[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Noalyss-commit] [noalyss] 10/107: Security : replace $_GET by Http_Inpu
|
From: |
Dany De Bontridder |
|
Subject: |
[Noalyss-commit] [noalyss] 10/107: Security : replace $_GET by Http_Input |
|
Date: |
Mon, 26 Aug 2019 10:31:47 -0400 (EDT) |
sparkyx pushed a commit to branch master
in repository noalyss.
commit 0be8c0ee1db39541367d1fa2a3421b792538a1cf
Author: Dany De Bontridder <address@hidden>
Date: Sat Feb 16 10:44:32 2019 +0100
Security : replace $_GET by Http_Input
---
include/fiche.inc.php | 18 +++++++++++-------
1 file changed, 11 insertions(+), 7 deletions(-)
diff --git a/include/fiche.inc.php b/include/fiche.inc.php
index fcd2705..59f840c 100644
--- a/include/fiche.inc.php
+++ b/include/fiche.inc.php
@@ -285,21 +285,23 @@ if (isDate($_REQUEST['start']) == null ||
isDate($_REQUEST['end']) == null)
if ( $histo->selected == 8)
{
require_once NOALYSS_INCLUDE.'/class/balance_age.class.php';
+ $start=$http->get("start","date");
+ $cat=$http->get("cat","number");
$bal=new Balance_Age($cn);
$export_csv = '<FORM METHOD="get" ACTION="export.php"
style="display:inline">';
$export_csv
.=HtmlInput::request_to_hidden(array('gDossier','ac','p_let','p_date_start'));
- $export_csv.=HtmlInput::hidden('p_date_start', $_GET['start']);
+ $export_csv.=HtmlInput::hidden('p_date_start',$start);
$export_csv .= HtmlInput::hidden('act','CSV:balance_age');
$export_csv .= HtmlInput::hidden('p_let','let');
$export_csv .= HtmlInput::hidden('p_type','X');
- $export_csv .= HtmlInput::hidden('cat',$_GET['cat']);
+ $export_csv .= HtmlInput::hidden('cat',$cat);
$export_csv .= HtmlInput::hidden('all',$allcard);
$export_csv .= HtmlInput::submit('csv',_('Export CSV'));
$export_csv.='</FORM><p></p>';
if ( $allcard == 0 )
{
echo $export_csv;
- $bal->display_category($_GET['start'],$_GET['cat'],'let');
+ $bal->display_category($start,$cat,'let');
echo $export_csv;
}
else
@@ -309,7 +311,7 @@ if ( $histo->selected == 8)
$nb_cat=count($a_cat);
for ($i=0;$i < $nb_cat;$i++)
{
- $bal->display_category($_GET['start'],$a_cat[$i]['fd_id'],'let');
+ $bal->display_category($start,$a_cat[$i]['fd_id'],'let');
}
echo $export_csv;
}
@@ -322,20 +324,22 @@ if ( $histo->selected == 7)
{
require_once NOALYSS_INCLUDE.'/class/balance_age.class.php';
$bal=new Balance_Age($cn);
+ $start=$http->get("start","date");
+ $cat=$http->get("cat","number");
$export_csv = '<FORM METHOD="get" ACTION="export.php"
style="display:inline">';
$export_csv
.=HtmlInput::request_to_hidden(array('gDossier','ac','p_let','p_date_start'));
$export_csv.=HtmlInput::hidden('p_date_start', $_GET['start']);
$export_csv .= HtmlInput::hidden('act','CSV:balance_age');
$export_csv .= HtmlInput::hidden('p_let','unlet');
$export_csv .= HtmlInput::hidden('p_type','X');
- $export_csv .= HtmlInput::hidden('cat',$_GET['cat']);
+ $export_csv .= HtmlInput::hidden('cat',$cat);
$export_csv .= HtmlInput::hidden('all',$allcard);
$export_csv .= HtmlInput::submit('csv',_('Export CSV'));
$export_csv.='</FORM><p></p>';
if ( $allcard == 0 )
{
echo $export_csv;
- $bal->display_category($_GET['start'],$_GET['cat'],'unlet');
+ $bal->display_category($start,$cat,'unlet');
echo $export_csv;
}
else
@@ -345,7 +349,7 @@ if ( $histo->selected == 7)
$nb_cat=count($a_cat);
for ($i=0;$i < $nb_cat;$i++)
{
-
$bal->display_category($_GET['start'],$a_cat[$i]['fd_id'],'unlet');
+ $bal->display_category($start,$a_cat[$i]['fd_id'],'unlet');
}
echo $export_csv;
}
- [Noalyss-commit] [noalyss] 02/107: Fix bug with payment method, (continued)
- [Noalyss-commit] [noalyss] 02/107: Fix bug with payment method, Dany De Bontridder, 2019/08/26
- [Noalyss-commit] [noalyss] 07/107: mantis #1690: Bug : impossible d'utiliser < dans Inplace_Edit Replace strip_tags , add a space before the "<", Dany De Bontridder, 2019/08/26
- [Noalyss-commit] [noalyss] 08/107: Mantis #1693: CA - problème avec la balance croisée double, Dany De Bontridder, 2019/08/26
- [Noalyss-commit] [noalyss] 11/107: Security : replace $_GET by Http_Input + translate, Dany De Bontridder, 2019/08/26
- [Noalyss-commit] [noalyss] 13/107: Icon_Action : add icon for menu, Dany De Bontridder, 2019/08/26
- [Noalyss-commit] [noalyss] 16/107: Icon_Action add icon for locking , unlocking, Dany De Bontridder, 2019/08/26
- [Noalyss-commit] [noalyss] 24/107: Debug : Add memory info, Dany De Bontridder, 2019/08/26
- [Noalyss-commit] [noalyss] 18/107: Mantis #0001651: Problème avec totaux en CA, Dany De Bontridder, 2019/08/26
- [Noalyss-commit] [noalyss] 09/107: translation, Dany De Bontridder, 2019/08/26
- [Noalyss-commit] [noalyss] 04/107: Php7.2 incompatibility, Dany De Bontridder, 2019/08/26
- [Noalyss-commit] [noalyss] 10/107: Security : replace $_GET by Http_Input,
Dany De Bontridder <=
- [Noalyss-commit] [noalyss] 06/107: TEST : fix some little bugs, Dany De Bontridder, 2019/08/26
- [Noalyss-commit] [noalyss] 14/107: Accounting : Cosmetic change icon more by arrow, Dany De Bontridder, 2019/08/26
- [Noalyss-commit] [noalyss] 17/107: Mantis #0001651: Problème avec totaux en CA, Dany De Bontridder, 2019/08/26
- [Noalyss-commit] [noalyss] 12/107: Code cleaning replace $start and $end by $periode_...>value to avoid to get it several times, Dany De Bontridder, 2019/08/26
- [Noalyss-commit] [noalyss] 23/107: Bug javascript mispelled function show_tab, Dany De Bontridder, 2019/08/26
- [Noalyss-commit] [noalyss] 21/107: Merge branch 'master' of gitlab.noalyss.eu:noalyss/noalyss into dev7016, Dany De Bontridder, 2019/08/26
- [Noalyss-commit] [noalyss] 15/107: Icon_Action : add testing + cosmetic for Icon_Action::menu, Dany De Bontridder, 2019/08/26
- [Noalyss-commit] [noalyss] 22/107: typo, Dany De Bontridder, 2019/08/26
- [Noalyss-commit] [noalyss] 26/107: Code Cleaning : replace tempname with sys_get_temp_dir Merge commit 'd85d6f8c77083fb997441a672d222bb10836af3e' into dev7109, Dany De Bontridder, 2019/08/26
- [Noalyss-commit] [noalyss] 27/107: Improve : depending if pdftk is a snap or not , his path must be a setting, Dany De Bontridder, 2019/08/26