[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Noalyss-commit] [noalyss] 06/27: Security : avoid direct call to Http V
|
From: |
Dany De Bontridder |
|
Subject: |
[Noalyss-commit] [noalyss] 06/27: Security : avoid direct call to Http Variable |
|
Date: |
Wed, 4 Sep 2019 15:24:52 -0400 (EDT) |
sparkyx pushed a commit to branch master
in repository noalyss.
commit 57153bea0e813c1fee72870824c5f8578341797b
Author: Dany De Bontridder <address@hidden>
Date: Tue Aug 27 18:58:04 2019 +0200
Security : avoid direct call to Http Variable
---
include/history_operation.inc.php | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/include/history_operation.inc.php
b/include/history_operation.inc.php
index 420a324..50f0e11 100644
--- a/include/history_operation.inc.php
+++ b/include/history_operation.inc.php
@@ -110,6 +110,11 @@ $max_line = $cn->count_sql($sql);
$step = $_SESSION['g_pagesize'];
$page = (isset($_GET['offset'])) ? $_GET['page'] : 1;
$offset = (isset($_GET['offset'])) ? $_GET['offset'] : 0;
+
+// check if number
+$page=(isNumber($page)==0)?1:$page;
+$offset=(isNumber($offset)==0)?0:$offset;
+
$bar = navigation_bar($offset, $max_line, $step, $page);
echo $msg;
- [Noalyss-commit] [noalyss] branch master updated (aabcd83 -> c249f39), Dany De Bontridder, 2019/09/04
- [Noalyss-commit] [noalyss] 03/27: changement de texte, Dany De Bontridder, 2019/09/04
- [Noalyss-commit] [noalyss] 04/27: Translation & text, Dany De Bontridder, 2019/09/04
- [Noalyss-commit] [noalyss] 06/27: Security : avoid direct call to Http Variable,
Dany De Bontridder <=
- [Noalyss-commit] [noalyss] 08/27: New : icon_action:slider icon_action:comment and fix single quote issue in icon_action:tips, Dany De Bontridder, 2019/09/04
- [Noalyss-commit] [noalyss] 09/27: fixup! fixup! New Task 1728: Aide à l'encodage - Journaux négatifs (note de crédit), Dany De Bontridder, 2019/09/04
- [Noalyss-commit] [noalyss] 18/27: #0001735: icone add catégorie de fiche, Dany De Bontridder, 2019/09/04
- [Noalyss-commit] [noalyss] 12/27: #1369: Étendre la comptabilité analytique à tous les postes? #1716: GROS SOUCI CA - ventilation 4 et 5. 5 phantôme! #1479: PROPOSITION CA - paramétrage comptes actifs, Dany De Bontridder, 2019/09/04
- [Noalyss-commit] [noalyss] 20/27: Task #0001731: Moyen de paiement , bug in ajax , if ledger==ODS a category of card is mandatory, Dany De Bontridder, 2019/09/04
- [Noalyss-commit] [noalyss] 21/27: Data_SQL Add database indication, Dany De Bontridder, 2019/09/04
- [Noalyss-commit] [noalyss] 02/27: Task #0001736: PHP7 comptability : count() works only with array, Dany De Bontridder, 2019/09/04
- [Noalyss-commit] [noalyss] 26/27: Database_Core add function with the number of cols, Dany De Bontridder, 2019/09/04
- [Noalyss-commit] [noalyss] 07/27: #0001584: En mode «optionnelle», afficher si CA ventilée ou non. Ajout symbole "contient", Dany De Bontridder, 2019/09/04
- [Noalyss-commit] [noalyss] 11/27: layout, Dany De Bontridder, 2019/09/04