[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Noalyss-commit] [noalyss] 17/19: CFGLED : security fix : remove $_REQUE
From: |
Dany De Bontridder |
Subject: |
[Noalyss-commit] [noalyss] 17/19: CFGLED : security fix : remove $_REQUEST |
Date: |
Sat, 21 Jul 2018 07:47:40 -0400 (EDT) |
sparkyx pushed a commit to tag r700-currency-005
in repository noalyss.
commit 9ba82e73fc0646a381c1444704e3b3c539942eca
Author: Dany De Bontridder <address@hidden>
Date: Sun Jun 3 12:44:11 2018 +0200
CFGLED : security fix : remove $_REQUEST
---
include/cfgledger.inc.php | 16 ++++++++++------
1 file changed, 10 insertions(+), 6 deletions(-)
diff --git a/include/cfgledger.inc.php b/include/cfgledger.inc.php
index 2a1c28f..48fc3b6 100644
--- a/include/cfgledger.inc.php
+++ b/include/cfgledger.inc.php
@@ -61,8 +61,9 @@ if ( $action_frm == 'update')
$show_menu=1;
} catch (Exception $e)
{
+ record_log($e->getMessage());
record_log($e->getTraceAsString());
- alert($e->getMessage());
+ alert($e->getMessage());
}
}
@@ -71,7 +72,7 @@ if ( $action_frm == 'update')
//////////////////////////////////////////////////////////////////////////
if ($action_frm == 'delete' )
{
- $ledger->id=$http->post('p_jrn',"number");;
+ $ledger->id=$http->post('p_jrn',"number");
$ledger->load();
$name=$ledger->get_name();
try {
@@ -86,8 +87,9 @@ if ($action_frm == 'delete' )
}
catch (Exception $e)
{
+ record_log($e->getMessage());
record_log($e->getTraceAsString());
- alert ($e->getMessage());
+ alert ($e->getMessage());
}
}
@@ -108,8 +110,9 @@ if (isset($_POST['add']))
}
catch (Exception $e)
{
+ record_log($e->getMessage());
record_log($e->getTraceAsString());
- alert($e->getMessage());
+ alert($e->getMessage());
}
}
@@ -134,7 +137,7 @@ switch ($sa)
echo '<INPUT TYPE="SUBMIT" class="smallbutton"
VALUE="'._("Sauve").'" name="update"
onClick="$(\'action_frm\').value=\'update\';return
confirm_box(\'cfg_ledger_frm\',\'Valider ?\')">
<INPUT TYPE="RESET" class="smallbutton" VALUE="Reset">
<INPUT TYPE="submit" class="smallbutton" name="efface"
value="'._("Efface").'" onClick="$(\'action_frm\').value=\'delete\';return
confirm_box(\'cfg_ledger_frm\',\'Vous effacez ce journal ?\')">';
-
$href=http_build_query(array('ac'=>$_REQUEST['ac'],'gDossier'=>$_REQUEST['gDossier']));
+
$href=http_build_query(array('ac'=>$http->request('ac'),'gDossier'=>$http->request('gDossier',"number")));
echo '<a style="display:inline" class="smallbutton"
href="do.php?'.$href.'">'._('Retour').'</a>';
echo '</FORM>';
echo "</div>";
@@ -142,8 +145,9 @@ switch ($sa)
}
catch (Exception $e)
{
+ record_log($e->getMessage());
record_log($e->getTraceAsString());
- alert($e->getMessage());
+ alert($e->getMessage());
}
break;
case 'add': /* Add a new ledger */
- [Noalyss-commit] [noalyss] 06/19: Create invoice : New version of libreoffice use the numeric in another way, (continued)
- [Noalyss-commit] [noalyss] 06/19: Create invoice : New version of libreoffice use the numeric in another way, Dany De Bontridder, 2018/07/21
- [Noalyss-commit] [noalyss] 09/19: integrate fix for bug in insert_quant_purchase which cannot save private fee Conflicts: include/sql/patch/upgrade128.sql, Dany De Bontridder, 2018/07/21
- [Noalyss-commit] [noalyss] 10/19: Fix todo_list : if list empty , gets an error in php 7.2, Dany De Bontridder, 2018/07/21
- [Noalyss-commit] [noalyss] 13/19: Security fix : f_id is a number, Dany De Bontridder, 2018/07/21
- [Noalyss-commit] [noalyss] 15/19: Task #1619 : CFGLED change label for "Donner ici la fiche du compte en banque", Dany De Bontridder, 2018/07/21
- [Noalyss-commit] [noalyss] 02/19: Task #448 : add currency to card -> history + export CSV, Dany De Bontridder, 2018/07/21
- [Noalyss-commit] [noalyss] 14/19: Security fix : f_id is a number, Dany De Bontridder, 2018/07/21
- [Noalyss-commit] [noalyss] 16/19: translation, Dany De Bontridder, 2018/07/21
- [Noalyss-commit] [noalyss] 11/19: Security : direct injection, Dany De Bontridder, 2018/07/21
- [Noalyss-commit] [noalyss] 19/19: Merge branch 'master' into r700-currency, Dany De Bontridder, 2018/07/21
- [Noalyss-commit] [noalyss] 17/19: CFGLED : security fix : remove $_REQUEST,
Dany De Bontridder <=
- [Noalyss-commit] [noalyss] 18/19: Merge master, Dany De Bontridder, 2018/07/21
- [Noalyss-commit] [noalyss] 04/19: Protect function nb , return the string if the parameter is not a float, Dany De Bontridder, 2018/07/21
- [Noalyss-commit] [noalyss] 07/19: Missing class : missing class for acc_ledger, Dany De Bontridder, 2018/07/21
- [Noalyss-commit] [noalyss] 08/19: Bug 1600 : alphanumeric accounting must be case insensitive, Dany De Bontridder, 2018/07/21
- [Noalyss-commit] [noalyss] 12/19: Fix : security fixes see rapport exakat (Damien Seguy), Dany De Bontridder, 2018/07/21