Skip to content
Permalink
Browse files Browse the repository at this point in the history
FIX BlindBoolean SQL injection reported by Christian Weiler
<sak1.s3curity@gmail.com>
  • Loading branch information
eldy committed Jun 15, 2020
1 parent 1ba0356 commit 40e1667
Show file tree
Hide file tree
Showing 6 changed files with 9 additions and 9 deletions.
4 changes: 2 additions & 2 deletions htdocs/accountancy/customer/card.php
Expand Up @@ -34,8 +34,8 @@
$cancel = GETPOST('cancel', 'alpha');
$backtopage = GETPOST('backtopage', 'alpha');

$codeventil = GETPOST('codeventil');
$id = GETPOST('id');
$codeventil = GETPOST('codeventil', 'int');
$id = GETPOST('id', 'int');

// Security check
if ($user->socid > 0)
Expand Down
4 changes: 2 additions & 2 deletions htdocs/accountancy/expensereport/card.php
Expand Up @@ -38,8 +38,8 @@
$cancel = GETPOST('cancel', 'alpha');
$backtopage = GETPOST('backtopage', 'alpha');

$codeventil = GETPOST('codeventil');
$id = GETPOST('id');
$codeventil = GETPOST('codeventil', 'int');
$id = GETPOST('id', 'int');

// Security check
if ($user->socid > 0)
Expand Down
4 changes: 2 additions & 2 deletions htdocs/accountancy/supplier/card.php
Expand Up @@ -38,8 +38,8 @@
$cancel = GETPOST('cancel', 'alpha');
$backtopage = GETPOST('backtopage', 'alpha');

$codeventil = GETPOST('codeventil');
$id = GETPOST('id');
$codeventil = GETPOST('codeventil', 'int');
$id = GETPOST('id', 'int');

// Security check
if ($user->socid > 0)
Expand Down
2 changes: 1 addition & 1 deletion htdocs/comm/mailing/info.php
Expand Up @@ -27,7 +27,7 @@
require_once DOL_DOCUMENT_ROOT.'/core/lib/functions2.lib.php';
require_once DOL_DOCUMENT_ROOT.'/core/lib/emailing.lib.php';

$id = GETPOST('id');
$id = GETPOST('id', 'int');

// Load translation files required by the page
$langs->load("mails");
Expand Down
2 changes: 1 addition & 1 deletion htdocs/compta/paiement/info.php
Expand Up @@ -31,7 +31,7 @@
// Load translation files required by the page
$langs->loadLangs(array('bills', 'companies'));

$id = GETPOST('id');
$id = GETPOST('id', 'int');
$ref = GETPOST('ref', 'alpha');
$action = GETPOST('action', 'alpha');
$confirm = GETPOST('confirm', 'alpha');
Expand Down
2 changes: 1 addition & 1 deletion htdocs/variants/ajax/get_attribute_values.php
Expand Up @@ -28,7 +28,7 @@

header('Content-Type: application/json');

$id = GETPOST('id');
$id = GETPOST('id', 'int');

if (!$id) {
print json_encode(array(
Expand Down

0 comments on commit 40e1667

Please sign in to comment.