Fix: Sanitize data 2

Dolibarr · Mar 27, 2012 · 0c22537 · 0c22537
1 parent 28cf134
commit 0c22537
Showing 1 changed file with 3 additions and 3 deletions.
diff --git a/htdocs/admin/tools/export.php b/htdocs/admin/tools/export.php
@@ -102,7 +102,7 @@
 // MYSQL
 if ($what == 'mysql')
 {
-    $cmddump=$_POST["mysqldump"];
+    $cmddump=GETPOST("mysqldump");	// Do not sanitize here with 'alpha', will be sanitize later by escapeshellarg
     if ($cmddump)
     {
         dolibarr_set_const($db, 'SYSTEMTOOLS_MYSQLDUMP', $cmddump,'chaine',0,'',$conf->entity);
@@ -265,7 +265,7 @@
 // POSTGRESQL
 if ($what == 'postgresql')
 {
-    $cmddump=$_POST["postgresqldump"];
+    $cmddump=GETPOST("postgresqldump");	// Do not sanitize here with 'alpha', will be sanitize later by escapeshellarg
     if ($cmddump)
     {
         dolibarr_set_const($db, 'SYSTEMTOOLS_POSTGRESQLDUMP', $cmddump,'chaine',0,'',$conf->entity);
@@ -295,7 +295,7 @@
         if (GETPOST("drop"))			 $param.=" --add-drop-table";
         if (! GETPOST("sql_data"))       $param.=" -s";
     }
-    if ($_POST["sql_data"])
+    if (GETPOST("sql_data"))
     {
         if (! GETPOST("sql_structure"))	 $param.=" -a";
         if (GETPOST("showcolumns"))	     $param.=" -c";