From 78e5c3ffacd3acd0d6b4195bda32c4e5c08eeae2 Mon Sep 17 00:00:00 2001
From: ywarnier <ywarnier>
Date: Tue, 16 Jan 2007 11:24:38 +0000
Subject: [PATCH] =?UTF-8?q?ajout=20fix=20date=20cotisation=20+=20fix=20dat?=
 =?UTF-8?q?e=20naissance=20ajout=20zeros=20l=E0=20o=F9=20il=20le=20faut?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 htdocs/adherents/fiche.php | 61 +++++++++++++++++++-------------------
 1 file changed, 30 insertions(+), 31 deletions(-)

diff --git a/htdocs/adherents/fiche.php b/htdocs/adherents/fiche.php
index c159ade3970..08650bf701e 100644
--- a/htdocs/adherents/fiche.php
+++ b/htdocs/adherents/fiche.php
@@ -134,20 +134,18 @@ if ($_POST["action"] == 'cotisation')
 if ($_REQUEST["action"] == 'update' && ! $_POST["cancel"])
 {
 	$datenaiss='';
-	if (isset($_POST["naissday"]) && $_POST["naissday"]
-	 && isset($_POST["naissmonth"]) && $_POST["naissmonth"]
-	 && isset($_POST["naissyear"]) && $_POST["naissyear"])
-	{
-		#$datenaiss=@mktime(12, 0 , 0, $_POST["naissmonth"], $_POST["naissday"], $_POST["naissyear"]);
-		$naissday   = (int) $_POST["naissday"];
-  	        $naissmonth = (int) $_POST["naissmonth"];
-  	        $naissyear  = (int) $_POST["naissyear"];
-  	        if($naissmonth>=1 && $naissmonth<=12
-  	           && $naissday>=1 && $naissday<=31
-  	           && $naissyear>=1850 && $naissyear<=date('Y')) {
-			$datenaiss=$naissyear.$naissmonth.$naissday;
+    if (!empty($_POST["naissyear"]))
+    {
+		$birthday 	= (int) $_POST["naissday"];
+		$birthmonth = (int) $_POST["naissmonth"];
+		$birthyear 	= (int) $_POST["naissyear"];
+		if($birthmonth>=1 && $birthmonth<=12
+			&& $birthday>=1 && $birthday<=31
+			&& $birthyear>=1850 && $birthyear<=date('Y'))
+		{
+           	$datenaiss     = ($birthyear*10000)+($birthmonth*100)+$birthday;
 		}
-	}
+    }
 
 	$adh->id          = $_POST["rowid"];
 	$adh->prenom      = $_POST["prenom"];
@@ -167,7 +165,6 @@ if ($_REQUEST["action"] == 'update' && ! $_POST["cancel"])
 	$adh->phone_mobile= $_POST["phone_mobile"];
 	$adh->email       = $_POST["email"];
 	$adh->naiss       = $datenaiss;
-	$adh->date        = $datenaiss;	// A virer
 	$adh->photo       = $_POST["photo"];
 
 	$adh->typeid      = $_POST["type"];
@@ -184,7 +181,9 @@ if ($_REQUEST["action"] == 'update' && ! $_POST["cancel"])
 	{
 		if (ereg("^options_",$key))
 		{
-			$adh->array_options[$key]=$_POST[$key];
+			//escape values from POST, at least with addslashes, to avoid obvious SQL injections
+			//(array_options is directly input in the DB in adherent.class.php::update())
+			$adh->array_options[$key]=addslashes($_POST[$key]);
 		}
 	}
 	if ($adh->update($user,0) >= 0)
@@ -202,23 +201,21 @@ if ($_REQUEST["action"] == 'update' && ! $_POST["cancel"])
 if ($_POST["action"] == 'add')
 {
 	$datenaiss='';
-	if (isset($_POST["naissday"]) && $_POST["naissday"]
-	 && isset($_POST["naissmonth"])
-	 && isset($_POST["naissyear"]) && $_POST["naissyear"])
-	{
-		$datenaiss=@mktime(12, 0 , 0, $_POST["naissmonth"], $_POST["naissday"], $_POST["naissyear"]);
-		$naissday   = (int) $_POST["naissday"];
-  	        $naissmonth = (int) $_POST["naissmonth"];
-  	        $naissyear  = (int) $_POST["naissyear"];
-  	        if($naissmonth>=1 && $naissmonth<=12
-  	           && $naissday>=1 && $naissday<=31
-  	           && $naissyear>=1850 && $naissyear<=date('Y')) {
-			$datenaiss=$naissyear.$naissmonth.$naissday;
+    if ($_POST["naissyear"])
+    {
+		$birthday 	= (int) $_POST["naissday"];
+		$birthmonth = (int) $_POST["naissmonth"];
+		$birthyear 	= (int) $_POST["naissyear"];
+		if($birthmonth>=1 && $birthmonth<=12
+			&& $birthday>=1 && $birthday<=31
+			&& $birthyear>=1850 && $birthyear<=date('Y'))
+		{
+           	$datenaiss     = ($birthyear*10000)+($birthmonth*100)+$birthday;
 		}
-	}
+    }
 	$datecotisation='';
-	if (isset($_POST["naissday"]) && isset($_POST["naissmonth"]) && isset($_POST["naissyear"]))
-	{
+	if (isset($_POST["reday"]) && isset($_POST["remonth"]) && isset($_POST["reyear"]))
+    {
 		$datecotisation=@mktime(12, 0 , 0, $_POST["remonth"], $_POST["reday"], $_POST["reyear"]);
 	}
 
@@ -262,7 +259,9 @@ if ($_POST["action"] == 'add')
     $adh->morphy      = $morphy;
     foreach($_POST as $key => $value){
         if (ereg("^options_",$key)){
-            $adh->array_options[$key]=$_POST[$key];
+			//escape values from POST, at least with addslashes, to avoid obvious SQL injections
+			//(array_options is directly input in the DB in adherent.class.php::update())
+			$adh->array_options[$key]=addslashes($_POST[$key]);
         }
     }
 
-- 
GitLab