[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Noalyss-commit] [noalyss] 25/39: Code : not direct access to $_GET Bug
From: |
Dany De Bontridder |
Subject: |
[Noalyss-commit] [noalyss] 25/39: Code : not direct access to $_GET Bug : javascript didn't work |
Date: |
Sat, 11 Jul 2020 13:20:43 -0400 (EDT) |
sparkyx pushed a commit to branch master
in repository noalyss.
commit 376aab00b2b490dec471bac65f72a051dc89e16f
Author: Dany De Bontridder <danydb@noalyss.eu>
AuthorDate: Wed Jun 10 10:45:43 2020 +0200
Code : not direct access to $_GET
Bug : javascript didn't work
---
html/recherche.php | 15 +++++++++++----
1 file changed, 11 insertions(+), 4 deletions(-)
diff --git a/html/recherche.php b/html/recherche.php
index f9f47c1..f34549a 100644
--- a/html/recherche.php
+++ b/html/recherche.php
@@ -74,7 +74,7 @@ window.onload=function ()
{
create_anchor_up();
init_scroll();
- sorttable.init
+ sorttable.init();
}
</script>
<?php
@@ -123,10 +123,17 @@ if ( isset ($_GET['viewsearch']))
/*
* Export to csv
*/
-
$r=HtmlInput::get_to_hidden(array('l','date_start','date_end','desc','amount_min','amount_max','qcode','accounting','unpaid','gDossier','ledger_type'));
+
$r=HtmlInput::get_to_hidden(array('l','date_start','date_end','desc','amount_min','amount_max',
+ 'qcode','accounting','unpaid','gDossier','ledger_type'));
if (isset($_GET['r_jrn'])) {
- foreach ($_GET['r_jrn'] as $k=>$v)
- $r.=HtmlInput::hidden('r_jrn['.$k.']',$v);
+ $http=new HttpInput();
+ $a_rjrn=$http->get("r_jrn","array");
+ foreach ($a_rjrn as $k=>$v) {
+ // Protect : check that $k and $v are numeric
+ if (isNumber($k)&&isNumber($v)) {
+ $r.=HtmlInput::hidden('r_jrn['.$k.']',$v);
+ }
+ }
}
echo '<form action="export.php" method="get">';
echo $r;
- [Noalyss-commit] [noalyss] 09/39: Compatility PHP7.4, (continued)
- [Noalyss-commit] [noalyss] 09/39: Compatility PHP7.4, Dany De Bontridder, 2020/07/11
- [Noalyss-commit] [noalyss] 02/39: Bug Database:lo_unlink unknown variable, Dany De Bontridder, 2020/07/11
- [Noalyss-commit] [noalyss] 06/39: Compatibility postgresql 12, Dany De Bontridder, 2020/07/11
- [Noalyss-commit] [noalyss] 03/39: Fix problem with redirect, Dany De Bontridder, 2020/07/11
- [Noalyss-commit] [noalyss] 12/39: CSS : new background-selected for a row in table, Dany De Bontridder, 2020/07/11
- [Noalyss-commit] [noalyss] 16/39: task #0001413: Duplication d'opération 2 - le retour, Dany De Bontridder, 2020/07/11
- [Noalyss-commit] [noalyss] 18/39: Task #1803 : export detail of an operation in PDF, Dany De Bontridder, 2020/07/11
- [Noalyss-commit] [noalyss] 14/39: task #0001801: CARD : mise à jour fiche , effacement et modification, Dany De Bontridder, 2020/07/11
- [Noalyss-commit] [noalyss] 15/39: Select Box : improve position in floating element, Dany De Bontridder, 2020/07/11
- [Noalyss-commit] [noalyss] 17/39: task #0001801: CARD : mise à jour fiche , effacement et modification, Dany De Bontridder, 2020/07/11
- [Noalyss-commit] [noalyss] 25/39: Code : not direct access to $_GET Bug : javascript didn't work,
Dany De Bontridder <=
- [Noalyss-commit] [noalyss] 26/39: Bug : compatibility PHP7.4, Dany De Bontridder, 2020/07/11
- [Noalyss-commit] [noalyss] 13/39: JS : improve code alternate_row_color, Dany De Bontridder, 2020/07/11
- [Noalyss-commit] [noalyss] 19/39: Set new version, Dany De Bontridder, 2020/07/11
- [Noalyss-commit] [noalyss] 23/39: warning about undefined $this->f_id_dest, Dany De Bontridder, 2020/07/11
- [Noalyss-commit] [noalyss] 22/39: Error with card, Dany De Bontridder, 2020/07/11
- [Noalyss-commit] [noalyss] 27/39: Cosmetic #1808 : Ma au lieu de Me dans le calendrier, Dany De Bontridder, 2020/07/11
- [Noalyss-commit] [noalyss] 24/39: Cosmetic : disconnect, Dany De Bontridder, 2020/07/11
- [Noalyss-commit] [noalyss] 21/39: Install show choosen password for admin, Dany De Bontridder, 2020/07/11
- [Noalyss-commit] [noalyss] 28/39: update config.inc.example file, Dany De Bontridder, 2020/07/11
- [Noalyss-commit] [noalyss] 29/39: Orthographe, Dany De Bontridder, 2020/07/11