[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Noalyss-commit] [noalyss] 57/162: Security fix : f_id is a number
From: |
Dany De Bontridder |
Subject: |
[Noalyss-commit] [noalyss] 57/162: Security fix : f_id is a number |
Date: |
Sat, 11 Jul 2020 13:23:35 -0400 (EDT) |
sparkyx pushed a commit to annotated tag E-4
in repository noalyss.
commit 6482988c75ace6b35f1227bbeaa3aea7e426cbac
Author: Dany De Bontridder <danydb@noalyss.eu>
AuthorDate: Sat Jun 2 08:28:44 2018 +0200
Security fix : f_id is a number
---
include/category_card.inc.php | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/include/category_card.inc.php b/include/category_card.inc.php
index 4e1b993..ce26bc1 100644
--- a/include/category_card.inc.php
+++ b/include/category_card.inc.php
@@ -34,7 +34,7 @@ global $http;
$str_dossier=Dossier::get();
-$root="?".http_build_query(["ac"=>$http->request("ac"),"sb"=>"detail","f_id"=>$http->request("f_id")]);
+$root="?".http_build_query(["ac"=>$http->request("ac"),"sb"=>"detail","f_id"=>$http->request("f_id","number")]);
$root.="&".$str_dossier;
$ss_action=$http->request("sc", "string", "dc");
- [Noalyss-commit] [noalyss] 45/162: typo, (continued)
- [Noalyss-commit] [noalyss] 45/162: typo, Dany De Bontridder, 2020/07/11
- [Noalyss-commit] [noalyss] 39/162: integrate fix for bug in insert_quant_purchase which cannot save private fee, Dany De Bontridder, 2020/07/11
- [Noalyss-commit] [noalyss] 48/162: Protect function nb , return the string if the parameter is not a float, Dany De Bontridder, 2020/07/11
- [Noalyss-commit] [noalyss] 34/162: Task #448 : Currency : purchase, fix bug for autoreverse VAT, Dany De Bontridder, 2020/07/11
- [Noalyss-commit] [noalyss] 37/162: comment, Dany De Bontridder, 2020/07/11
- [Noalyss-commit] [noalyss] 46/162: Task #448 : add currency to card -> history + export CSV, Dany De Bontridder, 2020/07/11
- [Noalyss-commit] [noalyss] 50/162: Create invoice : New version of libreoffice use the numeric in another way, Dany De Bontridder, 2020/07/11
- [Noalyss-commit] [noalyss] 55/162: Security : direct injection, Dany De Bontridder, 2020/07/11
- [Noalyss-commit] [noalyss] 52/162: Bug 1600 : alphanumeric accounting must be case insensitive, Dany De Bontridder, 2020/07/11
- [Noalyss-commit] [noalyss] 56/162: Fix : security fixes see rapport exakat (Damien Seguy), Dany De Bontridder, 2020/07/11
- [Noalyss-commit] [noalyss] 57/162: Security fix : f_id is a number,
Dany De Bontridder <=
- [Noalyss-commit] [noalyss] 62/162: Merge master, Dany De Bontridder, 2020/07/11
- [Noalyss-commit] [noalyss] 38/162: Task #448 : currency improve detail of operation, Dany De Bontridder, 2020/07/11
- [Noalyss-commit] [noalyss] 40/162: Fix bug quant_purchase , private fee not saved, Dany De Bontridder, 2020/07/11
- [Noalyss-commit] [noalyss] 44/162: Task #448 : add info about currency into History of cards and accounting, Dany De Bontridder, 2020/07/11
- [Noalyss-commit] [noalyss] 47/162: Update documentation, Dany De Bontridder, 2020/07/11
- [Noalyss-commit] [noalyss] 54/162: Fix todo_list : if list empty , gets an error in php 7.2, Dany De Bontridder, 2020/07/11
- [Noalyss-commit] [noalyss] 49/162: New version of libreoffice use the numeric in another way, Dany De Bontridder, 2020/07/11
- [Noalyss-commit] [noalyss] 51/162: Missing class : missing class for acc_ledger, Dany De Bontridder, 2020/07/11
- [Noalyss-commit] [noalyss] 53/162: integrate fix for bug in insert_quant_purchase which cannot save private fee Conflicts: include/sql/patch/upgrade128.sql, Dany De Bontridder, 2020/07/11
- [Noalyss-commit] [noalyss] 58/162: Security fix : f_id is a number, Dany De Bontridder, 2020/07/11