Wavyzz/dolibarr
2
0
Fork 1
mirror of https://github.com/Dolibarr/dolibarr.git synced 2025-12-06 09:38:23 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fix: XSS injection

Browse Source
This commit is contained in:
Regis Houssin
2010-11-10 19:47:03 +00:00
parent 2ac06a875c
commit e0d9bd0836
2 changed files with 13 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
htdocs/lib/functions.lib.php
View File

@@ -40,11 +40,15 @@ if (! defined('ADODB_DATE_VERSION')) include_once(DOL_DOCUMENT_ROOT."/includes/a
/**
* Return value of a param into get or post variable
* @param paramname Name of parameter to found
* @param length Length of string (security)
* @return string Value found
*/
function GETPOST($paramname)
function GETPOST($paramname,$length=0)
{
return isset($_GET[$paramname])?$_GET[$paramname]:(isset($_POST[$paramname])?$_POST[$paramname]:'');
$out = isset($_GET[$paramname])?$_GET[$paramname]:(isset($_POST[$paramname])?$_POST[$paramname]:'');
$out = trim($out);
if ($length > 0 && strlen($out) > $length) $out='';
return $out;
}
/**