Prepare code for fix
This commit is contained in:
Laurent Destailleur
parent
9f0ca6f6fc
commit
9eaf2be9ab
@ -36,10 +36,10 @@ $now = dol_now();
|
||||
$year = dol_print_date($now, '%Y');
|
||||
$month = dol_print_date($now, '%m');
|
||||
$day = dol_print_date($now, '%d');
|
||||
$forbarcode = GETPOST('forbarcode');
|
||||
$fk_barcode_type = GETPOST('fk_barcode_type');
|
||||
$mode = GETPOST('mode');
|
||||
$modellabel = GETPOST("modellabel"); // Doc template to use
|
||||
$forbarcode = GETPOST('forbarcode', 'alphanohtml');
|
||||
$fk_barcode_type = GETPOST('fk_barcode_type', 'int');
|
||||
$mode = GETPOST('mode', 'aZ09');
|
||||
$modellabel = GETPOST("modellabel", 'aZ09'); // Doc template to use
|
||||
$numberofsticker = GETPOST('numberofsticker', 'int');
|
||||
|
||||
$mesg = '';
|
||||
@ -57,8 +57,8 @@ $thirdpartytmp = new Societe($db);
|
||||
if (GETPOST('submitproduct') && GETPOST('submitproduct'))
|
||||
{
|
||||
$action = ''; // We reset because we don't want to build doc
|
||||
if (GETPOST('productid') > 0) {
|
||||
$result = $producttmp->fetch(GETPOST('productid'));
|
||||
if (GETPOST('productid', 'int') > 0) {
|
||||
$result = $producttmp->fetch(GETPOST('productid', 'int'));
|
||||
if ($result < 0) {
|
||||
setEventMessage($producttmp->error, 'errors');
|
||||
}
|
||||
@ -76,9 +76,9 @@ if (GETPOST('submitproduct') && GETPOST('submitproduct'))
|
||||
if (GETPOST('submitthirdparty') && GETPOST('submitthirdparty'))
|
||||
{
|
||||
$action = ''; // We reset because we don't want to build doc
|
||||
if (GETPOST('socid') > 0)
|
||||
if (GETPOST('socid', 'int') > 0)
|
||||
{
|
||||
$thirdpartytmp->fetch(GETPOST('socid'));
|
||||
$thirdpartytmp->fetch(GETPOST('socid', 'int'));
|
||||
$forbarcode = $thirdpartytmp->barcode;
|
||||
$fk_barcode_type = $thirdpartytmp->barcode_type_code;
|
||||
|
||||
@ -381,7 +381,7 @@ if (!empty($user->rights->produit->lire) || !empty($user->rights->service->lire)
|
||||
print '<input id="fillfromproduct" type="radio" '.((GETPOST("selectorforbarcode") == 'fillfromproduct') ? 'checked ' : '').'name="selectorforbarcode" value="fillfromproduct" class="radiobarcodeselect"> '.$langs->trans("FillBarCodeTypeAndValueFromProduct").' ';
|
||||
print '<br>';
|
||||
print '<div class="showforproductselector">';
|
||||
$form->select_produits(GETPOST('productid'), 'productid', '', '', 0, -1, 2, '', 0, array(), 0, '1', 0, 'minwidth400imp', 1);
|
||||
$form->select_produits(GETPOST('productid', 'int'), 'productid', '', '', 0, -1, 2, '', 0, array(), 0, '1', 0, 'minwidth400imp', 1);
|
||||
print ' <input type="submit" id="submitproduct" name="submitproduct" class="button" value="'.(dol_escape_htmltag($langs->trans("GetBarCode"))).'">';
|
||||
print '</div>';
|
||||
}
|
||||
@ -391,7 +391,7 @@ if (!empty($user->rights->societe->lire))
|
||||
print '<input id="fillfromthirdparty" type="radio" '.((GETPOST("selectorforbarcode") == 'fillfromthirdparty') ? 'checked ' : '').'name="selectorforbarcode" value="fillfromthirdparty" class="radiobarcodeselect"> '.$langs->trans("FillBarCodeTypeAndValueFromThirdParty").' ';
|
||||
print '<br>';
|
||||
print '<div class="showforthirdpartyselector">';
|
||||
print $form->select_company(GETPOST('socid'), 'socid', '', 'SelectThirdParty', 0, 0, array(), 0, 'minwidth300');
|
||||
print $form->select_company(GETPOST('socid', 'int'), 'socid', '', 'SelectThirdParty', 0, 0, array(), 0, 'minwidth300');
|
||||
print ' <input type="submit" id="submitthirdparty" name="submitthirdparty" class="button showforthirdpartyselector" value="'.(dol_escape_htmltag($langs->trans("GetBarCode"))).'">';
|
||||
print '</div>';
|
||||
}
|
||||
|
||||
@ -1,90 +1,23 @@
|
||||
## This file is a list of predefined URLs to block when trying to access them from the application (in case
|
||||
## of application is used to get metadata).
|
||||
## Found at https://gist.github.com/BuffaloWill/fa96693af67e3a3dd3fb
|
||||
## This file is a list of predefined URLs to block when trying to access them from the application,
|
||||
## for example when using the grab website feature of module website
|
||||
## Allowing grabbing local url allow to get metadata.
|
||||
|
||||
## IPv6 Tests
|
||||
http://[::ffff:169.254.169.254]
|
||||
http://[0:0:0:0:0:ffff:169.254.169.254]
|
||||
|
||||
## AWS
|
||||
# Amazon Web Services (No Header Required)
|
||||
# from http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html#instancedata-data-categories
|
||||
http://169.254.169.254/latest/meta-data/iam/security-credentials/dummy
|
||||
http://169.254.169.254/latest/user-data
|
||||
http://169.254.169.254/latest/user-data/iam/security-credentials/[ROLE NAME]
|
||||
http://169.254.169.254/latest/meta-data/iam/security-credentials/[ROLE NAME]
|
||||
http://169.254.169.254/latest/meta-data/ami-id
|
||||
http://169.254.169.254/latest/meta-data/reservation-id
|
||||
http://169.254.169.254/latest/meta-data/hostname
|
||||
http://169.254.169.254/latest/meta-data/public-keys/0/openssh-key
|
||||
http://169.254.169.254/latest/meta-data/public-keys/[ID]/openssh-key
|
||||
|
||||
# ECS Task : https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-metadata-endpoint-v2.html
|
||||
http://169.254.170.2/v2/credentials/
|
||||
|
||||
## Google Cloud (Header Sometimes Required)
|
||||
# https://cloud.google.com/compute/docs/metadata
|
||||
# - Requires the header "Metadata-Flavor: Google" or "X-Google-Metadata-Request: True" on API v1
|
||||
# - Most endpoints can be accessed via the v1beta API without a header
|
||||
http://169.254.169.254/computeMetadata/v1/
|
||||
http://metadata.google.internal/computeMetadata/v1/
|
||||
http://metadata/computeMetadata/v1/
|
||||
http://metadata.google.internal/computeMetadata/v1/instance/hostname
|
||||
http://metadata.google.internal/computeMetadata/v1/instance/id
|
||||
http://metadata.google.internal/computeMetadata/v1/project/project-id
|
||||
# kube-env; thanks to JackMc for the heads up on this (https://hackerone.com/reports/341876)
|
||||
http://metadata.google.internal/computeMetadata/v1/instance/attributes/kube-env
|
||||
# Google allows recursive pulls
|
||||
http://metadata.google.internal/computeMetadata/v1/instance/disks/?recursive=true
|
||||
# returns root password for Google
|
||||
http://metadata.google.internal/computeMetadata/v1beta1/instance/attributes/?recursive=true&alt=json
|
||||
|
||||
## Digital Ocean (No Header Required)
|
||||
# https://developers.digitalocean.com/documentation/metadata/
|
||||
http://169.254.169.254/metadata/v1.json
|
||||
http://169.254.169.254/metadata/v1/
|
||||
http://169.254.169.254/metadata/v1/id
|
||||
http://169.254.169.254/metadata/v1/user-data
|
||||
http://169.254.169.254/metadata/v1/hostname
|
||||
http://169.254.169.254/metadata/v1/region
|
||||
http://169.254.169.254/metadata/v1/interfaces/public/0/ipv6/address
|
||||
|
||||
## Packetcloud
|
||||
https://metadata.packet.net/userdata
|
||||
|
||||
# Azure (Header Required)
|
||||
# Header: "Metadata: true"
|
||||
# https://docs.microsoft.com/en-us/azure/virtual-machines/windows/instance-metadata-service
|
||||
# (Old: ) https://azure.microsoft.com/en-us/blog/what-just-happened-to-my-vm-in-vm-metadata-service/
|
||||
http://169.254.169.254/metadata/instance?api-version=2017-04-02
|
||||
http://169.254.169.254/metadata/instance/network/interface/0/ipv4/ipAddress/0/publicIpAddress?api-version=2017-04-02&format=text
|
||||
|
||||
# Oracle Cloud (No Header Required)
|
||||
# https://docs.us-phoenix-1.oraclecloud.com/Content/Compute/Tasks/gettingmetadata.htm
|
||||
http://169.254.169.254/opc/v1/instance/
|
||||
|
||||
# Updated from jhaddix fork ===
|
||||
## Alibaba
|
||||
# https://www.alibabacloud.com/help/faq-detail/49122.htm
|
||||
http://100.100.100.200/latest/meta-data/
|
||||
http://100.100.100.200/latest/meta-data/instance-id
|
||||
http://100.100.100.200/latest/meta-data/image-id
|
||||
# ===
|
||||
|
||||
## OpenStack/RackSpace
|
||||
# https://docs.openstack.org/nova/latest/user/metadata-service.html
|
||||
http://169.254.169.254/openstack
|
||||
|
||||
## Oracle Cloud
|
||||
# https://docs.oracle.com/en/cloud/iaas/compute-iaas-cloud/stcsg/retrieving-instance-metadata.html
|
||||
http://192.0.0.192/latest/
|
||||
http://192.0.0.192/latest/user-data/
|
||||
http://192.0.0.192/latest/meta-data/
|
||||
http://192.0.0.192/latest/attributes/
|
||||
|
||||
## Kubernetes
|
||||
# Debug Services (https://kubernetes.io/docs/tasks/debug-application-cluster/debug-service/)
|
||||
https://kubernetes.default.svc.cluster.local
|
||||
https://kubernetes.default
|
||||
# https://twitter.com/Random_Robbie/status/1072242182306832384
|
||||
https://kubernetes.default.svc/metrics
|
||||
10.0.0.0/8
|
||||
0.0.0.0/8
|
||||
100.64.0.0/10
|
||||
127.0.0.0/8
|
||||
169.254.0.0/16
|
||||
172.16.0.0/12
|
||||
192.0.0.0/29
|
||||
192.0.2.0/24
|
||||
192.88.99.0/24
|
||||
192.168.0.0/16
|
||||
198.18.0.0/15
|
||||
198.51.100.0/24
|
||||
203.0.113.0/24
|
||||
224.0.0.0/4
|
||||
240.0.0.0/4
|
||||
metadata.google.internal
|
||||
100.100.100.200 (Alibaba Metadata)
|
||||
[::]
|
||||
[::1]
|
||||
|
||||
Loading…
Reference in New Issue
Block a user