From b689fdf031efd70d617e74093f79c6cd8058d94d Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Wed, 7 Dec 2011 20:01:06 +0100 Subject: [PATCH] Fix: GETPOST on int accept negative values --- htdocs/core/lib/functions.lib.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/core/lib/functions.lib.php b/htdocs/core/lib/functions.lib.php index c89cfd97f28..e3376356e71 100644 --- a/htdocs/core/lib/functions.lib.php +++ b/htdocs/core/lib/functions.lib.php @@ -199,7 +199,7 @@ function GETPOST($paramname,$check='',$method=0) if (! empty($check)) { // Check if numeric - if ($check == 'int' && ! preg_match('/^[\.,0-9]+$/i',trim($out))) $out=''; + if ($check == 'int' && ! preg_match('/^[-\.,0-9]+$/i',trim($out))) $out=''; // Check if alpha //if ($check == 'alpha' && ! preg_match('/^[ =:@#\/\\\(\)\-\._a-z0-9]+$/i',trim($out))) $out=''; // '"' is dangerous because param in url can close the href= or src= and add javascript functions.