From b702d2b5341ee9d5e9efda619da0c6798ac87278 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Mon, 29 Mar 2021 22:51:36 +0200 Subject: [PATCH] Fix CSRF for more GET --- htdocs/commande/card.php | 4 ++-- htdocs/commande/class/commande.class.php | 6 +++--- htdocs/compta/facture/class/facture.class.php | 4 ++-- htdocs/main.inc.php | 4 ++-- htdocs/societe/class/societe.class.php | 6 +++--- 5 files changed, 12 insertions(+), 12 deletions(-) diff --git a/htdocs/commande/card.php b/htdocs/commande/card.php index 8e0dc91756c..4585c2dffb2 100644 --- a/htdocs/commande/card.php +++ b/htdocs/commande/card.php @@ -501,7 +501,7 @@ if (empty($reshook)) { setEventMessages($object->error, $object->errors, 'errors'); } } elseif ($action == 'setremise' && $usercancreate) { - $result = $object->setDiscount($user, GETPOST('remise')); + $result = $object->setDiscount($user, price2num(GETPOST('remise'), 2)); if ($result < 0) { setEventMessages($object->error, $object->errors, 'errors'); } @@ -515,7 +515,7 @@ if (empty($reshook)) { } } elseif ($action == 'setdate' && $usercancreate) { // print "x ".$_POST['liv_month'].", ".$_POST['liv_day'].", ".$_POST['liv_year']; - $date = dol_mktime(0, 0, 0, GETPOST('order_month'), GETPOST('order_day'), GETPOST('order_year')); + $date = dol_mktime(0, 0, 0, GETPOST('order_month', 'int'), GETPOST('order_day', 'int'), GETPOST('order_year', 'int')); $result = $object->set_date($user, $date); if ($result < 0) { diff --git a/htdocs/commande/class/commande.class.php b/htdocs/commande/class/commande.class.php index ea97dcbf233..d6a63f83f27 100644 --- a/htdocs/commande/class/commande.class.php +++ b/htdocs/commande/class/commande.class.php @@ -2413,10 +2413,10 @@ class Commande extends CommonOrder $this->db->begin(); - $remise = price2num($remise); + $remise = price2num($remise, 2); $sql = 'UPDATE '.MAIN_DB_PREFIX.'commande'; - $sql .= ' SET remise_percent = '.$remise; + $sql .= ' SET remise_percent = '.((float) $remise); $sql .= ' WHERE rowid = '.$this->id.' AND fk_statut = '.self::STATUS_DRAFT.' ;'; dol_syslog(__METHOD__, LOG_DEBUG); @@ -2867,7 +2867,7 @@ class Commande extends CommonOrder $this->db->begin(); $sql = 'UPDATE '.MAIN_DB_PREFIX.'commande SET'; - $sql .= ' ref_client = '.(empty($ref_client) ? 'NULL' : '\''.$this->db->escape($ref_client).'\''); + $sql .= ' ref_client = '.(empty($ref_client) ? 'NULL' : "'".$this->db->escape($ref_client)."'"); $sql .= ' WHERE rowid = '.$this->id; dol_syslog(__METHOD__.' this->id='.$this->id.', ref_client='.$ref_client, LOG_DEBUG); diff --git a/htdocs/compta/facture/class/facture.class.php b/htdocs/compta/facture/class/facture.class.php index a74d78df84e..960ff8f413f 100644 --- a/htdocs/compta/facture/class/facture.class.php +++ b/htdocs/compta/facture/class/facture.class.php @@ -3735,14 +3735,14 @@ class Facture extends CommonInvoice } if ($user->rights->facture->creer) { - $remise = price2num($remise); + $remise = price2num($remise, 2); $error = 0; $this->db->begin(); $sql = 'UPDATE '.MAIN_DB_PREFIX.'facture'; - $sql .= ' SET remise_percent = '.$remise; + $sql .= ' SET remise_percent = '.((float) $remise); $sql .= ' WHERE rowid = '.$this->id; $sql .= ' AND fk_statut = '.self::STATUS_DRAFT; diff --git a/htdocs/main.inc.php b/htdocs/main.inc.php index f9b8aa637d2..a5d485d1b14 100644 --- a/htdocs/main.inc.php +++ b/htdocs/main.inc.php @@ -438,13 +438,13 @@ if ((!defined('NOCSRFCHECK') && empty($dolibarr_nocsrfcheck) && !empty($conf->gl 'confirm_create_user', 'confirm_create_thirdparty', 'confirm_purge', 'confirm_reject_check', 'delete', 'deletefilter', 'deleteoperation', 'deleteprof', 'deletepayment', 'disable', 'doprev', 'donext', 'dvprev', 'dvnext', - 'enable' + 'enable', 'setpricelevel' ); $sensitiveget = false; if (in_array(GETPOST('action', 'aZ09'), $arrayofactiontoforcetokencheck)) { $sensitiveget = true; } - if (preg_match('/^(disable_|enable_)/', GETPOST('action', 'aZ09'))) { + if (preg_match('/^(disable_|enable_|setremise)/', GETPOST('action', 'aZ09'))) { $sensitiveget = true; } diff --git a/htdocs/societe/class/societe.class.php b/htdocs/societe/class/societe.class.php index 15454f47e2c..b2387314b94 100644 --- a/htdocs/societe/class/societe.class.php +++ b/htdocs/societe/class/societe.class.php @@ -2285,8 +2285,8 @@ class Societe extends CommonObject $now = dol_now(); $sql = "UPDATE ".MAIN_DB_PREFIX."societe"; - $sql .= " SET price_level = '".$this->db->escape($price_level)."'"; - $sql .= " WHERE rowid = ".$this->id; + $sql .= " SET price_level = ".((int) $price_level); + $sql .= " WHERE rowid = ".((int) $this->id); if (!$this->db->query($sql)) { dol_print_error($this->db); @@ -2295,7 +2295,7 @@ class Societe extends CommonObject $sql = "INSERT INTO ".MAIN_DB_PREFIX."societe_prices"; $sql .= " (datec, fk_soc, price_level, fk_user_author)"; - $sql .= " VALUES ('".$this->db->idate($now)."', ".$this->id.", '".$this->db->escape($price_level)."', ".$user->id.")"; + $sql .= " VALUES ('".$this->db->idate($now)."', ".$this->id.", ".((int) $price_level).", ".$user->id.")"; if (!$this->db->query($sql)) { dol_print_error($this->db);