FIX #11671 CVE-2019-15062

2019-08-16 16:41:53 +02:00 · 2019-08-16 16:41:53 +02:00 · d21e557100
commit d21e557100
parent a8afb4549a
3 changed files with 7 additions and 9 deletions
--- a/htdocs/core/actions_linkedfiles.inc.php
+++ b/htdocs/core/actions_linkedfiles.inc.php
@ -125,8 +125,7 @@ if ($action == 'confirm_deletefile' && $confirm == 'yes')
        {
            require_once DOL_DOCUMENT_ROOT . '/core/class/link.class.php';
            $link = new Link($db);
-            $link->id = $linkid;
-            $link->fetch();
+            $link->fetch($linkid);
            $res = $link->delete($user);

            $langs->load('link');
@ -160,8 +159,7 @@ elseif ($action == 'confirm_updateline' && GETPOST('save','alpha') && GETPOST('l
    require_once DOL_DOCUMENT_ROOT . '/core/class/link.class.php';
    $langs->load('link');
    $link = new Link($db);
-    $link->id = GETPOST('linkid', 'int');
-    $f = $link->fetch();
+    $f = $link->fetch(GETPOST('linkid', 'int'));
    if ($f)
    {
        $link->url = GETPOST('link', 'alpha');
@ -169,7 +167,7 @@ elseif ($action == 'confirm_updateline' && GETPOST('save','alpha') && GETPOST('l
        {
            $link->url = 'http://' . $link->url;
        }
-        $link->label = GETPOST('label', 'alpha');
+        $link->label = GETPOST('label', 'alphanohtml');
        $res = $link->update($user);
        if (!$res)
        {
--- a/htdocs/core/class/html.formfile.class.php
+++ b/htdocs/core/class/html.formfile.class.php
@ -1758,7 +1758,7 @@ class FormFile
 				print $langs->trans('Link') . ': <input type="text" name="link" value="' . $link->url . '">';
 				print '</td>';
 				print '<td>';
-				print $langs->trans('Label') . ': <input type="text" name="label" value="' . $link->label . '">';
+				print $langs->trans('Label') . ': <input type="text" name="label" value="' . dol_escape_htmltag($link->label) . '">';
 				print '</td>';
 				print '<td align="center">' . dol_print_date(dol_now(), "dayhour", "tzuser") . '</td>';
 				print '<td align="right"></td>';
@ -1772,7 +1772,7 @@ class FormFile
 				print '<td>';
 				print img_picto('', 'object_globe').' ';
 				print '<a data-ajax="false" href="' . $link->url . '" target="_blank">';
-				print $link->label;
+				print dol_escape_htmltag($link->label);
 				print '</a>';
 				print '</td>'."\n";
 				print '<td align="right"></td>';
--- a/htdocs/user/card.php
+++ b/htdocs/user/card.php
@ -318,12 +318,12 @@ if (empty($reshook)) {
 		{
 			$error = 0;

-			if (!$_POST["lastname"]) {
+			if (! GETPOST("lastname", 'alpha')) {
 				setEventMessages($langs->trans("NameNotDefined"), null, 'errors');
 				$action = "edit";       // Go back to create page
 				$error ++;
 			}
-			if (!$_POST["login"]) {
+			if (! GETPOST("login", 'alpha')) {
 				setEventMessages($langs->trans("LoginNotDefined"), null, 'errors');
 				$action = "edit";       // Go back to create page
 				$error ++;