Wavyzz/dolibarr-fork
2
0
Fork 0
forked from Wavyzz/dolibarr
Code Pull Requests Activity

Merge pull request #7735 from grandoc/new_branc_30_10_17

Browse Source 
Warning: trim() expects parameter 1 to be string, array given in /htt…
This commit is contained in:
Laurent Destailleur
2017-11-02 09:58:57 +01:00
committed by GitHub
parent d137cef843 6ea558b639
commit dbd85321b3
1 changed files with 27 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
htdocs/core/lib/functions.lib.php
View File

@@ -517,22 +517,31 @@ function GETPOST($paramname, $check='alpha', $method=0, $filter=NULL, $options=N
if (preg_match('/[^0-9,]+/i',$out)) $out=''; if (preg_match('/[^0-9,]+/i',$out)) $out='';
break; break;
case 'alpha': case 'alpha':
if (! is_array($out))
{
$out=trim($out); $out=trim($out);
// '"' is dangerous because param in url can close the href= or src= and add javascript functions. // '"' is dangerous because param in url can close the href= or src= and add javascript functions.
// '../' is dangerous because it allows dir transversals // '../' is dangerous because it allows dir transversals
if (preg_match('/"/',$out)) $out=''; if (preg_match('/"/',$out)) $out='';
else if (preg_match('/\.\.\//',$out)) $out=''; else if (preg_match('/\.\.\//',$out)) $out='';
}
break; break;
case 'san_alpha': case 'san_alpha':
$out=filter_var($out,FILTER_SANITIZE_STRING); $out=filter_var($out,FILTER_SANITIZE_STRING);
break; break;
case 'aZ': case 'aZ':
if (! is_array($out))
{
$out=trim($out); $out=trim($out);
if (preg_match('/[^a-z]+/i',$out)) $out=''; if (preg_match('/[^a-z]+/i',$out)) $out='';
}
break; break;
case 'aZ09': case 'aZ09':
if (! is_array($out))
{
$out=trim($out); $out=trim($out);
if (preg_match('/[^a-z0-9_\-\.]+/i',$out)) $out=''; if (preg_match('/[^a-z0-9_\-\.]+/i',$out)) $out='';
}
break; break;
case 'array': case 'array':
if (! is_array($out) || empty($out)) $out=array(); if (! is_array($out) || empty($out)) $out=array();
@@ -541,12 +550,15 @@ function GETPOST($paramname, $check='alpha', $method=0, $filter=NULL, $options=N
$out=dol_string_nohtmltag($out); $out=dol_string_nohtmltag($out);
break; break;
case 'alphanohtml': // Recommended for search params case 'alphanohtml': // Recommended for search params
if (! is_array($out))
{
$out=trim($out); $out=trim($out);
// '"' is dangerous because param in url can close the href= or src= and add javascript functions. // '"' is dangerous because param in url can close the href= or src= and add javascript functions.
// '../' is dangerous because it allows dir transversals // '../' is dangerous because it allows dir transversals
if (preg_match('/"/',$out)) $out=''; if (preg_match('/"/',$out)) $out='';
else if (preg_match('/\.\.\//',$out)) $out=''; else if (preg_match('/\.\.\//',$out)) $out='';
$out=dol_string_nohtmltag($out); $out=dol_string_nohtmltag($out);
}
break; break;
case 'custom': case 'custom':
if (empty($filter)) return 'BadFourthParameterForGETPOST'; if (empty($filter)) return 'BadFourthParameterForGETPOST';