[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Noalyss-commit] [noalyss] 01/14: Protect $_POST variable
From: |
Dany De Bontridder |
Subject: |
[Noalyss-commit] [noalyss] 01/14: Protect $_POST variable |
Date: |
Wed, 28 Oct 2015 09:56:54 +0000 |
sparkyx pushed a commit to branch master
in repository noalyss.
commit b7d27af6e91b71c9030113e627886ac45f81337b
Author: Dany De Bontridder <address@hidden>
Date: Sun Oct 25 17:32:51 2015 +0100
Protect $_POST variable
---
include/ajax/ajax_ledger.php | 5 ++++-
1 files changed, 4 insertions(+), 1 deletions(-)
diff --git a/include/ajax/ajax_ledger.php b/include/ajax/ajax_ledger.php
index 4b639bc..d1f455f 100644
--- a/include/ajax/ajax_ledger.php
+++ b/include/ajax/ajax_ledger.php
@@ -146,7 +146,10 @@ case 'rmop':
{
$cn->start();
$oLedger=new Acc_Ledger($cn,$ledger);
- $oLedger->jr_id=$_REQUEST['jr_id'];
+
$oLedger->jr_id=HtmlInput::default_value_request($_REQUEST['jr_id'],0);
+ if ( $oLedger->jr_id == 0 ||
+ isNumber($oLedger->jr_id) == 0)
+ throw new Exception (_('Donnée invalide'));
$oLedger->delete();
$cn->commit();
echo _("Opération Effacée");
- [Noalyss-commit] [noalyss] branch master updated (08827e1 -> a3fd1a9), Dany De Bontridder, 2015/10/28
- [Noalyss-commit] [noalyss] 01/14: Protect $_POST variable,
Dany De Bontridder <=
- [Noalyss-commit] [noalyss] 03/14: Fix issue when delete a menu with submenu , remove properly all direct and indirect children, Dany De Bontridder, 2015/10/28
- [Noalyss-commit] [noalyss] 07/14: Sort of the ledger in search, Dany De Bontridder, 2015/10/28
- [Noalyss-commit] [noalyss] 08/14: Bug : in follow-up , error in security can_add_action, Dany De Bontridder, 2015/10/28
- [Noalyss-commit] [noalyss] 02/14: Reinforce and Protect ajax, Dany De Bontridder, 2015/10/28
- [Noalyss-commit] [noalyss] 05/14: Select has a new attribute : size, Dany De Bontridder, 2015/10/28
- [Noalyss-commit] [noalyss] 10/14: Bug : in follow-up , error in security can_add_action, Dany De Bontridder, 2015/10/28
- [Noalyss-commit] [noalyss] 11/14: Bug : in export card, the textarea was not exported in CSV properly, Dany De Bontridder, 2015/10/28
- [Noalyss-commit] [noalyss] 12/14: Bug : in export card, the textarea was not exported in CSV properly, Dany De Bontridder, 2015/10/28
- [Noalyss-commit] [noalyss] 06/14: Select has already undocumented rowsize attribute , changes reversed, Dany De Bontridder, 2015/10/28
- [Noalyss-commit] [noalyss] 09/14: Bug : in follow-up , error in security can_add_action, Dany De Bontridder, 2015/10/28