From ac44aa6d814eac53220f9351225d3fdf27c91fb4 Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Sun, 18 Dec 2016 13:21:09 +0100
Subject: [PATCH] FIX security bugs
---
htdocs/accountancy/bookkeeping/balancebymonth.php | 4 +++-
htdocs/accountancy/customer/index.php | 4 ++--
htdocs/accountancy/report/result.php | 4 +++-
htdocs/accountancy/supplier/index.php | 4 ++--
htdocs/asterisk/wrapper.php | 8 ++++----
htdocs/categories/traduction.php | 2 +-
htdocs/install/step4.php | 2 +-
htdocs/loan/calc.php | 12 ++++++------
htdocs/loan/payment/card.php | 4 ++--
.../canvas/product/actions_card_product.class.php | 5 ++---
.../canvas/service/actions_card_service.class.php | 4 ++--
htdocs/product/traduction.php | 2 +-
12 files changed, 29 insertions(+), 26 deletions(-)
diff --git a/htdocs/accountancy/bookkeeping/balancebymonth.php b/htdocs/accountancy/bookkeeping/balancebymonth.php
index 9202371e5a5..83908f72172 100644
--- a/htdocs/accountancy/bookkeeping/balancebymonth.php
+++ b/htdocs/accountancy/bookkeeping/balancebymonth.php
@@ -38,7 +38,7 @@ $langs->load("other");
$langs->load("accountancy");
// Filter
-$year = $_GET["year"];
+$year = GETPOST("year",'int');
if ($year == 0) {
$year_current = strftime("%Y", time());
$year_start = $year_current;
@@ -47,9 +47,11 @@ if ($year == 0) {
$year_start = $year;
}
+
/*
* View
*/
+
llxHeader('', $langs->trans("Bookkeeping"));
$textprevyear = '<a href="' . $_SERVER["PHP_SELF"] . '?year=' . ($year_current - 1) . '">' . img_previous() . '</a>';
diff --git a/htdocs/accountancy/customer/index.php b/htdocs/accountancy/customer/index.php
index fea8281935f..ef5c512179a 100644
--- a/htdocs/accountancy/customer/index.php
+++ b/htdocs/accountancy/customer/index.php
@@ -47,7 +47,7 @@ if (! $user->rights->accounting->bind->write)
accessforbidden();
// Filter
-$year = $_GET["year"];
+$year = GETPOST("year",'int');
if ($year == 0) {
$year_current = strftime("%Y", time());
$year_start = $year_current;
@@ -57,7 +57,7 @@ if ($year == 0) {
}
// Validate History
-$action = GETPOST('action');
+$action = GETPOST('action','alpha');
diff --git a/htdocs/accountancy/report/result.php b/htdocs/accountancy/report/result.php
index e31e1c92f17..317b7193ff3 100644
--- a/htdocs/accountancy/report/result.php
+++ b/htdocs/accountancy/report/result.php
@@ -43,7 +43,7 @@ $rowid = GETPOST('rowid', 'int');
$cancel = GETPOST('cancel');
// Filter
-$year = $_GET["year"];
+$year = GETPOST('year','int');
if ($year == 0) {
$year_current = strftime("%Y", time());
$year_start = $year_current;
@@ -64,9 +64,11 @@ if (! $user->rights->accounting->comptarapport->lire)
$AccCat = new AccountancyCategory($db);
+
/*
* View
*/
+
llxheader('', $langs->trans('ReportInOut'));
$formaccounting = new FormAccounting($db);
diff --git a/htdocs/accountancy/supplier/index.php b/htdocs/accountancy/supplier/index.php
index 82c7cebe087..ef7d470bb07 100644
--- a/htdocs/accountancy/supplier/index.php
+++ b/htdocs/accountancy/supplier/index.php
@@ -45,7 +45,7 @@ if (! $user->rights->accounting->bind->write)
accessforbidden();
// Filter
-$year = $_GET["year"];
+$year = GETPOST("year",'int');
if ($year == 0) {
$year_current = strftime("%Y", time());
$year_start = $year_current;
@@ -55,7 +55,7 @@ if ($year == 0) {
}
// Validate History
-$action = GETPOST('action');
+$action = GETPOST('action', 'alpha');
/*
diff --git a/htdocs/asterisk/wrapper.php b/htdocs/asterisk/wrapper.php
index e5c9a6b2093..381750546ce 100644
--- a/htdocs/asterisk/wrapper.php
+++ b/htdocs/asterisk/wrapper.php
@@ -85,10 +85,10 @@ if (! isset($conf->global->ASTERISK_PRIORITY)) $conf->global->ASTERISK_PRIORITY
if (! isset($conf->global->ASTERISK_MAX_RETRY)) $conf->global->ASTERISK_MAX_RETRY="2";
-$login = $_GET['login'];
-$password = $_GET['password'];
-$caller = $_GET['caller'];
-$called = $_GET['called'];
+$login = GETPOST('login');
+$password = GETPOST('password');
+$caller = GETPOST('caller');
+$called = GETPOST('called');
// IP address of Asterisk server
$strHost = $conf->global->ASTERISK_HOST;
diff --git a/htdocs/categories/traduction.php b/htdocs/categories/traduction.php
index 00741f81390..1967727b32f 100644
--- a/htdocs/categories/traduction.php
+++ b/htdocs/categories/traduction.php
@@ -277,7 +277,7 @@ if ($action == 'add' && ($user->rights->produit->creer || $user->rights->service
print '<form action="'.$_SERVER["PHP_SELF"].'" method="post">';
print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
print '<input type="hidden" name="action" value="vadd">';
- print '<input type="hidden" name="id" value="'.$_GET["id"].'">';
+ print '<input type="hidden" name="id" value="'.$id.'">';
print '<table class="border" width="100%">';
print '<tr><td class="fieldtitlecreate fieldrequired">'.$langs->trans('Translation').'</td><td>';
diff --git a/htdocs/install/step4.php b/htdocs/install/step4.php
index ce16596bdbf..740a45a9063 100644
--- a/htdocs/install/step4.php
+++ b/htdocs/install/step4.php
@@ -79,7 +79,7 @@ $db=getDoliDBInstance($conf->db->type,$conf->db->host,$conf->db->user,$conf->db-
if ($db->ok)
{
print '<tr><td>'.$langs->trans("DolibarrAdminLogin").' :</td><td>';
- print '<input name="login" type="text" value="' . (!empty($_GET["login"]) ? $_GET["login"] : (isset($force_install_dolibarrlogin) ? $force_install_dolibarrlogin : '')) . '"' . (@$force_install_noedit == 2 && $force_install_dolibarrlogin !== null ? ' disabled' : '') . '></td></tr>';
+ print '<input name="login" type="text" value="' . (!empty($_GET["login"]) ? GETPOST("login") : (isset($force_install_dolibarrlogin) ? $force_install_dolibarrlogin : '')) . '"' . (@$force_install_noedit == 2 && $force_install_dolibarrlogin !== null ? ' disabled' : '') . '></td></tr>';
print '<tr><td>'.$langs->trans("Password").' :</td><td>';
print '<input type="password" name="pass"></td></tr>';
print '<tr><td>'.$langs->trans("PasswordAgain").' :</td><td>';
diff --git a/htdocs/loan/calc.php b/htdocs/loan/calc.php
index b6e649962fa..76b4c989aa7 100644
--- a/htdocs/loan/calc.php
+++ b/htdocs/loan/calc.php
@@ -49,12 +49,12 @@ $error = false;
* Set the USER INPUT values
* --------------------------------------------------- */
if (isset($_REQUEST['form_complete'])) {
- $sale_price = $_REQUEST['sale_price'];
- $annual_interest_percent = $_REQUEST['annual_interest_percent'];
- $year_term = $_REQUEST['year_term'];
- $down_percent = $_REQUEST['down_percent'];
- $show_progress = (isset($_REQUEST['show_progress'])) ? $_REQUEST['show_progress'] : false;
- $form_complete = $_REQUEST['form_complete'];
+ $sale_price = GETPOST('sale_price');
+ $annual_interest_percent = GETPOST('annual_interest_percent');
+ $year_term = GETPOST('year_term');
+ $down_percent = GETPOST('down_percent');
+ $show_progress = (isset($_REQUEST['show_progress'])) ? GETPOST('show_progress') : false;
+ $form_complete = GETPOST('form_complete');
}
// This function does the actual mortgage calculations
diff --git a/htdocs/loan/payment/card.php b/htdocs/loan/payment/card.php
index 41f332e5dd0..c76b0565a3f 100644
--- a/htdocs/loan/payment/card.php
+++ b/htdocs/loan/payment/card.php
@@ -32,7 +32,7 @@ $langs->load('companies');
$langs->load('loan');
// Security check
-$id=GETPOST("id");
+$id=GETPOST("id",'int');
$action=GETPOST("action");
$confirm=GETPOST('confirm');
if ($user->societe_id) $socid=$user->societe_id;
@@ -120,7 +120,7 @@ $form = new Form($db);
$h=0;
-$head[$h][0] = DOL_URL_ROOT.'/loan/payment/card.php?id='.$_GET["id"];
+$head[$h][0] = DOL_URL_ROOT.'/loan/payment/card.php?id='.$id;
$head[$h][1] = $langs->trans("Card");
$hselected = $h;
$h++;
diff --git a/htdocs/product/canvas/product/actions_card_product.class.php b/htdocs/product/canvas/product/actions_card_product.class.php
index e32d31122dc..06803e8239d 100644
--- a/htdocs/product/canvas/product/actions_card_product.class.php
+++ b/htdocs/product/canvas/product/actions_card_product.class.php
@@ -325,16 +325,15 @@ class ActionsCardProduct
$this->list_datas = array();
- //$_GET["sall"] = 'LL';
// Clean parameters
- $sall=trim(isset($_GET["sall"])?$_GET["sall"]:$_POST["sall"]);
+ $sall=trim(GETPOST("sall"));
foreach($this->field_list as $field)
{
if ($field['enabled'])
{
$fieldname = "s".$field['alias'];
- $$fieldname = trim(isset($_GET[$fieldname])?$_GET[$fieldname]:$_POST[$fieldname]);
+ $$fieldname = trim(GETPOST($fieldname));
}
}
diff --git a/htdocs/product/canvas/service/actions_card_service.class.php b/htdocs/product/canvas/service/actions_card_service.class.php
index 7bc04ecb42a..af6fbccc320 100644
--- a/htdocs/product/canvas/service/actions_card_service.class.php
+++ b/htdocs/product/canvas/service/actions_card_service.class.php
@@ -308,9 +308,9 @@ class ActionsCardService
$sql.= ' FROM '.MAIN_DB_PREFIX.'product as p';
// We'll need this table joined to the select in order to filter by categ
if ($search_categ) $sql.= ", ".MAIN_DB_PREFIX."categorie_product as cp";
- if ($_GET["fourn_id"] > 0)
+ if (GETPOST("fourn_id",'int') > 0)
{
- $fourn_id = $_GET["fourn_id"];
+ $fourn_id = GETPOST("fourn_id",'int');
$sql.= ", ".MAIN_DB_PREFIX."product_fournisseur_price as pfp";
}
$sql.= " WHERE p.entity IN (".getEntity('product', 1).")";
diff --git a/htdocs/product/traduction.php b/htdocs/product/traduction.php
index 1f6ae678a81..f616004db42 100644
--- a/htdocs/product/traduction.php
+++ b/htdocs/product/traduction.php
@@ -305,7 +305,7 @@ if ($action == 'add' && ($user->rights->produit->creer || $user->rights->service
print '<form action="'.$_SERVER["PHP_SELF"].'" method="post">';
print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
print '<input type="hidden" name="action" value="vadd">';
- print '<input type="hidden" name="id" value="'.$_GET["id"].'">';
+ print '<input type="hidden" name="id" value="'.GETPOST("id",'int').'">';
print '<table class="border" width="100%">';
print '<tr><td valign="top" class="titlefieldcreate fieldrequired">'.$langs->trans('Language').'</td><td>';
--
GitLab