Permalink
Browse files

FIX CVE-2018-19992

  • Loading branch information...
eldy committed Dec 22, 2018
1 parent 707af49 commit 0f06e39d23636bd1e4039ac61a743c79725c798b
Showing with 6 additions and 6 deletions.
  1. +3 −3 htdocs/adherents/card.php
  2. +3 −3 htdocs/adherents/type.php
@@ -951,14 +951,14 @@ function initfieldrequired()
// Address
print '<tr><td class="tdtop">'.$langs->trans("Address").'</td><td>';
print '<textarea name="address" wrap="soft" class="quatrevingtpercent" rows="2">'.(GETPOST('address','alpha')?GETPOST('address','alpha'):$object->address).'</textarea>';
print '<textarea name="address" wrap="soft" class="quatrevingtpercent" rows="2">'.(GETPOST('address','alphanohtml')?GETPOST('address','alphanohtml'):$object->address).'</textarea>';
print '</td></tr>';
// Zip / Town
print '<tr><td>'.$langs->trans("Zip").' / '.$langs->trans("Town").'</td><td>';
print $formcompany->select_ziptown((GETPOST('zipcode','alpha')?GETPOST('zipcode','alpha'):$object->zip),'zipcode',array('town','selectcountry_id','state_id'),6);
print $formcompany->select_ziptown((GETPOST('zipcode','alphanohtml')?GETPOST('zipcode','alphanohtml'):$object->zip),'zipcode',array('town','selectcountry_id','state_id'),6);
print ' ';
print $formcompany->select_ziptown((GETPOST('town','alpha')?GETPOST('town','alpha'):$object->town),'town',array('zipcode','selectcountry_id','state_id'));
print $formcompany->select_ziptown((GETPOST('town','alphanohtml')?GETPOST('town','alphanohtml'):$object->town),'town',array('zipcode','selectcountry_id','state_id'));
print '</td></tr>';
// Country
@@ -42,7 +42,7 @@
$search_lastname = GETPOST('search_lastname','alpha');
$search_login = GETPOST('search_login','alpha');
$search_email = GETPOST('search_email','alpha');
$type = GETPOST('type','alpha');
$type = GETPOST('type','intcomma');
$status = GETPOST('status','alpha');
$limit = GETPOST('limit','int')?GETPOST('limit','int'):$conf->liste_limit;
@@ -59,8 +59,8 @@
$label=GETPOST("label","alpha");
$subscription=GETPOST("subscription","int");
$vote=GETPOST("vote","int");
$comment=GETPOST("comment");
$mail_valid=GETPOST("mail_valid");
$comment=GETPOST("comment",'alphanohtml');
$mail_valid=GETPOST("mail_valid",'none');
// Security check
$result=restrictedArea($user,'adherent',$rowid,'adherent_type');

0 comments on commit 0f06e39

Please sign in to comment.