mirror of
https://github.com/Dolibarr/dolibarr.git
synced 2025-02-20 13:46:52 +01:00
Security: Fix more security holes
This commit is contained in:
Laurent Destailleur
parent
7f4944da31
commit
ee92964ef7
|
|
@ -28,17 +28,20 @@ include_once(DOL_DOCUMENT_ROOT."/core/lib/admin.lib.php");
|
|||
|
||||
$langs->load("admin");
|
||||
|
||||
if (!$user->admin)
|
||||
accessforbidden();
|
||||
$id=GETPOST('rowid','int');
|
||||
|
||||
if (!$user->admin) accessforbidden();
|
||||
|
||||
// Definition des positions possibles pour les boites
|
||||
$pos_array = array(0); // Positions possibles pour une boite (0,1,2,...)
|
||||
$pos_name = array(0=>$langs->trans("Home")); // Nom des positions 0=Homepage, 1=...
|
||||
$boxes = array();
|
||||
|
||||
|
||||
/*
|
||||
* Actions
|
||||
*/
|
||||
|
||||
if ((isset($_POST["action"]) && $_POST["action"] == 'addconst'))
|
||||
{
|
||||
dolibarr_set_const($db, "MAIN_BOXES_MAXLINES",$_POST["MAIN_BOXES_MAXLINES"],'',0,'',$conf->entity);
|
||||
|
|
@ -100,7 +103,7 @@ if ($_GET["action"] == 'delete')
|
|||
$db->begin();
|
||||
|
||||
$sql = "DELETE FROM ".MAIN_DB_PREFIX."boxes";
|
||||
$sql.= " WHERE rowid=".$_GET["rowid"];
|
||||
$sql.= " WHERE rowid=".$id;
|
||||
$resql = $db->query($sql);
|
||||
|
||||
// Remove all personalized setup when a box is activated or disabled
|
||||
|
|
@ -145,7 +148,11 @@ if ($_GET["action"] == 'switch')
|
|||
}
|
||||
|
||||
|
||||
llxHeader();
|
||||
/*
|
||||
* View
|
||||
*/
|
||||
|
||||
llxHeader('',$langs->trans("Boxes"));
|
||||
|
||||
print_fiche_titre($langs->trans("Boxes"),'','setup');
|
||||
|
||||
|
|
@ -287,7 +294,7 @@ if ($resql)
|
|||
|
||||
dol_include_once($sourcefile);
|
||||
$box=new $boxname($db,$obj->note);
|
||||
|
||||
|
||||
$enabled=true;
|
||||
if ($box->depends && count($box->depends) > 0)
|
||||
{
|
||||
|
|
@ -296,7 +303,7 @@ if ($resql)
|
|||
if (empty($conf->$module->enabled)) $enabled=false;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
if ($enabled)
|
||||
{
|
||||
//if (in_array($obj->rowid, $actives) && $box->box_multiple <> 1)
|
||||
|
|
@ -307,7 +314,7 @@ if ($resql)
|
|||
else
|
||||
{
|
||||
$var=!$var;
|
||||
|
||||
|
||||
if (preg_match('/^([^@]+)@([^@]+)$/i',$box->boximg))
|
||||
{
|
||||
$logo = $box->boximg;
|
||||
|
|
@ -316,14 +323,14 @@ if ($resql)
|
|||
{
|
||||
$logo=preg_replace("/^object_/i","",$box->boximg);
|
||||
}
|
||||
|
||||
|
||||
print '<form action="'.$_SERVER["PHP_SELF"].'" method="POST">';
|
||||
print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
|
||||
print '<tr '.$bc[$var].'>';
|
||||
print '<td>'.img_object("",$logo).' '.$box->boxlabel.'</td>';
|
||||
print '<td>' . ($obj->note?$obj->note:' ') . '</td>';
|
||||
print '<td>' . $sourcefile . '</td>';
|
||||
|
||||
|
||||
// Pour chaque position possible, on affiche un lien
|
||||
// d'activation si boite non deja active pour cette position
|
||||
print '<td>';
|
||||
|
|
@ -332,11 +339,11 @@ if ($resql)
|
|||
print '<input type="hidden" name="boxid" value="'.$obj->rowid.'">';
|
||||
print ' <input type="submit" class="button" name="button" value="'.$langs->trans("Activate").'">';
|
||||
print '</td>';
|
||||
|
||||
|
||||
print '</tr></form>';
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
$i++;
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -37,8 +37,7 @@ $langs->load("companies");
|
|||
$langs->load("products");
|
||||
$langs->load("members");
|
||||
|
||||
if (!$user->admin)
|
||||
accessforbidden();
|
||||
if (!$user->admin) accessforbidden();
|
||||
|
||||
|
||||
if (! defined("MAIN_MOTD")) define("MAIN_MOTD","");
|
||||
|
|
|
|||
|
|
@ -98,7 +98,8 @@ function GETPOST($paramname,$check='',$method=0)
|
|||
if ($check == 'int' && ! preg_match('/^[\.,0-9]+$/i',trim($out))) $out='';
|
||||
// Check if alpha
|
||||
//if ($check == 'alpha' && ! preg_match('/^[ =:@#\/\\\(\)\-\._a-z0-9]+$/i',trim($out))) $out='';
|
||||
if ($check == 'alpha' && preg_match('/"/',trim($out))) $out=''; // Only " is dangerous because param in url can close the href= or src= and add javascript functions
|
||||
// '"' is dangerous because param in url can close the href= or src= and add javascript functions.
|
||||
if ($check == 'alpha' && preg_match('/"/',trim($out))) $out='';
|
||||
}
|
||||
|
||||
return $out;
|
||||
|
|
|
|||
|
|
@ -233,7 +233,7 @@ function show_theme($fuser,$edit=0,$foruserprofile=false)
|
|||
$url=$urltheme."/".$subdir."/thumb.png";
|
||||
if (! file_exists($file)) $url=$urltheme."/common/nophoto.jpg";
|
||||
print '<table><tr><td>';
|
||||
print '<a href="'.$_SERVER["PHP_SELF"].($edit?'?action=edit&theme=':'?theme=').$subdir.(! empty($_GET["optioncss"])?'&optioncss='.$_GET["optioncss"]:'').($fuser?'&id='.$fuser->id:'').'" style="font-weight: normal;" alt="'.$langs->trans("Preview").'">';
|
||||
print '<a href="'.$_SERVER["PHP_SELF"].($edit?'?action=edit&theme=':'?theme=').$subdir.(GETPOST("optioncss")?'&optioncss='.GETPOST("optioncss",'alpha',1):'').($fuser?'&id='.$fuser->id:'').'" style="font-weight: normal;" alt="'.$langs->trans("Preview").'">';
|
||||
if ($subdir == $conf->global->MAIN_THEME) $title=$langs->trans("ThemeCurrentlyActive");
|
||||
else $title=$langs->trans("ShowPreview");
|
||||
print '<img src="'.$url.'" border="0" width="80" height="60" alt="'.$title.'" title="'.$title.'">';
|
||||
|
|
|
|||
|
|
@ -82,8 +82,9 @@ function test_sql_and_script_inject($val, $get)
|
|||
$sql_inj += preg_match('/union.+select/i', $val);
|
||||
$sql_inj += preg_match('/(\.\.%2f)+/i', $val);
|
||||
// For XSS Injection done by adding javascript with script
|
||||
$sql_inj += preg_match('/<script/i', $val);
|
||||
// For XSS Injection done by adding javascript with onmousemove, etc... (closing a src or href tag with not cleaned param)
|
||||
$sql_inj += preg_match('/<script/i', $val);
|
||||
if ($get) $sql_inj += preg_match('/javascript:/i', $val);
|
||||
// For XSS Injection done by adding javascript with onmousemove, etc... (closing a src or href tag with not cleaned param)
|
||||
if ($get) $sql_inj += preg_match('/"/i', $val); // We refused " in GET parameters value
|
||||
return $sql_inj;
|
||||
}
|
||||
|
|
@ -867,7 +868,7 @@ function top_htmlhead($head, $title='', $disablejs=0, $disablehead=0, $arrayofjs
|
|||
// Output style sheets (optioncss='print' or '')
|
||||
$themepath=dol_buildpath((empty($conf->global->MAIN_FORCETHEMEDIR)?'':$conf->global->MAIN_FORCETHEMEDIR).$conf->css,1);
|
||||
//print 'themepath='.$themepath;exit;
|
||||
print '<link rel="stylesheet" type="text/css" title="default" href="'.$themepath.'?lang='.$langs->defaultlang.'&theme='.$conf->theme.(GETPOST('optioncss')?'&optioncss='.GETPOST('optioncss'):'').'">'."\n";
|
||||
print '<link rel="stylesheet" type="text/css" title="default" href="'.$themepath.'?lang='.$langs->defaultlang.'&theme='.$conf->theme.(GETPOST('optioncss')?'&optioncss='.GETPOST('optioncss','alpha',1):'').'">'."\n";
|
||||
// CSS forced by modules (relative url starting with /)
|
||||
if (is_array($conf->css_modules))
|
||||
{
|
||||
|
|
@ -875,7 +876,7 @@ function top_htmlhead($head, $title='', $disablejs=0, $disablehead=0, $arrayofjs
|
|||
{ // cssfile is an absolute path
|
||||
print '<link rel="stylesheet" type="text/css" title="default" href="'.dol_buildpath($cssfile,1);
|
||||
// We add params only if page is not static, because some web server setup does not return content type text/css if url has parameters and browser cache is not used.
|
||||
if (!preg_match('/\.css$/i',$cssfile)) print '?lang='.$langs->defaultlang.'&theme='.$conf->theme.(GETPOST('optioncss')?'&optioncss='.GETPOST('optioncss'):'');
|
||||
if (!preg_match('/\.css$/i',$cssfile)) print '?lang='.$langs->defaultlang.'&theme='.$conf->theme.(GETPOST('optioncss')?'&optioncss='.GETPOST('optioncss','alpha',1):'');
|
||||
print '">'."\n";
|
||||
}
|
||||
}
|
||||
|
|
@ -886,7 +887,7 @@ function top_htmlhead($head, $title='', $disablejs=0, $disablehead=0, $arrayofjs
|
|||
{
|
||||
print '<link rel="stylesheet" type="text/css" title="default" href="'.dol_buildpath($cssfile,1);
|
||||
// We add params only if page is not static, because some web server setup does not return content type text/css if url has parameters and browser cache is not used.
|
||||
if (!preg_match('/\.css$/i',$cssfile)) print '?lang='.$langs->defaultlang.'&theme='.$conf->theme.(GETPOST('optioncss')?'&optioncss='.GETPOST('optioncss'):'');
|
||||
if (!preg_match('/\.css$/i',$cssfile)) print '?lang='.$langs->defaultlang.'&theme='.$conf->theme.(GETPOST('optioncss')?'&optioncss='.GETPOST('optioncss','alpha',1):'');
|
||||
print '">'."\n";
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -33,7 +33,7 @@ if (! empty($conf->global->MAIN_USE_ADVANCED_PERMS))
|
|||
|
||||
$langs->load("users");
|
||||
|
||||
$sall=isset($_GET["sall"])?$_GET["sall"]:$_POST["sall"];
|
||||
$sall=GETPOST("sall");
|
||||
|
||||
$sortfield = GETPOST("sortfield",'alpha');
|
||||
$sortorder = GETPOST("sortorder",'alpha');
|
||||
|
|
@ -68,9 +68,9 @@ else
|
|||
}
|
||||
if ($_POST["search_group"])
|
||||
{
|
||||
$sql .= " AND (g.nom LIKE '%".$_POST["search_group"]."%' OR g.note LIKE '%".$_POST["search_group"]."%')";
|
||||
$sql .= " AND (g.nom LIKE '%".$db->escape($_POST["search_group"])."%' OR g.note LIKE '%".$db->escape($_POST["search_group"])."%')";
|
||||
}
|
||||
if ($sall) $sql.= " AND (g.nom LIKE '%".$sall."%' OR g.note LIKE '%".$sall."%')";
|
||||
if ($sall) $sql.= " AND (g.nom LIKE '%".$db->escape($sall)."%' OR g.note LIKE '%".$db->escape($sall)."%')";
|
||||
$sql.= " GROUP BY g.rowid, g.nom, g.entity, g.datec";
|
||||
$sql.= $db->order($sortfield,$sortorder);
|
||||
|
||||
|
|
@ -80,7 +80,7 @@ if ($resql)
|
|||
$num = $db->num_rows($resql);
|
||||
$i = 0;
|
||||
|
||||
$param="search_group=$search_group&sall=$sall";
|
||||
$param="search_group=".$search_group."&sall=".$sall;
|
||||
print '<table class="noborder" width="100%">';
|
||||
print '<tr class="liste_titre">';
|
||||
print_liste_field_titre($langs->trans("Group"),$_SERVER["PHP_SELF"],"g.nom",$param,"","",$sortfield,$sortorder);
|
||||
|
|
|
|||
Loading…
Reference in New Issue
Block a user