[Noalyss-commit] [noalyss] 13/19: Security : direct access to GLOBALS

noalyss-commit

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Noalyss-commit] [noalyss] 13/19: Security : direct access to GLOBALS

From:	Dany De Bontridder
Subject:	[Noalyss-commit] [noalyss] 13/19: Security : direct access to GLOBALS
Date:	Mon, 9 Sep 2019 13:55:00 -0400 (EDT)

sparkyx pushed a commit to branch master
in repository noalyss.

commit ed0d7bc30bf597fe8c9dc9ad1ad101069388fcf0
Author: Dany De Bontridder <address@hidden>
Date:   Mon Sep 9 08:12:34 2019 +0200

    Security : direct access to GLOBALS
---
 include/supplier.inc.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/include/supplier.inc.php b/include/supplier.inc.php
index acbd673..259ca12 100644
--- a/include/supplier.inc.php
+++ b/include/supplier.inc.php
@@ -56,7 +56,7 @@ if ( isset($_POST['action_fiche'] ) )
             return;
         }
 
-        $f_id=$_REQUEST['f_id'];
+        $f_id = $http->request('f_id','number');
 
         $fiche=new Supplier($cn,$f_id);
         $fiche->remove();
@@ -107,7 +107,7 @@ if ( $low_action == "list" )
                                                                      </div>
                                                                      <?php
                                                                      
$supplier=new Supplier($cn);
-    $search=(isset($_GET['query']))?$_GET['query']:"";
+    $search=$http->get("query","string","");
     $sql="";
     if (isset($_GET['cat']))
     {

[Prev in Thread]

Current Thread

[Next in Thread]

[Noalyss-commit] [noalyss] 14/19: Fiche:GetByDef if nothing is found returns empty array, (continued)
- [Noalyss-commit] [noalyss] 14/19: Fiche:GetByDef if nothing is found returns empty array, Dany De Bontridder, 2019/09/09
- [Noalyss-commit] [noalyss] 16/19: Fiche Cosmetic :, Dany De Bontridder, 2019/09/09
- [Noalyss-commit] [noalyss] 04/19: Correct Add button for ledger when creating FIN ledger, Dany De Bontridder, 2019/09/09
- [Noalyss-commit] [noalyss] 05/19: Bug prerelease : Cannot save preference, Dany De Bontridder, 2019/09/09
- [Noalyss-commit] [noalyss] 07/19: Code : mistype variable $step, Dany De Bontridder, 2019/09/09
- [Noalyss-commit] [noalyss] 06/19: Code : missing semicolon, Dany De Bontridder, 2019/09/09
- [Noalyss-commit] [noalyss] 15/19: Security : direct access to GLOBALS, Dany De Bontridder, 2019/09/09
- [Noalyss-commit] [noalyss] 17/19: Merge branch 'dev7109', Dany De Bontridder, 2019/09/09
- [Noalyss-commit] [noalyss] 19/19: Merge branch 'master' of gitlab.noalyss.eu:noalyss/noalyss, Dany De Bontridder, 2019/09/09
- [Noalyss-commit] [noalyss] 08/19: verif_bil : fetch_all return false or an array, comptability PHP7, Dany De Bontridder, 2019/09/09
- [Noalyss-commit] [noalyss] 13/19: Security : direct access to GLOBALS, Dany De Bontridder <=
- [Noalyss-commit] [noalyss] 09/19: Security : direct access to GLOBALS, Dany De Bontridder, 2019/09/09
- [Noalyss-commit] [noalyss] 18/19: Cleaning, Dany De Bontridder, 2019/09/09

Prev by Date: [Noalyss-commit] [noalyss] 08/19: verif_bil : fetch_all return false or an array, comptability PHP7
Next by Date: [Noalyss-commit] [noalyss] 09/19: Security : direct access to GLOBALS
Previous by thread: [Noalyss-commit] [noalyss] 08/19: verif_bil : fetch_all return false or an array, comptability PHP7
Next by thread: [Noalyss-commit] [noalyss] 09/19: Security : direct access to GLOBALS
Index(es):
- Date
- Thread