[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Noalyss-commit] [noalyss] 40/173: Protect parameters
From: |
Dany De Bontridder |
Subject: |
[Noalyss-commit] [noalyss] 40/173: Protect parameters |
Date: |
Mon, 22 Mar 2021 12:58:34 -0400 (EDT) |
sparkyx pushed a commit to branch master
in repository noalyss.
commit 57bb44c85fffab96fac0f0432432adf7a244570a
Author: Dany De Bontridder <danydb@noalyss.eu>
AuthorDate: Sat Jan 12 13:39:48 2019 +0100
Protect parameters
---
html/fid_card.php | 25 +++++++++++++++----------
1 file changed, 15 insertions(+), 10 deletions(-)
diff --git a/html/fid_card.php b/html/fid_card.php
index 1ee5d07..57577bb 100644
--- a/html/fid_card.php
+++ b/html/fid_card.php
@@ -27,6 +27,7 @@
require_once '../include/constant.php';
require_once NOALYSS_INCLUDE.'/lib/database.class.php';
+require_once NOALYSS_INCLUDE.'/lib/http_input.class.php';
require_once NOALYSS_INCLUDE.'/class/dossier.class.php';
/*!\brief
* Received parameters are
@@ -41,11 +42,12 @@ require_once NOALYSS_INCLUDE.'/class/dossier.class.php';
* - list of fd_id
*
*/
+$http=new HttpInput();
-$jrn= ( ! isset($_REQUEST['j']))?-1:$_REQUEST['j'];
+$jrn= $http->request("j","number",-1);
$filter_card="";
$cn=Dossier::connect();
-$d=$_REQUEST['e'];
+$d=$http->request('e');
$filter_card='';
require_once('class/user.class.php');
@@ -107,8 +109,8 @@ else
{
$get_cred='jrn_def_fiche_cred';
$get_deb='jrn_def_fiche_deb';
-
- $filter_jrn=$cn->make_list("select $get_cred||','||$get_deb as
fiche from jrn_def where jrn_def_type=$1",array($_REQUEST['type']));
+ $type=$http->request("type");
+ $filter_jrn=$cn->make_list("select $get_cred||','||$get_deb as
fiche from jrn_def where jrn_def_type=$1",array($type));
$filter_card=($filter_jrn != "")?" and fd_id in ($filter_jrn)":'
and false ';
}
@@ -125,9 +127,12 @@ else
$sql_str="select distinct f_id from fiche join fiche_detail using (f_id) where
ad_id in (9,1,23) and ad_value ilike '%'||$1||'%' ".$filter_card.' limit 12';
-$sql=$cn->get_array($sql_str ,array($_REQUEST['FID']));
-if (sizeof($sql) != 0 )
+$fid=$http->request("FID");
+
+$sql=$cn->get_array($sql_str ,array($fid));
+
+if ($sql != false && sizeof($sql) != 0 )
{
echo "<ul>";
$sql_get=$cn->prepare('get_name',"select ad_value from fiche_detail where
f_id = $1 and ad_id=$2");
@@ -146,12 +151,12 @@ if (sizeof($sql) != 0 )
$sql_name=$cn->execute('get_name',array($sql[$i]['f_id'],23));
if (Database::num_row($sql_name) == 1)
$quick_code=Database::fetch_result($sql_name,0,0);
- $fid=htmlentities($_REQUEST['FID']);
+ $fid=htmlentities($fid);
/* Highlight the found pattern with bold format */
- $name=str_ireplace($_REQUEST['FID'],'<em>'.$fid.'</em>',h($name));
-
$qcode=str_ireplace($_REQUEST['FID'],'<em>'.$fid.'</em>',h($quick_code));
- $desc=str_ireplace($_REQUEST['FID'],'<em>'.$fid.'</em>',h($desc));
+ $name=str_ireplace($fid,'<em>'.$fid.'</em>',h($name));
+ $qcode=str_ireplace($fid,'<em>'.$fid.'</em>',h($quick_code));
+ $desc=str_ireplace($fid,'<em>'.$fid.'</em>',h($desc));
printf('<li id="%s">%s <span class="informal">%s %s</span></li>',
$quick_code,
$quick_code,
- [Noalyss-commit] [noalyss] 76/173: Mantis #1693: CA - problème avec la balance croisée double, (continued)
- [Noalyss-commit] [noalyss] 76/173: Mantis #1693: CA - problème avec la balance croisée double, Dany De Bontridder, 2021/03/22
- [Noalyss-commit] [noalyss] 79/173: Merge with dev7109, Dany De Bontridder, 2021/03/22
- [Noalyss-commit] [noalyss] 72/173: Mantis #0001618: Journaux - choix du type en premier, Dany De Bontridder, 2021/03/22
- [Noalyss-commit] [noalyss] 77/173: translation, Dany De Bontridder, 2021/03/22
- [Noalyss-commit] [noalyss] 80/173: Merge branch 'master' into entreprise, Dany De Bontridder, 2021/03/22
- [Noalyss-commit] [noalyss] 82/173: Merge branch 'dev7109' into entreprise, Dany De Bontridder, 2021/03/22
- [Noalyss-commit] [noalyss] 88/173: Merge branch 'dev7109' into entreprise, Dany De Bontridder, 2021/03/22
- [Noalyss-commit] [noalyss] 26/173: Currency : history for accounting , correct amount in currency, Dany De Bontridder, 2021/03/22
- [Noalyss-commit] [noalyss] 28/173: remove commented code, Dany De Bontridder, 2021/03/22
- [Noalyss-commit] [noalyss] 34/173: by default jrn is an empty array, Dany De Bontridder, 2021/03/22
- [Noalyss-commit] [noalyss] 40/173: Protect parameters,
Dany De Bontridder <=
- [Noalyss-commit] [noalyss] 43/173: PHP 7.2 mistyped command, Dany De Bontridder, 2021/03/22
- [Noalyss-commit] [noalyss] 47/173: Currency : set default accounting for change difference when using currency, Dany De Bontridder, 2021/03/22
- [Noalyss-commit] [noalyss] 16/173: Translation, Dany De Bontridder, 2021/03/22
- [Noalyss-commit] [noalyss] 17/173: Translation, Dany De Bontridder, 2021/03/22
- [Noalyss-commit] [noalyss] 23/173: Currency : precision 6, display default currency , protect used currency against delete, Dany De Bontridder, 2021/03/22
- [Noalyss-commit] [noalyss] 27/173: Currency : detail operation Purchase , the amount in currency were wrong in the summary, Dany De Bontridder, 2021/03/22
- [Noalyss-commit] [noalyss] 37/173: Merge branch 'r700-currency' of gitlab.noalyss.eu:noalyss/noalyss into r700-currency, Dany De Bontridder, 2021/03/22
- [Noalyss-commit] [noalyss] 38/173: Merge branch 'master' of gitlab.noalyss.eu:noalyss/noalyss into r700-currency, Dany De Bontridder, 2021/03/22
- [Noalyss-commit] [noalyss] 39/173: Currency : because of Misc Operation, the tiers must also be saved into operation_currency. Fix also PRINTJRN for currency, Dany De Bontridder, 2021/03/22
- [Noalyss-commit] [noalyss] 44/173: Currency Show currency info for MISC, Dany De Bontridder, 2021/03/22