@@ -76,6 +76,9 @@ function test_sql_and_script_inject($val,$get)
7676 $ sql_inj += preg_match ('/(\.\.%2f)+/i ' , $ val );
7777 // For XSS Injection done by adding javascript with script
7878 $ sql_inj += preg_match ('/<script/i ' , $ val );
79+ $ sql_inj += preg_match ('/img[\s]+src/i ' , $ val );
80+ $ sql_inj += preg_match ('/base[\s]+href/i ' , $ val );
81+ $ sql_inj += preg_match ('/style([\s]+)?=/i ' , $ val );
7982 if ($ get ) $ sql_inj += preg_match ('/javascript:/i ' , $ val );
8083 // For XSS Injection done by adding javascript with onmousemove, etc... (closing a src or href tag with not cleaned param)
8184 if ($ get ) $ sql_inj += preg_match ('/"/i ' , $ val ); // We refused " in GET parameters value
@@ -324,7 +327,7 @@ function analyse_sql_and_script(&$var,$get)
324327 }
325328
326329 // Verification security graphic code
327- if (isset ( $ _POST [ "username " ] ) && ! empty ($ conf ->global ->MAIN_SECURITY_ENABLECAPTCHA ))
330+ if (GETPOST ( "username " , " alpha " , 2 ) && ! empty ($ conf ->global ->MAIN_SECURITY_ENABLECAPTCHA ))
328331 {
329332 require_once DOL_DOCUMENT_ROOT .'/includes/artichow/Artichow.cfg.php ' ;
330333 require_once ARTICHOW ."/AntiSpam.class.php " ;
@@ -339,7 +342,7 @@ function analyse_sql_and_script(&$var,$get)
339342 $ langs ->load ('main ' );
340343 $ langs ->load ('other ' );
341344
342- $ user ->trigger_mesg ='ErrorBadValueForCode - login= ' .$ _POST [ "username " ] ;
345+ $ user ->trigger_mesg ='ErrorBadValueForCode - login= ' .GETPOST ( "username " , " alpha " , 2 ) ;
343346 $ _SESSION ["dol_loginmesg " ]=$ langs ->trans ("ErrorBadValueForCode " );
344347 $ test =false ;
345348
@@ -365,7 +368,7 @@ function analyse_sql_and_script(&$var,$get)
365368 // If error, we will put error message in session under the name dol_loginmesg
366369 $ goontestloop =false ;
367370 if (isset ($ _SERVER ["REMOTE_USER " ]) && in_array ('http ' ,$ authmode )) $ goontestloop =true ;
368- if (isset ( $ _POST [ "username " ] ) || GETPOST ('openid_mode ' ,'alpha ' ,1 )) $ goontestloop =true ;
371+ if (GETPOST ( "username " , " alpha " , 2 ) || GETPOST ('openid_mode ' ,'alpha ' ,1 )) $ goontestloop =true ;
369372
370373 if ($ test && $ goontestloop )
371374 {
@@ -378,7 +381,7 @@ function analyse_sql_and_script(&$var,$get)
378381 if ($ result )
379382 {
380383 // Call function to check user/password
381- $ usertotest =$ _POST [ "username " ] ;
384+ $ usertotest =GETPOST ( "username " , " alpha " , 2 ) ;
382385 $ passwordtotest =$ _POST ["password " ];
383386 $ entitytotest =$ _POST ["entity " ];
384387 $ function ='check_user_password_ ' .$ mode ;
@@ -411,7 +414,7 @@ function analyse_sql_and_script(&$var,$get)
411414 $ langs ->load ('other ' );
412415
413416 // Bad password. No authmode has found a good password.
414- $ user ->trigger_mesg =$ langs ->trans ("ErrorBadLoginPassword " ).' - login= ' .$ _POST [ "username " ] ;
417+ $ user ->trigger_mesg =$ langs ->trans ("ErrorBadLoginPassword " ).' - login= ' .GETPOST ( "username " , " alpha " , 2 ) ;
415418 $ _SESSION ["dol_loginmesg " ]=$ langs ->trans ("ErrorBadLoginPassword " );
416419
417420 // Appel des triggers
0 commit comments