diff --git a/htdocs/lib/databases/mssql.lib.php b/htdocs/lib/databases/mssql.lib.php index b99a1678444..beee503c37c 100644 --- a/htdocs/lib/databases/mssql.lib.php +++ b/htdocs/lib/databases/mssql.lib.php @@ -518,8 +518,8 @@ class DoliDb if (! $return) $return.=' ORDER BY '; else $return.=','; - $return.=$val; - if ($sortorder) $return.=' '.$sortorder; + $return.=preg_replace('/[^0-9a-z_\.]/i','',$val); + if ($sortorder) $return.=' '.preg_replace('/[^0-9a-z]/i','',$sortorder); } return $return; } diff --git a/htdocs/lib/databases/mysql.lib.php b/htdocs/lib/databases/mysql.lib.php index d7d36383a24..9f2e56379ff 100644 --- a/htdocs/lib/databases/mysql.lib.php +++ b/htdocs/lib/databases/mysql.lib.php @@ -494,6 +494,7 @@ class DoliDb /** * Define sort criteria of request + * * @param sortfield List of sort fields * @param sortorder Sort order * @return string String to provide syntax of a sort sql string @@ -510,8 +511,8 @@ class DoliDb if (! $return) $return.=' ORDER BY '; else $return.=','; - $return.=$val; - if ($sortorder) $return.=' '.$sortorder; + $return.=preg_replace('/[^0-9a-z_\.]/i','',$val); + if ($sortorder) $return.=' '.preg_replace('/[^0-9a-z]/i','',$sortorder); } return $return; } diff --git a/htdocs/lib/databases/mysqli.lib.php b/htdocs/lib/databases/mysqli.lib.php index 5ca31f120bb..3128071e3bc 100644 --- a/htdocs/lib/databases/mysqli.lib.php +++ b/htdocs/lib/databases/mysqli.lib.php @@ -524,8 +524,8 @@ class DoliDb if (! $return) $return.=' ORDER BY '; else $return.=','; - $return.=$val; - if ($sortorder) $return.=' '.$sortorder; + $return.=preg_replace('/[^0-9a-z_\.]/i','',$val); + if ($sortorder) $return.=' '.preg_replace('/[^0-9a-z]/i','',$sortorder); } return $return; } diff --git a/htdocs/lib/databases/pgsql.lib.php b/htdocs/lib/databases/pgsql.lib.php index d9c9676d74e..173b0862f66 100644 --- a/htdocs/lib/databases/pgsql.lib.php +++ b/htdocs/lib/databases/pgsql.lib.php @@ -666,8 +666,8 @@ class DoliDb if (! $return) $return.=' ORDER BY '; else $return.=','; - $return.=$val; - if ($sortorder) $return.=' '.$sortorder; + $return.=preg_replace('/[^0-9a-z_\.]/i','',$val); + if ($sortorder) $return.=' '.preg_replace('/[^0-9a-z]/i','',$sortorder); } return $return; } diff --git a/htdocs/user/fiche.php b/htdocs/user/fiche.php index 52883b081a7..8da1304236b 100644 --- a/htdocs/user/fiche.php +++ b/htdocs/user/fiche.php @@ -35,6 +35,11 @@ require_once(DOL_DOCUMENT_ROOT."/lib/usergroups.lib.php"); if ($conf->ldap->enabled) require_once(DOL_DOCUMENT_ROOT."/lib/ldap.class.php"); if ($conf->adherent->enabled) require_once(DOL_DOCUMENT_ROOT."/adherents/class/adherent.class.php"); +$id=GETPOST('id','int'); +$action=GETPOST("action"); +$group=GETPOST("group","int",3); +$confirm=GETPOST("confirm"); + // Define value to know what current user can do on users $canadduser=($user->admin || $user->rights->user->user->creer); $canreaduser=($user->admin || $user->rights->user->user->lire); @@ -48,26 +53,22 @@ if (! empty($conf->global->MAIN_USE_ADVANCED_PERMS)) $caneditgroup=($user->admin || $user->rights->user->group_advance->write); } // Define value to know what current user can do on properties of edited user -if ($_GET["id"]) +if ($id) { - // $user est le user qui edite, $_GET["id"] est l'id de l'utilisateur edite - $caneditfield=( (($user->id == $_GET["id"]) && $user->rights->user->self->creer) - || (($user->id != $_GET["id"]) && $user->rights->user->user->creer) ); - $caneditpassword=( (($user->id == $_GET["id"]) && $user->rights->user->self->password) - || (($user->id != $_GET["id"]) && $user->rights->user->user->password) ); + // $user est le user qui edite, $id est l'id de l'utilisateur edite + $caneditfield=( (($user->id == $id) && $user->rights->user->self->creer) + || (($user->id != $id) && $user->rights->user->user->creer) ); + $caneditpassword=( (($user->id == $id) && $user->rights->user->self->password) + || (($user->id != $id) && $user->rights->user->user->password) ); } -$action=GETPOST("action"); -$group=GETPOST("group","int",3); -$confirm=GETPOST("confirm"); - // Security check $socid=0; if ($user->societe_id > 0) $socid = $user->societe_id; $feature2='user'; -if ($user->id == $_GET["id"]) { $feature2=''; $canreaduser=1; } // A user can always read its own card -$result = restrictedArea($user, 'user', $_GET["id"], '', $feature2); -if ($user->id <> $_GET["id"] && ! $canreaduser) accessforbidden(); +if ($user->id == $id) { $feature2=''; $canreaduser=1; } // A user can always read its own card +$result = restrictedArea($user, 'user', $id, '', $feature2); +if ($user->id <> $id && ! $canreaduser) accessforbidden(); $langs->load("users"); $langs->load("companies"); @@ -82,36 +83,36 @@ $form = new Form($db); if ($_GET["subaction"] == 'addrights' && $canedituser) { $edituser = new User($db); - $edituser->fetch($_GET["id"]); + $edituser->fetch($id); $edituser->addrights($_GET["rights"]); } if ($_GET["subaction"] == 'delrights' && $canedituser) { $edituser = new User($db); - $edituser->fetch($_GET["id"]); + $edituser->fetch($id); $edituser->delrights($_GET["rights"]); } if ($action == 'confirm_disable' && $confirm == "yes" && $candisableuser) { - if ($_GET["id"] <> $user->id) + if ($id <> $user->id) { $edituser = new User($db); - $edituser->fetch($_GET["id"]); + $edituser->fetch($id); $edituser->setstatus(0); - Header("Location: ".DOL_URL_ROOT.'/user/fiche.php?id='.$_GET["id"]); + Header("Location: ".DOL_URL_ROOT.'/user/fiche.php?id='.$id); exit; } } if ($action == 'confirm_enable' && $confirm == "yes" && $candisableuser) { - if ($_GET["id"] <> $user->id) + if ($id <> $user->id) { $message=''; $edituser = new User($db); - $edituser->fetch($_GET["id"]); + $edituser->fetch($id); if (!empty($conf->file->main_limit_users)) { @@ -125,7 +126,7 @@ if ($action == 'confirm_enable' && $confirm == "yes" && $candisableuser) if (! $message) { $edituser->setstatus(1); - Header("Location: ".DOL_URL_ROOT.'/user/fiche.php?id='.$_GET["id"]); + Header("Location: ".DOL_URL_ROOT.'/user/fiche.php?id='.$id); exit; } } @@ -133,10 +134,10 @@ if ($action == 'confirm_enable' && $confirm == "yes" && $candisableuser) if ($action == 'confirm_delete' && $confirm == "yes" && $candisableuser) { - if ($_GET["id"] <> $user->id) + if ($id <> $user->id) { $edituser = new User($db); - $edituser->id=$_GET["id"]; + $edituser->id=$id; $result = $edituser->delete(); if ($result < 0) { @@ -232,13 +233,13 @@ if (($action == 'addgroup' || $action == 'removegroup') && $caneditfield) $editgroup->oldcopy=dol_clone($editgroup); $edituser = new User($db); - $edituser->fetch($_GET["id"]); + $edituser->fetch($id); if ($action == 'addgroup') $edituser->SetInGroup($group,GETPOST('entity')); if ($action == 'removegroup') $edituser->RemoveFromGroup($group,GETPOST('entity')); if ($result > 0) { - header("Location: fiche.php?id=".$_GET["id"]); + header("Location: fiche.php?id=".$id); exit; } else @@ -271,7 +272,7 @@ if ($action == 'update' && ! $_POST["cancel"]) { $db->begin(); $edituser = new User($db); - $edituser->fetch($_GET["id"]); + $edituser->fetch($id); $edituser->oldcopy=dol_clone($edituser); @@ -360,7 +361,7 @@ if ($action == 'update' && ! $_POST["cancel"]) else if ($caneditpassword) // Case we can edit only password { $edituser = new User($db); - $edituser->fetch($_GET["id"]); + $edituser->fetch($id); $edituser->oldcopy=dol_clone($edituser); @@ -377,7 +378,7 @@ if ((($action == 'confirm_password' && $confirm == 'yes') || ($action == 'confirm_passwordsend' && $confirm == 'yes')) && $caneditpassword) { $edituser = new User($db); - $edituser->fetch($_GET["id"]); + $edituser->fetch($id); $newpassword=$edituser->setPassword($user,''); if ($newpassword < 0) @@ -800,10 +801,10 @@ else /* */ /* ************************************************************************** */ - if ($_GET["id"]) + if ($id) { $fuser = new User($db); - $fuser->fetch($_GET["id"]); + $fuser->fetch($id); // Connexion ldap // pour recuperer passDoNotExpire et userChangePassNextLogon @@ -1169,13 +1170,13 @@ else // Si on a un gestionnaire de generation de mot de passe actif if ($conf->global->USER_PASSWORD_GENERATED != 'none') { - if (($user->id != $_GET["id"] && $caneditpassword) && $fuser->login && !$fuser->ldap_sid && + if (($user->id != $id && $caneditpassword) && $fuser->login && !$fuser->ldap_sid && (empty($conf->multicompany->enabled) || ($fuser->entity == $conf->entity))) { print ''.$langs->trans("ReinitPassword").''; } - if (($user->id != $_GET["id"] && $caneditpassword) && $fuser->login && !$fuser->ldap_sid && + if (($user->id != $id && $caneditpassword) && $fuser->login && !$fuser->ldap_sid && (empty($conf->multicompany->enabled) || ($fuser->entity == $conf->entity)) ) { if ($fuser->email) print ''.$langs->trans("SendNewPassword").''; @@ -1184,19 +1185,19 @@ else } // Activer - if ($user->id <> $_GET["id"] && $candisableuser && $fuser->statut == 0 && + if ($user->id <> $id && $candisableuser && $fuser->statut == 0 && (empty($conf->multicompany->enabled) || ($fuser->entity == $conf->entity)) ) { print ''.$langs->trans("Reactivate").''; } // Desactiver - if ($user->id <> $_GET["id"] && $candisableuser && $fuser->statut == 1 && + if ($user->id <> $id && $candisableuser && $fuser->statut == 1 && (empty($conf->multicompany->enabled) || ($fuser->entity == $conf->entity)) ) { print ''.$langs->trans("DisableUser").''; } // Delete - if ($user->id <> $_GET["id"] && $candisableuser && + if ($user->id <> $id && $candisableuser && (empty($conf->multicompany->enabled) || ($fuser->entity == $conf->entity)) ) { print ''.$langs->trans("DeleteUser").''; @@ -1232,7 +1233,7 @@ else if ($caneditgroup) { $form = new Form($db); - print '
'."\n"; + print ''."\n"; print ''; print ''; print ''; diff --git a/htdocs/user/index.php b/htdocs/user/index.php index d0d692dd775..d7ccee4632d 100644 --- a/htdocs/user/index.php +++ b/htdocs/user/index.php @@ -35,7 +35,7 @@ $langs->load("companies"); $socid=0; if ($user->societe_id > 0) $socid = $user->societe_id; -$sall=isset($_GET["sall"])?$_GET["sall"]:$_POST["sall"]; +$sall=GETPOST("sall"); $sortfield = GETPOST("sortfield",'alpha'); $sortorder = GETPOST("sortorder",'alpha'); @@ -51,6 +51,7 @@ if (! $sortorder) $sortorder="ASC"; $userstatic=new User($db); $companystatic = new Societe($db); + /* * View */ @@ -73,9 +74,8 @@ if ($_POST["search_user"]) { $sql.= " AND (u.login like '%".$_POST["search_user"]."%' OR u.name like '%".$_POST["search_user"]."%' OR u.firstname like '%".$_POST["search_user"]."%')"; } -if ($sall) $sql.= " AND (u.login like '%".$sall."%' OR u.name like '%".$sall."%' OR u.firstname like '%".$sall."%' OR u.email like '%".$sall."%' OR u.note like '%".$sall."%')"; -if ($sortfield) $sql.=" ORDER BY $sortfield $sortorder"; - +if ($sall) $sql.= " AND (u.login like '%".$db->escape($sall)."%' OR u.name like '%".$db->escape($sall)."%' OR u.firstname like '%".$db->escape($sall)."%' OR u.email like '%".$db->escape($sall)."%' OR u.note like '%".$db->escape($sall)."%')"; +$sql.=$db->order($sortfield,$sortorder); $result = $db->query($sql); if ($result) { diff --git a/htdocs/user/info.php b/htdocs/user/info.php index c4fa92297fd..3179ad8b307 100644 --- a/htdocs/user/info.php +++ b/htdocs/user/info.php @@ -30,7 +30,7 @@ require_once(DOL_DOCUMENT_ROOT."/user/class/user.class.php"); $langs->load("users"); // Security check -$id = isset($_GET["id"])?$_GET["id"]:''; +$id = GETPOST('id','int'); $fuser = new User($db); $fuser->fetch($id); diff --git a/htdocs/user/note.php b/htdocs/user/note.php index 3d2c3fbafa1..875d303f32d 100644 --- a/htdocs/user/note.php +++ b/htdocs/user/note.php @@ -27,8 +27,8 @@ require("../main.inc.php"); require_once(DOL_DOCUMENT_ROOT.'/lib/usergroups.lib.php'); require_once(DOL_DOCUMENT_ROOT.'/user/class/user.class.php'); -$action=isset($_GET["action"])?$_GET["action"]:(isset($_POST["action"])?$_POST["action"]:""); -$id=isset($_GET["id"])?$_GET["id"]:(isset($_POST["id"])?$_POST["id"]:""); +$action=GETPOST('action'); +$id=GETPOST('id','int'); $langs->load("companies"); $langs->load("members"); diff --git a/htdocs/user/param_ihm.php b/htdocs/user/param_ihm.php index 7f012e19284..c323e12df66 100644 --- a/htdocs/user/param_ihm.php +++ b/htdocs/user/param_ihm.php @@ -33,30 +33,31 @@ $langs->load("admin"); $langs->load("users"); $langs->load("languages"); +$id=GETPOST('id','int'); + // Defini si peux lire/modifier permisssions $canreaduser=($user->admin || $user->rights->user->user->lire); -if ($_REQUEST["id"]) +if ($id) { - // $user est le user qui edite, $_REQUEST["id"] est l'id de l'utilisateur edite - $caneditfield=( (($user->id == $_REQUEST["id"]) && $user->rights->user->self->creer) - || (($user->id != $_REQUEST["id"]) && $user->rights->user->user->creer)); + // $user est le user qui edite, $id est l'id de l'utilisateur edite + $caneditfield=( (($user->id == $id) && $user->rights->user->self->creer) + || (($user->id != $id) && $user->rights->user->user->creer)); } // Security check $socid=0; if ($user->societe_id > 0) $socid = $user->societe_id; $feature2 = (($socid && $user->rights->user->self->creer)?'':'user'); -if ($user->id == $_REQUEST["id"]) // A user can always read its own card +if ($user->id == $id) // A user can always read its own card { $feature2=''; $canreaduser=1; } -$result = restrictedArea($user, 'user', $_REQUEST["id"], '', $feature2); -if ($user->id <> $_REQUEST["id"] && ! $canreaduser) accessforbidden(); +$result = restrictedArea($user, 'user', $id, '', $feature2); +if ($user->id <> $id && ! $canreaduser) accessforbidden(); -$id=! empty($_GET["id"])?$_GET["id"]:$_POST["id"]; $dirtop = "../includes/menus/standard"; $dirleft = "../includes/menus/standard"; diff --git a/htdocs/user/perms.php b/htdocs/user/perms.php index 47710b31d9d..26a4a47a7a6 100644 --- a/htdocs/user/perms.php +++ b/htdocs/user/perms.php @@ -32,8 +32,9 @@ $langs->load("users"); $langs->load("admin"); $module=isset($_GET["module"])?$_GET["module"]:$_POST["module"]; +$id = GETPOST('id','int'); -if (! isset($_GET["id"]) || empty($_GET["id"])) accessforbidden(); +if (! $id) accessforbidden(); // Defini si peux lire les permissions $canreaduser=($user->admin || $user->rights->user->user->lire); @@ -43,7 +44,7 @@ $caneditperms=($user->admin || $user->rights->user->user->creer); if (! empty($conf->global->MAIN_USE_ADVANCED_PERMS)) { $canreaduser=($user->admin || ($user->rights->user->user->lire && $user->rights->user->user_advance->readperms)); - $caneditselfperms=($user->id == $_GET["id"] && $user->rights->user->self_advance->writeperms); + $caneditselfperms=($user->id == $id && $user->rights->user->self_advance->writeperms); $caneditperms = '('.$caneditperms.' || '.$caneditselfperms.')'; } @@ -51,12 +52,12 @@ if (! empty($conf->global->MAIN_USE_ADVANCED_PERMS)) $socid=0; if ($user->societe_id > 0) $socid = $user->societe_id; $feature2 = (($socid && $user->rights->user->self->creer)?'':'user'); -if ($user->id == $_GET["id"]) // A user can always read its own card +if ($user->id == $id) // A user can always read its own card { $feature2=''; $canreaduser=1; } -$result = restrictedArea($user, 'user', $_GET["id"], '', $feature2); +$result = restrictedArea($user, 'user', $id, '', $feature2); if ($user->id <> $_REQUEST["id"] && ! $canreaduser) accessforbidden(); @@ -66,11 +67,11 @@ if ($user->id <> $_REQUEST["id"] && ! $canreaduser) accessforbidden(); if ($_GET["action"] == 'addrights' && $caneditperms) { $edituser = new User($db); - $edituser->fetch($_GET["id"]); + $edituser->fetch($id); $edituser->addrights($_GET["rights"],$module); // Si on a touche a ses propres droits, on recharge - if ($_GET["id"] == $user->id) + if ($id == $user->id) { $user->clearrights(); $user->getrights(); @@ -80,11 +81,11 @@ if ($_GET["action"] == 'addrights' && $caneditperms) if ($_GET["action"] == 'delrights' && $caneditperms) { $edituser = new User($db); - $edituser->fetch($_GET["id"]); + $edituser->fetch($id); $edituser->delrights($_GET["rights"],$module); // Si on a touche a ses propres droits, on recharge - if ($_GET["id"] == $user->id) + if ($id == $user->id) { $user->clearrights(); $user->getrights(); @@ -104,7 +105,7 @@ llxHeader('',$langs->trans("Permissions")); $form=new Form($db); $fuser = new User($db); -$fuser->fetch($_GET["id"]); +$fuser->fetch($id); $fuser->getrights(); /* @@ -125,9 +126,9 @@ $modulesdir = array(); foreach ($conf->file->dol_document_root as $type => $dirroot) { $modulesdir[] = $dirroot . "/includes/modules/"; - + if ($type == 'alt') - { + { $handle=@opendir($dirroot); if (is_resource($handle)) {