Home Explore Help
Sign In
iProspective
/
dolibarr
3
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

FIX XSS

Conflicts:
	htdocs/viewimage.php
Laurent Destailleur 6 years ago
parent
231395dab8
commit
484b4371c1
2 changed files with 2 additions and 2 deletions
Unified View Show Diff Stats
  1. 1 1
      htdocs/document.php
  2. 1 1
      htdocs/viewimage.php

+ 1 - 1
htdocs/document.php
View File 

@@ -81,7 +81,7 @@ require_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php';
 
 
 
 $encoding = '';
 
 $encoding = '';
 
 $action=GETPOST('action','alpha');
 
 $action=GETPOST('action','alpha');
 
-$original_file=GETPOST('file','alpha');		// Do not use urldecode here ($_GET are already decoded by PHP).
 
+$original_file=GETPOST('file','alphanohtml');		// Do not use urldecode here ($_GET are already decoded by PHP).
 
 $hashp=GETPOST('hashp','aZ09');
 
 $hashp=GETPOST('hashp','aZ09');
 
 $modulepart=GETPOST('modulepart','alpha');
 
 $modulepart=GETPOST('modulepart','alpha');
 
 $urlsource=GETPOST('urlsource','alpha');
 
 $urlsource=GETPOST('urlsource','alpha');

+ 1 - 1
htdocs/viewimage.php
View File 

@@ -62,7 +62,7 @@ require_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php';
 
 
 
 
 
 $action=GETPOST('action','alpha');
 
 $action=GETPOST('action','alpha');
 
-$original_file=GETPOST("file",'alpha');
 
+$original_file=GETPOST('file','alphanohtml');		// Do not use urldecode here ($_GET are already decoded by PHP).
 
 $modulepart=GETPOST('modulepart','alpha');
 
 $modulepart=GETPOST('modulepart','alpha');
 
 $urlsource=GETPOST("urlsource",'alpha');
 
 $urlsource=GETPOST("urlsource",'alpha');
 
 $entity=GETPOST('entity','int')?GETPOST('entity','int'):$conf->entity;
 
 $entity=GETPOST('entity','int')?GETPOST('entity','int'):$conf->entity;