Wavyzz/dolibarr-fork
2
0
Fork 0
forked from Wavyzz/dolibarr
Code Pull Requests Activity

Fix security on GETPOST('action'). Param must be sanitized.

Browse Source
This commit is contained in:
Laurent Destailleur
2018-11-05 20:29:07 +01:00
parent 763f3cd518
commit 4a25317f10
120 changed files with 325 additions and 149 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
htdocs/modulebuilder/admin/setup.php
View File

@@ -29,7 +29,7 @@ $langs->loadLangs(array("admin", "other", "modulebuilder"));
if (!$user->admin || empty($conf->modulebuilder->enabled))
accessforbidden();
$action = GETPOST('action', 'aZ09');
$action = GETPOST('action', 'alpha');
$backtopage = GETPOST('backtopage', 'alpha');
/*