Fix: G�re correctement les config PHP avec magic_quotes_gpc = On

2025-12-21 08:51:24 +01:00 · 2005-09-07 18:22:47 +00:00
parent af647b5a09
commit 7a23ee1668
2 changed files with 18 additions and 17 deletions
--- a/htdocs/admin/index.php
+++ b/htdocs/admin/index.php
@@ -37,19 +37,19 @@ if (!$user->admin)
 if ( (isset($_POST["action"]) && $_POST["action"] == 'update')
  || (isset($_POST["action"]) && $_POST["action"] == 'updateedit') )
 {
-    dolibarr_set_const($db, "MAIN_INFO_SOCIETE_NOM",$_POST["nom"]);
+    dolibarr_set_const($db, "MAIN_INFO_SOCIETE_NOM",stripslashes($_POST["nom"]));
-    dolibarr_set_const($db, "MAIN_INFO_SOCIETE_ADRESSE",$_POST["address"]);
+    dolibarr_set_const($db, "MAIN_INFO_SOCIETE_ADRESSE",stripslashes($_POST["address"]));
-    dolibarr_set_const($db, "MAIN_INFO_SOCIETE_PAYS",$_POST["pays_id"]);
+    dolibarr_set_const($db, "MAIN_INFO_SOCIETE_PAYS",stripslashes($_POST["pays_id"]));
-    dolibarr_set_const($db, "MAIN_MONNAIE",$_POST["currency"]);
+    dolibarr_set_const($db, "MAIN_MONNAIE",stripslashes($_POST["currency"]));
-    dolibarr_set_const($db, "MAIN_INFO_CAPITAL",$_POST["capital"]);
+    dolibarr_set_const($db, "MAIN_INFO_CAPITAL",stripslashes($_POST["capital"]));
-    dolibarr_set_const($db, "MAIN_INFO_SOCIETE_FORME_JURIDIQUE",$_POST["forme_juridique_code"]);
+    dolibarr_set_const($db, "MAIN_INFO_SOCIETE_FORME_JURIDIQUE",stripslashes($_POST["forme_juridique_code"]));
-    dolibarr_set_const($db, "MAIN_INFO_SIREN",$_POST["siren"]);
+    dolibarr_set_const($db, "MAIN_INFO_SIREN",stripslashes($_POST["siren"]));
-    dolibarr_set_const($db, "MAIN_INFO_SIRET",$_POST["siret"]);
+    dolibarr_set_const($db, "MAIN_INFO_SIRET",stripslashes($_POST["siret"]));
-    dolibarr_set_const($db, "MAIN_INFO_APE",$_POST["ape"]);
+    dolibarr_set_const($db, "MAIN_INFO_APE",stripslashes($_POST["ape"]));
-    dolibarr_set_const($db, "MAIN_INFO_RCS",$_POST["rcs"]);
+    dolibarr_set_const($db, "MAIN_INFO_RCS",stripslashes($_POST["rcs"]));
-    dolibarr_set_const($db, "MAIN_INFO_TVAINTRA",$_POST["tva"]);
+    dolibarr_set_const($db, "MAIN_INFO_TVAINTRA",stripslashes($_POST["tva"]));
-    dolibarr_set_const($db, "FACTURE_TVAOPTION",$_POST["optiontva"]);
+    dolibarr_set_const($db, "FACTURE_TVAOPTION",stripslashes($_POST["optiontva"]));
    if ($_POST['action'] != 'updateedit')
    {
@@ -131,9 +131,9 @@ if ((isset($_GET["action"]) && $_GET["action"] == 'edit')
    {
        $sql  = "SELECT code from ".MAIN_DB_PREFIX."c_pays";
        $sql .= " WHERE rowid = ".$conf->global->MAIN_INFO_SOCIETE_PAYS;
-        $result=$db->query($sql);
+        $resql=$db->query($sql);
-        if ($result) {
+        if ($resql) {
-            $obj = $db->fetch_object();
+            $obj = $db->fetch_object($resql);
            if ($obj->code) $code_pays=$obj->code;
        }
        else {
--- a/htdocs/lib/functions.inc.php
+++ b/htdocs/lib/functions.inc.php
@@ -227,7 +227,7 @@ function dolibarr_get_const($db, $name)
        if ($resql)
        {
            $obj=$db->fetch_object($resql);
-            $value=$obj->value;
+            $value=stripslashes($obj->value);
        }
        return $value;
 }
@@ -278,11 +278,12 @@ function dolibarr_set_const($db, $name, $value, $type='chaine', $visible=0, $not
        $db->begin();
        //dolibarr_syslog("dolibarr_set_const name=$name, value=$value");
        $sql = "DELETE FROM llx_const WHERE name = '$name';"; 		
        $resql=$db->query($sql);	
        $sql = "INSERT INTO llx_const(name,value,type,visible,note)";
-        $sql.= " VALUES ('$name','".addslashes($value)."','$type',$visible,'$note');";
+        $sql.= " VALUES ('$name','".addslashes($value)."','$type',$visible,'".addslashes($note)."');";
        $resql=$db->query($sql);	
        if ($resql)