Wavyzz/dolibarr-fork
2
0
Fork 0
forked from Wavyzz/dolibarr
Code Pull Requests Activity

Fix security on GETPOST('action'). Param must be sanitized.

Browse Source
This commit is contained in:
Laurent Destailleur
2018-11-05 20:29:07 +01:00
parent 763f3cd518
commit 4a25317f10
120 changed files with 325 additions and 149 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
htdocs/modulebuilder/template/admin/setup.php
View File

@@ -50,7 +50,7 @@ $langs->loadLangs(array("admin", "mymodule@mymodule"));
if (! $user->admin) accessforbidden();
// Parameters
$action = GETPOST('action', 'aZ09');
$action = GETPOST('action', 'alpha');
$backtopage = GETPOST('backtopage', 'alpha');
$arrayofparameters=array(