Wavyzz/dolibarr
2
0
Fork 1
mirror of https://github.com/Dolibarr/dolibarr.git synced 2025-12-08 18:48:22 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #7735 from grandoc/new_branc_30_10_17

Browse Source 
Warning: trim() expects parameter 1 to be string, array given in /htt…
This commit is contained in:
Laurent Destailleur
2017-11-02 09:58:57 +01:00
committed by GitHub
parent d137cef843 6ea558b639
commit dbd85321b3
1 changed files with 27 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

42
htdocs/core/lib/functions.lib.php
View File

@@ -517,22 +517,31 @@ function GETPOST($paramname, $check='alpha', $method=0, $filter=NULL, $options=N
if (preg_match('/[^0-9,]+/i',$out)) $out='';
break;
case 'alpha':
$out=trim($out);
// '"' is dangerous because param in url can close the href= or src= and add javascript functions.
// '../' is dangerous because it allows dir transversals
if (preg_match('/"/',$out)) $out='';
else if (preg_match('/\.\.\//',$out)) $out='';
if (! is_array($out))
{
$out=trim($out);
// '"' is dangerous because param in url can close the href= or src= and add javascript functions.
// '../' is dangerous because it allows dir transversals
if (preg_match('/"/',$out)) $out='';
else if (preg_match('/\.\.\//',$out)) $out='';
}
break;
case 'san_alpha':
$out=filter_var($out,FILTER_SANITIZE_STRING);
break;
case 'aZ':
$out=trim($out);
if (preg_match('/[^a-z]+/i',$out)) $out='';
if (! is_array($out))
{
$out=trim($out);
if (preg_match('/[^a-z]+/i',$out)) $out='';
}
break;
case 'aZ09':
$out=trim($out);
if (preg_match('/[^a-z0-9_\-\.]+/i',$out)) $out='';
if (! is_array($out))
{
$out=trim($out);
if (preg_match('/[^a-z0-9_\-\.]+/i',$out)) $out='';
}
break;
case 'array':
if (! is_array($out) || empty($out)) $out=array();
@@ -541,12 +550,15 @@ function GETPOST($paramname, $check='alpha', $method=0, $filter=NULL, $options=N
$out=dol_string_nohtmltag($out);
break;
case 'alphanohtml': // Recommended for search params
$out=trim($out);
// '"' is dangerous because param in url can close the href= or src= and add javascript functions.
// '../' is dangerous because it allows dir transversals
if (preg_match('/"/',$out)) $out='';
else if (preg_match('/\.\.\//',$out)) $out='';
$out=dol_string_nohtmltag($out);
if (! is_array($out))
{
$out=trim($out);
// '"' is dangerous because param in url can close the href= or src= and add javascript functions.
// '../' is dangerous because it allows dir transversals
if (preg_match('/"/',$out)) $out='';
else if (preg_match('/\.\.\//',$out)) $out='';
$out=dol_string_nohtmltag($out);
}
break;
case 'custom':
if (empty($filter)) return 'BadFourthParameterForGETPOST';