Skip to content

Commit

Permalink
Merge pull request #138 from simnandez/develop
Browse files Browse the repository at this point in the history 
Fix: Sanitize data
  • Loading branch information
@hregis
hregis committed Mar 28, 2012
2 parents 0370e06 + 956eb11 commit cb0fa0a
Show file tree
Hide file tree
Showing 6 changed files with 53 additions and 53 deletions.
14 changes: 7 additions & 7 deletions htdocs/admin/commande.php
View file
Expand Up @@ -47,8 +47,8 @@

if ($action == 'updateMask')
{
$maskconstorder=GETPOST("maskconstorder");
$maskorder=GETPOST("maskorder");
$maskconstorder=GETPOST('maskconstorder','alpha');
$maskorder=GETPOST('maskorder','alpha');

if ($maskconstorder) $res = dolibarr_set_const($db,$maskconstorder,$maskorder,'chaine',0,'',$conf->entity);

Expand All @@ -66,7 +66,7 @@

if ($action == 'specimen')
{
$modele=GETPOST("module");
$modele=GETPOST('module','alpha');

$commande = new Commande($db);
$commande->initAsSpecimen();
Expand Down Expand Up @@ -111,8 +111,8 @@

if ($action == 'set')
{
$label = GETPOST("label");
$scandir = GETPOST("scandir");
$label = GETPOST('label','alpha');
$scandir = GETPOST('scandir','alpha');

$type='order';
$sql = "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity, libelle, description)";
Expand Down Expand Up @@ -142,8 +142,8 @@

if ($action == 'setdoc')
{
$label = GETPOST("label");
$scandir = GETPOST("scandir");
$label = GETPOST('label','alpha');
$scandir = GETPOST('scandir','alpha');

$db->begin();

Expand Down
4 changes: 2 additions & 2 deletions htdocs/admin/confexped.php
View file
Expand Up @@ -2,7 +2,7 @@
/* Copyright (C) 2004-2010 Laurent Destailleur <eldy@users.sourceforge.net>
* Copyright (C) 2005-2009 Regis Houssin <regis@dolibarr.fr>
* Copyright (C) 2006 Andre Cianfarani <acianfa@free.fr>
* Copyright (C) 2011 Juanjo Menent <jmenent@2byte.es>
* Copyright (C) 2011 Juanjo Menent <jmenent@2byte.es>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
Expand Down Expand Up @@ -34,7 +34,7 @@
if (!$user->admin)
accessforbidden();

$action=GETPOST("action");
$action=GETPOST('action','alpha');

// Shipment note
if ($action == 'activate_sending')
Expand Down
10 changes: 5 additions & 5 deletions htdocs/admin/contract.php
View file
@@ -1,5 +1,5 @@
<?php
/* Copyright (C) 2011 Juanjo Menent <jmenent@2byte.es>
/* Copyright (C) 2011-2012 Juanjo Menent <jmenent@2byte.es>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
Expand Down Expand Up @@ -30,8 +30,8 @@

if (!$user->admin) accessforbidden();

$action = GETPOST("action");
$value = GETPOST("value");
$action = GETPOST('action','alpha');
$value = GETPOST('value','alpha');

if (empty($conf->global->CONTRACT_ADDON))
{
Expand All @@ -45,8 +45,8 @@

if ($action == 'updateMask')
{
$maskconst=$_POST['maskconstcontract'];
$maskvalue=$_POST['maskcontract'];
$maskconst = GETPOST('maskconstcontract','alpha');
$maskvalue = GETPOST('maskcontract','alpha');
if ($maskconst) $res = dolibarr_set_const($db,$maskconst,$maskvalue,'chaine',0,'',$conf->entity);

if (! $res > 0) $error++;
Expand Down
32 changes: 16 additions & 16 deletions htdocs/admin/expedition.php
View file
Expand Up @@ -5,7 +5,7 @@
* Copyright (C) 2004 Benoit Mortier <benoit.mortier@opensides.be>
* Copyright (C) 2004 Eric Seigne <eric.seigne@ryxeo.com>
* Copyright (C) 2005-2011 Regis Houssin <regis@dolibarr.fr>
* Copyright (C) 2011 Juanjo Menent <jmenent@2byte.es>
* Copyright (C) 2011-2012 Juanjo Menent <jmenent@2byte.es>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
Expand Down Expand Up @@ -37,8 +37,8 @@

if (!$user->admin) accessforbidden();

$action=GETPOST("action");
$value=GETPOST("value");
$action=GETPOST('action','alpha');
$value=GETPOST('value','alpha');

if (empty($conf->global->EXPEDITION_ADDON_NUMBER))
{
Expand All @@ -51,7 +51,7 @@
*/
if ($action == 'specimen')
{
$modele=GETPOST("module");
$modele=GETPOST('module','alpha');

$exp = new Expedition($db);
$exp->initAsSpecimen();
Expand Down Expand Up @@ -89,8 +89,8 @@
// Activate a model
if ($action == 'set')
{
$label = GETPOST("label");
$scandir = GETPOST("scandir");
$label = GETPOST('label','alpha');
$scandir = GETPOST('scandir','alpha');

$type='shipping';
$sql = "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity, libelle, description)";
Expand Down Expand Up @@ -121,8 +121,8 @@
// Set default model
if ($action == 'setdoc')
{
$label = GETPOST("label");
$scandir = GETPOST("scandir");
$label = GETPOST('label','alpha');
$scandir = GETPOST('scandir','alpha');

$db->begin();

Expand Down Expand Up @@ -158,9 +158,9 @@
// TODO A quoi servent les methode d'expedition ?
if ($action == 'setmethod' || $action== 'setmod')
{
$module=GETPOST("module");
$moduleid=GETPOST("moduleid");
$statut=GETPOST("statut");
$module=GETPOST('module','alpha');
$moduleid=GETPOST('moduleid','alpha');
$statut=GETPOST('statut','alpha');

require_once(DOL_DOCUMENT_ROOT."/core/modules/expedition/methode_expedition_$module.modules.php");

Expand Down Expand Up @@ -231,16 +231,16 @@
// TODO Verifier si module numerotation choisi peut etre active
// par appel methode canBeActivated

$module=GETPOST("module");
$module=GETPOST('module','alpha');

dolibarr_set_const($db, "EXPEDITION_ADDON",$module,'chaine',0,'',$conf->entity);

}

if ($action == 'updateMask')
{
$maskconst=GETPOST("maskconstexpedition");
$maskvalue=GETPOST("maskexpedition");
$maskconst=GETPOST('maskconstexpedition','alpha');
$maskvalue=GETPOST('maskexpedition','alpha');
if ($maskconst) $res = dolibarr_set_const($db,$maskconst,$maskvalue,'chaine',0,'',$conf->entity);

if (! $res > 0) $error++;
Expand All @@ -262,7 +262,7 @@

if ($action == 'set_SHIPPING_DRAFT_WATERMARK')
{
$draft=GETPOST("SHIPPING_DRAFT_WATERMARK");
$draft=GETPOST('SHIPPING_DRAFT_WATERMARK','alpha');
$res = dolibarr_set_const($db, "SHIPPING_DRAFT_WATERMARK",trim($draft),'chaine',0,'',$conf->entity);

if (! $res > 0) $error++;
Expand All @@ -279,7 +279,7 @@

if ($action == 'set_SHIPPING_FREE_TEXT')
{
$free=GETPOST("SHIPPING_FREE_TEXT");
$free=GETPOST('SHIPPING_FREE_TEXT','alpha');
$res = dolibarr_set_const($db, "SHIPPING_FREE_TEXT",$free,'chaine',0,'',$conf->entity);
if (! $res > 0) $error++;

Expand Down
24 changes: 12 additions & 12 deletions htdocs/admin/fichinter.php
View file
Expand Up @@ -5,7 +5,7 @@
* Copyright (C) 2004 Benoit Mortier <benoit.mortier@opensides.be>
* Copyright (C) 2005-2012 Regis Houssin <regis@dolibarr.fr>
* Copyright (C) 2008 Raphael Bertrand (Resultic) <raphael.bertrand@resultic.fr>
* Copyright (C) 2011 Juanjo Menent <jmenent@2byte.es>
* Copyright (C) 2011-2012 Juanjo Menent <jmenent@2byte.es>
* Copyright (C) 2011-2012 Philippe Grand <philippe.grand@atoo-net.com>
*
* This program is free software; you can redistribute it and/or modify
Expand Down Expand Up @@ -39,17 +39,17 @@
if (!$user->admin)
accessforbidden();

$action = GETPOST("action");
$value = GETPOST("value");
$action = GETPOST('action','alpha');
$value = GETPOST('value','alpha');


/*
* Actions
*/
if ($action == 'updateMask')
{
$maskconst=GETPOST("maskconst");
$maskvalue=GETPOST("maskvalue");
$maskconst=GETPOST('maskconst','alpha');
$maskvalue=GETPOST('maskvalue','alpha');
if ($maskconst) $res = dolibarr_set_const($db,$maskconst,$maskvalue,'chaine',0,'',$conf->entity);

if (! $res > 0) $error++;
Expand All @@ -66,7 +66,7 @@

if ($action == 'set_FICHINTER_FREE_TEXT')
{
$freetext= GETPOST("FICHINTER_FREE_TEXT");
$freetext= GETPOST('FICHINTER_FREE_TEXT','alpha');
$res = dolibarr_set_const($db, "FICHINTER_FREE_TEXT",$freetext,'chaine',0,'',$conf->entity);

if (! $res > 0) $error++;
Expand All @@ -83,7 +83,7 @@

if ($action == 'set_FICHINTER_DRAFT_WATERMARK')
{
$draft= GETPOST("FICHINTER_DRAFT_WATERMARK");
$draft= GETPOST('FICHINTER_DRAFT_WATERMARK','alpha');

$res = dolibarr_set_const($db, "FICHINTER_DRAFT_WATERMARK",trim($draft),'chaine',0,'',$conf->entity);

Expand All @@ -101,7 +101,7 @@

if ($action == 'specimen')
{
$modele=$_GET["module"];
$modele= GETPOST('module','alpha');

$inter = new Fichinter($db);
$inter->initAsSpecimen();
Expand Down Expand Up @@ -146,8 +146,8 @@

if ($action == 'set')
{
$label = GETPOST("label");
$scandir = GETPOST("scandir");
$label = GETPOST('label','alpha');
$scandir = GETPOST('scandir','alpha');

$type='ficheinter';
$sql = "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity, libelle, description)";
Expand Down Expand Up @@ -177,8 +177,8 @@

if ($action == 'setdoc')
{
$label = GETPOST("label");
$scandir = GETPOST("scandir");
$label = GETPOST('label','alpha');
$scandir = GETPOST('scandir','alpha');

$db->begin();

Expand Down
22 changes: 11 additions & 11 deletions htdocs/admin/livraison.php
View file
Expand Up @@ -5,7 +5,7 @@
* Copyright (C) 2004 Benoit Mortier <benoit.mortier@opensides.be>
* Copyright (C) 2004 Eric Seigne <eric.seigne@ryxeo.com>
* Copyright (C) 2005-2011 Regis Houssin <regis@dolibarr.fr>
* Copyright (C) 2011 Juanjo Menent <jmenent@2byte.es>
* Copyright (C) 2011-2012 Juanjo Menent <jmenent@2byte.es>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
Expand Down Expand Up @@ -36,17 +36,17 @@

if (!$user->admin) accessforbidden();

$action = GETPOST("action");
$value = GETPOST("value");
$action = GETPOST('action','alpha');
$value = GETPOST('value','alpha');

/*
* Actions
*/

if ($action == 'updateMask')
{
$maskconstdelivery=GETPOST("maskconstdelivery");
$maskdelivery=GETPOST("maskdelivery");
$maskconstdelivery=GETPOST('maskconstdelivery','alpha');
$maskdelivery=GETPOST('maskdelivery','alpha');
if ($maskconstdelivery) $res = dolibarr_set_const($db,$maskconstdelivery,$maskdelivery,'chaine',0,'',$conf->entity);

if (! $res > 0) $error++;
Expand All @@ -63,7 +63,7 @@

if ($action == 'specimen')
{
$modele=GETPOST("module");
$modele=GETPOST('module','alpha');

$sending = new Livraison($db);
$sending->initAsSpecimen();
Expand Down Expand Up @@ -99,8 +99,8 @@

if ($action == 'set')
{
$label = GETPOST("label");
$scandir = GETPOST("scandir");
$label = GETPOST('label','alpha');
$scandir = GETPOST('scandir','alpha');

$type='delivery';
$sql = "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity, libelle, description)";
Expand All @@ -127,8 +127,8 @@

if ($action == 'setdoc')
{
$label = GETPOST("label");
$scandir = GETPOST("scandir");
$label = GETPOST('label','alpha');
$scandir = GETPOST('scandir','alpha');
$db->begin();

if (dolibarr_set_const($db, "LIVRAISON_ADDON_PDF",$value,'chaine',0,'',$conf->entity))
Expand Down Expand Up @@ -162,7 +162,7 @@

if ($action == 'set_DELIVERY_FREE_TEXT')
{
$free=GETPOST("DELIVERY_FREE_TEXT");
$free=GETPOST('DELIVERY_FREE_TEXT','alpha');
$res=dolibarr_set_const($db, "DELIVERY_FREE_TEXT",$free,'chaine',0,'',$conf->entity);

if (! $res > 0) $error++;
Expand Down

0 comments on commit cb0fa0a

Please sign in to comment.