Skip to content

Commit

Permalink
- Add improvement to GETPOST function
Browse files Browse the repository at this point in the history 
- Review thirdparty cards for illustration of new GETPOST functionality
  • Loading branch information
@KreizIT
KreizIT committed Aug 6, 2014
1 parent e52d8a6 commit cfe35f3
Show file tree
Hide file tree
Showing 2 changed files with 135 additions and 129 deletions.
56 changes: 31 additions & 25 deletions htdocs/core/lib/functions.lib.php
View file
Expand Up @@ -11,7 +11,8 @@
* Copyright (C) 2013 Cédric Salvador <csalvador@gpcsolutions.fr>
* Copyright (C) 2013 Alexandre Spangaro <alexandre.spangaro@gmail.com>
* Copyright (C) 2014 Marcos García <marcosgdf@gmail.com>
*
* Copyright (C) 2014 Cédric GROSS <c.gross@kreiz-it.fr>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 3 of the License, or
Expand Down Expand Up @@ -169,11 +170,11 @@ function dol_shutdown()
* Return value of a param into GET or POST supervariable
*
* @param string $paramname Name of parameter to found
* @param string $check Type of check (''=no check, 'int'=check it's numeric, 'alpha'=check it's text and sign, 'aZ'=check it's a-z only, 'array'=check it's array)
* @param string $check Type of check (''=no check, 'int'=check it's numeric, 'alpha'=check it's text and sign, 'aZ'=check it's a-z only, 'array'=check it's array, 'san_alpha'= Use filter_var with FILTER_SANITIZE_STRING, 'custom'= custom filter specify $filter and $options)
* @param int $method Type of method (0 = get then post, 1 = only get, 2 = only post, 3 = post then get, 4 = post then get then cookie)
* @return string||string[] Value found, or '' if check fails
*/
function GETPOST($paramname,$check='',$method=0)
function GETPOST($paramname,$check='',$method=0,$filter=NULL,$options=NULL)
{
if (empty($method)) $out = isset($_GET[$paramname])?$_GET[$paramname]:(isset($_POST[$paramname])?$_POST[$paramname]:'');
elseif ($method==1) $out = isset($_GET[$paramname])?$_GET[$paramname]:'';
Expand All @@ -184,28 +185,33 @@ function GETPOST($paramname,$check='',$method=0)

if (! empty($check))
{
// Check if numeric
if ($check == 'int' && ! is_numeric($out)) $out='';
// Check if alpha
elseif ($check == 'alpha')
{
$out=trim($out);
// '"' is dangerous because param in url can close the href= or src= and add javascript functions.
// '../' is dangerous because it allows dir transversals
if (preg_match('/"/',$out)) $out='';
else if (preg_match('/\.\.\//',$out)) $out='';
}
elseif ($check == 'aZ')
{
$out=trim($out);
// '"' is dangerous because param in url can close the href= or src= and add javascript functions.
// '../' is dangerous because it allows dir transversals
if (preg_match('/[^a-z]+/i',$out)) $out='';
}
elseif ($check == 'array')
{
if (! is_array($out) || empty($out)) $out=array();
}
switch ($check)
{
case 'int':
if (! is_numeric($out)) { $out=''; }
break;
case 'alpha':
$out=trim($out);
// '"' is dangerous because param in url can close the href= or src= and add javascript functions.
// '../' is dangerous because it allows dir transversals
if (preg_match('/"/',$out)) $out='';
else if (preg_match('/\.\.\//',$out)) $out='';
break;
case 'san_alpha':
$out=filter_var($out,FILTER_SANITIZE_STRING);
break;
case 'aZ':
$out=trim($out);
if (preg_match('/[^a-z]+/i',$out)) $out='';
break;
case 'array':
if (! is_array($out) || empty($out)) $out=array();
break;
case 'custom':
if (empty($filter)) return 'BadFourthParameterForGETPOST';
$out=filter_var($out, $filter, $options);
break;
}
}

return $out;
Expand Down
208 changes: 104 additions & 104 deletions htdocs/societe/soc.php
View file
Expand Up @@ -136,64 +136,64 @@
{
$object->particulier = GETPOST("private");

$object->name = dolGetFirstLastname(GETPOST('firstname'),GETPOST('nom')?GETPOST('nom'):GETPOST('name'));
$object->civility_id = GETPOST('civility_id');
$object->name = dolGetFirstLastname(GETPOST('firstname','san_alpha'),GETPOST('nom','san_alpha')?GETPOST('nom','san_alpha'):GETPOST('name','san_alpha'));
$object->civility_id = GETPOST('civility_id', 'int');
// Add non official properties
$object->name_bis = GETPOST('name')?GETPOST('name'):GETPOST('nom');
$object->firstname = GETPOST('firstname');
$object->name_bis = GETPOST('name','san_alpha')?GETPOST('name','san_alpha'):GETPOST('nom','san_alpha');
$object->firstname = GETPOST('firstname','san_alpha');
}
else
{
$object->name = GETPOST('name')?GETPOST('name'):GETPOST('nom');
$object->name = GETPOST('name', 'san_alpha')?GETPOST('name', 'san_alpha'):GETPOST('nom', 'san_alpha');
}
$object->address = GETPOST('address');
$object->zip = GETPOST('zipcode');
$object->town = GETPOST('town');
$object->country_id = GETPOST('country_id');
$object->state_id = GETPOST('state_id');
$object->skype = GETPOST('skype');
$object->phone = GETPOST('phone');
$object->fax = GETPOST('fax');
$object->email = GETPOST('email');
$object->url = GETPOST('url');
$object->idprof1 = GETPOST('idprof1');
$object->idprof2 = GETPOST('idprof2');
$object->idprof3 = GETPOST('idprof3');
$object->idprof4 = GETPOST('idprof4');
$object->idprof5 = GETPOST('idprof5');
$object->idprof6 = GETPOST('idprof6');
$object->prefix_comm = GETPOST('prefix_comm');
$object->code_client = GETPOST('code_client');
$object->code_fournisseur = GETPOST('code_fournisseur');
$object->capital = GETPOST('capital');
$object->barcode = GETPOST('barcode');

$object->tva_intra = GETPOST('tva_intra');
$object->tva_assuj = GETPOST('assujtva_value');
$object->status = GETPOST('status');
$object->address = GETPOST('address', 'san_alpha');
$object->zip = GETPOST('zipcode', 'san_alpha');
$object->town = GETPOST('town', 'san_alpha');
$object->country_id = GETPOST('country_id', 'int');
$object->state_id = GETPOST('state_id', 'int');
$object->skype = GETPOST('skype', 'san_alpha');
$object->phone = GETPOST('phone', 'san_alpha');
$object->fax = GETPOST('fax','san_alpha');
$object->email = GETPOST('email', 'custom', 0, FILTER_SANITIZE_EMAIL);
$object->url = GETPOST('url', 'custom', 0, FILTER_SANITIZE_URL);
$object->idprof1 = GETPOST('idprof1', 'san_alpha');
$object->idprof2 = GETPOST('idprof2', 'san_alpha');
$object->idprof3 = GETPOST('idprof3', 'san_alpha');
$object->idprof4 = GETPOST('idprof4', 'san_alpha');
$object->idprof5 = GETPOST('idprof5', 'san_alpha');
$object->idprof6 = GETPOST('idprof6', 'san_alpha');
$object->prefix_comm = GETPOST('prefix_comm', 'san_alpha');
$object->code_client = GETPOST('code_client', 'san_alpha');
$object->code_fournisseur = GETPOST('code_fournisseur', 'san_alpha');
$object->capital = GETPOST('capital', 'san_alpha');
$object->barcode = GETPOST('barcode', 'san_alpha');

$object->tva_intra = GETPOST('tva_intra', 'san_alpha');
$object->tva_assuj = GETPOST('assujtva_value', 'san_alpha');
$object->status = GETPOST('status', 'san_alpha');

// Local Taxes
$object->localtax1_assuj = GETPOST('localtax1assuj_value');
$object->localtax2_assuj = GETPOST('localtax2assuj_value');
$object->localtax1_assuj = GETPOST('localtax1assuj_value', 'san_alpha');
$object->localtax2_assuj = GETPOST('localtax2assuj_value', 'san_alpha');

$object->localtax1_value = GETPOST('lt1');
$object->localtax2_value = GETPOST('lt2');
$object->localtax1_value = GETPOST('lt1', 'san_alpha');
$object->localtax2_value = GETPOST('lt2', 'san_alpha');

$object->forme_juridique_code = GETPOST('forme_juridique_code');
$object->effectif_id = GETPOST('effectif_id');
$object->forme_juridique_code = GETPOST('forme_juridique_code', 'int');
$object->effectif_id = GETPOST('effectif_id', 'int');
if (GETPOST("private") == 1)
{
$object->typent_id = dol_getIdFromCode($db,'TE_PRIVATE','c_typent');
}
else
{
$object->typent_id = GETPOST('typent_id');
$object->typent_id = GETPOST('typent_id', 'int');
}

$object->client = GETPOST('client');
$object->fournisseur = GETPOST('fournisseur');
$object->client = GETPOST('client', 'int');
$object->fournisseur = GETPOST('fournisseur', 'int');

$object->commercial_id = GETPOST('commercial_id');
$object->commercial_id = GETPOST('commercial_id', 'int');
$object->default_lang = GETPOST('default_lang');

// Fill array 'array_options' with data from add form
Expand Down Expand Up @@ -645,48 +645,48 @@
if (GETPOST("type")=='p') { $object->client=2; }
if (! empty($conf->fournisseur->enabled) && (GETPOST("type")=='f' || GETPOST("type")=='')) { $object->fournisseur=1; }

$object->name = GETPOST('nom');
$object->firstname = GETPOST('firstname');
$object->name = GETPOST('nom', 'san_alpha');
$object->firstname = GETPOST('firstname', 'san_alpha');
$object->particulier = $private;
$object->prefix_comm = GETPOST('prefix_comm');
$object->client = GETPOST('client')?GETPOST('client'):$object->client;
$object->code_client = GETPOST('code_client');
$object->code_client = GETPOST('code_client', 'san_alpha');
$object->fournisseur = GETPOST('fournisseur')?GETPOST('fournisseur'):$object->fournisseur;
$object->code_fournisseur = GETPOST('code_fournisseur');
$object->address = GETPOST('address');
$object->zip = GETPOST('zipcode');
$object->town = GETPOST('town');
$object->state_id = GETPOST('state_id');
$object->skype = GETPOST('skype');
$object->phone = GETPOST('phone');
$object->fax = GETPOST('fax');
$object->email = GETPOST('email');
$object->url = GETPOST('url');
$object->capital = GETPOST('capital');
$object->barcode = GETPOST('barcode');
$object->idprof1 = GETPOST('idprof1');
$object->idprof2 = GETPOST('idprof2');
$object->idprof3 = GETPOST('idprof3');
$object->idprof4 = GETPOST('idprof4');
$object->idprof5 = GETPOST('idprof5');
$object->idprof6 = GETPOST('idprof6');
$object->typent_id = GETPOST('typent_id');
$object->effectif_id = GETPOST('effectif_id');
$object->civility_id = GETPOST('civility_id');

$object->tva_assuj = GETPOST('assujtva_value');
$object->status = GETPOST('status');
$object->code_fournisseur = GETPOST('code_fournisseur', 'san_alpha');
$object->address = GETPOST('address', 'san_alpha');
$object->zip = GETPOST('zipcode', 'san_alpha');
$object->town = GETPOST('town', 'san_alpha');
$object->state_id = GETPOST('state_id', 'int');
$object->skype = GETPOST('skype', 'san_alpha');
$object->phone = GETPOST('phone', 'san_alpha');
$object->fax = GETPOST('fax', 'san_alpha');
$object->email = GETPOST('email', 'custom', 0, FILTER_SANITIZE_EMAIL);
$object->url = GETPOST('url', 'custom', 0, FILTER_SANITIZE_URL);
$object->capital = GETPOST('capital', 'int');
$object->barcode = GETPOST('barcode', 'san_alpha');
$object->idprof1 = GETPOST('idprof1', 'san_alpha');
$object->idprof2 = GETPOST('idprof2', 'san_alpha');
$object->idprof3 = GETPOST('idprof3', 'san_alpha');
$object->idprof4 = GETPOST('idprof4', 'san_alpha');
$object->idprof5 = GETPOST('idprof5', 'san_alpha');
$object->idprof6 = GETPOST('idprof6', 'san_alpha');
$object->typent_id = GETPOST('typent_id', 'int');
$object->effectif_id = GETPOST('effectif_id', 'int');
$object->civility_id = GETPOST('civility_id', 'int');

$object->tva_assuj = GETPOST('assujtva_value', 'int');
$object->status = GETPOST('status', 'int');

//Local Taxes
$object->localtax1_assuj = GETPOST('localtax1assuj_value');
$object->localtax2_assuj = GETPOST('localtax2assuj_value');
$object->localtax1_assuj = GETPOST('localtax1assuj_value', 'int');
$object->localtax2_assuj = GETPOST('localtax2assuj_value', 'int');

$object->localtax1_value =GETPOST('lt1');
$object->localtax2_value =GETPOST('lt2');
$object->localtax1_value =GETPOST('lt1', 'int');
$object->localtax2_value =GETPOST('lt2', 'int');

$object->tva_intra = GETPOST('tva_intra');
$object->tva_intra = GETPOST('tva_intra', 'san_alpha');

$object->commercial_id = GETPOST('commercial_id');
$object->commercial_id = GETPOST('commercial_id', 'int');
$object->default_lang = GETPOST('default_lang');

$object->logo = (isset($_FILES['photo'])?dol_sanitizeFileName($_FILES['photo']['name']):'');
Expand Down Expand Up @@ -1154,38 +1154,38 @@
if (GETPOST('nom'))
{
// We overwrite with values if posted
$object->name = GETPOST('nom');
$object->prefix_comm = GETPOST('prefix_comm');
$object->client = GETPOST('client');
$object->code_client = GETPOST('code_client');
$object->fournisseur = GETPOST('fournisseur');
$object->code_fournisseur = GETPOST('code_fournisseur');
$object->address = GETPOST('address');
$object->zip = GETPOST('zipcode');
$object->town = GETPOST('town');
$object->country_id = GETPOST('country_id')?GETPOST('country_id'):$mysoc->country_id;
$object->state_id = GETPOST('state_id');
$object->skype = GETPOST('skype');
$object->phone = GETPOST('phone');
$object->fax = GETPOST('fax');
$object->email = GETPOST('email');
$object->url = GETPOST('url');
$object->capital = GETPOST('capital');
$object->idprof1 = GETPOST('idprof1');
$object->idprof2 = GETPOST('idprof2');
$object->idprof3 = GETPOST('idprof3');
$object->idprof4 = GETPOST('idprof4');
$object->idprof5 = GETPOST('idprof5');
$object->idprof6 = GETPOST('idprof6');
$object->typent_id = GETPOST('typent_id');
$object->effectif_id = GETPOST('effectif_id');
$object->barcode = GETPOST('barcode');
$object->forme_juridique_code = GETPOST('forme_juridique_code');
$object->default_lang = GETPOST('default_lang');
$object->name = GETPOST('nom', 'san_alpha');
$object->prefix_comm = GETPOST('prefix_comm', 'san_alpha');
$object->client = GETPOST('client', 'int');
$object->code_client = GETPOST('code_client', 'san_alpha');
$object->fournisseur = GETPOST('fournisseur', 'int');
$object->code_fournisseur = GETPOST('code_fournisseur', 'san_alpha');
$object->address = GETPOST('address', 'san_alpha');
$object->zip = GETPOST('zipcode', 'san_alpha');
$object->town = GETPOST('town', 'san_alpha');
$object->country_id = GETPOST('country_id')?GETPOST('country_id', 'int'):$mysoc->country_id;
$object->state_id = GETPOST('state_id', 'int');
$object->skype = GETPOST('skype', 'san_alpha');
$object->phone = GETPOST('phone', 'san_alpha');
$object->fax = GETPOST('fax', 'san_alpha');
$object->email = GETPOST('email', 'custom', 0, FILTER_SANITIZE_EMAIL);
$object->url = GETPOST('url', 'custom', 0, FILTER_SANITIZE_URL);
$object->capital = GETPOST('capital', 'int');
$object->idprof1 = GETPOST('idprof1', 'san_alpha');
$object->idprof2 = GETPOST('idprof2', 'san_alpha');
$object->idprof3 = GETPOST('idprof3', 'san_alpha');
$object->idprof4 = GETPOST('idprof4', 'san_alpha');
$object->idprof5 = GETPOST('idprof5', 'san_alpha');
$object->idprof6 = GETPOST('idprof6', 'san_alpha');
$object->typent_id = GETPOST('typent_id', 'int');
$object->effectif_id = GETPOST('effectif_id', 'int');
$object->barcode = GETPOST('barcode', 'san_alpha');
$object->forme_juridique_code = GETPOST('forme_juridique_code', 'int');
$object->default_lang = GETPOST('default_lang', 'san_alpha');

$object->tva_assuj = GETPOST('assujtva_value');
$object->tva_intra = GETPOST('tva_intra');
$object->status = GETPOST('status');
$object->tva_assuj = GETPOST('assujtva_value', 'int');
$object->tva_intra = GETPOST('tva_intra', 'san_alpha');
$object->status = GETPOST('status', 'int');

//Local Taxes
$object->localtax1_assuj = GETPOST('localtax1assuj_value');
Expand Down

0 comments on commit cfe35f3

Please sign in to comment.