lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #138 from simnandez/develop

Browse Source 
Fix: Sanitize data
This commit is contained in:
Regis Houssin 2012-03-28 09:05:03 -07:00
commit cb0fa0ad11
6 changed files with 53 additions and 53 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
htdocs/admin/commande.php
View File

@ -47,8 +47,8 @@ $value = GETPOST('value','alpha');
if ($action == 'updateMask')
{
$maskconstorder=GETPOST("maskconstorder");
$maskorder=GETPOST("maskorder");
$maskconstorder=GETPOST('maskconstorder','alpha');
$maskorder=GETPOST('maskorder','alpha');
if ($maskconstorder) $res = dolibarr_set_const($db,$maskconstorder,$maskorder,'chaine',0,'',$conf->entity);
@ -66,7 +66,7 @@ if ($action == 'updateMask')
if ($action == 'specimen')
{
$modele=GETPOST("module");
$modele=GETPOST('module','alpha');
$commande = new Commande($db);
$commande->initAsSpecimen();
@ -111,8 +111,8 @@ if ($action == 'specimen')
if ($action == 'set')
{
$label = GETPOST("label");
$scandir = GETPOST("scandir");
$label = GETPOST('label','alpha');
$scandir = GETPOST('scandir','alpha');
$type='order';
$sql = "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity, libelle, description)";
@ -142,8 +142,8 @@ if ($action == 'del')
if ($action == 'setdoc')
{
$label = GETPOST("label");
$scandir = GETPOST("scandir");
$label = GETPOST('label','alpha');
$scandir = GETPOST('scandir','alpha');
$db->begin();

4
htdocs/admin/confexped.php
View File

@ -2,7 +2,7 @@
/* Copyright (C) 2004-2010 Laurent Destailleur <eldy@users.sourceforge.net>
* Copyright (C) 2005-2009 Regis Houssin <regis@dolibarr.fr>
* Copyright (C) 2006 Andre Cianfarani <acianfa@free.fr>
* Copyright (C) 2011 Juanjo Menent <jmenent@2byte.es>
* Copyright (C) 2011 Juanjo Menent <jmenent@2byte.es>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@ -34,7 +34,7 @@ $langs->load("deliveries");
if (!$user->admin)
accessforbidden();
$action=GETPOST("action");
$action=GETPOST('action','alpha');
// Shipment note
if ($action == 'activate_sending')

10
htdocs/admin/contract.php
View File

@ -1,5 +1,5 @@
<?php
/* Copyright (C) 2011 Juanjo Menent <jmenent@2byte.es>
/* Copyright (C) 2011-2012 Juanjo Menent <jmenent@2byte.es>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@ -30,8 +30,8 @@ $langs->load("errors");
if (!$user->admin) accessforbidden();
$action = GETPOST("action");
$value = GETPOST("value");
$action = GETPOST('action','alpha');
$value = GETPOST('value','alpha');
if (empty($conf->global->CONTRACT_ADDON))
{
@ -45,8 +45,8 @@ if (empty($conf->global->CONTRACT_ADDON))
if ($action == 'updateMask')
{
$maskconst=$_POST['maskconstcontract'];
$maskvalue=$_POST['maskcontract'];
$maskconst = GETPOST('maskconstcontract','alpha');
$maskvalue = GETPOST('maskcontract','alpha');
if ($maskconst) $res = dolibarr_set_const($db,$maskconst,$maskvalue,'chaine',0,'',$conf->entity);
if (! $res > 0) $error++;

32
htdocs/admin/expedition.php
View File

@ -5,7 +5,7 @@
* Copyright (C) 2004 Benoit Mortier <benoit.mortier@opensides.be>
* Copyright (C) 2004 Eric Seigne <eric.seigne@ryxeo.com>
* Copyright (C) 2005-2011 Regis Houssin <regis@dolibarr.fr>
* Copyright (C) 2011 Juanjo Menent <jmenent@2byte.es>
* Copyright (C) 2011-2012 Juanjo Menent <jmenent@2byte.es>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@ -37,8 +37,8 @@ $langs->load("deliveries");
if (!$user->admin) accessforbidden();
$action=GETPOST("action");
$value=GETPOST("value");
$action=GETPOST('action','alpha');
$value=GETPOST('value','alpha');
if (empty($conf->global->EXPEDITION_ADDON_NUMBER))
{
@ -51,7 +51,7 @@ if (empty($conf->global->EXPEDITION_ADDON_NUMBER))
*/
if ($action == 'specimen')
{
$modele=GETPOST("module");
$modele=GETPOST('module','alpha');
$exp = new Expedition($db);
$exp->initAsSpecimen();
@ -89,8 +89,8 @@ if ($action == 'specimen')
// Activate a model
if ($action == 'set')
{
$label = GETPOST("label");
$scandir = GETPOST("scandir");
$label = GETPOST('label','alpha');
$scandir = GETPOST('scandir','alpha');
$type='shipping';
$sql = "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity, libelle, description)";
@ -121,8 +121,8 @@ if ($action == 'del')
// Set default model
if ($action == 'setdoc')
{
$label = GETPOST("label");
$scandir = GETPOST("scandir");
$label = GETPOST('label','alpha');
$scandir = GETPOST('scandir','alpha');
$db->begin();
@ -158,9 +158,9 @@ if ($action == 'setdoc')
// TODO A quoi servent les methode d'expedition ?
if ($action == 'setmethod' || $action== 'setmod')
{
$module=GETPOST("module");
$moduleid=GETPOST("moduleid");
$statut=GETPOST("statut");
$module=GETPOST('module','alpha');
$moduleid=GETPOST('moduleid','alpha');
$statut=GETPOST('statut','alpha');
require_once(DOL_DOCUMENT_ROOT."/core/modules/expedition/methode_expedition_$module.modules.php");
@ -231,7 +231,7 @@ if ($action == 'setmod')
// TODO Verifier si module numerotation choisi peut etre active
// par appel methode canBeActivated
$module=GETPOST("module");
$module=GETPOST('module','alpha');
dolibarr_set_const($db, "EXPEDITION_ADDON",$module,'chaine',0,'',$conf->entity);
@ -239,8 +239,8 @@ if ($action == 'setmod')
if ($action == 'updateMask')
{
$maskconst=GETPOST("maskconstexpedition");
$maskvalue=GETPOST("maskexpedition");
$maskconst=GETPOST('maskconstexpedition','alpha');
$maskvalue=GETPOST('maskexpedition','alpha');
if ($maskconst) $res = dolibarr_set_const($db,$maskconst,$maskvalue,'chaine',0,'',$conf->entity);
if (! $res > 0) $error++;
@ -262,7 +262,7 @@ if ($action == 'setmodel')
if ($action == 'set_SHIPPING_DRAFT_WATERMARK')
{
$draft=GETPOST("SHIPPING_DRAFT_WATERMARK");
$draft=GETPOST('SHIPPING_DRAFT_WATERMARK','alpha');
$res = dolibarr_set_const($db, "SHIPPING_DRAFT_WATERMARK",trim($draft),'chaine',0,'',$conf->entity);
if (! $res > 0) $error++;
@ -279,7 +279,7 @@ if ($action == 'set_SHIPPING_DRAFT_WATERMARK')
if ($action == 'set_SHIPPING_FREE_TEXT')
{
$free=GETPOST("SHIPPING_FREE_TEXT");
$free=GETPOST('SHIPPING_FREE_TEXT','alpha');
$res = dolibarr_set_const($db, "SHIPPING_FREE_TEXT",$free,'chaine',0,'',$conf->entity);
if (! $res > 0) $error++;

24
htdocs/admin/fichinter.php
View File

@ -5,7 +5,7 @@
* Copyright (C) 2004 Benoit Mortier <benoit.mortier@opensides.be>
* Copyright (C) 2005-2012 Regis Houssin <regis@dolibarr.fr>
* Copyright (C) 2008 Raphael Bertrand (Resultic) <raphael.bertrand@resultic.fr>
* Copyright (C) 2011 Juanjo Menent <jmenent@2byte.es>
* Copyright (C) 2011-2012 Juanjo Menent <jmenent@2byte.es>
* Copyright (C) 2011-2012 Philippe Grand <philippe.grand@atoo-net.com>
*
* This program is free software; you can redistribute it and/or modify
@ -39,8 +39,8 @@ $langs->load("interventions");
if (!$user->admin)
accessforbidden();
$action = GETPOST("action");
$value = GETPOST("value");
$action = GETPOST('action','alpha');
$value = GETPOST('value','alpha');
/*
@ -48,8 +48,8 @@ $value = GETPOST("value");
*/
if ($action == 'updateMask')
{
$maskconst=GETPOST("maskconst");
$maskvalue=GETPOST("maskvalue");
$maskconst=GETPOST('maskconst','alpha');
$maskvalue=GETPOST('maskvalue','alpha');
if ($maskconst) $res = dolibarr_set_const($db,$maskconst,$maskvalue,'chaine',0,'',$conf->entity);
if (! $res > 0) $error++;
@ -66,7 +66,7 @@ if ($action == 'updateMask')
if ($action == 'set_FICHINTER_FREE_TEXT')
{
$freetext= GETPOST("FICHINTER_FREE_TEXT");
$freetext= GETPOST('FICHINTER_FREE_TEXT','alpha');
$res = dolibarr_set_const($db, "FICHINTER_FREE_TEXT",$freetext,'chaine',0,'',$conf->entity);
if (! $res > 0) $error++;
@ -83,7 +83,7 @@ if ($action == 'set_FICHINTER_FREE_TEXT')
if ($action == 'set_FICHINTER_DRAFT_WATERMARK')
{
$draft= GETPOST("FICHINTER_DRAFT_WATERMARK");
$draft= GETPOST('FICHINTER_DRAFT_WATERMARK','alpha');
$res = dolibarr_set_const($db, "FICHINTER_DRAFT_WATERMARK",trim($draft),'chaine',0,'',$conf->entity);
@ -101,7 +101,7 @@ if ($action == 'set_FICHINTER_DRAFT_WATERMARK')
if ($action == 'specimen')
{
$modele=$_GET["module"];
$modele= GETPOST('module','alpha');
$inter = new Fichinter($db);
$inter->initAsSpecimen();
@ -146,8 +146,8 @@ if ($action == 'specimen')
if ($action == 'set')
{
$label = GETPOST("label");
$scandir = GETPOST("scandir");
$label = GETPOST('label','alpha');
$scandir = GETPOST('scandir','alpha');
$type='ficheinter';
$sql = "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity, libelle, description)";
@ -177,8 +177,8 @@ if ($action == 'del')
if ($action == 'setdoc')
{
$label = GETPOST("label");
$scandir = GETPOST("scandir");
$label = GETPOST('label','alpha');
$scandir = GETPOST('scandir','alpha');
$db->begin();

22
htdocs/admin/livraison.php
View File

@ -5,7 +5,7 @@
* Copyright (C) 2004 Benoit Mortier <benoit.mortier@opensides.be>
* Copyright (C) 2004 Eric Seigne <eric.seigne@ryxeo.com>
* Copyright (C) 2005-2011 Regis Houssin <regis@dolibarr.fr>
* Copyright (C) 2011 Juanjo Menent <jmenent@2byte.es>
* Copyright (C) 2011-2012 Juanjo Menent <jmenent@2byte.es>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@ -36,8 +36,8 @@ $langs->load("deliveries");
if (!$user->admin) accessforbidden();
$action = GETPOST("action");
$value = GETPOST("value");
$action = GETPOST('action','alpha');
$value = GETPOST('value','alpha');
/*
* Actions
@ -45,8 +45,8 @@ $value = GETPOST("value");
if ($action == 'updateMask')
{
$maskconstdelivery=GETPOST("maskconstdelivery");
$maskdelivery=GETPOST("maskdelivery");
$maskconstdelivery=GETPOST('maskconstdelivery','alpha');
$maskdelivery=GETPOST('maskdelivery','alpha');
if ($maskconstdelivery) $res = dolibarr_set_const($db,$maskconstdelivery,$maskdelivery,'chaine',0,'',$conf->entity);
if (! $res > 0) $error++;
@ -63,7 +63,7 @@ if ($action == 'updateMask')
if ($action == 'specimen')
{
$modele=GETPOST("module");
$modele=GETPOST('module','alpha');
$sending = new Livraison($db);
$sending->initAsSpecimen();
@ -99,8 +99,8 @@ if ($action == 'specimen')
if ($action == 'set')
{
$label = GETPOST("label");
$scandir = GETPOST("scandir");
$label = GETPOST('label','alpha');
$scandir = GETPOST('scandir','alpha');
$type='delivery';
$sql = "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity, libelle, description)";
@ -127,8 +127,8 @@ if ($action == 'del')
if ($action == 'setdoc')
{
$label = GETPOST("label");
$scandir = GETPOST("scandir");
$label = GETPOST('label','alpha');
$scandir = GETPOST('scandir','alpha');
$db->begin();
if (dolibarr_set_const($db, "LIVRAISON_ADDON_PDF",$value,'chaine',0,'',$conf->entity))
@ -162,7 +162,7 @@ if ($action == 'setdoc')
if ($action == 'set_DELIVERY_FREE_TEXT')
{
$free=GETPOST("DELIVERY_FREE_TEXT");
$free=GETPOST('DELIVERY_FREE_TEXT','alpha');
$res=dolibarr_set_const($db, "DELIVERY_FREE_TEXT",$free,'chaine',0,'',$conf->entity);
if (! $res > 0) $error++;