lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Sec: Fix security hole

Browse Source
This commit is contained in:
Laurent Destailleur 2011-12-05 00:35:50 +01:00
parent 17b4daa613
commit a95934c6d8
1 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
htdocs/master.inc.php
View File

@ -125,17 +125,17 @@ if (! defined('NOREQUIREUSER'))
if (! defined('NOREQUIREDB'))
{
// By default conf->entity is 1, but we change this if we ask another value.
if (session_id() && ! empty($_SESSION["dol_entity"])) // Entity inside an opened session
if (session_id() && ! empty($_SESSION["dol_entity"])) // Entity inside an opened session
{
$conf->entity = $_SESSION["dol_entity"];
}
elseif (! empty($_ENV["dol_entity"])) // Entity inside a CLI script
elseif (! empty($_ENV["dol_entity"])) // Entity inside a CLI script
{
$conf->entity = $_ENV["dol_entity"];
}
elseif (isset($_POST["loginfunction"]) && ! empty($_POST["entity"])) // Just after a login page
elseif (isset($_POST["loginfunction"]) && GETPOST("entity")) // Just after a login page
{
$conf->entity = $_POST["entity"];
$conf->entity = GETPOST("entity",'int');
}
else // TODO Does this "else" still usefull ?
{