Permalink
Browse files

FIX CVE-2018-19998

  • Loading branch information...
eldy committed Dec 22, 2018
1 parent 74e75a7 commit 2b088a73c121a52e006c0d76ea4da7ffeb7b4f4a
Showing with 4 additions and 4 deletions.
  1. +1 −1 htdocs/user/card.php
  2. +3 −3 htdocs/user/class/user.class.php
@@ -350,7 +350,7 @@
$object->accountancy_code = GETPOST("accountancy_code",'alpha');
$object->openid = GETPOST("openid",'alpha');
$object->fk_user = GETPOST("fk_user",'int') > 0 ? GETPOST("fk_user",'int') : 0;
$object->employee = GETPOST('employee','alphanothtml');
$object->employee = GETPOST('employee','int');
$object->thm = GETPOST("thm",'alphanohtml') != '' ? GETPOST("thm",'alphanohtml') : '';
$object->tjm = GETPOST("tjm",'alphanohtml') != '' ? GETPOST("tjm",'alphanohtml') : '';
@@ -1405,12 +1405,12 @@ function update($user, $notrigger=0, $nosyncmember=0, $nosyncmemberpass=0, $nosy
$sql = "UPDATE ".MAIN_DB_PREFIX."user SET";
$sql.= " lastname = '".$this->db->escape($this->lastname)."'";
$sql.= ", firstname = '".$this->db->escape($this->firstname)."'";
$sql.= ", employee = ".$this->employee;
$sql.= ", employee = ".(int) $this->employee;
$sql.= ", login = '".$this->db->escape($this->login)."'";
$sql.= ", api_key = ".($this->api_key ? "'".$this->db->escape($this->api_key)."'" : "null");
$sql.= ", gender = ".($this->gender != -1 ? "'".$this->db->escape($this->gender)."'" : "null"); // 'man' or 'woman'
$sql.= ", birth=".(strval($this->birth)!='' ? "'".$this->db->idate($this->birth)."'" : 'null');
if (! empty($user->admin)) $sql.= ", admin = ".$this->admin; // admin flag can be set/unset only by an admin user
if (! empty($user->admin)) $sql.= ", admin = ".(int) $this->admin; // admin flag can be set/unset only by an admin user
$sql.= ", address = '".$this->db->escape($this->address)."'";
$sql.= ", zip = '".$this->db->escape($this->zip)."'";
$sql.= ", town = '".$this->db->escape($this->town)."'";
@@ -1502,7 +1502,7 @@ function update($user, $notrigger=0, $nosyncmember=0, $nosyncmemberpass=0, $nosy
$adh->zip=$this->zip;
$adh->state_id=$this->state_id;
$adh->country_id=$this->country_id;
$adh->email=$this->email;
$adh->skype=$this->skype;
$adh->phone=$this->office_phone;

0 comments on commit 2b088a7

Please sign in to comment.