Wavyzz/dolibarr
2
0
Fork 1
mirror of https://github.com/Dolibarr/dolibarr.git synced 2025-12-12 04:21:30 +01:00
Code Issues Packages Projects Releases Wiki Activity

FIX SQL injection on user/index.php parameter search_statut.

Browse Source
This commit is contained in:
Laurent Destailleur
2017-05-29 09:57:05 +02:00
parent d03d179fa3
commit 70636cc59f
2 changed files with 11 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
htdocs/core/lib/functions.lib.php
View File

@@ -286,6 +286,9 @@ function GETPOST($paramname,$check='',$method=0,$filter=NULL,$options=NULL)
case 'int': case 'int':
if (! is_numeric($out)) { $out=''; } if (! is_numeric($out)) { $out=''; }
break; break;
case 'intcomma':
if (preg_match('/[^0-9,]+/i',$out)) $out='';
break;
case 'alpha': case 'alpha':
$out=trim($out); $out=trim($out);
// '"' is dangerous because param in url can close the href= or src= and add javascript functions. // '"' is dangerous because param in url can close the href= or src= and add javascript functions.

12
htdocs/user/index.php
View File

@@ -119,9 +119,9 @@ $search_gender=GETPOST('search_gender','alpha');
$search_employee=GETPOST('search_employee','alpha'); $search_employee=GETPOST('search_employee','alpha');
$search_accountancy_code=GETPOST('search_accountancy_code','alpha'); $search_accountancy_code=GETPOST('search_accountancy_code','alpha');
$search_email=GETPOST('search_email','alpha'); $search_email=GETPOST('search_email','alpha');
$search_statut=GETPOST('search_statut','alpha'); $search_statut=GETPOST('search_statut','intcomma');
$search_thirdparty=GETPOST('search_thirdparty','alpha'); $search_thirdparty=GETPOST('search_thirdparty','alpha');
$search_supervisor=GETPOST('search_supervisor','alpha'); $search_supervisor=GETPOST('search_supervisor','intcomma');
$search_previousconn=GETPOST('search_previousconn','alpha'); $search_previousconn=GETPOST('search_previousconn','alpha');
$optioncss = GETPOST('optioncss','alpha'); $optioncss = GETPOST('optioncss','alpha');
@@ -148,7 +148,7 @@ if (empty($reshook))
include DOL_DOCUMENT_ROOT.'/core/actions_changeselectedfields.inc.php'; include DOL_DOCUMENT_ROOT.'/core/actions_changeselectedfields.inc.php';
// Purge search criteria // Purge search criteria
if (GETPOST("button_removefilter_x") || GETPOST("button_removefilter.x") ||GETPOST("button_removefilter")) // All test are required to be compatible with all browsers if (GETPOST("button_removefilter_x") || GETPOST("button_removefilter.x") ||GETPOST("button_removefilter")) // All tests are required to be compatible with all browsers
{ {
$search_user=""; $search_user="";
$search_login=""; $search_login="";
@@ -203,8 +203,8 @@ else
} }
if ($socid > 0) $sql.= " AND u.fk_soc = ".$socid; if ($socid > 0) $sql.= " AND u.fk_soc = ".$socid;
//if ($search_user != '') $sql.=natural_search(array('u.login', 'u.lastname', 'u.firstname'), $search_user); //if ($search_user != '') $sql.=natural_search(array('u.login', 'u.lastname', 'u.firstname'), $search_user);
if ($search_supervisor > 0) $sql.= " AND u.fk_user = ".$search_supervisor; if ($search_supervisor > 0) $sql.= " AND u.fk_user = ".$db->escape($search_supervisor);
if ($search_thirdparty != '') $sql.=natural_search(array('s.nom'), $search_thirdparty); if ($search_thirdparty != '') $sql.= natural_search(array('s.nom'), $search_thirdparty);
if ($search_login != '') $sql.= natural_search("u.login", $search_login); if ($search_login != '') $sql.= natural_search("u.login", $search_login);
if ($search_lastname != '') $sql.= natural_search("u.lastname", $search_lastname); if ($search_lastname != '') $sql.= natural_search("u.lastname", $search_lastname);
if ($search_firstname != '') $sql.= natural_search("u.firstname", $search_firstname); if ($search_firstname != '') $sql.= natural_search("u.firstname", $search_firstname);
@@ -214,7 +214,7 @@ if (is_numeric($search_employee) && $search_employee >= 0) {
} }
if ($search_accountancy_code != '') $sql.= natural_search("u.accountancy_code", $search_accountancy_code); if ($search_accountancy_code != '') $sql.= natural_search("u.accountancy_code", $search_accountancy_code);
if ($search_email != '') $sql.= natural_search("u.email", $search_email); if ($search_email != '') $sql.= natural_search("u.email", $search_email);
if ($search_statut != '' && $search_statut >= 0) $sql.= " AND (u.statut=".$search_statut.")"; if ($search_statut != '' && $search_statut >= 0) $sql.= " AND u.statut IN (".$db->escape($search_statut).")";
if ($sall) $sql.= natural_search(array_keys($fieldstosearchall), $sall); if ($sall) $sql.= natural_search(array_keys($fieldstosearchall), $sall);
// Add where from extra fields // Add where from extra fields
foreach ($search_array_options as $key => $val) foreach ($search_array_options as $key => $val)