From 61272f0699ab6cc3ae46ac4546a51eb19d9318b8 Mon Sep 17 00:00:00 2001
From: Regis Houssin <regis@dolibarr.fr>
Date: Wed, 10 Nov 2010 20:16:31 +0000
Subject: [PATCH] Fix: XSS injection
---
htdocs/comm/action/index.php | 28 ++++++++++++++--------------
htdocs/lib/functions.lib.php | 12 +++++++++---
htdocs/product/liste.php | 2 +-
3 files changed, 24 insertions(+), 18 deletions(-)
diff --git a/htdocs/comm/action/index.php b/htdocs/comm/action/index.php
index a65c70dad7f..0f14c64dc1a 100644
--- a/htdocs/comm/action/index.php
+++ b/htdocs/comm/action/index.php
@@ -33,14 +33,14 @@ require_once(DOL_DOCUMENT_ROOT."/lib/date.lib.php");
require_once(DOL_DOCUMENT_ROOT."/lib/agenda.lib.php");
if ($conf->projet->enabled) require_once(DOL_DOCUMENT_ROOT."/lib/project.lib.php");
-$filtera = isset($_REQUEST["userasked"])?$_REQUEST["userasked"]:(isset($_REQUEST["filtera"])?$_REQUEST["filtera"]:'');
-$filtert = isset($_REQUEST["usertodo"])?$_REQUEST["usertodo"]:(isset($_REQUEST["filtert"])?$_REQUEST["filtert"]:'');
-$filterd = isset($_REQUEST["userdone"])?$_REQUEST["userdone"]:(isset($_REQUEST["filterd"])?$_REQUEST["filterd"]:'');
-$showbirthday = isset($_REQUEST["showbirthday"])?$_REQUEST["showbirthday"]:0;
-
-$sortfield = isset($_GET["sortfield"])?$_GET["sortfield"]:$_POST["sortfield"];
-$sortorder = isset($_GET["sortorder"])?$_GET["sortorder"]:$_POST["sortorder"];
-$page = isset($_GET["page"])?$_GET["page"]:$_POST["page"];
+$filtera = GETPOST("userasked","int")?GETPOST("userasked","int"):GETPOST("filtera","int");
+$filtert = GETPOST("usertodo","int")?GETPOST("usertodo","int"):GETPOST("filtert","int");
+$filterd = GETPOST("userdone","int")?GETPOST("userdone","int"):GETPOST("filterd","int");
+$showbirthday = GETPOST("showbirthday","int")?GETPOST("showbirthday","int"):0;
+
+$sortfield = GETPOST("sortfield");
+$sortorder = GETPOST("sortorder");
+$page = GETPOST("page","int");
if ($page == -1) { $page = 0 ; }
$limit = $conf->liste_limit;
$offset = $limit * $page ;
@@ -62,12 +62,12 @@ if (! $user->rights->agenda->allactions->read || $_GET["filter"]=='mine') // If
$filterd=$user->id;
}
-$action=! empty($_REQUEST['action'])?$_REQUEST['action']:'';
-$year=! empty($_REQUEST["year"])?$_REQUEST["year"]:date("Y");
-$month=! empty($_REQUEST["month"])?$_REQUEST["month"]:date("m");
-$day=! empty($_REQUEST["day"])?$_REQUEST["day"]:0;
-$pid=! empty($_REQUEST["projectid"])?$_REQUEST["projectid"]:0;
-$status=isset($_GET["status"])?$_GET["status"]:$_POST["status"];
+$action=GETPOST('action');
+$year=GETPOST("year","int")?GETPOST("year","int"):date("Y");
+$month=GETPOST("month","int")?GETPOST("month","int"):date("m");
+$day=GETPOST("day","int")?GETPOST("day","int"):0;
+$pid=GETPOST("projectid","int")?GETPOST("projectid","int"):0;
+$status=GETPOST("status","int");
$langs->load("other");
$langs->load("commercial");
diff --git a/htdocs/lib/functions.lib.php b/htdocs/lib/functions.lib.php
index b35458fe14b..5a658016a0b 100644
--- a/htdocs/lib/functions.lib.php
+++ b/htdocs/lib/functions.lib.php
@@ -40,14 +40,20 @@ if (! defined('ADODB_DATE_VERSION')) include_once(DOL_DOCUMENT_ROOT."/includes/a
/**
* Return value of a param into get or post variable
* @param paramname Name of parameter to found
- * @param length Length of string (security)
+ * @param check Type of check (security)
* @return string Value found
*/
-function GETPOST($paramname,$length=0)
+function GETPOST($paramname,$check='')
{
$out = isset($_GET[$paramname])?$_GET[$paramname]:(isset($_POST[$paramname])?$_POST[$paramname]:'');
$out = trim($out);
- if ($length > 0 && strlen($out) > $length) $out='';
+
+ if (!empty($check))
+ {
+ // Check if integer
+ if ($check = 'int' && is_int($out)) $out='';
+ }
+
return $out;
}
diff --git a/htdocs/product/liste.php b/htdocs/product/liste.php
index 7415e0c4b50..36450b84e7a 100644
--- a/htdocs/product/liste.php
+++ b/htdocs/product/liste.php
@@ -37,7 +37,7 @@ $sref=GETPOST("sref");
$sbarcode=GETPOST("sbarcode");
$snom=GETPOST("snom");
$sall=GETPOST("sall");
-$type=GETPOST("type",1);
+$type=GETPOST("type","int");
$sortfield = GETPOST("sortfield");
--
GitLab