Wavyzz/dolibarr
2
0
Fork 1
mirror of https://github.com/Dolibarr/dolibarr.git synced 2025-12-24 02:11:27 +01:00
Code Issues Packages Projects Releases Wiki Activity

FIX SQL injection

Browse Source
This commit is contained in:
Laurent Destailleur
2017-09-06 18:17:57 +02:00
parent 032f54dd1a
commit 33e2179b65
7 changed files with 27 additions and 32 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
htdocs/core/lib/functions.lib.php
View File

@@ -6199,6 +6199,8 @@ function natural_search($fields, $value, $mode=0, $nofirstand=0)
{ {
global $db,$langs; global $db,$langs;
$value=trim($value);
if ($mode == 0) if ($mode == 0)
{ {
$value=preg_replace('/\*/','%',$value); // Replace * with % $value=preg_replace('/\*/','%',$value); // Replace * with %

6
htdocs/don/card.php
View File

@@ -345,7 +345,7 @@ if ($action == 'create')
// Public note // Public note
print '<tr>'; print '<tr>';
print '<td class="border" valign="top">' . $langs->trans('NotePublic') . '</td>'; print '<td class="tdtop">' . $langs->trans('NotePublic') . '</td>';
print '<td>'; print '<td>';
$doleditor = new DolEditor('note_public', $note_public, '', 80, 'dolibarr_notes', 'In', 0, false, true, ROWS_3, '90%'); $doleditor = new DolEditor('note_public', $note_public, '', 80, 'dolibarr_notes', 'In', 0, false, true, ROWS_3, '90%');
@@ -355,7 +355,7 @@ if ($action == 'create')
// Private note // Private note
if (empty($user->societe_id)) { if (empty($user->societe_id)) {
print '<tr>'; print '<tr>';
print '<td class="border" valign="top">' . $langs->trans('NotePrivate') . '</td>'; print '<td class="tdtop">' . $langs->trans('NotePrivate') . '</td>';
print '<td>'; print '<td>';
$doleditor = new DolEditor('note_private', $note_private, '', 80, 'dolibarr_notes', 'In', 0, false, true, ROWS_3, '90%'); $doleditor = new DolEditor('note_private', $note_private, '', 80, 'dolibarr_notes', 'In', 0, false, true, ROWS_3, '90%');
@@ -542,7 +542,7 @@ if (! empty($id) && $action != 'edit')
$hselected='card'; $hselected='card';
$head = donation_prepare_head($object); $head = donation_prepare_head($object);
dol_fiche_head($head, $hselected, $langs->trans("Donation"), 0, 'generic'); dol_fiche_head($head, $hselected, $langs->trans("Donation"), -1, 'generic');
// Print form confirm // Print form confirm
print $formconfirm; print $formconfirm;

18
htdocs/don/document.php
View File

@@ -104,7 +104,7 @@ if ($object->id)
$head=donation_prepare_head($object); $head=donation_prepare_head($object);
dol_fiche_head($head, 'documents', $langs->trans("Donation"), 0, 'generic'); dol_fiche_head($head, 'documents', $langs->trans("Donation"), -1, 'generic');
// Construit liste des fichiers // Construit liste des fichiers
@@ -116,7 +116,7 @@ if ($object->id)
} }
$linkback = '<a href="'.DOL_URL_ROOT.'/don/list.php'.(! empty($socid)?'?socid='.$socid:'').'">'.$langs->trans("BackToList").'</a>'; $linkback = '<a href="'.DOL_URL_ROOT.'/don/list.php'.(! empty($socid)?'?socid='.$socid:'').'">'.$langs->trans("BackToList").'</a>';
$morehtmlref='<div class="refidno">'; $morehtmlref='<div class="refidno">';
// Project // Project
if (! empty($conf->projet->enabled)) if (! empty($conf->projet->enabled))
@@ -151,13 +151,13 @@ if ($object->id)
} }
} }
$morehtmlref.='</div>'; $morehtmlref.='</div>';
dol_banner_tab($object, 'rowid', $linkback, 1, 'rowid', 'ref', $morehtmlref); dol_banner_tab($object, 'rowid', $linkback, 1, 'rowid', 'ref', $morehtmlref);
print '<div class="fichecenter">'; print '<div class="fichecenter">';
print '<div class="underbanner clearboth"></div>'; print '<div class="underbanner clearboth"></div>';
print '<table class="border" width="100%">'; print '<table class="border" width="100%">';
// Ref // Ref
@@ -166,7 +166,7 @@ if ($object->id)
print $form->showrefnav($object, 'id', $linkback, 1, 'rowid', 'ref', ''); print $form->showrefnav($object, 'id', $linkback, 1, 'rowid', 'ref', '');
print '</td></tr>'; print '</td></tr>';
*/ */
// Societe // Societe
//print "<tr><td>".$langs->trans("Company")."</td><td>".$object->client->getNomUrl(1)."</td></tr>"; //print "<tr><td>".$langs->trans("Company")."</td><td>".$object->client->getNomUrl(1)."</td></tr>";
@@ -175,9 +175,9 @@ if ($object->id)
print '</table>'; print '</table>';
print '</div>'; print '</div>';
print '<div class="clearboth"></div>'; print '<div class="clearboth"></div>';
dol_fiche_end(); dol_fiche_end();
$modulepart = 'don'; $modulepart = 'don';

4
htdocs/don/info.php
View File

@@ -67,7 +67,7 @@ $object->info($id);
$head = donation_prepare_head($object); $head = donation_prepare_head($object);
dol_fiche_head($head, 'info', $langs->trans("Donation"), 0, 'generic'); dol_fiche_head($head, 'info', $langs->trans("Donation"), -1, 'generic');
$linkback = '<a href="'.DOL_URL_ROOT.'/don/list.php'.(! empty($socid)?'?socid='.$socid:'').'">'.$langs->trans("BackToList").'</a>'; $linkback = '<a href="'.DOL_URL_ROOT.'/don/list.php'.(! empty($socid)?'?socid='.$socid:'').'">'.$langs->trans("BackToList").'</a>';
@@ -116,7 +116,7 @@ print '<br>';
print '<table width="100%"><tr><td>'; print '<table width="100%"><tr><td>';
dol_print_object_info($object); dol_print_object_info($object);
print '</td></tr></table>'; print '</td></tr></table>';
print '</div>'; print '</div>';
dol_fiche_end(); dol_fiche_end();

22
htdocs/don/list.php
View File

@@ -42,7 +42,7 @@ $pagenext = $page + 1;
if (! $sortorder) $sortorder="DESC"; if (! $sortorder) $sortorder="DESC";
if (! $sortfield) $sortfield="d.datedon"; if (! $sortfield) $sortfield="d.datedon";
$statut=isset($_GET["statut"])?$_GET["statut"]:"-1"; $statut=(GETPOST("statut",'intcomma')!='')?GETPOST("statut",'intcomma'):"-1";
$search_all=GETPOST('sall', 'alphanohtml'); $search_all=GETPOST('sall', 'alphanohtml');
$search_ref=GETPOST('search_ref','alpha'); $search_ref=GETPOST('search_ref','alpha');
$search_company=GETPOST('search_company','alpha'); $search_company=GETPOST('search_company','alpha');
@@ -90,13 +90,13 @@ $sql.= " d.amount, d.fk_statut as statut, ";
$sql.= " p.rowid as pid, p.ref, p.title, p.public"; $sql.= " p.rowid as pid, p.ref, p.title, p.public";
$sql.= " FROM ".MAIN_DB_PREFIX."don as d LEFT JOIN ".MAIN_DB_PREFIX."projet AS p"; $sql.= " FROM ".MAIN_DB_PREFIX."don as d LEFT JOIN ".MAIN_DB_PREFIX."projet AS p";
$sql.= " ON p.rowid = d.fk_projet WHERE 1 = 1"; $sql.= " ON p.rowid = d.fk_projet WHERE 1 = 1";
if ($statut >= 0) if ($statut != '' && $statut != '-1')
{ {
$sql .= " AND d.fk_statut = ".$statut; $sql .= " AND d.fk_statut IN (".$statut.")";
} }
if (trim($search_ref) != '') if (trim($search_ref) != '')
{ {
$sql.= ' AND d.rowid LIKE \'%'.$db->escape(trim($search_ref)) . '%\''; $sql.= natural_search('d.ref',$search_ref);
} }
if (trim($search_all) != '') if (trim($search_all) != '')
{ {
@@ -110,7 +110,7 @@ if (trim($search_name) != '')
{ {
$sql .= natural_search(array('d.lastname', 'd.firstname'), $search_name); $sql .= natural_search(array('d.lastname', 'd.firstname'), $search_name);
} }
if ($search_amount) $sql.= natural_search(array('d.amount'), price2num(trim($search_amount)), 1); if ($search_amount) $sql.= natural_search('d.amount', $search_amount, 1);
$sql.= $db->order($sortfield,$sortorder); $sql.= $db->order($sortfield,$sortorder);
$nbtotalofrecords = ''; $nbtotalofrecords = '';
@@ -131,17 +131,7 @@ if ($resql)
//if ($page > 0) $param.= '&page='.$page; //if ($page > 0) $param.= '&page='.$page;
if ($optioncss != '') $param.='&optioncss='.$optioncss; if ($optioncss != '') $param.='&optioncss='.$optioncss;
if ($statut >= 0) print_barre_liste($langs->trans("Donations"), $page, $_SERVER["PHP_SELF"], $param, $sortfield, $sortorder, '', $num,$nbtotalofrecords);
{
$donationstatic->statut=$statut;
$label=$donationstatic->getLibStatut(0);
print_barre_liste($langs->trans("Donations"), $page, $_SERVER["PHP_SELF"], $param, $sortfield, $sortorder, '', $num,$nbtotalofrecords);
}
else
{
print_barre_liste($langs->trans("Donations"), $page, $_SERVER["PHP_SELF"], $param, $sortfield, $sortorder, '', $num,$nbtotalofrecords);
}
print '<form method="get" action="'.$_SERVER["PHP_SELF"].'">'."\n"; print '<form method="get" action="'.$_SERVER["PHP_SELF"].'">'."\n";
if ($optioncss != '') print '<input type="hidden" name="optioncss" value="'.$optioncss.'">'; if ($optioncss != '') print '<input type="hidden" name="optioncss" value="'.$optioncss.'">';

2
htdocs/don/note.php
View File

@@ -84,7 +84,7 @@ if ($id > 0 || ! empty($ref))
$head = donation_prepare_head($object); $head = donation_prepare_head($object);
dol_fiche_head($head, 'note', $langs->trans("Donation"), 0, 'generic'); dol_fiche_head($head, 'note', $langs->trans("Donation"), -1, 'generic');
$linkback = '<a href="'.DOL_URL_ROOT.'/don/list.php'.(! empty($socid)?'?socid='.$socid:'').'">'.$langs->trans("BackToList").'</a>'; $linkback = '<a href="'.DOL_URL_ROOT.'/don/list.php'.(! empty($socid)?'?socid='.$socid:'').'">'.$langs->trans("BackToList").'</a>';

5
htdocs/install/mysql/migration/5.0.0-6.0.0.sql
View File

@@ -24,6 +24,8 @@
-- -- VPGSQL8.2 DELETE FROM llx_usergroup_user WHERE fk_user NOT IN (SELECT rowid from llx_user); -- -- VPGSQL8.2 DELETE FROM llx_usergroup_user WHERE fk_user NOT IN (SELECT rowid from llx_user);
-- -- VMYSQL4.1 DELETE FROM llx_usergroup_user WHERE fk_usergroup NOT IN (SELECT rowid from llx_usergroup); -- -- VMYSQL4.1 DELETE FROM llx_usergroup_user WHERE fk_usergroup NOT IN (SELECT rowid from llx_usergroup);
ALTER TABLE llx_holiday_config MODIFY COLUMN name varchar(128); ALTER TABLE llx_holiday_config MODIFY COLUMN name varchar(128);
ALTER TABLE llx_supplier_proposaldet CHANGE COLUMN fk_askpricesupplier fk_supplier_proposal integer NOT NULL; ALTER TABLE llx_supplier_proposaldet CHANGE COLUMN fk_askpricesupplier fk_supplier_proposal integer NOT NULL;
@@ -326,7 +328,8 @@ ALTER TABLE llx_expensereport_det ADD COLUMN vat_src_code varchar(10) DEFAULT '
DELETE FROM llx_const WHERE name = __ENCRYPT('ADHERENT_BANK_USE_AUTO')__; DELETE FROM llx_const WHERE name = __ENCRYPT('ADHERENT_BANK_USE_AUTO')__;
UPDATE llx_const SET value = __ENCRYPT('moono-lisa')__ WHERE value = __ENCRYPT('moono')__ AND name = __ENCRYPT('FCKEDITOR_SKIN')__; UPDATE llx_const SET value = __ENCRYPT('moono-lisa')__ WHERE value = __ENCRYPT('moono')__ AND name = __ENCRYPT('FCKEDITOR_SKIN')__;
DELETE FROM llx_document_model where nom = 'fsfe.fr.php' and type='donation';
ALTER TABLE llx_product_price ADD COLUMN default_vat_code varchar(10) AFTER tva_tx; ALTER TABLE llx_product_price ADD COLUMN default_vat_code varchar(10) AFTER tva_tx;
ALTER TABLE llx_product_fournisseur_price ADD COLUMN default_vat_code varchar(10) AFTER tva_tx; ALTER TABLE llx_product_fournisseur_price ADD COLUMN default_vat_code varchar(10) AFTER tva_tx;