mirror of
https://github.com/Dolibarr/dolibarr.git
synced 2025-02-20 13:46:52 +01:00
FIX security vulnerability reported by ADLab of Venustech
This commit is contained in:
Laurent Destailleur
parent
3f6b3b51ca
commit
4a5988accb
|
|
@ -36,7 +36,7 @@ $langs->load("users");
|
|||
if (!$user->rights->adherent->lire)
|
||||
accessforbidden();
|
||||
|
||||
$rowid=isset($_GET["rowid"])?$_GET["rowid"]:$_POST["rowid"];
|
||||
$rowid=GETPOST("rowid",'int');
|
||||
|
||||
|
||||
|
||||
|
|
@ -44,10 +44,10 @@ $rowid=isset($_GET["rowid"])?$_GET["rowid"]:$_POST["rowid"];
|
|||
* View
|
||||
*/
|
||||
|
||||
llxHeader();
|
||||
|
||||
$form = new Form($db);
|
||||
|
||||
llxHeader();
|
||||
|
||||
$object = new Subscription($db);
|
||||
$result = $object->fetch($rowid);
|
||||
|
||||
|
|
|
|||
|
|
@ -19,6 +19,14 @@
|
|||
*
|
||||
*/
|
||||
|
||||
// Protection to avoid direct call of template
|
||||
if (empty($langs) || ! is_object($langs))
|
||||
{
|
||||
print "Error, template page can't be called as URL";
|
||||
exit;
|
||||
}
|
||||
|
||||
|
||||
$langs->load("main");
|
||||
$langs->load("bills");
|
||||
$langs->load("cashdesk");
|
||||
|
|
|
|||
|
|
@ -17,6 +17,14 @@
|
|||
*
|
||||
*/
|
||||
|
||||
// Protection to avoid direct call of template
|
||||
if (empty($langs) || ! is_object($langs))
|
||||
{
|
||||
print "Error, template page can't be called as URL";
|
||||
exit;
|
||||
}
|
||||
|
||||
|
||||
require_once DOL_DOCUMENT_ROOT.'/societe/class/societe.class.php';
|
||||
require_once DOL_DOCUMENT_ROOT.'/product/class/product.class.php';
|
||||
|
||||
|
|
|
|||
|
|
@ -19,6 +19,14 @@
|
|||
* along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
*/
|
||||
|
||||
// Protection to avoid direct call of template
|
||||
if (empty($langs) || ! is_object($langs))
|
||||
{
|
||||
print "Error, template page can't be called as URL";
|
||||
exit;
|
||||
}
|
||||
|
||||
|
||||
include_once DOL_DOCUMENT_ROOT.'/societe/class/societe.class.php';
|
||||
include_once DOL_DOCUMENT_ROOT.'/compta/bank/class/account.class.php';
|
||||
include_once DOL_DOCUMENT_ROOT.'/product/stock/class/entrepot.class.php';
|
||||
|
|
|
|||
|
|
@ -16,6 +16,15 @@
|
|||
* You should have received a copy of the GNU General Public License
|
||||
* along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
*/
|
||||
|
||||
// Protection to avoid direct call of template
|
||||
if (empty($langs) || ! is_object($langs))
|
||||
{
|
||||
print "Error, template page can't be called as URL";
|
||||
exit;
|
||||
}
|
||||
|
||||
|
||||
include_once DOL_DOCUMENT_ROOT.'/compta/facture/class/facture.class.php';
|
||||
|
||||
$langs->load("main");
|
||||
|
|
|
|||
|
|
@ -16,6 +16,14 @@
|
|||
* along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
*/
|
||||
|
||||
// Protection to avoid direct call of template
|
||||
if (empty($langs) || ! is_object($langs))
|
||||
{
|
||||
print "Error, template page can't be called as URL";
|
||||
exit;
|
||||
}
|
||||
|
||||
|
||||
$langs->load("main");
|
||||
$langs->load("bills");
|
||||
$langs->load("banks");
|
||||
|
|
|
|||
|
|
@ -17,6 +17,14 @@
|
|||
*
|
||||
*/
|
||||
|
||||
// Protection to avoid direct call of template
|
||||
if (empty($langs) || ! is_object($langs))
|
||||
{
|
||||
print "Error, template page can't be called as URL";
|
||||
exit;
|
||||
}
|
||||
|
||||
|
||||
$langs->load("main");
|
||||
$langs->load("bills");
|
||||
|
||||
|
|
|
|||
|
|
@ -30,7 +30,8 @@ require_once DOL_DOCUMENT_ROOT.'/contact/class/contact.class.php';
|
|||
$langs->load("orders");
|
||||
$langs->load("companies");
|
||||
|
||||
$_socid = $_GET["id"];
|
||||
$id = GETPOST('id','int');
|
||||
$_socid = GETPOST("id",'int');
|
||||
// Security check
|
||||
if ($user->societe_id > 0)
|
||||
{
|
||||
|
|
@ -45,10 +46,10 @@ if ($user->societe_id > 0)
|
|||
if ($_POST["action"] == 'setpricelevel')
|
||||
{
|
||||
$soc = New Societe($db);
|
||||
$soc->fetch($_GET["id"]);
|
||||
$soc->fetch($id);
|
||||
$soc->set_price_level($_POST["price_level"],$user);
|
||||
|
||||
header("Location: multiprix.php?id=".$_GET["id"]);
|
||||
header("Location: multiprix.php?id=".$id);
|
||||
exit;
|
||||
}
|
||||
|
||||
|
|
@ -87,7 +88,7 @@ if ($_socid > 0)
|
|||
print '<form method="POST" action="multiprix.php?id='.$objsoc->id.'">';
|
||||
print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
|
||||
print '<input type="hidden" name="action" value="setpricelevel">';
|
||||
|
||||
|
||||
dol_fiche_head($head, $tabchoice, $langs->trans("ThirdParty"), 0, 'company');
|
||||
|
||||
print '<table width="100%" border="0">';
|
||||
|
|
@ -122,12 +123,12 @@ if ($_socid > 0)
|
|||
print "</table>";
|
||||
|
||||
dol_fiche_end();
|
||||
|
||||
|
||||
print '<div align="center"><input type="submit" class="button" value="'.$langs->trans("Save").'"></div>';
|
||||
|
||||
print "</form>";
|
||||
|
||||
|
||||
|
||||
print '<br><br>';
|
||||
|
||||
|
||||
|
|
|
|||
|
|
@ -33,7 +33,7 @@ $langs->load("orders");
|
|||
$langs->load("companies");
|
||||
|
||||
// Security check
|
||||
$socid = isset($_GET["socid"])?$_GET["socid"]:'';
|
||||
$socid = GETPOST("socid", 'int');
|
||||
if ($user->societe_id) $socid=$user->societe_id;
|
||||
$result = restrictedArea($user, 'societe',$socid,'');
|
||||
|
||||
|
|
@ -81,7 +81,7 @@ if ($resql)
|
|||
while ($i < $num)
|
||||
{
|
||||
$row = $db->fetch_row($resql);
|
||||
|
||||
|
||||
|
||||
print '<tr class="oddeven">';
|
||||
print '<td>'.$langs->trans($commande->statuts[$row[1]]).'</td>';
|
||||
|
|
@ -132,7 +132,7 @@ if (! empty($conf->fournisseur->enabled))
|
|||
$var = true;
|
||||
while ($i < $num)
|
||||
{
|
||||
|
||||
|
||||
$obj = $db->fetch_object($resql);
|
||||
print '<tr class="oddeven"><td class="nowrap">';
|
||||
$commandestatic->id=$obj->rowid;
|
||||
|
|
@ -151,7 +151,7 @@ if (! empty($conf->fournisseur->enabled))
|
|||
}
|
||||
if ($total>0)
|
||||
{
|
||||
|
||||
|
||||
print '<tr class="liste_total"><td>'.$langs->trans("Total").'</td><td colspan="2" align="right">'.price($total)."</td></tr>";
|
||||
}
|
||||
print "</table>";
|
||||
|
|
@ -190,7 +190,7 @@ if (! empty($conf->fournisseur->enabled) && $user->rights->fournisseur->facture-
|
|||
while ($i < $num && $i < 20)
|
||||
{
|
||||
$obj = $db->fetch_object($resql);
|
||||
|
||||
|
||||
print '<tr class="oddeven"><td class="nowrap">';
|
||||
$facturestatic->ref=$obj->ref;
|
||||
$facturestatic->id=$obj->rowid;
|
||||
|
|
@ -263,7 +263,7 @@ if ($resql)
|
|||
|
||||
while ($obj = $db->fetch_object($resql) )
|
||||
{
|
||||
|
||||
|
||||
|
||||
print '<tr class="oddeven">';
|
||||
print '<td><a href="card.php?socid='.$obj->socid.'">'.img_object($langs->trans("ShowSupplier"),"company").'</a>';
|
||||
|
|
@ -300,7 +300,7 @@ if (count($companystatic->SupplierCategories))
|
|||
|
||||
foreach ($companystatic->SupplierCategories as $rowid => $label)
|
||||
{
|
||||
|
||||
|
||||
print "<tr ".$bc[$var].">\n";
|
||||
print '<td>';
|
||||
$categstatic->id=$rowid;
|
||||
|
|
|
|||
|
|
@ -81,7 +81,8 @@ function test_sql_and_script_inject($val, $type)
|
|||
// For SQL Injection (only GET and POST are used to be included into bad escaped SQL requests)
|
||||
if ($type != 2)
|
||||
{
|
||||
$inj += preg_match('/delete\s+from/i', $val);
|
||||
$inj += preg_match('/updatexml^(/i', $val);
|
||||
$inj += preg_match('/delete\s+from/i', $val);
|
||||
$inj += preg_match('/create\s+table/i', $val);
|
||||
$inj += preg_match('/update.+set.+=/i', $val);
|
||||
$inj += preg_match('/insert\s+into/i', $val);
|
||||
|
|
|
|||
Loading…
Reference in New Issue
Block a user