Mirrors/dolibarr
1
0
Fork 0
mirror of https://github.com/Dolibarr/dolibarr.git synced 2025-02-20 13:46:52 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fix sanitize data

Browse Source
This commit is contained in:
Laurent Destailleur 2019-05-21 14:03:28 +02:00
parent f283e24b48
commit 479f8616e1
1 changed files with 11 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
htdocs/admin/external_rss.php
View File

@ -66,8 +66,8 @@ else
if ($action == 'add' || GETPOST("modify"))
{
$external_rss_title = "external_rss_title_" . GETPOST("norss");
$external_rss_urlrss = "external_rss_urlrss_" . GETPOST("norss");
$external_rss_title = "external_rss_title_" . GETPOST("norss", 'int');
$external_rss_urlrss = "external_rss_urlrss_" . GETPOST("norss", 'int');
if (! empty($_POST[$external_rss_urlrss]))
{
@ -95,7 +95,7 @@ if ($action == 'add' || GETPOST("modify"))
{
// Ajoute boite box_external_rss dans definition des boites
$sql = "INSERT INTO ".MAIN_DB_PREFIX."boxes_def (file, note)";
$sql.= " VALUES ('box_external_rss.php','".$db->escape(GETPOST("norss").' ('.GETPOST($external_rss_title)).")')";
$sql.= " VALUES ('box_external_rss.php','".$db->escape(GETPOST("norss", 'int').' ('.GETPOST($external_rss_title, 'alpha')).")')";
if (! $db->query($sql))
{
dol_print_error($db);
@ -103,8 +103,8 @@ if ($action == 'add' || GETPOST("modify"))
}
}
$result1=dolibarr_set_const($db, "EXTERNAL_RSS_TITLE_" . GETPOST("norss"),GETPOST($external_rss_title),'chaine',0,'',$conf->entity);
if ($result1) $result2=dolibarr_set_const($db, "EXTERNAL_RSS_URLRSS_" . GETPOST("norss"),GETPOST($external_rss_urlrss),'chaine',0,'',$conf->entity);
$result1=dolibarr_set_const($db, "EXTERNAL_RSS_TITLE_" . GETPOST("norss", 'int'), GETPOST($external_rss_title, 'alpha'), 'chaine', 0, '', $conf->entity);
if ($result1) $result2=dolibarr_set_const($db, "EXTERNAL_RSS_URLRSS_" . GETPOST("norss", 'int'), GETPOST($external_rss_urlrss, 'alpha'), 'chaine', 0, '', $conf->entity);
if ($result1 && $result2)
{
@ -122,13 +122,13 @@ if ($action == 'add' || GETPOST("modify"))
if ($_POST["delete"])
{
if(GETPOST("norss"))
if (GETPOST("norss", 'int'))
{
$db->begin();
// Supprime boite box_external_rss de definition des boites
$sql = "SELECT rowid FROM ".MAIN_DB_PREFIX."boxes_def";
$sql.= " WHERE file = 'box_external_rss.php' AND note LIKE '".$db->escape(GETPOST("norss"))." %'";
$sql.= " WHERE file = 'box_external_rss.php' AND note LIKE '".$db->escape(GETPOST("norss", 'int'))." %'";
$resql=$db->query($sql);
if ($resql)
@ -168,8 +168,8 @@ if ($_POST["delete"])
}
$result1=dolibarr_del_const($db,"EXTERNAL_RSS_TITLE_" . GETPOST("norss"),$conf->entity);
if ($result1) $result2=dolibarr_del_const($db,"EXTERNAL_RSS_URLRSS_" . GETPOST("norss"),$conf->entity);
$result1=dolibarr_del_const($db,"EXTERNAL_RSS_TITLE_" . GETPOST("norss", 'int'), $conf->entity);
if ($result1) $result2=dolibarr_del_const($db,"EXTERNAL_RSS_URLRSS_" . GETPOST("norss", 'int'), $conf->entity);
if ($result1 && $result2)
{
@ -270,13 +270,13 @@ if ($resql)
print '<tr class="oddeven">';
print "<td width=\"100px\">".$langs->trans("Title")."</td>";
print "<td><input type=\"text\" class=\"flat minwidth300\" name=\"external_rss_title_" . $idrss . "\" value=\"" . $conf->global->$keyrsstitle . "\"></td>";
print "<td><input type=\"text\" class=\"flat minwidth300\" name=\"external_rss_title_" . $idrss . "\" value=\"" . dol_escape_htmltag($conf->global->$keyrsstitle) . "\"></td>";
print "</tr>";
print '<tr class="oddeven">';
print "<td>".$langs->trans("URL")."</td>";
print "<td><input type=\"text\" class=\"flat minwidth300\" name=\"external_rss_urlrss_" . $idrss . "\" value=\"" . $conf->global->$keyrssurl . "\"></td>";
print "<td><input type=\"text\" class=\"flat minwidth300\" name=\"external_rss_urlrss_" . $idrss . "\" value=\"" . dol_escape_htmltag($conf->global->$keyrssurl) . "\"></td>";
print "</tr>";