[Noalyss-commit] [noalyss] 02/03: Security remove $_POST , $

noalyss-commit

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Noalyss-commit] [noalyss] 02/03: Security remove $_POST , $_GET direct

From:	Dany De Bontridder
Subject:	[Noalyss-commit] [noalyss] 02/03: Security remove $_POST , $_GET direct access
Date:	Sun, 10 Apr 2022 16:11:21 -0400 (EDT)

sparkyx pushed a commit to branch master
in repository noalyss.

commit 3dc017845536ecd19de8eb6ccddf5a1a24706b48
Author: sparkyx <danydb@noalyss.eu>
AuthorDate: Sun Apr 10 12:36:27 2022 +0200

    Security remove $_POST , $_GET direct access
---
 include/fiche.inc.php             | 12 +++++++-----
 include/lettering.account.inc.php |  2 +-
 2 files changed, 8 insertions(+), 6 deletions(-)

diff --git a/include/fiche.inc.php b/include/fiche.inc.php
index 44a7f9446..6f0ba282b 100644
--- a/include/fiche.inc.php
+++ b/include/fiche.inc.php
@@ -18,7 +18,8 @@
  *   Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
  */
 // Copyright Author Dany De Bontridder danydb@aevalys.eu
-/**\file
+/**
+ * \file
  * \brief printing of category of card  : balance, historic
  */
 if ( ! defined ('ALLOWED') ) die('Appel direct ne sont pas permis');
@@ -145,16 +146,17 @@ if ($histo->selected   == -1)
        {
                if ($write == 1)
                {
-                       $ack = $_POST['f_id'];
+                        $ack = $http->post("f_id","array",[]);
                        /**
                         * Move
                         */
                        if (isset($_POST['move'])&& $_POST['move'] == 1)
                        {
+                                $move_to=$http->post("move_to","number");
                                for ($i = 0; $i < count($ack); $i++)
                                {
                                        $fiche = new Fiche($cn, $ack[$i]);
-                                       $fiche->move_to($_POST['move_to']);
+                                       $fiche->move_to($move_to);
                                }
                        }
                        /**
@@ -199,8 +201,8 @@ if ($histo->selected   == -1)
        $max = $cn->get_value("select count(*) from fiche as f " . $cond);
 
        $step = $_SESSION[SESSION_KEY.'g_pagesize'];
-       $page = (isset($_GET['offset'])) ? $_GET['page'] : 1;
-       $offset = (isset($_GET['offset'])) ? $_GET['offset'] : 0;
+        $page=$http->get("page","number",1);
+        $offset=$http->get("offset","number",0);
        $bar = navigation_bar($offset, $max, $step, $page);
        $limit = ($step == -1 ) ? "" : " limit " . $step;
        $res = $cn->exec_sql("
diff --git a/include/lettering.account.inc.php 
b/include/lettering.account.inc.php
index 1136a2879..178d63586 100644
--- a/include/lettering.account.inc.php
+++ b/include/lettering.account.inc.php
@@ -44,7 +44,7 @@ $poste->set_attribute('label','account_label');
 $poste->set_attribute('account','acc');
 $acc_lib="";
 if (isset($_GET['acc'])) { 
-    $poste->value=$_GET['acc']; 
+    $poste->value=$http->get("acc");
     $acc_lib=$cn->get_value('select pcm_lib from tmp_pcmn where 
pcm_val=upper($1)',array($poste->value));
 }

[Prev in Thread]

Current Thread

[Next in Thread]

[Noalyss-commit] [noalyss] branch master updated (8d98e331c -> f8d23563a), Dany De Bontridder, 2022/04/10
- [Noalyss-commit] [noalyss] 01/03: Cosmetic : NULL first , order document, Dany De Bontridder, 2022/04/10
- [Noalyss-commit] [noalyss] 03/03: Fix : cannot letter a record because remains old data, Dany De Bontridder, 2022/04/10
- [Noalyss-commit] [noalyss] 02/03: Security remove $_POST , $_GET direct access, Dany De Bontridder <=

Prev by Date: [Noalyss-commit] [noalyss] branch devel updated (8d98e331c -> 8fc9b7a09)
Previous by thread: [Noalyss-commit] [noalyss] 03/03: Fix : cannot letter a record because remains old data
Next by thread: [Noalyss-commit] [noalyss] branch devel updated (8d98e331c -> 8fc9b7a09)
Index(es):
- Date
- Thread