Wavyzz/dolibarr-fork
2
0
Fork 0
forked from Wavyzz/dolibarr
Code Pull Requests Activity

Fix: [ bug #1581 ] SQL injection possbile

Browse Source
This commit is contained in:
Laurent Destailleur
2014-10-27 00:58:56 +01:00
parent 7bd27a13fa
commit 9619c0cdea
6 changed files with 14 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
htdocs/core/lib/functions.lib.php
View File

@@ -175,7 +175,7 @@ function dol_shutdown()
* @param int $method Type of method (0 = get then post, 1 = only get, 2 = only post, 3 = post then get, 4 = post then get then cookie)
* @param int $filter Filter to apply when $check is set to custom. (See http://php.net/manual/en/filter.filters.php for détails)
* @param mixed $options Options to pass to filter_var when $check is set to custom
* @return string||string[] Value found, or '' if check fails
* @return string||string[] Value found (string or array), or '' if check fails
*/
function GETPOST($paramname,$check='',$method=0,$filter=NULL,$options=NULL)
{

4
htdocs/core/lib/invoice.lib.php
View File

@@ -79,7 +79,7 @@ function facture_prepare_head($object)
if(!empty($object->note_public)) $nbNote++;
$head[$h][0] = DOL_URL_ROOT.'/compta/facture/note.php?facid='.$object->id;
$head[$h][1] = $langs->trans('Notes');
if ($nbNote > 0) $head[$h][1].= ' ('.$nbNote.')';
if ($nbNote > 0) $head[$h][1].= ' <span class="badge">'.$nbNote.'</span>';
$head[$h][2] = 'note';
$h++;
}
@@ -89,7 +89,7 @@ function facture_prepare_head($object)
$nbFiles = count(dol_dir_list($upload_dir,'files',0,'','(\.meta|_preview\.png)$'));
$head[$h][0] = DOL_URL_ROOT.'/compta/facture/document.php?facid='.$object->id;
$head[$h][1] = $langs->trans('Documents');
if($nbFiles > 0) $head[$h][1].= ' ('.$nbFiles.')';
if($nbFiles > 0) $head[$h][1].= ' <span class="badge">'.$nbFiles.'</span>';
$head[$h][2] = 'documents';
$h++;