Home Esplora Aiuto
Accedi
iProspective
/
dolibarr
3
0
Forka 0
File Problemi 0 Pull Requests 0 Wiki
Sfoglia il codice sorgente

FIX SQL injection on user/index.php parameter search_statut.

Laurent Destailleur 8 anni fa
parent
d03d179fa3
commit
70636cc59f
2 ha cambiato i file con 11 aggiunte e 8 eliminazioni
Visualizzazione separata Mostra Diff Stats
  1. 3 0
      htdocs/core/lib/functions.lib.php
  2. 8 8
      htdocs/user/index.php

+ 3 - 0
htdocs/core/lib/functions.lib.php
Vedi File 

@@ -286,6 +286,9 @@ function GETPOST($paramname,$check='',$method=0,$filter=NULL,$options=NULL)
 
 	        case 'int':
 
 	            if (! is_numeric($out)) { $out=''; }
 
 	            break;
 
+	        case 'intcomma':
 
+	            if (preg_match('/[^0-9,]+/i',$out)) $out='';
 
+	            break;
 
 	        case 'alpha':
 
 	            $out=trim($out);
 
 	            // '"' is dangerous because param in url can close the href= or src= and add javascript functions.

+ 8 - 8
htdocs/user/index.php
Vedi File 

@@ -119,9 +119,9 @@ $search_gender=GETPOST('search_gender','alpha');
 
 $search_employee=GETPOST('search_employee','alpha');
 
 $search_accountancy_code=GETPOST('search_accountancy_code','alpha');
 
 $search_email=GETPOST('search_email','alpha');
 
-$search_statut=GETPOST('search_statut','alpha');
 
+$search_statut=GETPOST('search_statut','intcomma');
 
 $search_thirdparty=GETPOST('search_thirdparty','alpha');
 
-$search_supervisor=GETPOST('search_supervisor','alpha');
 
+$search_supervisor=GETPOST('search_supervisor','intcomma');
 
 $search_previousconn=GETPOST('search_previousconn','alpha');
 
 $optioncss = GETPOST('optioncss','alpha');
 
 
@@ -148,7 +148,7 @@ if (empty($reshook))
 
     include DOL_DOCUMENT_ROOT.'/core/actions_changeselectedfields.inc.php';
 
 
     // Purge search criteria
 
-    if (GETPOST("button_removefilter_x") || GETPOST("button_removefilter.x") ||GETPOST("button_removefilter")) // All test are required to be compatible with all browsers
 
+    if (GETPOST("button_removefilter_x") || GETPOST("button_removefilter.x") ||GETPOST("button_removefilter")) // All tests are required to be compatible with all browsers
 
     {
 
     	$search_user="";
 
     	$search_login="";
 
@@ -203,8 +203,8 @@ else
 
 }
 
 if ($socid > 0) $sql.= " AND u.fk_soc = ".$socid;
 
 //if ($search_user != '')       $sql.=natural_search(array('u.login', 'u.lastname', 'u.firstname'), $search_user);
 
-if ($search_supervisor > 0)   $sql.= " AND u.fk_user = ".$search_supervisor;
 
-if ($search_thirdparty != '') $sql.=natural_search(array('s.nom'), $search_thirdparty);
 
+if ($search_supervisor > 0)   $sql.= " AND u.fk_user = ".$db->escape($search_supervisor);
 
+if ($search_thirdparty != '') $sql.= natural_search(array('s.nom'), $search_thirdparty);
 
 if ($search_login != '')      $sql.= natural_search("u.login", $search_login);
 
 if ($search_lastname != '')   $sql.= natural_search("u.lastname", $search_lastname);
 
 if ($search_firstname != '')  $sql.= natural_search("u.firstname", $search_firstname);
 
@@ -213,9 +213,9 @@ if (is_numeric($search_employee) && $search_employee >= 0)    {
 
 	$sql .= ' AND u.employee = '.(int) $search_employee;
 
 }
 
 if ($search_accountancy_code != '')  $sql.= natural_search("u.accountancy_code", $search_accountancy_code);
 
-if ($search_email != '')  $sql.= natural_search("u.email", $search_email);
 
-if ($search_statut != '' && $search_statut >= 0) $sql.= " AND (u.statut=".$search_statut.")";
 
-if ($sall)                    $sql.= natural_search(array_keys($fieldstosearchall), $sall);
 
+if ($search_email != '')             $sql.= natural_search("u.email", $search_email);
 
+if ($search_statut != '' && $search_statut >= 0) $sql.= " AND u.statut IN (".$db->escape($search_statut).")";
 
+if ($sall)                           $sql.= natural_search(array_keys($fieldstosearchall), $sall);
 
 // Add where from extra fields
 
 foreach ($search_array_options as $key => $val)
 
 {