Fix Improper Authorization Check reported by Ahsan Aziz.

Dolibarr · Jul 20, 2021 · b57eb82 · b57eb82
1 parent cea35bd
commit b57eb82
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 2 deletions.
diff --git a/htdocs/user/card.php b/htdocs/user/card.php
@@ -314,8 +314,8 @@
 
 			$id = $object->create($user);
 			if ($id > 0) {
-				if (GETPOST('password')) {
-					$object->setPassword($user, GETPOST('password'));
+				if (GETPOST('password', 'none')) {
+					$object->setPassword($user, GETPOST('password','none'));
 				}
 				if (!empty($conf->categorie->enabled)) {
 					// Categories association

diff --git a/htdocs/user/class/user.class.php b/htdocs/user/class/user.class.php
@@ -1280,6 +1280,10 @@ public function create($user, $notrigger = 0)
 			$langs->load("errors");
 			$this->error = $langs->trans("ErrorFieldRequired", $langs->transnoentitiesnoconv("Login"));
 			return -1;
+		} elseif (preg_match('/[,@<>"\']/', $this->login)) {
+		    $langs->load("errors");
+		    $this->error = $langs->trans("ErrorBadCharIntoLoginName");
+		    return -1;
 		}
 
 		$this->datec = dol_now();
@@ -1669,6 +1673,10 @@ public function update($user, $notrigger = 0, $nosyncmember = 0, $nosyncmemberpa
 			$langs->load("errors");
 			$this->error = $langs->trans("ErrorFieldRequired", 'Login');
 			return -1;
+		} elseif (preg_match('/[,@<>"\']/', $this->login)) {
+		    $langs->load("errors");
+		    $this->error = $langs->trans("ErrorBadCharIntoLoginName");
+		    return -1;
 		}
 
 		$this->db->begin();