From f079b63438c055e4192a95ea7b9d1e57b3c697af Mon Sep 17 00:00:00 2001 From: Regis Houssin Date: Wed, 26 Oct 2011 10:55:56 +0200 Subject: [PATCH] Fix: security --- htdocs/compta/deplacement/fiche.php | 5 ++- htdocs/core/ajax/loadinplace.php | 25 ++++++++++++--- htdocs/core/ajax/saveinplace.php | 41 +++++++++++++++++-------- htdocs/core/tpl/ajaxeditinplace.tpl.php | 6 ++++ 4 files changed, 59 insertions(+), 18 deletions(-) diff --git a/htdocs/compta/deplacement/fiche.php b/htdocs/compta/deplacement/fiche.php index 2c0ac3da05c..4e38149717e 100644 --- a/htdocs/compta/deplacement/fiche.php +++ b/htdocs/compta/deplacement/fiche.php @@ -336,7 +336,10 @@ else if ($id) $soc = new Societe($db); if ($object->socid) $soc->fetch($object->socid); - if (! empty($conf->global->MAIN_USE_JQUERY_JEDITABLE)) include(DOL_DOCUMENT_ROOT.'/core/tpl/ajaxeditinplace.tpl.php'); + if (! empty($conf->global->MAIN_USE_JQUERY_JEDITABLE) && $user->rights->deplacement->creer) + { + include(DOL_DOCUMENT_ROOT.'/core/tpl/ajaxeditinplace.tpl.php'); + } print ''; diff --git a/htdocs/core/ajax/loadinplace.php b/htdocs/core/ajax/loadinplace.php index 214ca46d81c..96ea34f3936 100644 --- a/htdocs/core/ajax/loadinplace.php +++ b/htdocs/core/ajax/loadinplace.php @@ -25,7 +25,7 @@ if (! defined('NOREQUIREMENU')) define('NOREQUIREMENU','1'); if (! defined('NOREQUIREHTML')) define('NOREQUIREHTML','1'); if (! defined('NOREQUIREAJAX')) define('NOREQUIREAJAX','1'); if (! defined('NOREQUIRESOC')) define('NOREQUIRESOC','1'); -if (! defined('NOREQUIRETRAN')) define('NOREQUIRETRAN','1'); +//if (! defined('NOREQUIRETRAN')) define('NOREQUIRETRAN','1'); require('../../main.inc.php'); require_once(DOL_DOCUMENT_ROOT."/core/class/genericobject.class.php"); @@ -39,11 +39,26 @@ top_httphead(); //print ''."\n"; // Load original field value -if((isset($_GET['field']) && ! empty($_GET['field'])) && (isset($_GET['table_element']) && ! empty($_GET['table_element'])) && (isset($_GET['fk_element']) && ! empty($_GET['fk_element']))) +if((isset($_GET['field']) && ! empty($_GET['field'])) + && (isset($_GET['element']) && ! empty($_GET['element'])) + && (isset($_GET['table_element']) && ! empty($_GET['table_element'])) + && (isset($_GET['fk_element']) && ! empty($_GET['fk_element']))) { - $object = new GenericObject($db); - $ret=$object->getValueFrom($_GET['table_element'], $_GET['fk_element'], $_GET['field']); - echo $ret; + $element = GETPOST('element'); + $table_element = GETPOST('table_element'); + $field = GETPOST('field'); + $fk_element = GETPOST('fk_element'); + + if ($user->rights->$element->lire || $user->rights->$element->read) + { + $object = new GenericObject($db); + $ret=$object->getValueFrom($table_element, $fk_element, $field); + echo $ret; + } + else + { + echo $langs->trans('NotEnoughPermissions'); + } } ?> diff --git a/htdocs/core/ajax/saveinplace.php b/htdocs/core/ajax/saveinplace.php index 3f620a1778c..f14537066ca 100644 --- a/htdocs/core/ajax/saveinplace.php +++ b/htdocs/core/ajax/saveinplace.php @@ -40,22 +40,39 @@ top_httphead(); //var_dump($_POST); // Load original field value -if((isset($_POST['field']) && ! empty($_POST['field'])) && (isset($_POST['table_element']) && ! empty($_POST['table_element'])) && (isset($_POST['fk_element']) && ! empty($_POST['fk_element']))) +if((isset($_POST['field']) && ! empty($_POST['field'])) + && (isset($_POST['element']) && ! empty($_POST['element'])) + && (isset($_POST['table_element']) && ! empty($_POST['table_element'])) + && (isset($_POST['fk_element']) && ! empty($_POST['fk_element']))) { - $object = new GenericObject($db); + $element = GETPOST('element'); + $table_element = GETPOST('table_element'); + $field = GETPOST('field'); + $fk_element = GETPOST('fk_element'); + $value = GETPOST('value'); + $type = GETPOST('type'); - // Clean parameters - $value = trim($_POST['value']); - if ($_POST['type'] == 'numeric') + if ($user->rights->$element->creer || $user->rights->$element->write) { - $value = price2num($value); + $object = new GenericObject($db); - // Check parameters - if (! is_numeric($value)) $value = 0; - } - - $ret=$object->setValueFrom($_POST['table_element'], $_POST['fk_element'], $_POST['field'], $value); - if ($ret > 0) echo (! empty($value) ? dol_nl2br($value) : ' '); + // Clean parameters + $value = trim($value); + if ($type == 'numeric') + { + $value = price2num($value); + + // Check parameters + if (! is_numeric($value)) $value = 0; + } + + $ret=$object->setValueFrom($table_element, $fk_element, $field, $value); + if ($ret > 0) echo (! empty($value) ? dol_nl2br($value) : ' '); + } + else + { + echo $langs->trans('NotEnoughPermissions'); + } } ?> diff --git a/htdocs/core/tpl/ajaxeditinplace.tpl.php b/htdocs/core/tpl/ajaxeditinplace.tpl.php index 7a52bca44bc..5502c4508d5 100644 --- a/htdocs/core/tpl/ajaxeditinplace.tpl.php +++ b/htdocs/core/tpl/ajaxeditinplace.tpl.php @@ -32,11 +32,13 @@ $(document).ready(function() { loadurl : '', loaddata : { type: 'textarea', + element: "element; ?>", table_element: "table_element; ?>", fk_element: "id; ?>" }, submitdata : { type: 'textarea', + element: "element; ?>", table_element: "table_element; ?>", fk_element: "id; ?>" } @@ -52,11 +54,13 @@ $(document).ready(function() { loadurl : '', loaddata : { type: 'text', + element: "element; ?>", table_element: "table_element; ?>", fk_element: "id; ?>" }, submitdata : { type: 'text', + element: "element; ?>", table_element: "table_element; ?>", fk_element: "id; ?>" } @@ -72,11 +76,13 @@ $(document).ready(function() { loadurl : '', loaddata : { type: 'numeric', + element: "element; ?>", table_element: "table_element; ?>", fk_element: "id; ?>" }, submitdata : { type: 'numeric', + element: "element; ?>", table_element: "table_element; ?>", fk_element: "id; ?>" }