lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix: GETPOST on int accept negative values

Browse Source
This commit is contained in:
Laurent Destailleur 2011-12-07 20:00:16 +01:00
parent c66672a750
commit a97a1e9245
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
htdocs/lib/functions.lib.php
View File

@ -182,7 +182,7 @@ function GETPOST($paramname,$check='',$method=0)
if (!empty($check))
{
// Check if numeric
if ($check == 'int' && ! preg_match('/^[\.,0-9]+$/i',trim($out))) $out='';
if ($check == 'int' && ! preg_match('/^[-\.,0-9]+$/i',trim($out))) $out='';
// Check if alpha
//if ($check == 'alpha' && ! preg_match('/^[ =:@#\/\\\(\)\-\._a-z0-9]+$/i',trim($out))) $out='';
if ($check == 'alpha' && preg_match('/"/',trim($out))) $out=''; // Only " is dangerous because param in url can close the href= or src= and add javascript functions