Wavyzz/dolibarr
2
0
Fork 1
mirror of https://github.com/Dolibarr/dolibarr.git synced 2025-12-06 01:28:19 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fix: XSS injection

Browse Source
This commit is contained in:
Regis Houssin
2010-11-10 20:16:31 +00:00
parent e0d9bd0836
commit 61272f0699
3 changed files with 23 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
htdocs/lib/functions.lib.php
View File

@@ -40,14 +40,20 @@ if (! defined('ADODB_DATE_VERSION')) include_once(DOL_DOCUMENT_ROOT."/includes/a
/**
* Return value of a param into get or post variable
* @param paramname Name of parameter to found
* @param length Length of string (security)
* @param check Type of check (security)
* @return string Value found
*/
function GETPOST($paramname,$length=0)
function GETPOST($paramname,$check='')
{
$out = isset($_GET[$paramname])?$_GET[$paramname]:(isset($_POST[$paramname])?$_POST[$paramname]:'');
$out = trim($out);
if ($length > 0 && strlen($out) > $length) $out='';
if (!empty($check))
{
// Check if integer
if ($check = 'int' && is_int($out)) $out='';
}
return $out;
}