From c7e3ffbadb190779147743f2523a647de9309b6a Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Fri, 21 Aug 2009 20:22:46 +0000 Subject: [PATCH] Typo fix --- htdocs/admin/index.php | 3 ++- htdocs/cron/functions_cron.lib.php | 2 +- htdocs/langs/en_US/admin.lang | 2 +- htdocs/main.inc.php | 25 ++++++++++++++----------- 4 files changed, 18 insertions(+), 14 deletions(-) diff --git a/htdocs/admin/index.php b/htdocs/admin/index.php index 7545fff294e..1221a961085 100644 --- a/htdocs/admin/index.php +++ b/htdocs/admin/index.php @@ -55,10 +55,11 @@ print $langs->trans("SetupDescription1").' '; print $langs->trans("AreaForAdminOnly").'
'; +print "
"; print "
"; print $langs->trans("SetupDescription2")."
"; -print "

"; +print "
"; //print '
'; print img_picto('','puce').' '.$langs->trans("SetupDescription3")."
"; print '
'; diff --git a/htdocs/cron/functions_cron.lib.php b/htdocs/cron/functions_cron.lib.php index 5e4e59889f9..d3d09e584d7 100644 --- a/htdocs/cron/functions_cron.lib.php +++ b/htdocs/cron/functions_cron.lib.php @@ -20,7 +20,7 @@ /** * \file cron/functions_cron.lib.php * \ingroup core - * \brief Functions for miscellanous cron tasks + * \brief Functions for miscellaneous cron tasks * \version $Id$ */ diff --git a/htdocs/langs/en_US/admin.lang b/htdocs/langs/en_US/admin.lang index 4b4fa6a8d65..894a5b64f03 100644 --- a/htdocs/langs/en_US/admin.lang +++ b/htdocs/langs/en_US/admin.lang @@ -660,7 +660,7 @@ ListEvents=Audit events ListOfSecurityEvents=List of Dolibarr security events LogEventDesc=You can enable here the logging for Dolibarr security events. Administrators can then see its content via menu System tools - Audit. Warning, this feature can consume a large amount of data in database. AreaForAdminOnly=Those features can be used by administrator users only. -SystemInfoDesc=System information is miscellanous technical information you get in read only mode and visible for administrators only. +SystemInfoDesc=System information is miscellaneous technical information you get in read only mode and visible for administrators only. SystemAreaForAdminOnly=This area is available for administrator users only. None of the Dolibarr permissions can reduce this limit. CompanyFundationDesc=Edit on this page all known information of the company or foundation you need to manage DisplayDesc=You can choose each parameter related to the Dolibarr look and feel here diff --git a/htdocs/main.inc.php b/htdocs/main.inc.php index 00642a2bfc8..2c63a26434d 100644 --- a/htdocs/main.inc.php +++ b/htdocs/main.inc.php @@ -62,8 +62,9 @@ if (function_exists('get_magic_quotes_gpc')) // magic_quotes_* removed in PHP6 @set_magic_quotes_runtime(0); } -// Security: SQL Injection protection (Filters on GET, POST, REQUEST, COOKIE) -function test_sql_inject($val) + +// Security: SQL and Script Injection protection (Filters on GET, POST) +function test_sql_and_script_inject($val) { $sql_inj = 0; $sql_inj += eregi('delete[[:space:]]+from', $val); @@ -71,29 +72,31 @@ function test_sql_inject($val) $sql_inj += eregi('update.+set.+=', $val); $sql_inj += eregi('insert[[:space:]]+into', $val); $sql_inj += eregi('select.+from', $val); + $sql_inj += eregi(' $value) { - if (test_sql_inject($key) > 0) + if (test_sql_and_script_inject($key) > 0) { - unset($var[$key]); + print 'Access refused by SQL/Script injection protection in main.inc.php'; + exit; } else { - if (analyse_sql_injection($value)) + if (analyse_sql_and_script($value)) { $var[$key] = $value; } else { - unset($var[$key]); + print 'Access refused by SQL/Script injection protection in main.inc.php'; + exit; } } } @@ -101,11 +104,11 @@ function analyse_sql_injection(&$var) } else { - return (test_sql_inject($var) <= 0); + return (test_sql_and_script_inject($var) <= 0); } } -analyse_sql_injection($_GET); -analyse_sql_injection($_POST); +analyse_sql_and_script($_GET); +analyse_sql_and_script($_POST); // Security: CSRF protection // The test to do is to check if referrer ($_SERVER['HTTP_REFERER']) is same web site than Dolibarr ($_SERVER['HTTP_HOST']).