[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Noalyss-commit] [noalyss] 60/218: Security fix : f_id is a number
|
From: |
Dany De Bontridder |
|
Subject: |
[Noalyss-commit] [noalyss] 60/218: Security fix : f_id is a number |
|
Date: |
Thu, 12 Sep 2019 15:58:41 -0400 (EDT) |
sparkyx pushed a commit to branch entreprise
in repository noalyss.
commit 169fb9cf51dbc25ef44a27a2966735bd55eca152
Author: Dany De Bontridder <address@hidden>
Date: Sat Jun 2 08:33:03 2018 +0200
Security fix : f_id is a number
---
include/lib/html_input.class.php | 1 +
1 file changed, 1 insertion(+)
diff --git a/include/lib/html_input.class.php b/include/lib/html_input.class.php
index 0892966..d1f88f9 100755
--- a/include/lib/html_input.class.php
+++ b/include/lib/html_input.class.php
@@ -827,6 +827,7 @@ class HtmlInput
static function title_box($p_name, $p_div, $p_mod="close", $p_js="",
$p_draggable="n")
{
+ $p_div=strip_tags($p_div);
$r='<div class="bxbutton">';
// If draggable : display a icon to unpin and move the dialog box
- [Noalyss-commit] [noalyss] 134/218: use of httpInput, (continued)
- [Noalyss-commit] [noalyss] 134/218: use of httpInput, Dany De Bontridder, 2019/09/12
- [Noalyss-commit] [noalyss] 142/218: Currency : Precision 6, Dany De Bontridder, 2019/09/12
- [Noalyss-commit] [noalyss] 147/218: Currency : detail operation Purchase , the amount in currency were wrong in the summary, Dany De Bontridder, 2019/09/12
- [Noalyss-commit] [noalyss] 148/218: remove commented code, Dany De Bontridder, 2019/09/12
- [Noalyss-commit] [noalyss] 152/218: New function findSide return D if number is <0, Dany De Bontridder, 2019/09/12
- [Noalyss-commit] [noalyss] 93/218: translate, Dany De Bontridder, 2019/09/12
- [Noalyss-commit] [noalyss] 37/218: comment, Dany De Bontridder, 2019/09/12
- [Noalyss-commit] [noalyss] 50/218: Protect function nb , return the string if the parameter is not a float, Dany De Bontridder, 2019/09/12
- [Noalyss-commit] [noalyss] 52/218: Create invoice : New version of libreoffice use the numeric in another way, Dany De Bontridder, 2019/09/12
- [Noalyss-commit] [noalyss] 56/218: Fix todo_list : if list empty , gets an error in php 7.2, Dany De Bontridder, 2019/09/12
- [Noalyss-commit] [noalyss] 60/218: Security fix : f_id is a number,
Dany De Bontridder <=
- [Noalyss-commit] [noalyss] 57/218: Security : direct injection, Dany De Bontridder, 2019/09/12
- [Noalyss-commit] [noalyss] 63/218: CFGLED : security fix : remove $_REQUEST, Dany De Bontridder, 2019/09/12
- [Noalyss-commit] [noalyss] 64/218: Merge master, Dany De Bontridder, 2019/09/12
- [Noalyss-commit] [noalyss] 72/218: Merge branch 'master' into r700-currency, Dany De Bontridder, 2019/09/12
- [Noalyss-commit] [noalyss] 83/218: adapt to 7.2 ,init, Dany De Bontridder, 2019/09/12
- [Noalyss-commit] [noalyss] 86/218: Currency : show the currency of the ledger when entering info, Dany De Bontridder, 2019/09/12
- [Noalyss-commit] [noalyss] 89/218: adapt to 7.2 ,array, Dany De Bontridder, 2019/09/12
- [Noalyss-commit] [noalyss] 90/218: Code cleaning : remove SQL with hardcoded value, Dany De Bontridder, 2019/09/12
- [Noalyss-commit] [noalyss] 109/218: Indentation, Dany De Bontridder, 2019/09/12
- [Noalyss-commit] [noalyss] 121/218: Currency : error when displaying, add 4 due to a mistype instruction, Dany De Bontridder, 2019/09/12