Wavyzz/dolibarr
2
0
Fork 1
mirror of https://github.com/Dolibarr/dolibarr.git synced 2025-12-05 17:18:13 +01:00
Code Issues Packages Projects Releases Wiki Activity

FIX CVE-2018-19992

Browse Source
This commit is contained in:
Laurent Destailleur
2018-12-22 16:55:31 +01:00
parent 707af49025
commit 0f06e39d23
2 changed files with 6 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
htdocs/adherents/card.php
View File

@@ -951,14 +951,14 @@ else
// Address
print '<tr><td class="tdtop">'.$langs->trans("Address").'</td><td>';
print '<textarea name="address" wrap="soft" class="quatrevingtpercent" rows="2">'.(GETPOST('address','alpha')?GETPOST('address','alpha'):$object->address).'</textarea>';
print '<textarea name="address" wrap="soft" class="quatrevingtpercent" rows="2">'.(GETPOST('address','alphanohtml')?GETPOST('address','alphanohtml'):$object->address).'</textarea>';
print '</td></tr>';
// Zip / Town
print '<tr><td>'.$langs->trans("Zip").' / '.$langs->trans("Town").'</td><td>';
print $formcompany->select_ziptown((GETPOST('zipcode','alpha')?GETPOST('zipcode','alpha'):$object->zip),'zipcode',array('town','selectcountry_id','state_id'),6);
print $formcompany->select_ziptown((GETPOST('zipcode','alphanohtml')?GETPOST('zipcode','alphanohtml'):$object->zip),'zipcode',array('town','selectcountry_id','state_id'),6);
print ' ';
print $formcompany->select_ziptown((GETPOST('town','alpha')?GETPOST('town','alpha'):$object->town),'town',array('zipcode','selectcountry_id','state_id'));
print $formcompany->select_ziptown((GETPOST('town','alphanohtml')?GETPOST('town','alphanohtml'):$object->town),'town',array('zipcode','selectcountry_id','state_id'));
print '</td></tr>';
// Country

6
htdocs/adherents/type.php
View File

@@ -42,7 +42,7 @@ $backtopage = GETPOST('backtopage','alpha');
$search_lastname = GETPOST('search_lastname','alpha');
$search_login = GETPOST('search_login','alpha');
$search_email = GETPOST('search_email','alpha');
$type = GETPOST('type','alpha');
$type = GETPOST('type','intcomma');
$status = GETPOST('status','alpha');
$limit = GETPOST('limit','int')?GETPOST('limit','int'):$conf->liste_limit;
@@ -59,8 +59,8 @@ if (! $sortfield) { $sortfield="d.lastname"; }
$label=GETPOST("label","alpha");
$subscription=GETPOST("subscription","int");
$vote=GETPOST("vote","int");
$comment=GETPOST("comment");
$mail_valid=GETPOST("mail_valid");
$comment=GETPOST("comment",'alphanohtml');
$mail_valid=GETPOST("mail_valid",'none');
// Security check
$result=restrictedArea($user,'adherent',$rowid,'adherent_type');