From d7bfb95c9bfb297205753e75b2cc281ff7d6b8af Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@users.sourceforge.net>
Date: Mon, 3 Dec 2007 04:03:49 +0000
Subject: [PATCH] Fix: Simplification et protection du datepicker

---
 htdocs/lib/datepicker.php | 16 ++++++++++++++--
 1 file changed, 14 insertions(+), 2 deletions(-)

diff --git a/htdocs/lib/datepicker.php b/htdocs/lib/datepicker.php
index f65b4e4ac44..e2cb67f9226 100644
--- a/htdocs/lib/datepicker.php
+++ b/htdocs/lib/datepicker.php
@@ -50,10 +50,22 @@ if (isset($_GET["mode"]) && $_GET["mode"] == 'test')
 
 $langs->load("main");
 
-if(! isset($_GET["sd"])) $_GET["sd"]="00000000";
+$qualified=true;
+
+if (! isset($_GET["sd"])) $_GET["sd"]="00000000";
+
+if (! isset($_GET["m"])) $qualified=false;
+if (! isset($_GET["y"])) $qualified=false;
+if (isset($_GET["m"]) && isset($_GET["y"]))
+{
+	if ($_GET["m"] < 1)    $qualified=false;
+	if ($_GET["m"] > 12)   $qualified=false;
+	if ($_GET["y"] < 0)    $qualified=false;
+	if ($_GET["y"] > 9999) $qualified=false;
+}
 
 // If parameters provided, we show calendar
-if (isset($_GET["m"]) && isset($_GET["y"]))
+if ($qualified)
 {
 	//print $_GET["cm"].",".$_GET["sd"].",".$_GET["m"].",".$_GET["y"];exit;
 	displayBox($_GET["sd"],$_GET["m"],$_GET["y"]);