From a97a1e9245a25ca98ebceb0746fab408be8dd165 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Wed, 7 Dec 2011 20:00:16 +0100 Subject: [PATCH] Fix: GETPOST on int accept negative values --- htdocs/lib/functions.lib.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/lib/functions.lib.php b/htdocs/lib/functions.lib.php index afdfe1e2ffe..6170443ad37 100644 --- a/htdocs/lib/functions.lib.php +++ b/htdocs/lib/functions.lib.php @@ -182,7 +182,7 @@ function GETPOST($paramname,$check='',$method=0) if (!empty($check)) { // Check if numeric - if ($check == 'int' && ! preg_match('/^[\.,0-9]+$/i',trim($out))) $out=''; + if ($check == 'int' && ! preg_match('/^[-\.,0-9]+$/i',trim($out))) $out=''; // Check if alpha //if ($check == 'alpha' && ! preg_match('/^[ =:@#\/\\\(\)\-\._a-z0-9]+$/i',trim($out))) $out=''; if ($check == 'alpha' && preg_match('/"/',trim($out))) $out=''; // Only " is dangerous because param in url can close the href= or src= and add javascript functions