Wavyzz/dolibarr
2
0
Fork 1
mirror of https://github.com/Dolibarr/dolibarr.git synced 2025-12-07 01:58:09 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fix security on GETPOST('action'). Param must be sanitized.

Browse Source
This commit is contained in:
Laurent Destailleur
2018-11-05 20:29:07 +01:00
parent 763f3cd518
commit 4a25317f10
120 changed files with 325 additions and 149 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
htdocs/core/modules/oauth/github_oauthcallback.php
View File

@@ -35,7 +35,7 @@ $urlwithroot=$urlwithouturlroot.DOL_URL_ROOT; // This is to use external domain
$action = GETPOST('action', 'aZ09');
$action = GETPOST('action', 'alpha');
$backtourl = GETPOST('backtourl', 'alpha');