Wavyzz/dolibarr-fork
2
0
Fork 0
forked from Wavyzz/dolibarr
Code Pull Requests Activity

New: Add option 'az' into GETPOST

Browse Source
This commit is contained in:
Laurent Destailleur
2014-01-08 00:05:14 +01:00
parent 923ff008c2
commit 0e3757aa5c
1 changed files with 8 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
htdocs/core/lib/functions.lib.php
View File

@@ -172,7 +172,7 @@ function dol_shutdown()
* Return value of a param into GET or POST supervariable * Return value of a param into GET or POST supervariable
* *
* @param string $paramname Name of parameter to found * @param string $paramname Name of parameter to found
* @param string $check Type of check (''=no check, 'int'=check it's numeric, 'alpha'=check it's alpha only, 'array'=check it's array) * @param string $check Type of check (''=no check, 'int'=check it's numeric, 'alpha'=check it's text and sign, 'az'=check it's a-z only, 'array'=check it's array)
* @param int $method Type of method (0 = get then post, 1 = only get, 2 = only post, 3 = post then get, 4 = post then get then cookie) * @param int $method Type of method (0 = get then post, 1 = only get, 2 = only post, 3 = post then get, 4 = post then get then cookie)
* @return string Value found, or '' if check fails * @return string Value found, or '' if check fails
*/ */
@@ -198,6 +198,13 @@ function GETPOST($paramname,$check='',$method=0)
if (preg_match('/"/',$out)) $out=''; if (preg_match('/"/',$out)) $out='';
else if (preg_match('/\.\.\//',$out)) $out=''; else if (preg_match('/\.\.\//',$out)) $out='';
} }
elseif ($check == 'az')
{
$out=trim($out);
// '"' is dangerous because param in url can close the href= or src= and add javascript functions.
// '../' is dangerous because it allows dir transversals
if (preg_match('/[^a-z]+/',$out)) $out='';
}
elseif ($check == 'array') elseif ($check == 'array')
{ {
if (! is_array($out) || empty($out)) $out=array(); if (! is_array($out) || empty($out)) $out=array();