Wavyzz/dolibarr
2
0
Fork 1
mirror of https://github.com/Dolibarr/dolibarr.git synced 2026-01-09 18:42:53 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fix: XSS injection

Browse Source
This commit is contained in:
Regis Houssin
2010-11-10 21:41:34 +00:00
parent 5807db9a22
commit 263cfa1100
3 changed files with 33 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
htdocs/lib/functions.lib.php
View File

@@ -41,11 +41,16 @@ if (! defined('ADODB_DATE_VERSION')) include_once(DOL_DOCUMENT_ROOT."/includes/a
* Return value of a param into get or post variable
* @param paramname Name of parameter to found
* @param check Type of check (security)
* @param type Type of variable (0 = get or post, 1 = only get, 2 = only post)
* @return string Value found
*/
function GETPOST($paramname,$check='')
function GETPOST($paramname,$check='',$type=0)
{
$out = isset($_GET[$paramname])?$_GET[$paramname]:(isset($_POST[$paramname])?$_POST[$paramname]:'');
if ($type=1) $out = isset($_GET[$paramname])?$_GET[$paramname]:'';
else if ($type=2) isset($_POST[$paramname])?$_POST[$paramname]:'';
else $out = isset($_GET[$paramname])?$_GET[$paramname]:(isset($_POST[$paramname])?$_POST[$paramname]:'');
// Clean value
$out = trim($out);
if (!empty($check))