From e0d9bd0836209e3d98d5af26f76ff30a8d76a334 Mon Sep 17 00:00:00 2001
From: Regis Houssin <regis@dolibarr.fr>
Date: Wed, 10 Nov 2010 19:47:03 +0000
Subject: [PATCH] Fix: XSS injection

---
 htdocs/lib/functions.lib.php |  8 ++++++--
 htdocs/product/liste.php     | 25 +++++++++----------------
 2 files changed, 15 insertions(+), 18 deletions(-)

diff --git a/htdocs/lib/functions.lib.php b/htdocs/lib/functions.lib.php
index 61a6bd7bf40..b35458fe14b 100644
--- a/htdocs/lib/functions.lib.php
+++ b/htdocs/lib/functions.lib.php
@@ -40,11 +40,15 @@ if (! defined('ADODB_DATE_VERSION')) include_once(DOL_DOCUMENT_ROOT."/includes/a
 /**
  *  Return value of a param into get or post variable
  *  @param          paramname   Name of parameter to found
+ *  @param			length		Length of string (security)
  *  @return         string      Value found
  */
-function GETPOST($paramname)
+function GETPOST($paramname,$length=0)
 {
-    return isset($_GET[$paramname])?$_GET[$paramname]:(isset($_POST[$paramname])?$_POST[$paramname]:'');
+    $out = isset($_GET[$paramname])?$_GET[$paramname]:(isset($_POST[$paramname])?$_POST[$paramname]:'');
+    $out = trim($out);
+    if ($length > 0 && strlen($out) > $length) $out='';
+    return $out;
 }
 
 /**
diff --git a/htdocs/product/liste.php b/htdocs/product/liste.php
index b93338763b5..7415e0c4b50 100644
--- a/htdocs/product/liste.php
+++ b/htdocs/product/liste.php
@@ -33,22 +33,15 @@ if ($conf->categorie->enabled) require_once(DOL_DOCUMENT_ROOT."/categories/class
 $langs->load("products");
 $langs->load("stocks");
 
-$type=trim(isset($_GET["type"])?$_GET["type"]:$_POST["type"]);
-$sref=isset($_GET["sref"])?$_GET["sref"]:$_POST["sref"];
-
-$sbarcode=isset($_GET["sbarcode"])?$_GET["sbarcode"]:$_POST["sbarcode"];
-$snom=isset($_GET["snom"])?$_GET["snom"]:$_POST["snom"];
-$sall=isset($_GET["sall"])?$_GET["sall"]:$_POST["sall"];
-$type=isset($_GET["type"])?$_GET["type"]:$_POST["type"];
-$sref=trim($sref);
-$sbarcode=trim($sbarcode);
-$snom=trim($snom);
-$sall=trim($sall);
-$type=trim($type);
-
-
-$sortfield = isset($_GET["sortfield"])?$_GET["sortfield"]:$_POST["sortfield"];
-$sortorder = isset($_GET["sortorder"])?$_GET["sortorder"]:$_POST["sortorder"];
+$sref=GETPOST("sref");
+$sbarcode=GETPOST("sbarcode");
+$snom=GETPOST("snom");
+$sall=GETPOST("sall");
+$type=GETPOST("type",1);
+
+
+$sortfield = GETPOST("sortfield");
+$sortorder = GETPOST("sortorder");
 if (! $sortfield) $sortfield="p.ref";
 if (! $sortorder) $sortorder="ASC";
 $page = $_GET["page"];
-- 
GitLab