[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Noalyss-commit] [noalyss] 15/19: Security : direct access to GLOBALS
|
From: |
Dany De Bontridder |
|
Subject: |
[Noalyss-commit] [noalyss] 15/19: Security : direct access to GLOBALS |
|
Date: |
Mon, 9 Sep 2019 13:55:00 -0400 (EDT) |
sparkyx pushed a commit to branch master
in repository noalyss.
commit 708a8ea24afa4ae538fd95e57b1370e2dfa4a7ec
Author: Dany De Bontridder <address@hidden>
Date: Mon Sep 9 08:16:26 2019 +0200
Security : direct access to GLOBALS
---
include/supplier.inc.php | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/include/supplier.inc.php b/include/supplier.inc.php
index 259ca12..5c29312 100644
--- a/include/supplier.inc.php
+++ b/include/supplier.inc.php
@@ -69,6 +69,7 @@ if ( isset($_POST['action_fiche'] ) )
//-----------------------------------------------------
if ( $low_action == "list" )
{
+ $search=$http->get("query","string","");
?>
<div class="content">
@@ -77,8 +78,7 @@ if ( $low_action == "list" )
<?php
echo '<h2>' . "Exercice " . $g_user->get_exercice() . '</h2>';
echo dossier::hidden();
- $a=(isset($_GET['query']))?$_GET['query']:"";
- echo _("Cherche ").HtmlInput::filter_table_form("tiers_tb", '0,1,2',
1,"query",$a);
+ echo _("Cherche ").HtmlInput::filter_table_form("tiers_tb", '0,1,2',
1,"query",$search);
$choice_cat=$http->request("choice_cat", "string",1);
if ( $choice_cat == 1 )
@@ -107,7 +107,6 @@ if ( $low_action == "list" )
</div>
<?php
$supplier=new Supplier($cn);
- $search=$http->get("query","string","");
$sql="";
if (isset($_GET['cat']))
{
- [Noalyss-commit] [noalyss] 03/19: hightlight password + add waiting box when installing, (continued)
- [Noalyss-commit] [noalyss] 03/19: hightlight password + add waiting box when installing, Dany De Bontridder, 2019/09/09
- [Noalyss-commit] [noalyss] 10/19: Task #0001733: Impression moyen paiement Add name of the bank card to the prepared query, Dany De Bontridder, 2019/09/09
- [Noalyss-commit] [noalyss] 11/19: CFGLED Ergonomy : the card we've created is proposed in the field "bank account", Dany De Bontridder, 2019/09/09
- [Noalyss-commit] [noalyss] 12/19: Merge branch 'dev7109', Dany De Bontridder, 2019/09/09
- [Noalyss-commit] [noalyss] 14/19: Fiche:GetByDef if nothing is found returns empty array, Dany De Bontridder, 2019/09/09
- [Noalyss-commit] [noalyss] 16/19: Fiche Cosmetic :, Dany De Bontridder, 2019/09/09
- [Noalyss-commit] [noalyss] 04/19: Correct Add button for ledger when creating FIN ledger, Dany De Bontridder, 2019/09/09
- [Noalyss-commit] [noalyss] 05/19: Bug prerelease : Cannot save preference, Dany De Bontridder, 2019/09/09
- [Noalyss-commit] [noalyss] 07/19: Code : mistype variable $step, Dany De Bontridder, 2019/09/09
- [Noalyss-commit] [noalyss] 06/19: Code : missing semicolon, Dany De Bontridder, 2019/09/09
- [Noalyss-commit] [noalyss] 15/19: Security : direct access to GLOBALS,
Dany De Bontridder <=
- [Noalyss-commit] [noalyss] 17/19: Merge branch 'dev7109', Dany De Bontridder, 2019/09/09
- [Noalyss-commit] [noalyss] 19/19: Merge branch 'master' of gitlab.noalyss.eu:noalyss/noalyss, Dany De Bontridder, 2019/09/09
- [Noalyss-commit] [noalyss] 08/19: verif_bil : fetch_all return false or an array, comptability PHP7, Dany De Bontridder, 2019/09/09
- [Noalyss-commit] [noalyss] 13/19: Security : direct access to GLOBALS, Dany De Bontridder, 2019/09/09
- [Noalyss-commit] [noalyss] 09/19: Security : direct access to GLOBALS, Dany De Bontridder, 2019/09/09
- [Noalyss-commit] [noalyss] 18/19: Cleaning, Dany De Bontridder, 2019/09/09