Fix: security

htdocs/categories/fiche.php

@@ -34,13 +34,13 @@ $langs->load("categories");
 $socid=GETPOST('socid');
 if (!$user->rights->categorie->lire) accessforbidden();
 
-$action		= GETPOST('action');
-$cancel		= GETPOST('cancel');
-$origin		= GETPOST('origin');
-$catorigin	= GETPOST('catorigin');
-$nbcats 	= (GETPOST('choix') ? GETPOST('choix') : 1);
-$type 		= GETPOST('type');
-$urlfrom	= GETPOST("urlfrom");
+$action		= GETPOST('action','alpha');
+$cancel		= GETPOST('cancel','alpha');
+$origin		= GETPOST('origin','alpha');
+$catorigin	= GETPOST('catorigin','int');
+$nbcats 	= (GETPOST('choix') ? GETPOST('choix') : 1); // TODO not use ?
+$type 		= GETPOST('type','alpha');
+$urlfrom	= GETPOST('urlfrom','alpha');
 
 if ($origin)
 {

htdocs/core/lib/security2.lib.php

@@ -209,7 +209,7 @@ function dol_loginfunction($langs,$conf,$mysoc)
 	$sessiontimeout='DOLSESSTIMEOUT_'.$prefix;
 	if (! empty($conf->global->MAIN_SESSION_TIMEOUT)) setcookie($sessiontimeout, $conf->global->MAIN_SESSION_TIMEOUT, 0, "/", '', 0);
 
-	if (GETPOST("urlfrom")) $_SESSION["urlfrom"]=GETPOST("urlfrom");
+	if (GETPOST('urlfrom','alpha')) $_SESSION["urlfrom"]=GETPOST('urlfrom','alpha');
 	else unset($_SESSION["urlfrom"]);
 
 	if (! GETPOST("username")) $focus_element='username';

htdocs/public/demo/index.php

@@ -222,7 +222,7 @@ if (GETPOST("action") == 'gotodemo')
 	if ($disablestring)
 	{
 		$url=DOL_URL_ROOT.'/index.php?disablemodules='.$disablestring;
-		if (GETPOST("urlfrom")) $url.='&urlfrom='.GETPOST("urlfrom");
+		if (GETPOST('urlfrom','alpha')) $url.='&urlfrom='.GETPOST('urlfrom','alpha');
 		header("Location: ".$url);
 		exit;
 	}