Wavyzz/dolibarr
2
0
Fork 1
mirror of https://github.com/Dolibarr/dolibarr.git synced 2025-12-05 09:08:09 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fix XSS

Browse Source
This commit is contained in:
Laurent Destailleur
2017-05-10 00:44:54 +02:00
parent 6d01bd712d
commit 2fc64b8e11
2 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
htdocs/core/lib/functions.lib.php
View File

@@ -302,7 +302,7 @@ function GETPOST($paramname,$check='',$method=0,$filter=NULL,$options=NULL)
break;
case 'aZ09':
$out=trim($out);
if (preg_match('/[^a-z0-9]+/i',$out)) $out='';
if (preg_match('/[^a-z0-9_]+/i',$out)) $out='';
break;
case 'array':
if (! is_array($out) || empty($out)) $out=array();

2
htdocs/index.php
View File

@@ -30,7 +30,7 @@ require 'main.inc.php';
require_once DOL_DOCUMENT_ROOT.'/core/class/html.formother.class.php';
// If not defined, we select menu "home"
$_GET['mainmenu']=GETPOST('mainmenu', 'alpha')?GETPOST('mainmenu', 'alpha'):'home';
$_GET['mainmenu']=GETPOST('mainmenu', 'aZ09')?GETPOST('mainmenu', 'aZ09'):'home';
$action=GETPOST('action');
$hookmanager->initHooks(array('index'));