[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Noalyss-commit] [noalyss] 02/24: remove direct access to $_POST and ext
From: |
Dany De Bontridder |
Subject: |
[Noalyss-commit] [noalyss] 02/24: remove direct access to $_POST and extract |
Date: |
Tue, 12 Jul 2022 07:05:17 -0400 (EDT) |
sparkyx pushed a commit to branch master
in repository noalyss.
commit 51899c6993ed32b59e895cc328ea60f644a9cf04
Author: sparkyx <danydb@noalyss.eu>
AuthorDate: Tue May 3 21:32:43 2022 +0200
remove direct access to $_POST and extract
---
include/profile.inc.php | 31 ++++++++++++++++++++-----------
1 file changed, 20 insertions(+), 11 deletions(-)
diff --git a/include/profile.inc.php b/include/profile.inc.php
index b68d67c52..f15fbcafb 100644
--- a/include/profile.inc.php
+++ b/include/profile.inc.php
@@ -28,29 +28,33 @@ global $cn,$http;
//**********************************************
if (isset($_POST['change_profile']))
{
- extract($_POST, EXTR_SKIP);
try
{
- for ($e=0; $e<count($right); $e++)
+ $aRight=$http->post("right","array",array());
+ $aUserProfile=$http->post("ua_id","array",array());
+ $p_id=$http->post("p_id","number");
+ $aProfile=$http->post("ap_id","array",array());
+
+ for ($e=0; $e<count($aUserProfile); $e++)
{
- if ($right[$e]=='X'&&$ua_id[$e]=='')
+ if ($aUserProfile[$e]=='X'&&$aUserProfile[$e]=='')
continue;
- if ($right[$e]=='X'&&$ua_id[$e]!='')
+ if ($aUserProfile[$e]=='X'&&$aUserProfile[$e]!='')
{
$cn->exec_sql("delete from user_sec_action_profile where
p_id=$1 and p_granted=$2",
- array($p_id, $ap_id[$e]));
+ array($p_id, $aProfile[$e]));
continue;
}
- if ($ua_id[$e]=="")
+ if ($aUserProfile[$e]=="")
{
$cn->exec_sql("insert into user_sec_action_profile
(p_id,p_granted,ua_right) values($1,$2,$3)",
- array($p_id, $ap_id[$e], $right[$e]));
+ array($p_id, $aProfile[$e], $aRight[$e]));
continue;
}
- if ($ua_id[$e]!='')
+ if ($aUserProfile[$e]!='')
{
$cn->exec_sql("update user_sec_action_profile set ua_right=$3
where p_id=$1 and p_granted=$2 ",
- array($p_id, $ap_id[$e], $right[$e]));
+ array($p_id, $aProfile[$e], $aRight[$e]));
continue;
}
}
@@ -67,9 +71,13 @@ if (isset($_POST['change_profile']))
//**********************************************
if (isset($_POST['change_stock']))
{
- extract($_POST, EXTR_SKIP);
try
{
+ $p_id=$http->post("p_id","number");
+ $right=$http->post("right","array",array());
+ $ar_id=$http->post("ar_id","array",array());
+ $ur_id=$http->post("ur_id","array",array());
+
for ($e=0; $e<count($right); $e++)
{
if ($right[$e]=='X'&&$ur_id[$e]=='')
@@ -188,9 +196,10 @@ if (isset($_POST['clone']))
//************************************
if (isset($_POST['delete_profil']))
{
- extract($_POST, EXTR_SKIP);
try
{
+ $p_id=$http->post("p_id","number");
+
$cn->start();
if ($p_id==1)
{
- [Noalyss-commit] [noalyss] branch master updated (f8d23563a -> cbc0d3fb7), Dany De Bontridder, 2022/07/12
- [Noalyss-commit] [noalyss] 01/24: Cosmetic : error message when user cannot add card, Dany De Bontridder, 2022/07/12
- [Noalyss-commit] [noalyss] 02/24: remove direct access to $_POST and extract,
Dany De Bontridder <=
- [Noalyss-commit] [noalyss] 03/24: ISelect->display fails if this->value if null, Dany De Bontridder, 2022/07/12
- [Noalyss-commit] [noalyss] 06/24: Bug when ledger badly parametrized, Dany De Bontridder, 2022/07/12
- [Noalyss-commit] [noalyss] 08/24: Merge branch 'devel', Dany De Bontridder, 2022/07/12
- [Noalyss-commit] [noalyss] 05/24: Security : management , profile access, Dany De Bontridder, 2022/07/12
- [Noalyss-commit] [noalyss] 09/24: Supplemental TAX : manage parameter A ledger can have only 1 supplemental tax, Dany De Bontridder, 2022/07/12
- [Noalyss-commit] [noalyss] 13/24: code documentation, Dany De Bontridder, 2022/07/12
- [Noalyss-commit] [noalyss] 10/24: New : 2178 Additional Tax : input in purchase and sale ledger - tax with positive amount - tax with negative amount - tax in currency, Dany De Bontridder, 2022/07/12
- [Noalyss-commit] [noalyss] 11/24: Nouveau #0002178: Cotisation de solidarité Impression : Listing (HTML, CSV et PDF) Impression : Extended (HTML, CSV et PDF) Negatif amount and currency, Dany De Bontridder, 2022/07/12
- [Noalyss-commit] [noalyss] 14/24: Additional Tax : database changes, Dany De Bontridder, 2022/07/12
- [Noalyss-commit] [noalyss] 16/24: Additional Tax : export operation PDF, Dany De Bontridder, 2022/07/12