noalyss-commit
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Noalyss-commit] [noalyss] 11/11: Fix : security fixes see rapport exaka


From: Dany De Bontridder
Subject: [Noalyss-commit] [noalyss] 11/11: Fix : security fixes see rapport exakat (Damien Seguy)
Date: Fri, 1 Jun 2018 17:02:50 -0400 (EDT)

sparkyx pushed a commit to branch master
in repository noalyss.

commit ecc3b531a8a62f48700e0e63060c159b5bc219b9
Author: Dany De Bontridder <address@hidden>
Date:   Fri Jun 1 23:02:22 2018 +0200

    Fix : security fixes see rapport exakat (Damien Seguy)
---
 html/fid.php                    |  9 +++++----
 html/index.php                  |  2 +-
 include/action.common.inc.php   | 10 +++++-----
 include/ajax/ajax_history.php   |  9 +++++----
 include/ajax/ajax_todo_list.php |  6 ++++--
 include/anc_od.inc.php          |  6 +++---
 include/category_card.inc.php   |  4 +++-
 7 files changed, 26 insertions(+), 20 deletions(-)

diff --git a/html/fid.php b/html/fid.php
index d8be465..124860c 100644
--- a/html/fid.php
+++ b/html/fid.php
@@ -48,13 +48,14 @@ $g_user=new User($cn);
 $g_user->check();
 $g_user->check_dossier(dossier::id());
 set_language();
-$fLabel=(isset($_REQUEST['l']))?$_REQUEST['l']:'none';
-$fTva_id=(isset($_REQUEST['t']))?$_REQUEST['t']:'none';
-$fPrice_sale=(isset($_REQUEST['p']))?$_REQUEST['p']:'none';
-$fPrice_purchase=(isset($_REQUEST['b']))?$_REQUEST['b']:'none';
 
 $hi=new HttpInput();
 
+$fLabel=$hi->request("l","string","none");
+$fTva_id=$hi->request("t","string","none");
+$fPrice_sale=$hi->request("p","string","none");
+$fPrice_purchase=$hi->request("b","string","none");
+
 if ( isset($_SESSION['isValid']) && $_SESSION['isValid'] == 1)
 {
     $jrn=$hi->get('j', "number",'-1');
diff --git a/html/index.php b/html/index.php
index 9f6eb66..e69f47b 100644
--- a/html/index.php
+++ b/html/index.php
@@ -187,7 +187,7 @@ if (defined("RECOVER") && isset ($_REQUEST['recover']) )
 // reconnect , create a variable to reconnect properly in login.php
 $goto="";
 if (isset ($_REQUEST['reconnect']) && isset ($_REQUEST['backurl'])) {
-    $goto='<input type="hidden" value="'.$_REQUEST['backurl'].'" 
name="backurl">';
+    $goto='<input type="hidden" value="'.strip_tags($_REQUEST['backurl']).'" 
name="backurl">';
 }
 echo '
 <span 
style="background-color:#879ed4;color:white;padding-left:4px;padding-right:4px;">
diff --git a/include/action.common.inc.php b/include/action.common.inc.php
index 3ed4cdc..eb6ff97 100644
--- a/include/action.common.inc.php
+++ b/include/action.common.inc.php
@@ -186,7 +186,7 @@ if ($sub_action == "update")
                        $act->qcode_dest = $_REQUEST['qcode_dest'];
                echo $act->Display('NEW', false, $base, $retour);
 
-               echo '<input type="hidden" name="ac" value="' . $_REQUEST['ac'] 
. '">';
+               echo '<input type="hidden" name="ac" value="' . 
$http->request('ac') . '">';
                echo '<input type="hidden" name="sa" value="save_action_st2">';
                echo '<input type="submit" class="button" 
name="save_action_st2" value="' . _('Enregistrer') . '">';
                echo '<input type="submit" class="button" name="generate" 
value="' . _('Génère le document') . '"></p>';
@@ -243,9 +243,9 @@ if ($sub_action == 'delete')
        // confirmed
        $cn->start();
        $act = new Follow_Up($cn);
-       $act->ag_id = $_REQUEST['ag_id'];
+       $act->ag_id =$http->request("ag_id","number") ;
        $act->get();
-       if ($g_user->can_write_action($_REQUEST['ag_id'])==true)        
$act->remove();
+       if ($g_user->can_write_action($act->ag_id)==true)       $act->remove();
        $sub_action = "list";
        $cn->commit();
        Follow_Up::show_action_list($cn, $base);
@@ -314,12 +314,12 @@ if ($sub_action == "add_action")
        echo dossier::hidden();
 
 
-       $act->ag_comment = (isset($_POST['ag_comment'])) ? 
Decode($_POST['ag_comment']) : "";
+       $act->ag_comment =Decode($http->post("ag_comment","string",""));
        if (isset($_REQUEST['qcode']))
                $act->qcode_dest = $_REQUEST['qcode'];
        echo $act->Display('NEW', false, $base, $retour);
 
-       echo '<input type="hidden" name="ac" value="' . $_REQUEST["ac"] . '">';
+       echo '<input type="hidden" name="ac" value="' . $http->request("ac") . 
'">';
        echo '<input type="hidden" name="sa" value="save_action_st2">';
        echo '<input type="hidden" name="save_action_st2" 
value="save_action_st2">';
        echo '<input type="submit" class="button" name="save_action_st2" 
value="' . _('Enregistrer') . '">';
diff --git a/include/ajax/ajax_history.php b/include/ajax/ajax_history.php
index f3fb23b..904b71f 100644
--- a/include/ajax/ajax_history.php
+++ b/include/ajax/ajax_history.php
@@ -32,7 +32,7 @@ require_once NOALYSS_INCLUDE.'/class/periode.class.php';
 require_once NOALYSS_INCLUDE.'/lib/html_input.class.php';
 require_once NOALYSS_INCLUDE.'/class/acc_account.class.php';
 require_once NOALYSS_INCLUDE.'/class/exercice.class.php';
-$div=$_REQUEST['div'];
+$div=$http->request('div');
 mb_internal_encoding("UTF-8");
 $http=new HttpInput();
 /**
@@ -86,7 +86,7 @@ if ( isset($_GET['f_id']))
            $dossier=dossier::id();
            if ( $div != 'popup')
              {
-               
$obj="{op:'history',div:'$div',f_id:'".$_GET['f_id']."',gDossier:'$dossier',select:this,exercice:{$year}}";
+               
$obj="{op:'history',div:'$div',f_id:'".$f_id."',gDossier:'$dossier',select:this,exercice:{$year}}";
                $is=$exercice->select('p_exercice',$default,' 
onchange="update_history_card('.$obj.');"');
                $old=_("Autre exercice")." ".$is->input();
              }
@@ -137,7 +137,8 @@ if ( isset($_GET['f_id']))
 ///////////////////////////////////////////////////////////////////////////
 if ( isset($_REQUEST['pcm_val']))
   {
-    $poste=new Acc_Account_Ledger($cn,$_REQUEST['pcm_val']);
+    $pcm_val=$http->request("pcm_val");
+    $poste=new Acc_Account_Ledger($cn,$pcm_val);
     $poste->load();
     $year=$http->get("exercice","string","");
     if ( $year == "") $year=$g_user->get_exercice();
@@ -172,7 +173,7 @@ if ( isset($_REQUEST['pcm_val']))
            $dossier=dossier::id();
            if ( $div != 'popup')
              {
-               
$obj="{op:'history',div:'$div',pcm_val:'".$_GET['pcm_val']."',gDossier:'$dossier',select:this,exercice:{$year}}";
+               
$obj="{op:'history',div:'$div',pcm_val:'".$pcm_val."',gDossier:'$dossier',select:this,exercice:{$year}}";
                $is=$exercice->select('p_exercice',$default,' 
onchange="update_history_account('.$obj.');"');
                $old=_("Autre exercice")." ".$is->input();
              }
diff --git a/include/ajax/ajax_todo_list.php b/include/ajax/ajax_todo_list.php
index 4c95df8..430014b 100644
--- a/include/ajax/ajax_todo_list.php
+++ b/include/ajax/ajax_todo_list.php
@@ -56,7 +56,8 @@ if (isset($_REQUEST['show']))
 {
     $cn=Dossier::connect();
     $todo=new Todo_list($cn);
-    $todo->set_parameter('id',$_REQUEST['id']);
+    $id=$http->request("id");
+    $todo->set_parameter('id',$id);
     $todo->load();
     $content=$todo->display();
     header('Content-type: text/xml; charset=UTF-8');
@@ -79,9 +80,10 @@ if (isset($_REQUEST['show']))
 
////////////////////////////////////////////////////////////////////////////////
 if (isset($_REQUEST['del']))
 {
+     $id=$http->request("id");
     $cn=Dossier::connect();
     $todo=new Todo_list($cn);
-    $todo->set_parameter('id',$_REQUEST['id']);
+    $todo->set_parameter('id',$id);
     $todo->delete();
     exit();
 }
diff --git a/include/anc_od.inc.php b/include/anc_od.inc.php
index fec7618..65e7898 100644
--- a/include/anc_od.inc.php
+++ b/include/anc_od.inc.php
@@ -55,10 +55,10 @@ echo '
 <table clsas="mtitle">
 <tr>
 <td  class="mtitle" >
-<A class="mtitle" HREF="?ac='.$_REQUEST['ac'].'&new&'.$str_dossier.'"> 
'._('Nouveau').' </A>
+<A class="mtitle" HREF="?ac='.$http->request("ac").'&new&'.$str_dossier.'"> 
'._('Nouveau').' </A>
 </td>
 <td  class="mtitle" >
-<A class="mtitle" 
HREF="?ac='.$_REQUEST['ac'].'&see&'.$str_dossier.'">'._('Liste opérations').' 
</A
+<A class="mtitle" 
HREF="?ac='.$http->request("ac").'&see&'.$str_dossier.'">'._('Liste 
opérations').' </A
 </td>
 </tr>
 </table>
@@ -87,7 +87,7 @@ if ( isset($_GET['see']))
     $hid=new IHidden();
 
     $hid->name="ac";
-    $hid->value=$_REQUEST['ac'];
+    $hid->value=$http->request("ac");
     echo $hid->input();
 
     $hid->name="see";
diff --git a/include/category_card.inc.php b/include/category_card.inc.php
index 4ba5274..4e1b993 100644
--- a/include/category_card.inc.php
+++ b/include/category_card.inc.php
@@ -33,7 +33,9 @@ require_once NOALYSS_INCLUDE.'/class/contact.class.php';
 global $http;
 
 $str_dossier=Dossier::get();
-$root='?ac='.$_REQUEST['ac']."&sb=detail&f_id=".$_REQUEST["f_id"].'&'.$str_dossier;
+
+$root="?".http_build_query(["ac"=>$http->request("ac"),"sb"=>"detail","f_id"=>$http->request("f_id")]);
+$root.="&".$str_dossier;
 
 $ss_action=$http->request("sc", "string", "dc");
 



reply via email to

[Prev in Thread] Current Thread [Next in Thread]