Mirrors/dolibarr
1
0
Fork 0
mirror of https://github.com/Dolibarr/dolibarr.git synced 2025-02-20 13:46:52 +01:00
Code Issues Packages Projects Releases Wiki Activity

FIX XSS

Browse Source
This commit is contained in:
Laurent Destailleur 2019-01-31 10:16:49 +01:00
parent a23fd6f090
commit 6121771c5f
2 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
htdocs/document.php
View File

@ -74,7 +74,7 @@ require_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php';
$encoding = '';
$action=GETPOST('action','alpha');
$original_file=GETPOST('file','alpha'); // Do not use urldecode here ($_GET are already decoded by PHP).
$original_file=GETPOST('file','alphanohtml'); // Do not use urldecode here ($_GET are already decoded by PHP).
$hashp=GETPOST('hashp','aZ09');
$modulepart=GETPOST('modulepart','alpha');
$urlsource=GETPOST('urlsource','alpha');

2
htdocs/viewimage.php
View File

@ -84,7 +84,7 @@ require 'main.inc.php'; // Load $user and permissions
require_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php';
$action=GETPOST('action','alpha');
$original_file=GETPOST('file','alpha'); // Do not use urldecode here ($_GET are already decoded by PHP).
$original_file=GETPOST('file','alphanohtml'); // Do not use urldecode here ($_GET are already decoded by PHP).
$hashp=GETPOST('hashp','aZ09');
$modulepart=GETPOST('modulepart','alpha');
$urlsource=GETPOST('urlsource','alpha');