Wavyzz/dolibarr
2
0
Fork 1
mirror of https://github.com/Dolibarr/dolibarr.git synced 2025-12-12 20:41:26 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fix: GETPOST on int accept negative values

Browse Source
This commit is contained in:
Laurent Destailleur
2011-12-07 20:01:06 +01:00
parent abf9fbbd2a
commit b689fdf031
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
htdocs/core/lib/functions.lib.php
View File

@@ -199,7 +199,7 @@ function GETPOST($paramname,$check='',$method=0)
if (! empty($check)) if (! empty($check))
{ {
// Check if numeric // Check if numeric
if ($check == 'int' && ! preg_match('/^[\.,0-9]+$/i',trim($out))) $out=''; if ($check == 'int' && ! preg_match('/^[-\.,0-9]+$/i',trim($out))) $out='';
// Check if alpha // Check if alpha
//if ($check == 'alpha' && ! preg_match('/^[ =:@#\/\\\(\)\-\._a-z0-9]+$/i',trim($out))) $out=''; //if ($check == 'alpha' && ! preg_match('/^[ =:@#\/\\\(\)\-\._a-z0-9]+$/i',trim($out))) $out='';
// '"' is dangerous because param in url can close the href= or src= and add javascript functions. // '"' is dangerous because param in url can close the href= or src= and add javascript functions.