[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Phpcompta-dev] r4605 - phpcompta/trunk/include/template
|
From: |
phpcompta-dev |
|
Subject: |
[Phpcompta-dev] r4605 - phpcompta/trunk/include/template |
|
Date: |
Mon, 12 Dec 2011 21:19:22 +0100 (CET) |
Author: danydb
Date: 2011-12-12 21:19:20 +0100 (Mon, 12 Dec 2011)
New Revision: 4605
Modified:
phpcompta/trunk/include/template/ledger_detail_ach.php
phpcompta/trunk/include/template/ledger_detail_bottom.php
phpcompta/trunk/include/template/ledger_detail_fin.php
phpcompta/trunk/include/template/ledger_detail_misc.php
phpcompta/trunk/include/template/ledger_detail_ven.php
Log:
Security ; bug javascript attack in detail operations
Modified: phpcompta/trunk/include/template/ledger_detail_ach.php
===================================================================
--- phpcompta/trunk/include/template/ledger_detail_ach.php 2011-12-12
19:57:07 UTC (rev 4604)
+++ phpcompta/trunk/include/template/ledger_detail_ach.php 2011-12-12
20:19:20 UTC (rev 4605)
@@ -47,7 +47,7 @@
<td>
<?
$itext=new IText('npj');
-
$itext->value=$obj->det->jr_pj_number;
+
$itext->value=strip_tags($obj->det->jr_pj_number);
echo
td(_('Pièce')).td($itext->input());
?>
</td>
@@ -55,7 +55,7 @@
<td>
<?
$itext=new
IText('lib');
-
$itext->value=$obj->det->jr_comment;
+
$itext->value=strip_tags($obj->det->jr_comment);
$itext->size=40;
echo
td(_('Libellé')).td($itext->input(),' colspan="2" ');
@@ -87,7 +87,7 @@
$inote=new ITextarea('jrn_note');
$inote->width=25;
$inote->heigh=5;
- $inote->value=$obj->det->note;
+ $inote->value=strip_tags($obj->det->note);
echo $inote->input();
?>
Modified: phpcompta/trunk/include/template/ledger_detail_bottom.php
===================================================================
--- phpcompta/trunk/include/template/ledger_detail_bottom.php 2011-12-12
19:57:07 UTC (rev 4604)
+++ phpcompta/trunk/include/template/ledger_detail_bottom.php 2011-12-12
20:19:20 UTC (rev 4605)
@@ -29,7 +29,8 @@
$remove=$rmReconciliation->input();
else
$remove='';
- echo tr (td('<a class="line" href="javascript:void(0)" onclick="'.$str.'"
>'.$internal.'</A>').td(nbm($amount)).td(h($array_jr[0]['jr_comment'])).td($remove));
+ $comment=strip_tags($array_jr[0]['jr_comment']);
+ echo tr (td('<a class="line" href="javascript:void(0)" onclick="'.$str.'"
>'.$internal.'</A>').td(nbm($amount)).td($comment).td($remove));
}
echo '</table>';
}
Modified: phpcompta/trunk/include/template/ledger_detail_fin.php
===================================================================
--- phpcompta/trunk/include/template/ledger_detail_fin.php 2011-12-12
19:57:07 UTC (rev 4604)
+++ phpcompta/trunk/include/template/ledger_detail_fin.php 2011-12-12
20:19:20 UTC (rev 4605)
@@ -19,7 +19,7 @@
$date=new IDate('p_date');
$date->value=format_date($obj->det->jr_date);
echo td('Date').td($date->input());
-
+
?>
</tr>
@@ -35,7 +35,7 @@
</tr>
<tr>
<?
-
+
$bk=new Fiche($cn,$obj->det->array[0]['qf_other']);
$view_history= sprintf('<A class="detail"
HREF="javascript:view_history_card(\'%s\',\'%s\')" >%s</A>',
$bk->id, $gDossier, $bk->get_quick_code());
@@ -45,9 +45,9 @@
</tr>
<tr>
-<?
+<?
$itext=new IText('lib');
- $itext->value=$obj->det->jr_comment;
+ $itext->value=strip_tags($obj->det->jr_comment);
$itext->size=40;
echo td(_('Libellé')).td($itext->input());
@@ -55,12 +55,12 @@
?>
</tr>
<tr>
-<? echo td('montant').td($obj->det->array[0]['qf_amount'],' class="inum"');?>
+<? echo td('montant').td(nbm($obj->det->array[0]['qf_amount']),'
class="inum"');?>
</tr>
<tr>
-<?
+<?
$itext=new IText('npj');
-$itext->value=$obj->det->jr_pj_number;
+$itext->value=strip_tags($obj->det->jr_pj_number);
echo td(_('Pièce')).td($itext->input());
?>
@@ -78,7 +78,7 @@
$inote=new ITextarea('jrn_note');
$inote->width=25;
$inote->heigh=5;
-$inote->value=$obj->det->note;
+$inote->value=strip_tags($obj->det->note);
echo $inote->input();
?>
@@ -93,7 +93,7 @@
<fieldset>
<legend>
<?=_('Détail')?>
-<?
+<?
$detail=new Acc_Misc($cn,$obj->jr_id);
$detail->get();
?>
@@ -133,7 +133,7 @@
$view_history='';
$row.=td($view_history);
if ( $q[$e]['j_qcode'] !='') {
- // nom de la fiche
+ // nom de la fiche
$ff=new Fiche($cn);
$ff->get_by_qcode( $q[$e]['j_qcode']);
$row.=td($ff->strAttribut(h(ATTR_DEF_NAME)));
@@ -149,13 +149,13 @@
if ( $owner->MY_ANALYTIC != "nu" && $div == 'popup')
{
$poste=$fiche->strAttribut(ATTR_DEF_ACCOUNT);
- if ( preg_match('/^(6|7)/',$q[$e]['j_poste']))
+ if ( preg_match('/^(6|7)/',$q[$e]['j_poste']))
{
$anc_op=new Anc_Operation($cn);
$anc_op->j_id=$q[$e]['j_id'];
$row.= HtmlInput::hidden('op[]',$anc_op->j_id);
$row.=$anc_op->display_table(1,$q[$e]['j_montant'],$div);
-
+
} else {
$row.=td('');
}
Modified: phpcompta/trunk/include/template/ledger_detail_misc.php
===================================================================
--- phpcompta/trunk/include/template/ledger_detail_misc.php 2011-12-12
19:57:07 UTC (rev 4604)
+++ phpcompta/trunk/include/template/ledger_detail_misc.php 2011-12-12
20:19:20 UTC (rev 4605)
@@ -30,7 +30,7 @@
<tr><td>
<?
$itext=new
IText('lib');
-
$itext->value=$obj->det->jr_comment;
+
$itext->value=strip_tags($obj->det->jr_comment);
$itext->size=40;
echo
td(_('Libellé')).td($itext->input());
@@ -43,7 +43,7 @@
<tr><td>
<?
$itext=new
IText('npj');
-
$itext->value=$obj->det->jr_pj_number;
+
$itext->value=strip_tags($obj->det->jr_pj_number);
echo
td(_('Pièce')).td($itext->input());
?>
@@ -61,7 +61,7 @@
$inote=new
ITextarea('jrn_note');
$inote->width=25;
$inote->heigh=5;
- $inote->value=$obj->det->note;
+
$inote->value=strip_tags($obj->det->note);
echo $inote->input();
?>
Modified: phpcompta/trunk/include/template/ledger_detail_ven.php
===================================================================
--- phpcompta/trunk/include/template/ledger_detail_ven.php 2011-12-12
19:57:07 UTC (rev 4604)
+++ phpcompta/trunk/include/template/ledger_detail_ven.php 2011-12-12
20:19:20 UTC (rev 4605)
@@ -47,7 +47,7 @@
<td>
<?
$itext=new IText('npj');
-
$itext->value=$obj->det->jr_pj_number;
+
$itext->value=strip_tags($obj->det->jr_pj_number);
echo
td(_('Pièce')).td($itext->input());
?>
</td>
@@ -55,7 +55,7 @@
<td>
<?
$itext=new IText('lib');
-
$itext->value=$obj->det->jr_comment;
+
$itext->value=strip_tags($obj->det->jr_comment);
$itext->size=40;
echo
td(_('Libellé')).td($itext->input(),' colspan="2" ');
@@ -88,7 +88,7 @@
$inote=new ITextarea('jrn_note');
$inote->width=25;
$inote->heigh=5;
- $inote->value=$obj->det->note;
+ $inote->value=strip_tags($obj->det->note);
echo $inote->input();
?>
@@ -154,9 +154,9 @@
}
$row.=td($sym_tva,'style="text-align:center"');
-
+
$htva=$q['qs_price'];
-
+
$row.=td(nbm($htva),'class="num"');
$tvac=bcadd($htva,$q['qs_vat']);
if ($owner->MY_TVA_USE=='Y')
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Phpcompta-dev] r4605 - phpcompta/trunk/include/template,
phpcompta-dev <=