FIX security bugs

Dolibarr · Dec 18, 2016 · a736f37 · a736f37
1 parent 78bf209
commit a736f37
Show file tree

Hide file tree

Showing 12 changed files with 29 additions and 26 deletions.
diff --git a/htdocs/accountancy/bookkeeping/balancebymonth.php b/htdocs/accountancy/bookkeeping/balancebymonth.php
@@ -38,7 +38,7 @@
 $langs->load("accountancy");
 
 // Filter
-$year = $_GET["year"];
+$year = GETPOST("year",'int');
 if ($year == 0) {
 	$year_current = strftime("%Y", time());
 	$year_start = $year_current;
@@ -47,9 +47,11 @@
 	$year_start = $year;
 }
 
+
 /*
  * View
  */
+
 llxHeader('', $langs->trans("Bookkeeping"));
 
 $textprevyear = '<a href="' . $_SERVER["PHP_SELF"] . '?year=' . ($year_current - 1) . '">' . img_previous() . '</a>';

diff --git a/htdocs/accountancy/customer/index.php b/htdocs/accountancy/customer/index.php
@@ -47,7 +47,7 @@
 	accessforbidden();
 
 // Filter
-$year = $_GET["year"];
+$year = GETPOST("year",'int');
 if ($year == 0) {
 	$year_current = strftime("%Y", time());
 	$year_start = $year_current;
@@ -57,7 +57,7 @@
 }
 
 // Validate History
-$action = GETPOST('action');
+$action = GETPOST('action','alpha');
 
 
 

diff --git a/htdocs/accountancy/report/result.php b/htdocs/accountancy/report/result.php
@@ -43,7 +43,7 @@
 $cancel = GETPOST('cancel');
 
 // Filter
-$year = $_GET["year"];
+$year = GETPOST('year','int');
 if ($year == 0) {
 	$year_current = strftime("%Y", time());
 	$year_start = $year_current;
@@ -64,9 +64,11 @@
 
 $AccCat = new AccountancyCategory($db);
 
+
 /*
  * View
  */
+
 llxheader('', $langs->trans('ReportInOut'));
 
 $formaccounting = new FormAccounting($db);

diff --git a/htdocs/accountancy/supplier/index.php b/htdocs/accountancy/supplier/index.php
@@ -45,7 +45,7 @@
 	accessforbidden();
 
 // Filter
-$year = $_GET["year"];
+$year = GETPOST("year",'int');
 if ($year == 0) {
 	$year_current = strftime("%Y", time());
 	$year_start = $year_current;
@@ -55,7 +55,7 @@
 }
 
 // Validate History
-$action = GETPOST('action');
+$action = GETPOST('action', 'alpha');
 
 
 /*

diff --git a/htdocs/asterisk/wrapper.php b/htdocs/asterisk/wrapper.php
@@ -85,10 +85,10 @@ function llxFooter()
 if (! isset($conf->global->ASTERISK_MAX_RETRY)) $conf->global->ASTERISK_MAX_RETRY="2";
 
 
-$login = $_GET['login'];
-$password = $_GET['password'];
-$caller = $_GET['caller'];
-$called = $_GET['called'];
+$login = GETPOST('login');
+$password = GETPOST('password');
+$caller = GETPOST('caller');
+$called = GETPOST('called');
 
 // IP address of Asterisk server
 $strHost = $conf->global->ASTERISK_HOST;

diff --git a/htdocs/categories/traduction.php b/htdocs/categories/traduction.php
@@ -277,7 +277,7 @@
 	print '<form action="'.$_SERVER["PHP_SELF"].'" method="post">';
 	print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
 	print '<input type="hidden" name="action" value="vadd">';
-	print '<input type="hidden" name="id" value="'.$_GET["id"].'">';
+	print '<input type="hidden" name="id" value="'.$id.'">';
 
 	print '<table class="border" width="100%">';
 	print '<tr><td class="fieldtitlecreate fieldrequired">'.$langs->trans('Translation').'</td><td>';

diff --git a/htdocs/install/step4.php b/htdocs/install/step4.php
@@ -79,7 +79,7 @@
 if ($db->ok)
 {
     print '<tr><td>'.$langs->trans("DolibarrAdminLogin").' :</td><td>';
-	print '<input name="login" type="text" value="' . (!empty($_GET["login"]) ? $_GET["login"] : (isset($force_install_dolibarrlogin) ? $force_install_dolibarrlogin : '')) . '"' . (@$force_install_noedit == 2 && $force_install_dolibarrlogin !== null ? ' disabled' : '') . '></td></tr>';
+	print '<input name="login" type="text" value="' . (!empty($_GET["login"]) ? GETPOST("login") : (isset($force_install_dolibarrlogin) ? $force_install_dolibarrlogin : '')) . '"' . (@$force_install_noedit == 2 && $force_install_dolibarrlogin !== null ? ' disabled' : '') . '></td></tr>';
     print '<tr><td>'.$langs->trans("Password").' :</td><td>';
     print '<input type="password" name="pass"></td></tr>';
     print '<tr><td>'.$langs->trans("PasswordAgain").' :</td><td>';

diff --git a/htdocs/loan/calc.php b/htdocs/loan/calc.php
@@ -49,12 +49,12 @@
  * Set the USER INPUT values
  * --------------------------------------------------- */
 if (isset($_REQUEST['form_complete'])) {
-    $sale_price                      = $_REQUEST['sale_price'];
-    $annual_interest_percent         = $_REQUEST['annual_interest_percent'];
-    $year_term                       = $_REQUEST['year_term'];
-    $down_percent                    = $_REQUEST['down_percent'];
-    $show_progress                   = (isset($_REQUEST['show_progress'])) ? $_REQUEST['show_progress'] : false;
-    $form_complete                   = $_REQUEST['form_complete'];
+    $sale_price                      = GETPOST('sale_price');
+    $annual_interest_percent         = GETPOST('annual_interest_percent');
+    $year_term                       = GETPOST('year_term');
+    $down_percent                    = GETPOST('down_percent');
+    $show_progress                   = (isset($_REQUEST['show_progress'])) ? GETPOST('show_progress') : false;
+    $form_complete                   = GETPOST('form_complete');
 }
 
 // This function does the actual mortgage calculations

diff --git a/htdocs/loan/payment/card.php b/htdocs/loan/payment/card.php
@@ -32,7 +32,7 @@
 $langs->load('loan');
 
 // Security check
-$id=GETPOST("id");
+$id=GETPOST("id",'int');
 $action=GETPOST("action");
 $confirm=GETPOST('confirm');
 if ($user->societe_id) $socid=$user->societe_id;
@@ -120,7 +120,7 @@
 
 $h=0;
 
-$head[$h][0] = DOL_URL_ROOT.'/loan/payment/card.php?id='.$_GET["id"];
+$head[$h][0] = DOL_URL_ROOT.'/loan/payment/card.php?id='.$id;
 $head[$h][1] = $langs->trans("Card");
 $hselected = $h;
 $h++;

diff --git a/htdocs/product/canvas/product/actions_card_product.class.php b/htdocs/product/canvas/product/actions_card_product.class.php
@@ -325,16 +325,15 @@ function LoadListDatas($limit, $offset, $sortfield, $sortorder)
 
         $this->list_datas = array();
 
-		//$_GET["sall"] = 'LL';
 		// Clean parameters
-		$sall=trim(isset($_GET["sall"])?$_GET["sall"]:$_POST["sall"]);
+		$sall=trim(GETPOST("sall"));
 
 		foreach($this->field_list as $field)
 		{
 			if ($field['enabled'])
 			{
 				$fieldname = "s".$field['alias'];
-				$$fieldname = trim(isset($_GET[$fieldname])?$_GET[$fieldname]:$_POST[$fieldname]);
+				$$fieldname = trim(GETPOST($fieldname));
 			}
 		}
 

diff --git a/htdocs/product/canvas/service/actions_card_service.class.php b/htdocs/product/canvas/service/actions_card_service.class.php
@@ -308,9 +308,9 @@ function LoadListDatas($limit, $offset, $sortfield, $sortorder)
 		$sql.= ' FROM '.MAIN_DB_PREFIX.'product as p';
 		// We'll need this table joined to the select in order to filter by categ
 		if ($search_categ) $sql.= ", ".MAIN_DB_PREFIX."categorie_product as cp";
-		if ($_GET["fourn_id"] > 0)
+		if (GETPOST("fourn_id",'int') > 0)
 		{
-			$fourn_id = $_GET["fourn_id"];
+			$fourn_id = GETPOST("fourn_id",'int');
 			$sql.= ", ".MAIN_DB_PREFIX."product_fournisseur_price as pfp";
 		}
 		$sql.= " WHERE p.entity IN (".getEntity('product', 1).")";

diff --git a/htdocs/product/traduction.php b/htdocs/product/traduction.php
@@ -305,7 +305,7 @@
 	print '<form action="'.$_SERVER["PHP_SELF"].'" method="post">';
 	print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
 	print '<input type="hidden" name="action" value="vadd">';
-	print '<input type="hidden" name="id" value="'.$_GET["id"].'">';
+	print '<input type="hidden" name="id" value="'.GETPOST("id",'int').'">';
 
 	print '<table class="border" width="100%">';
 	print '<tr><td valign="top" class="titlefieldcreate fieldrequired">'.$langs->trans('Language').'</td><td>';