lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #21570 from Hystepik/develop#2

Browse Source 
FIX : Yogosha report 11874 js injection in stockmovement.php
This commit is contained in:
Laurent Destailleur 2022-07-26 12:04:26 +02:00 committed by GitHub
commit f667180c56
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 5 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
htdocs/product/stock/massstockmove.php
View File

@ -336,11 +336,11 @@ if ($action == 'importCSV' && !empty($user->rights->stock->mouvement->creer)) {
continue;
}
//var_dump($data);
$tmp_id_sw = $data[$i][0]['val'];
$tmp_id_tw = $data[$i][1]['val'];
$tmp_id_product = $data[$i][2]['val'];
$tmp_qty = $data[$i][3]['val'];
$tmp_batch = $data[$i][4]['val'];
$tmp_id_sw = (int) $data[$i][0]['val'];
$tmp_id_tw = (int) $data[$i][1]['val'];
$tmp_id_product = (int) $data[$i][2]['val'];
$tmp_qty = price2num((float) $data[$i][3]['val'], 'MS');
$tmp_batch = dol_escape_htmltag($data[$i][4]['val']);
if (!is_numeric($tmp_id_product)) {
$result = fetchref($productstatic, $tmp_id_product);