Wavyzz/dolibarr-fork
2
0
Fork 0
forked from Wavyzz/dolibarr
Code Pull Requests Activity

Fix: XSS injection

Browse Source
This commit is contained in:
Regis Houssin
2010-11-10 23:05:35 +00:00
parent 0d0c67c58b
commit cb67c7a3ab
1 changed files with 4 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
htdocs/lib/functions.lib.php
View File

@@ -41,13 +41,13 @@ if (! defined('ADODB_DATE_VERSION')) include_once(DOL_DOCUMENT_ROOT."/includes/a
* Return value of a param into get or post variable * Return value of a param into get or post variable
* @param paramname Name of parameter to found * @param paramname Name of parameter to found
* @param check Type of check * @param check Type of check
* @param type Type of method (0 = get or post, 1 = only get, 2 = only post) * @param method Type of method (0 = get or post, 1 = only get, 2 = only post)
* @return string Value found * @return string Value found
*/ */
function GETPOST($paramname,$check='',$type=0) function GETPOST($paramname,$check='',$method=0)
{ {
if ($type=1) $out = isset($_GET[$paramname])?$_GET[$paramname]:''; if ($method=1) $out = isset($_GET[$paramname])?$_GET[$paramname]:'';
else if ($type=2) isset($_POST[$paramname])?$_POST[$paramname]:''; else if ($method=2) isset($_POST[$paramname])?$_POST[$paramname]:'';
else $out = isset($_GET[$paramname])?$_GET[$paramname]:(isset($_POST[$paramname])?$_POST[$paramname]:''); else $out = isset($_GET[$paramname])?$_GET[$paramname]:(isset($_POST[$paramname])?$_POST[$paramname]:'');
// Clean value // Clean value