noalyss-commit
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Noalyss-commit] [noalyss] 57/218: Security : direct injection


From: Dany De Bontridder
Subject: [Noalyss-commit] [noalyss] 57/218: Security : direct injection
Date: Thu, 12 Sep 2019 15:58:40 -0400 (EDT)

sparkyx pushed a commit to branch entreprise
in repository noalyss.

commit fd6886835ce58da71fe62275dc2e7cde90181702
Author: Dany De Bontridder <address@hidden>
Date:   Thu May 31 23:04:59 2018 +0200

    Security : direct injection
---
 html/do.php                               |  2 +-
 html/popup.php                            | 20 +++++++++------
 html/recherche.php                        |  7 ++++--
 include/class/acc_ledger_search.class.php | 41 +++++++++++--------------------
 include/lib/html_input.class.php          |  2 +-
 include/lib/http_input.class.php          |  4 +--
 6 files changed, 35 insertions(+), 41 deletions(-)

diff --git a/html/do.php b/html/do.php
index 2635141..73669e6 100644
--- a/html/do.php
+++ b/html/do.php
@@ -263,7 +263,7 @@ if (isset($_REQUEST['ac']))
     }
 
     $_REQUEST['ac']=  trim(strtoupper($_REQUEST['ac']));
-    $AC=$_REQUEST['ac'];
+    $AC=$http->request('ac');
     $user_profile=$g_user->get_profile();
     
     
diff --git a/html/popup.php b/html/popup.php
index 8118411..f1a3c8a 100644
--- a/html/popup.php
+++ b/html/popup.php
@@ -83,14 +83,15 @@ if ( basename($_GET['op']) == 'history' )
     $to_periode='to_periode='.format_date($limit[1]->p_end);
     if (isset($_GET['ex']))
       {
-       if ( $exercice > $_GET['ex'])
+        $ex=$http->get("ex","number");
+       if ( $exercice > $ex)
          {
-           $limit_periode=$periode->get_limit($_GET['ex']);
+           $limit_periode=$periode->get_limit($ex);
            
$from_periode='from_periode='.format_date($limit_periode[0]->p_start);
          }
        else
          {
-           $limit_periode=$periode->get_limit($_GET['ex']);
+           $limit_periode=$periode->get_limit($ex);
            $to_periode='to_periode='.format_date($limit_periode[1]->p_end);
 
          }
@@ -98,13 +99,15 @@ if ( basename($_GET['op']) == 'history' )
 
     if (isset($_GET['pcm_val']) )
       {
-       
$href_csv="export.php?".$href.'&poste_id='.$_GET['pcm_val'].'&ople=0&type=poste&'.$from_periode.'&'.$to_periode."&act=CSV:postedetail";
-       
$href_pdf="export.php?".$href.'&poste_id='.$_GET['pcm_val'].'&ople=0&type=poste&'.$from_periode.'&'.$to_periode."&act=PDF:postedetail";;
+        $pcm_val=$http->get("pcm_val");
+       
$href_csv="export.php?".$href.'&poste_id='.$pcm_val.'&ople=0&type=poste&'.$from_periode.'&'.$to_periode."&act=CSV:postedetail";
+       
$href_pdf="export.php?".$href.'&poste_id='.$pcm_val.'&ople=0&type=poste&'.$from_periode.'&'.$to_periode."&act=PDF:postedetail";;
       }
     else
       {
-       
$href_csv="export.php?".$href.'&f_id='.$_GET['f_id'].'&ople=0&type=poste&'.$from_periode.'&'.$to_periode."&act=CSV:fichedetail";
-       
$href_pdf="export.php?".$href.'&f_id='.$_GET['f_id'].'&ople=0&type=poste&'.$from_periode.'&'.$to_periode."&act=PDF:fichedetail";
+        $f_id=$http->get("f_id","number");
+       
$href_csv="export.php?".$href.'&f_id='.$f_id.'&ople=0&type=poste&'.$from_periode.'&'.$to_periode."&act=CSV:fichedetail";
+       
$href_pdf="export.php?".$href.'&f_id='.$f_id.'&ople=0&type=poste&'.$from_periode.'&'.$to_periode."&act=PDF:fichedetail";
       }
     echo HtmlInput::print_window();
     echo '<a class="smallbutton"  href="'.$href_csv.'">'._("Export 
CSV").'</a>';
@@ -118,8 +121,9 @@ echo HtmlInput::hidden('inpopup',1);
 load_all_script();
 
 $str=$_SERVER['QUERY_STRING']."&div=popup";
+$ajax=$http->get("ajax");
 $script="
-        var 
obj={id:'popup',fixed:1,cssclass:'content',style:'width:auto',html:loading(),qs:'$str',js_success:'success_box',js_error:null,callback:'".$_GET['ajax']."'};
+        var 
obj={id:'popup',fixed:1,cssclass:'content',style:'width:auto',html:loading(),qs:'$str',js_success:'success_box',js_error:null,callback:'".$ajax."'};
         show_box(obj);
         ";
 echo create_script($script);
diff --git a/html/recherche.php b/html/recherche.php
index 460a674..03f35e2 100644
--- a/html/recherche.php
+++ b/html/recherche.php
@@ -27,11 +27,13 @@ include_once NOALYSS_INCLUDE.'/lib/ac_common.php';
 require_once NOALYSS_INCLUDE.'/class/acc_ledger.class.php';
 require_once NOALYSS_INCLUDE.'/class/acc_ledger_search.class.php';
 require_once NOALYSS_INCLUDE.'/lib/icon_action.class.php';
+require_once NOALYSS_INCLUDE.'/lib/http_input.class.php';
 
 html_page_start($_SESSION['g_theme']);
 
 load_all_script();
 
+$http=new HttpInput();
 
 $gDossier=dossier::id();
 
@@ -95,8 +97,9 @@ if ( isset ($_GET['viewsearch']))
 
     // Navigation bar
     $step=$_SESSION['g_pagesize'];
-    $page=(isset($_GET['offset']))?$_GET['page']:1;
-    $offset=(isset($_GET['offset']))?$_GET['offset']:0;
+    $page=$http->get("page","number",1);
+    $offset=$http->get("offset","number",0);
+    
     if (count ($_GET) == 0)
         $array=null;
     else
diff --git a/include/class/acc_ledger_search.class.php 
b/include/class/acc_ledger_search.class.php
index 464f51b..15fa171 100644
--- a/include/class/acc_ledger_search.class.php
+++ b/include/class/acc_ledger_search.class.php
@@ -98,6 +98,7 @@ class Acc_Ledger_Search
     function search_form()
     {
         global $g_user;
+        $http=new HttpInput();
         $r="";
         $bledger_param=json_encode(array(
             'dossier'=>Dossier::id(),
@@ -138,49 +139,35 @@ class Acc_Ledger_Search
         $date_end_hidden=HtmlInput::hidden("{$this->div}date_end_hidden", 
$date_end);
         /* widget for date_start */
         $f_date_start=new IDate('date_start', '', $this->div."date_start");
-        /* all periode or only the selected one */
-        if (isset($_REQUEST['date_start']))
-        {
-            $f_date_start->value=$_REQUEST['date_start'];
-        }
-        else
-        {
-            $f_date_start->value=$date_start;
-        }
 
+        /* all periode or only the selected one */
+        $f_date_start->value=$http->request("date_start","string",$date_start);
+        
         /* widget for date_end */
         $f_date_end=new IDate('date_end', '', $this->div."date_end");
+
         /* all date or only the selected one */
-        if (isset($_REQUEST['date_end']))
-        {
-            $f_date_end->value=$_REQUEST['date_end'];
-        }
-        else
-        {
-            $f_date_end->value=$date_end;
-        }
+        $f_date_end->value=$http->request("date_end","string",$date_end);
+
         /* widget for date term */
         $f_date_paid_start=new IDate('date_paid_start', '',
                 $this->div."date_paid_start");
         $f_date_paid_end=new IDate('date_paid_end', '',
                 $this->div."date_paid_end");
 
-        
$f_date_paid_start->value=(isset($_REQUEST['date_paid_start']))?$_REQUEST['date_paid_start']:'';
-        
$f_date_paid_end->value=(isset($_REQUEST['date_paid_end']))?$_REQUEST['date_paid_end']:'';
+        
$f_date_paid_start->value=$http->request("date_paid_start","string","");
+        $f_date_paid_end->value=$http->request("date_paid_end","string","");
 
         /* widget for desc */
         $f_descript=new IText('desc', "", $this->div."desc");
         $f_descript->size=40;
-        if (isset($_REQUEST['desc']))
-        {
-            $f_descript->value=$_REQUEST['desc'];
-        }
+        $f_descript->value=$http->request('desc',"string","");
 
         /* widget for amount */
         $f_amount_min=new INum('amount_min', '0', $this->div."amount_min");
-        
$f_amount_min->value=(isset($_REQUEST['amount_min']))?abs($_REQUEST['amount_min']):0;
+        $f_amount_min->value=$http->request("amount_min","string",0);
         $f_amount_max=new INum('amount_max', '0', $this->div."amount_max");
-        
$f_amount_max->value=(isset($_REQUEST['amount_max']))?abs($_REQUEST['amount_max']):0;
+        $f_amount_max->value=$http->request("amount_max","string",0);
 
         /* input quick code */
         $f_qcode=new ICard($this->div.'qcode');
@@ -196,7 +183,7 @@ class Acc_Ledger_Search
         $f_qcode->set_function('fill_data');
         $f_qcode->javascript=sprintf(' onchange="fill_data_onchange(%s);" ',
                 $f_qcode->name);
-        
$f_qcode->value=(isset($_REQUEST[$this->div.'qcode']))?$_REQUEST[$this->div.'qcode']:'';
+        $f_qcode->value=$http->request($this->div.'qcode',"string","");
 
         /*        $f_txt_qcode=new IText('qcode');
           
$f_txt_qcode->value=(isset($_REQUEST['qcode']))?$_REQUEST['qcode']:'';
@@ -204,7 +191,7 @@ class Acc_Ledger_Search
 
         /* input poste comptable */
         $f_accounting=new IPoste('accounting', "", $this->div."accounting");
-        
$f_accounting->value=(isset($_REQUEST['accounting']))?$_REQUEST['accounting']:'';
+        $f_accounting->value=$http->request('accounting',"string","");
         /*
          * utile ??? Filtre les postes comptables en fonction du journal 
          * if ($this->id==-1)
diff --git a/include/lib/html_input.class.php b/include/lib/html_input.class.php
index cfabb49..0892966 100755
--- a/include/lib/html_input.class.php
+++ b/include/lib/html_input.class.php
@@ -221,7 +221,7 @@ class HtmlInput
     {
         if ($p_id=="")
             $p_id=$p_name;
-        return '<INPUT TYPE="hidden" id="'.$p_id.'" NAME="'.$p_name.'" 
VALUE="'.$p_value.'">';
+        return '<INPUT TYPE="hidden" id="'.strip_tags($p_id).'" 
NAME="'.$p_name.'" VALUE="'.strip_tags($p_value).'">';
     }
 
     static function extension()
diff --git a/include/lib/http_input.class.php b/include/lib/http_input.class.php
index 6772c0e..5dd1a33 100644
--- a/include/lib/http_input.class.php
+++ b/include/lib/http_input.class.php
@@ -108,7 +108,7 @@ class HttpInput
                 if (array_key_exists($p_name,$this->array) )
                 {
                     $this->check_type($p_name, $p_type);
-                    return $this->array[$p_name];
+                    return strip_tags($this->array[$p_name]);
                 }
                 else
                 {
@@ -121,7 +121,7 @@ class HttpInput
                 EXC_PARAM_VALUE);
             }
             $this->check_type($p_name, $p_type);
-            return $this->array[$p_name];
+            return strip_tags($this->array[$p_name]);
         }
         catch (Exception $e)
         {



reply via email to

[Prev in Thread] Current Thread [Next in Thread]