIN_INFO_SOCIETE_NOM?$conf->global->MAIN_INFO_SOCIETE_NOM: GETPOST("nom",'nohtml')) . '" autofocus="autofocus"></td></tr>'."\n";
+	print '<input name="nom" id="name" class="minwidth200" value="'. dol_escape_htmltag($conf->global->MAIN_INFO_SOCIETE_NOM?$conf->global->MAIN_INFO_SOCIETE_NOM: GETPOST("nom",'nohtml')) . '" autofocus="autofocus"></td></tr>'."\n";
 
 	// Addresse
 
 	print '<tr class="oddeven"><td><label for="MAIN_INFO_SOCIETE_ADDRESS">'.$langs->trans("CompanyAddress").'</label></td><td>';
-	print '<textarea name="MAIN_INFO_SOCIETE_ADDRESS" id="MAIN_INFO_SOCIETE_ADDRESS" class="quatrevingtpercent" rows="'.ROWS_3.'">'. ($conf->global->MAIN_INFO_SOCIETE_ADDRESS?$conf->global->MAIN_INFO_SOCIETE_ADDRESS: GETPOST("MAIN_INFO_SOCIETE_ADDRESS",'nohtml')) . '</textarea></td></tr>'."\n";
+	print '<textarea name="MAIN_INFO_SOCIETE_ADDRESS" id="MAIN_INFO_SOCIETE_ADDRESS" class="quatrevingtpercent" rows="'.ROWS_3.'">'. ($conf->global->MAIN_INFO_SOCIETE_ADDRESS?$conf->global->MAIN_INFO_SOCIETE_ADDRESS:GETPOST("MAIN_INFO_SOCIETE_ADDRESS",'nohtml')) . '</textarea></td></tr>'."\n";
 
 
 	print '<tr class="oddeven"><td><label for="MAIN_INFO_SOCIETE_ZIP">'.$langs->trans("CompanyZip").'</label></td><td>';
-	print '<input class="minwidth100" name="MAIN_INFO_SOCIETE_ZIP" id="MAIN_INFO_SOCIETE_ZIP" value="'. ($conf->global->MAIN_INFO_SOCIETE_ZIP?$conf->global->MAIN_INFO_SOCIETE_ZIP: GETPOST("MAIN_INFO_SOCIETE_ZIP",'alpha')) . '"></td></tr>'."\n";
+	print '<input class="minwidth100" name="MAIN_INFO_SOCIETE_ZIP" id="MAIN_INFO_SOCIETE_ZIP" value="'. dol_escape_htmltag($conf->global->MAIN_INFO_SOCIETE_ZIP?$conf->global->MAIN_INFO_SOCIETE_ZIP:GETPOST("MAIN_INFO_SOCIETE_ZIP",'alpha')) . '"></td></tr>'."\n";
 
 
 	print '<tr class="oddeven"><td><label for="MAIN_INFO_SOCIETE_TOWN">'.$langs->trans("CompanyTown").'</label></td><td>';
-	print '<input name="MAIN_INFO_SOCIETE_TOWN" class="minwidth100" id="MAIN_INFO_SOCIETE_TOWN" value="'. ($conf->global->MAIN_INFO_SOCIETE_TOWN?$conf->global->MAIN_INFO_SOCIETE_TOWN: GETPOST("MAIN_INFO_SOCIETE_TOWN",'nohtml')) . '"></td></tr>'."\n";
+	print '<input name="MAIN_INFO_SOCIETE_TOWN" class="minwidth100" id="MAIN_INFO_SOCIETE_TOWN" value="'. dol_escape_htmltag($conf->global->MAIN_INFO_SOCIETE_TOWN?$conf->global->MAIN_INFO_SOCIETE_TOWN:GETPOST("MAIN_INFO_SOCIETE_TOWN",'nohtml')) . '"></td></tr>'."\n";
 
 	// Country
 
@@ -362,29 +362,29 @@ if ($action == 'edit' || $action == 'updateedit')
 
 
 	print '<tr class="oddeven"><td><label for="phone">'.$langs->trans("Phone").'</label></td><td>';
-	print '<input name="tel" id="phone" value="'. $conf->global->MAIN_INFO_SOCIETE_TEL . '"></td></tr>';
+	print '<input name="tel" id="phone" value="'. dol_escape_htmltag($conf->global->MAIN_INFO_SOCIETE_TEL) . '"></td></tr>';
 	print '</td></tr>'."\n";
 
 
 	print '<tr class="oddeven"><td><label for="fax">'.$langs->trans("Fax").'</label></td><td>';
-	print '<input name="fax" id="fax" value="'. $conf->global->MAIN_INFO_SOCIETE_FAX . '"></td></tr>';
+	print '<input name="fax" id="fax" value="'. dol_escape_htmltag($conf->global->MAIN_INFO_SOCIETE_FAX) . '"></td></tr>';
 	print '</td></tr>'."\n";
 
 
 	print '<tr class="oddeven"><td><label for="email">'.$langs->trans("EMail").'</label></td><td>';
-	print '<input name="mail" id="email" class="minwidth200" value="'. $conf->global->MAIN_INFO_SOCIETE_MAIL . '"></td></tr>';
+	print '<input name="mail" id="email" class="minwidth200" value="'. dol_escape_htmltag($conf->global->MAIN_INFO_SOCIETE_MAIL) . '"></td></tr>';
 	print '</td></tr>'."\n";
 
 	// Web
 	print '<tr class="oddeven"><td><label for="web">'.$langs->trans("Web").'</label></td><td>';
-	print '<input name="web" id="web" class="minwidth300" value="'. $conf->global->MAIN_INFO_SOCIETE_WEB . '"></td></tr>';
+	print '<input name="web" id="web" class="minwidth300" value="'. dol_escape_htmltag($conf->global->MAIN_INFO_SOCIETE_WEB) . '"></td></tr>';
 	print '</td></tr>'."\n";
 
 	// Barcode
 	if (! empty($conf->barcode->enabled)) {
 
 		print '<tr class="oddeven"><td><label for="barcode">'.$langs->trans("Gencod").'</label></td><td>';
-		print '<input name="barcode" id="barcode" class="minwidth150" value="'. $conf->global->MAIN_INFO_SOCIETE_GENCOD . '"></td></tr>';
+		print '<input name="barcode" id="barcode" class="minwidth150" value="'. dol_escape_htmltag($conf->global->MAIN_INFO_SOCIETE_GENCOD) . '"></td></tr>';
 		print '</td></tr>';
 	}
 
@@ -423,19 +423,19 @@ if ($action == 'edit' || $action == 'updateedit')
 	// Managing Director(s)
 
 	print '<tr class="oddeven"><td><label for="director">'.$langs->trans("ManagingDirectors").'</label></td><td>';
-	print '<input name="MAIN_INFO_SOCIETE_MANAGERS" id="director" class="minwidth200" value="' . $conf->global->MAIN_INFO_SOCIETE_MANAGERS . '"></td></tr>';
+	print '<input name="MAIN_INFO_SOCIETE_MANAGERS" id="director" class="minwidth200" value="' . dol_escape_htmltag($conf->global->MAIN_INFO_SOCIETE_MANAGERS) . '"></td></tr>';
 
 	// GDPR contact
 
 	print '<tr class="oddeven"><td>';
 	print $form->textwithpicto($langs->trans("GDPRContact"), $langs->trans("GDPRContactDesc"));
 	print '</td><td>';
-	print '<input name="MAIN_INFO_GDPR" id="director" class="minwidth500" value="' . $conf->global->MAIN_INFO_GDPR . '"></td></tr>';
+	print '<input name="MAIN_INFO_GDPR" id="director" class="minwidth500" value="' . dol_escape_htmltag($conf->global->MAIN_INFO_GDPR) . '"></td></tr>';
 
 	// Capital
 
 	print '<tr class="oddeven"><td><label for="capital">'.$langs->trans("Capital").'</label></td><td>';
-	print '<input name="capital" id="capital" class="minwidth100" value="' . $conf->global->MAIN_INFO_CAPITAL . '"></td></tr>';
+	print '<input name="capital" id="capital" class="minwidth100" value="' . dol_escape_htmltag($conf->global->MAIN_INFO_CAPITAL) . '"></td></tr>';
 
 	// Juridical Status
 
@@ -454,7 +454,7 @@ if ($action == 'edit' || $action == 'updateedit')
 		print '<tr class="oddeven"><td><label for="profid1">'.$langs->transcountry("ProfId1",$mysoc->country_code).'</label></td><td>';
 		if (! empty($mysoc->country_code))
 		{
-			print '<input name="siren" id="profid1" class="minwidth200" value="' . (! empty($conf->global->MAIN_INFO_SIREN) ? $conf->global->MAIN_INFO_SIREN : '') . '">';
+			print '<input name="siren" id="profid1" class="minwidth200" value="' . dol_escape_htmltag(! empty($conf->global->MAIN_INFO_SIREN) ? $conf->global->MAIN_INFO_SIREN : '') . '">';
 		}
 		else
 		{
@@ -470,7 +470,7 @@ if ($action == 'edit' || $action == 'updateedit')
 		print '<tr class="oddeven"><td><label for="profid2">'.$langs->transcountry("ProfId2",$mysoc->country_code).'</label></td><td>';
 		if (! empty($mysoc->country_code))
 		{
-			print '<input name="siret" id="profid2" class="minwidth200" value="' . (! empty($conf->global->MAIN_INFO_SIRET) ? $conf->global->MAIN_INFO_SIRET : '' ) . '">';
+			print '<input name="siret" id="profid2" class="minwidth200" value="' . dol_escape_htmltag(! empty($conf->global->MAIN_INFO_SIRET) ? $conf->global->MAIN_INFO_SIRET : '' ) . '">';
 		}
 		else
 		{
@@ -486,7 +486,7 @@ if ($action == 'edit' || $action == 'updateedit')
 		print '<tr class="oddeven"><td><label for="profid3">'.$langs->transcountry("ProfId3",$mysoc->country_code).'</label></td><td>';
 		if (! empty($mysoc->country_code))
 		{
-			print '<input name="ape" id="profid3" class="minwidth200" value="' . (! empty($conf->global->MAIN_INFO_APE) ? $conf->global->MAIN_INFO_APE : '') . '">';
+			print '<input name="ape" id="profid3" class="minwidth200" value="' . dol_escape_htmltag(! empty($conf->global->MAIN_INFO_APE) ? $conf->global->MAIN_INFO_APE : '') . '">';
 		}
 		else
 		{
@@ -502,7 +502,7 @@ if ($action == 'edit' || $action == 'updateedit')
 		print '<tr class="oddeven"><td><label for="profid4">'.$langs->transcountry("ProfId4",$mysoc->country_code).'</label></td><td>';
 		if (! empty($mysoc->country_code))
 		{
-			print '<input name="rcs" id="profid4" class="minwidth200" value="' . (! empty($conf->global->MAIN_INFO_RCS) ? $conf->global->MAIN_INFO_RCS : '') . '">';
+			print '<input name="rcs" id="profid4" class="minwidth200" value="' . dol_escape_htmltag(! empty($conf->global->MAIN_INFO_RCS) ? $conf->global->MAIN_INFO_RCS : '') . '">';
 		}
 		else
 		{
@@ -518,7 +518,7 @@ if ($action == 'edit' || $action == 'updateedit')
 		print '<tr class="oddeven"><td><label for="profid5">'.$langs->transcountry("ProfId5",$mysoc->country_code).'</label></td><td>';
 		if (! empty($mysoc->country_code))
 		{
-			print '<input name="MAIN_INFO_PROFID5" id="profid5" class="minwidth200" value="' . (! empty($conf->global->MAIN_INFO_PROFID5) ? $conf->global->MAIN_INFO_PROFID5 : '') . '">';
+			print '<input name="MAIN_INFO_PROFID5" id="profid5" class="minwidth200" value="' . dol_escape_htmltag(! empty($conf->global->MAIN_INFO_PROFID5) ? $conf->global->MAIN_INFO_PROFID5 : '') . '">';
 		}
 		else
 		{
@@ -534,7 +534,7 @@ if ($action == 'edit' || $action == 'updateedit')
 		print '<tr class="oddeven"><td><label for="profid6">'.$langs->transcountry("ProfId6",$mysoc->country_code).'</label></td><td>';
 		if (! empty($mysoc->country_code))
 		{
-			print '<input name="MAIN_INFO_PROFID6" id="profid6" class="minwidth200" value="' . (! empty($conf->global->MAIN_INFO_PROFID6) ? $conf->global->MAIN_INFO_PROFID6 : '') . '">';
+			print '<input name="MAIN_INFO_PROFID6" id="profid6" class="minwidth200" value="' . dol_escape_htmltag(! empty($conf->global->MAIN_INFO_PROFID6) ? $conf->global->MAIN_INFO_PROFID6 : '') . '">';
 		}
 		else
 		{
@@ -546,7 +546,7 @@ if ($action == 'edit' || $action == 'updateedit')
 	// TVA Intra
 
 	print '<tr class="oddeven"><td><label for="intra_vat">'.$langs->trans("VATIntra").'</label></td><td>';
-	print '<input name="tva" id="intra_vat" class="minwidth200" value="' . (! empty($conf->global->MAIN_INFO_TVAINTRA) ? $conf->global->MAIN_INFO_TVAINTRA : '') . '">';
+	print '<input name="tva" id="intra_vat" class="minwidth200" value="' . dol_escape_htmltag(! empty($conf->global->MAIN_INFO_TVAINTRA) ? $conf->global->MAIN_INFO_TVAINTRA : '') . '">';
 	print '</td></tr>';
 
 	// Object of the company