War against $_POST

2025-12-10 03:28:18 +01:00 · 2021-03-25 16:59:47 +01:00
parent 5b68c6af62
commit d9108362ba
37 changed files with 166 additions and 149 deletions
--- a/htdocs/admin/external_rss.php
+++ b/htdocs/admin/external_rss.php
@@ -72,15 +72,15 @@ if ($action == 'add' || GETPOST("modify")) {

 	if (!empty($_POST[$external_rss_urlrss])) {
 		$boxlabel = '(ExternalRSSInformations)';
-		//$external_rss_url = "external_rss_url_" . $_POST["norss"];
+		//$external_rss_url = "external_rss_url_" . GETPOST("norss");

 		$db->begin();

-		if ($_POST["modify"]) {
+		if (GETPOST("modify")) {
 			// Supprime boite box_external_rss de definition des boites
 			/* $sql = "UPDATE ".MAIN_DB_PREFIX."boxes_def";
 			$sql.= " SET name = '".$db->escape($boxlabel)."'";
-			$sql.= " WHERE file ='box_external_rss.php' AND note like '".$db->escape($_POST["norss"])." %'";
+			$sql.= " WHERE file ='box_external_rss.php' AND note like '".$db->escape(GETPOST("norss"))." %'";

 			$resql=$db->query($sql);
 			if (! $resql)
@@ -115,7 +115,7 @@ if ($action == 'add' || GETPOST("modify")) {
 	}
 }

-if ($_POST["delete"]) {
+if (GETPOST("delete")) {
 	if (GETPOST("norss", 'int')) {
 		$db->begin();