Wavyzz/dolibarr
2
0
Fork 1
mirror of https://github.com/Dolibarr/dolibarr.git synced 2025-12-24 10:21:32 +01:00
Code Issues Packages Projects Releases Wiki Activity

FIX CVE-2018-9019

Browse Source
This commit is contained in:
Laurent Destailleur
2018-04-25 16:01:06 +02:00
parent fdb3a11f34
commit 83b762b681
8 changed files with 42 additions and 130 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
htdocs/core/lib/functions.lib.php
View File

@@ -578,12 +578,12 @@ function GETPOST($paramname, $check='none', $method=0, $filter=NULL, $options=NU
{
//var_dump($paramname.' - '.$out.' '.$user->default_values[$relativepathstring]['filters'][$paramname]);
// We save search key only if:
// - not empty, or
// - if value is empty and a default value exists that is not empty (it means we did a filter to an empty value when default was not).
// We save search key only if $out not empty that means:
// - posted value not empty, or
// - if posted value is empty and a default value exists that is not empty (it means we did a filter to an empty value when default was not).
//if (! empty($out) || ! empty($user->default_values[$relativepathstring]['filters'][$paramname]))
if (! empty($out))
if ($out != '') // $out = '0' like 'abc' is a search criteria to keep
{
$user->lastsearch_values_tmp[$relativepathstring][$paramname]=$out;
}