lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix: use GETPOST

Browse Source
This commit is contained in:
Regis Houssin 2017-10-03 17:08:16 +02:00
parent 9c2d053f74
commit a88938ace4
2 changed files with 9 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
htdocs/admin/security_file.php
View File

@ -1,7 +1,7 @@
<?php
/* Copyright (C) 2004-2017 Laurent Destailleur <eldy@users.sourceforge.net>
* Copyright (C) 2005-2012 Regis Houssin <regis.houssin@capnetworks.com>
* Copyright (C) 2013 Juanjo Menent <jmenent@2byte.es>
/* Copyright (C) 2004-2017 Laurent Destailleur <eldy@users.sourceforge.net>
* Copyright (C) 2005-2017 Regis Houssin <regis.houssin@capnetworks.com>
* Copyright (C) 2013 Juanjo Menent <jmenent@2byte.es>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@ -54,7 +54,7 @@ if (GETPOST('sendit') && ! empty($conf->global->MAIN_UPLOAD_DOC))
if (preg_match('/set_(.*)/',$action,$reg))
{
$code=$reg[1];
$value=(GETPOST($code) ? GETPOST($code) : 1);
$value=(GETPOST($code, 'alpha') ? GETPOST($code, 'alpha') : 1);
if (dolibarr_set_const($db, $code, $value, 'chaine', 0, '', $conf->entity) > 0)
{
Header("Location: ".$_SERVER["PHP_SELF"]);
@ -82,10 +82,10 @@ else if (preg_match('/del_(.*)/',$action,$reg))
else if ($action == 'updateform')
{
$res3=dolibarr_set_const($db, 'MAIN_UPLOAD_DOC',$_POST["MAIN_UPLOAD_DOC"],'chaine',0,'',$conf->entity);
$res4=dolibarr_set_const($db, "MAIN_UMASK", $_POST["MAIN_UMASK"],'chaine',0,'',$conf->entity);
$res5=dolibarr_set_const($db, "MAIN_ANTIVIRUS_COMMAND", $_POST["MAIN_ANTIVIRUS_COMMAND"],'chaine',0,'',$conf->entity);
$res6=dolibarr_set_const($db, "MAIN_ANTIVIRUS_PARAM", $_POST["MAIN_ANTIVIRUS_PARAM"],'chaine',0,'',$conf->entity);
$res3=dolibarr_set_const($db, 'MAIN_UPLOAD_DOC',GETPOST('MAIN_UPLOAD_DOC','int'),'chaine',0,'',$conf->entity);
$res4=dolibarr_set_const($db, "MAIN_UMASK", GETPOST('MAIN_UMASK','int'),'chaine',0,'',$conf->entity);
$res5=dolibarr_set_const($db, "MAIN_ANTIVIRUS_COMMAND", GETPOST('MAIN_ANTIVIRUS_COMMAND','alpha'),'chaine',0,'',$conf->entity);
$res6=dolibarr_set_const($db, "MAIN_ANTIVIRUS_PARAM", GETPOST('MAIN_ANTIVIRUS_PARAM','alpha'),'chaine',0,'',$conf->entity);
if ($res3 && $res4 && $res5 && $res6) setEventMessages($langs->trans("RecordModifiedSuccessfully"), null, 'mesgs');
}

3
htdocs/core/class/antivir.class.php
View File

@ -160,8 +160,7 @@ class AntiVir
if (! preg_match('/%file/',$conf->global->MAIN_ANTIVIRUS_PARAM))
$param=$param." ".escapeshellarg(trim($file));
//if (preg_match("/\s/",$command)) $command=escapeshellarg($command); // Use quotes on command. Using escapeshellcmd fails.
if (preg_match("/\s/",$command)) $command=escapeshellcmd($command); // Use quotes on command. Using escapeshellarg fails.
if (preg_match("/\s/",$command)) $command=escapeshellarg($command); // Use quotes on command. Using escapeshellcmd fails.
$ret=$command.' '.$param;
//$ret=$command.' '.$param.' 2>&1';