[Dolibarr-foundation-board] Warning GETPOST with alpha and int must be us...

[Régis Houssin]

Bonjour Laurent

il faut qu'on trouve une autre solution car on est potentiellement
vulnérable:

/adherents/admin/adherent.php?action=update&constname=ADHERENT_CARD_HEADER_TEXT&constvalue=%ADHERENT%&constnote=%27;alert(String.fromCharCode(88,83,83))//\%27;alert(String.fromCharCode(88,83,83))//%22;alert(String.fromCharCode(88,83,83))//\%22;alert(String.fromCharCode(88,83,83))//--%3E%3C/SCRIPT%3E%22%3E%27%3E%3CSCRIPT%3Ealert(String.fromCharCode(88,83,83))%3C/SCRIPT%3E



Le 09/05/12 16:19, Laurent Destailleur a écrit :
>   Branch: refs/heads/develop
>   Home:   https://github.com/Dolibarr/dolibarr
>   Commit: 8cc55ae0dfb1473c9c37fd252ebf7a0e678f63fa
>       
> https://github.com/Dolibarr/dolibarr/commit/8cc55ae0dfb1473c9c37fd252ebf7a0e678f63fa
>   Author: Laurent Destailleur <address@hidden>
>   Date:   2012-05-09 (Wed, 09 May 2012)
> 
>   Changed paths:
>     M htdocs/adherents/admin/adherent.php
> 
>   Log Message:
>   -----------
>   Fix: Warning GETPOST with alpha and int must be used ONLY if content is
> not a free text.
> 
> 
> 

Cordialement,
-- 
Régis Houssin
---------------------------------------------------------
Cap-Networks
Cidex 1130
34, route de Gigny
71240 MARNAY
FRANCE
VoIP: +33 1 83 62 40 03
GSM: +33 6 33 02 07 97
Web: http://www.cap-networks.com/
Email: address@hidden

Dolibarr developer: address@hidden
Web Portal: http://www.dolibarr.fr/
SaaS offers: http://www.dolibox.fr/
Shop: http://www.dolistore.com/
Development platform: https://doliforge.org/
---------------------------------------------------------

regis.vcf
Description: Vcard