Wavyzz/dolibarr
2
0
Fork 1
mirror of https://github.com/Dolibarr/dolibarr.git synced 2026-02-08 00:52:01 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fix: Too much sanitizing

Browse Source
This commit is contained in:
Laurent Destailleur
2012-11-03 00:47:09 +01:00
parent f8a9733b73
commit 8709933288
5 changed files with 13 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
htdocs/admin/commande.php
View File

@@ -209,7 +209,8 @@ if ($action == 'set_COMMANDE_DRAFT_WATERMARK')
if ($action == 'set_COMMANDE_FREE_TEXT')
{
$freetext = GETPOST("COMMANDE_FREE_TEXT");
$freetext = GETPOST("COMMANDE_FREE_TEXT"); // No alpha here, we want exact string
$res = dolibarr_set_const($db, "COMMANDE_FREE_TEXT",$freetext,'chaine',0,'',$conf->entity);
if (! $res > 0) $error++;
@@ -407,12 +408,12 @@ foreach ($dirmodels as $reldir)
}
closedir($handle);
arsort($filelist);
foreach($filelist as $file)
{
if (preg_match('/\.modules\.php$/i',$file) && preg_match('/^(pdf_|doc_)/',$file))
{
if (file_exists($dir.'/'.$file))
{
$name = substr($file, 4, dol_strlen($file) -16);