[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Noalyss-commit] [noalyss] 63/238: CFGLED : security fix : remove $_REQU
From: |
Dany De Bontridder |
Subject: |
[Noalyss-commit] [noalyss] 63/238: CFGLED : security fix : remove $_REQUEST |
Date: |
Sat, 26 Oct 2019 04:40:34 -0400 (EDT) |
sparkyx pushed a commit to annotated tag rel7110
in repository noalyss.
commit 9ba82e73fc0646a381c1444704e3b3c539942eca
Author: Dany De Bontridder <address@hidden>
Date: Sun Jun 3 12:44:11 2018 +0200
CFGLED : security fix : remove $_REQUEST
---
include/cfgledger.inc.php | 16 ++++++++++------
1 file changed, 10 insertions(+), 6 deletions(-)
diff --git a/include/cfgledger.inc.php b/include/cfgledger.inc.php
index 2a1c28f..48fc3b6 100644
--- a/include/cfgledger.inc.php
+++ b/include/cfgledger.inc.php
@@ -61,8 +61,9 @@ if ( $action_frm == 'update')
$show_menu=1;
} catch (Exception $e)
{
+ record_log($e->getMessage());
record_log($e->getTraceAsString());
- alert($e->getMessage());
+ alert($e->getMessage());
}
}
@@ -71,7 +72,7 @@ if ( $action_frm == 'update')
//////////////////////////////////////////////////////////////////////////
if ($action_frm == 'delete' )
{
- $ledger->id=$http->post('p_jrn',"number");;
+ $ledger->id=$http->post('p_jrn',"number");
$ledger->load();
$name=$ledger->get_name();
try {
@@ -86,8 +87,9 @@ if ($action_frm == 'delete' )
}
catch (Exception $e)
{
+ record_log($e->getMessage());
record_log($e->getTraceAsString());
- alert ($e->getMessage());
+ alert ($e->getMessage());
}
}
@@ -108,8 +110,9 @@ if (isset($_POST['add']))
}
catch (Exception $e)
{
+ record_log($e->getMessage());
record_log($e->getTraceAsString());
- alert($e->getMessage());
+ alert($e->getMessage());
}
}
@@ -134,7 +137,7 @@ switch ($sa)
echo '<INPUT TYPE="SUBMIT" class="smallbutton"
VALUE="'._("Sauve").'" name="update"
onClick="$(\'action_frm\').value=\'update\';return
confirm_box(\'cfg_ledger_frm\',\'Valider ?\')">
<INPUT TYPE="RESET" class="smallbutton" VALUE="Reset">
<INPUT TYPE="submit" class="smallbutton" name="efface"
value="'._("Efface").'" onClick="$(\'action_frm\').value=\'delete\';return
confirm_box(\'cfg_ledger_frm\',\'Vous effacez ce journal ?\')">';
-
$href=http_build_query(array('ac'=>$_REQUEST['ac'],'gDossier'=>$_REQUEST['gDossier']));
+
$href=http_build_query(array('ac'=>$http->request('ac'),'gDossier'=>$http->request('gDossier',"number")));
echo '<a style="display:inline" class="smallbutton"
href="do.php?'.$href.'">'._('Retour').'</a>';
echo '</FORM>';
echo "</div>";
@@ -142,8 +145,9 @@ switch ($sa)
}
catch (Exception $e)
{
+ record_log($e->getMessage());
record_log($e->getTraceAsString());
- alert($e->getMessage());
+ alert($e->getMessage());
}
break;
case 'add': /* Add a new ledger */
- [Noalyss-commit] [noalyss] 68/238: Documentation, (continued)
- [Noalyss-commit] [noalyss] 68/238: Documentation, Dany De Bontridder, 2019/10/26
- [Noalyss-commit] [noalyss] 76/238: Bug : cannot set group, Dany De Bontridder, 2019/10/26
- [Noalyss-commit] [noalyss] 37/238: comment, Dany De Bontridder, 2019/10/26
- [Noalyss-commit] [noalyss] 40/238: Fix bug quant_purchase , private fee not saved, Dany De Bontridder, 2019/10/26
- [Noalyss-commit] [noalyss] 48/238: Task #448 : add currency to card -> history + export CSV, Dany De Bontridder, 2019/10/26
- [Noalyss-commit] [noalyss] 58/238: Fix : security fixes see rapport exakat (Damien Seguy), Dany De Bontridder, 2019/10/26
- [Noalyss-commit] [noalyss] 62/238: translation, Dany De Bontridder, 2019/10/26
- [Noalyss-commit] [noalyss] 64/238: Merge master, Dany De Bontridder, 2019/10/26
- [Noalyss-commit] [noalyss] 59/238: Security fix : f_id is a number, Dany De Bontridder, 2019/10/26
- [Noalyss-commit] [noalyss] 74/238: Merge branch 'r700-currency' of gitlab.noalyss.eu:noalyss/noalyss into r700-currency, Dany De Bontridder, 2019/10/26
- [Noalyss-commit] [noalyss] 63/238: CFGLED : security fix : remove $_REQUEST,
Dany De Bontridder <=
- [Noalyss-commit] [noalyss] 66/238: Remove the default "<div class=content>" which lead to cosmetic bug in the plugins, Dany De Bontridder, 2019/10/26
- [Noalyss-commit] [noalyss] 75/238: Improve waiting box, Dany De Bontridder, 2019/10/26
- [Noalyss-commit] [noalyss] 88/238: FIN : cosmetic : bug due the currency feature in the input there are 2 supplementary rows for total in EUR and CURRENCY. Those rows don't exist for FIN, Dany De Bontridder, 2019/10/26
- [Noalyss-commit] [noalyss] 85/238: Currency : financial ledger can be set to a specific currency, Dany De Bontridder, 2019/10/26
- [Noalyss-commit] [noalyss] 105/238: Background color, Dany De Bontridder, 2019/10/26
- [Noalyss-commit] [noalyss] 107/238: Currency : export PDF and CSV with currency for printing financial ledger listing(oneline), Dany De Bontridder, 2019/10/26
- [Noalyss-commit] [noalyss] 55/238: integrate fix for bug in insert_quant_purchase which cannot save private fee Conflicts: include/sql/patch/upgrade128.sql, Dany De Bontridder, 2019/10/26
- [Noalyss-commit] [noalyss] 60/238: Security fix : f_id is a number, Dany De Bontridder, 2019/10/26
- [Noalyss-commit] [noalyss] 57/238: Security : direct injection, Dany De Bontridder, 2019/10/26
- [Noalyss-commit] [noalyss] 67/238: Documentation, Dany De Bontridder, 2019/10/26