[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Noalyss-commit] [noalyss] 61/162: CFGLED : security fix : remove $_REQU
From: |
Dany De Bontridder |
Subject: |
[Noalyss-commit] [noalyss] 61/162: CFGLED : security fix : remove $_REQUEST |
Date: |
Sat, 11 Jul 2020 13:23:37 -0400 (EDT) |
sparkyx pushed a commit to annotated tag E-4
in repository noalyss.
commit 9ba82e73fc0646a381c1444704e3b3c539942eca
Author: Dany De Bontridder <danydb@noalyss.eu>
AuthorDate: Sun Jun 3 12:44:11 2018 +0200
CFGLED : security fix : remove $_REQUEST
---
include/cfgledger.inc.php | 16 ++++++++++------
1 file changed, 10 insertions(+), 6 deletions(-)
diff --git a/include/cfgledger.inc.php b/include/cfgledger.inc.php
index 2a1c28f..48fc3b6 100644
--- a/include/cfgledger.inc.php
+++ b/include/cfgledger.inc.php
@@ -61,8 +61,9 @@ if ( $action_frm == 'update')
$show_menu=1;
} catch (Exception $e)
{
+ record_log($e->getMessage());
record_log($e->getTraceAsString());
- alert($e->getMessage());
+ alert($e->getMessage());
}
}
@@ -71,7 +72,7 @@ if ( $action_frm == 'update')
//////////////////////////////////////////////////////////////////////////
if ($action_frm == 'delete' )
{
- $ledger->id=$http->post('p_jrn',"number");;
+ $ledger->id=$http->post('p_jrn',"number");
$ledger->load();
$name=$ledger->get_name();
try {
@@ -86,8 +87,9 @@ if ($action_frm == 'delete' )
}
catch (Exception $e)
{
+ record_log($e->getMessage());
record_log($e->getTraceAsString());
- alert ($e->getMessage());
+ alert ($e->getMessage());
}
}
@@ -108,8 +110,9 @@ if (isset($_POST['add']))
}
catch (Exception $e)
{
+ record_log($e->getMessage());
record_log($e->getTraceAsString());
- alert($e->getMessage());
+ alert($e->getMessage());
}
}
@@ -134,7 +137,7 @@ switch ($sa)
echo '<INPUT TYPE="SUBMIT" class="smallbutton"
VALUE="'._("Sauve").'" name="update"
onClick="$(\'action_frm\').value=\'update\';return
confirm_box(\'cfg_ledger_frm\',\'Valider ?\')">
<INPUT TYPE="RESET" class="smallbutton" VALUE="Reset">
<INPUT TYPE="submit" class="smallbutton" name="efface"
value="'._("Efface").'" onClick="$(\'action_frm\').value=\'delete\';return
confirm_box(\'cfg_ledger_frm\',\'Vous effacez ce journal ?\')">';
-
$href=http_build_query(array('ac'=>$_REQUEST['ac'],'gDossier'=>$_REQUEST['gDossier']));
+
$href=http_build_query(array('ac'=>$http->request('ac'),'gDossier'=>$http->request('gDossier',"number")));
echo '<a style="display:inline" class="smallbutton"
href="do.php?'.$href.'">'._('Retour').'</a>';
echo '</FORM>';
echo "</div>";
@@ -142,8 +145,9 @@ switch ($sa)
}
catch (Exception $e)
{
+ record_log($e->getMessage());
record_log($e->getTraceAsString());
- alert($e->getMessage());
+ alert($e->getMessage());
}
break;
case 'add': /* Add a new ledger */
- [Noalyss-commit] [noalyss] 38/162: Task #448 : currency improve detail of operation, (continued)
- [Noalyss-commit] [noalyss] 38/162: Task #448 : currency improve detail of operation, Dany De Bontridder, 2020/07/11
- [Noalyss-commit] [noalyss] 40/162: Fix bug quant_purchase , private fee not saved, Dany De Bontridder, 2020/07/11
- [Noalyss-commit] [noalyss] 44/162: Task #448 : add info about currency into History of cards and accounting, Dany De Bontridder, 2020/07/11
- [Noalyss-commit] [noalyss] 47/162: Update documentation, Dany De Bontridder, 2020/07/11
- [Noalyss-commit] [noalyss] 54/162: Fix todo_list : if list empty , gets an error in php 7.2, Dany De Bontridder, 2020/07/11
- [Noalyss-commit] [noalyss] 49/162: New version of libreoffice use the numeric in another way, Dany De Bontridder, 2020/07/11
- [Noalyss-commit] [noalyss] 51/162: Missing class : missing class for acc_ledger, Dany De Bontridder, 2020/07/11
- [Noalyss-commit] [noalyss] 53/162: integrate fix for bug in insert_quant_purchase which cannot save private fee Conflicts: include/sql/patch/upgrade128.sql, Dany De Bontridder, 2020/07/11
- [Noalyss-commit] [noalyss] 58/162: Security fix : f_id is a number, Dany De Bontridder, 2020/07/11
- [Noalyss-commit] [noalyss] 60/162: translation, Dany De Bontridder, 2020/07/11
- [Noalyss-commit] [noalyss] 61/162: CFGLED : security fix : remove $_REQUEST,
Dany De Bontridder <=
- [Noalyss-commit] [noalyss] 63/162: Merge branch 'master' into r700-currency, Dany De Bontridder, 2020/07/11
- [Noalyss-commit] [noalyss] 64/162: Remove the default "<div class=content>" which lead to cosmetic bug in the plugins, Dany De Bontridder, 2020/07/11
- [Noalyss-commit] [noalyss] 65/162: Documentation, Dany De Bontridder, 2020/07/11
- [Noalyss-commit] [noalyss] 69/162: Check for date and number : isdate and isnumeric, Dany De Bontridder, 2020/07/11
- [Noalyss-commit] [noalyss] 71/162: Improve waiting box, Dany De Bontridder, 2020/07/11
- [Noalyss-commit] [noalyss] 72/162: Bug : cannot set group, Dany De Bontridder, 2020/07/11
- [Noalyss-commit] [noalyss] 75/162: Bug : in Purchase and Sale , the last rows disappear when we change the ledger, Dany De Bontridder, 2020/07/11
- [Noalyss-commit] [noalyss] 66/162: Documentation, Dany De Bontridder, 2020/07/11
- [Noalyss-commit] [noalyss] 67/162: Create lib for Tabs, Dany De Bontridder, 2020/07/11
- [Noalyss-commit] [noalyss] 68/162: Merge tag 'rel7008' into r700-currency, Dany De Bontridder, 2020/07/11