Wavyzz/dolibarr-fork
2
0
Fork 0
forked from Wavyzz/dolibarr
Code Pull Requests Activity

Fix: Regression

Browse Source
This commit is contained in:
Laurent Destailleur
2010-11-21 14:35:59 +00:00
parent 7df2187489
commit a32a49a225
1 changed files with 4 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
htdocs/lib/functions.lib.php
View File

@@ -52,10 +52,11 @@ function GETPOST($paramname,$check='',$method=0)
if (!empty($check))
{
// Check if integer
if ($check == 'int' && ! is_numeric(trim($out))) $out='';
// Check if numeric
if ($check == 'int' && ! preg_match('/^[\.,0-9]+$/i',trim($out))) $out='';
// Check if alpha
if ($check == 'alpha' && ! preg_match('/^[#\/\\\(\)\-\._a-z0-9]+$/i',trim($out))) $out='';
//if ($check == 'alpha' && ! preg_match('/^[ =:@#\/\\\(\)\-\._a-z0-9]+$/i',trim($out))) $out='';
if ($check == 'alpha' && preg_match('/"/',trim($out))) $out=''; // Only " is dangerous because param in url can close the href= or src= and add javascript functions
}
return $out;