[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Noalyss-commit] [noalyss] 63/218: CFGLED : security fix : remove $_REQU
|
From: |
Dany De Bontridder |
|
Subject: |
[Noalyss-commit] [noalyss] 63/218: CFGLED : security fix : remove $_REQUEST |
|
Date: |
Thu, 12 Sep 2019 15:58:41 -0400 (EDT) |
sparkyx pushed a commit to branch entreprise
in repository noalyss.
commit 9ba82e73fc0646a381c1444704e3b3c539942eca
Author: Dany De Bontridder <address@hidden>
Date: Sun Jun 3 12:44:11 2018 +0200
CFGLED : security fix : remove $_REQUEST
---
include/cfgledger.inc.php | 16 ++++++++++------
1 file changed, 10 insertions(+), 6 deletions(-)
diff --git a/include/cfgledger.inc.php b/include/cfgledger.inc.php
index 2a1c28f..48fc3b6 100644
--- a/include/cfgledger.inc.php
+++ b/include/cfgledger.inc.php
@@ -61,8 +61,9 @@ if ( $action_frm == 'update')
$show_menu=1;
} catch (Exception $e)
{
+ record_log($e->getMessage());
record_log($e->getTraceAsString());
- alert($e->getMessage());
+ alert($e->getMessage());
}
}
@@ -71,7 +72,7 @@ if ( $action_frm == 'update')
//////////////////////////////////////////////////////////////////////////
if ($action_frm == 'delete' )
{
- $ledger->id=$http->post('p_jrn',"number");;
+ $ledger->id=$http->post('p_jrn',"number");
$ledger->load();
$name=$ledger->get_name();
try {
@@ -86,8 +87,9 @@ if ($action_frm == 'delete' )
}
catch (Exception $e)
{
+ record_log($e->getMessage());
record_log($e->getTraceAsString());
- alert ($e->getMessage());
+ alert ($e->getMessage());
}
}
@@ -108,8 +110,9 @@ if (isset($_POST['add']))
}
catch (Exception $e)
{
+ record_log($e->getMessage());
record_log($e->getTraceAsString());
- alert($e->getMessage());
+ alert($e->getMessage());
}
}
@@ -134,7 +137,7 @@ switch ($sa)
echo '<INPUT TYPE="SUBMIT" class="smallbutton"
VALUE="'._("Sauve").'" name="update"
onClick="$(\'action_frm\').value=\'update\';return
confirm_box(\'cfg_ledger_frm\',\'Valider ?\')">
<INPUT TYPE="RESET" class="smallbutton" VALUE="Reset">
<INPUT TYPE="submit" class="smallbutton" name="efface"
value="'._("Efface").'" onClick="$(\'action_frm\').value=\'delete\';return
confirm_box(\'cfg_ledger_frm\',\'Vous effacez ce journal ?\')">';
-
$href=http_build_query(array('ac'=>$_REQUEST['ac'],'gDossier'=>$_REQUEST['gDossier']));
+
$href=http_build_query(array('ac'=>$http->request('ac'),'gDossier'=>$http->request('gDossier',"number")));
echo '<a style="display:inline" class="smallbutton"
href="do.php?'.$href.'">'._('Retour').'</a>';
echo '</FORM>';
echo "</div>";
@@ -142,8 +145,9 @@ switch ($sa)
}
catch (Exception $e)
{
+ record_log($e->getMessage());
record_log($e->getTraceAsString());
- alert($e->getMessage());
+ alert($e->getMessage());
}
break;
case 'add': /* Add a new ledger */
- [Noalyss-commit] [noalyss] 147/218: Currency : detail operation Purchase , the amount in currency were wrong in the summary, (continued)
- [Noalyss-commit] [noalyss] 147/218: Currency : detail operation Purchase , the amount in currency were wrong in the summary, Dany De Bontridder, 2019/09/12
- [Noalyss-commit] [noalyss] 148/218: remove commented code, Dany De Bontridder, 2019/09/12
- [Noalyss-commit] [noalyss] 152/218: New function findSide return D if number is <0, Dany De Bontridder, 2019/09/12
- [Noalyss-commit] [noalyss] 93/218: translate, Dany De Bontridder, 2019/09/12
- [Noalyss-commit] [noalyss] 37/218: comment, Dany De Bontridder, 2019/09/12
- [Noalyss-commit] [noalyss] 50/218: Protect function nb , return the string if the parameter is not a float, Dany De Bontridder, 2019/09/12
- [Noalyss-commit] [noalyss] 52/218: Create invoice : New version of libreoffice use the numeric in another way, Dany De Bontridder, 2019/09/12
- [Noalyss-commit] [noalyss] 56/218: Fix todo_list : if list empty , gets an error in php 7.2, Dany De Bontridder, 2019/09/12
- [Noalyss-commit] [noalyss] 60/218: Security fix : f_id is a number, Dany De Bontridder, 2019/09/12
- [Noalyss-commit] [noalyss] 57/218: Security : direct injection, Dany De Bontridder, 2019/09/12
- [Noalyss-commit] [noalyss] 63/218: CFGLED : security fix : remove $_REQUEST,
Dany De Bontridder <=
- [Noalyss-commit] [noalyss] 64/218: Merge master, Dany De Bontridder, 2019/09/12
- [Noalyss-commit] [noalyss] 72/218: Merge branch 'master' into r700-currency, Dany De Bontridder, 2019/09/12
- [Noalyss-commit] [noalyss] 83/218: adapt to 7.2 ,init, Dany De Bontridder, 2019/09/12
- [Noalyss-commit] [noalyss] 86/218: Currency : show the currency of the ledger when entering info, Dany De Bontridder, 2019/09/12
- [Noalyss-commit] [noalyss] 89/218: adapt to 7.2 ,array, Dany De Bontridder, 2019/09/12
- [Noalyss-commit] [noalyss] 90/218: Code cleaning : remove SQL with hardcoded value, Dany De Bontridder, 2019/09/12
- [Noalyss-commit] [noalyss] 109/218: Indentation, Dany De Bontridder, 2019/09/12
- [Noalyss-commit] [noalyss] 121/218: Currency : error when displaying, add 4 due to a mistype instruction, Dany De Bontridder, 2019/09/12
- [Noalyss-commit] [noalyss] 126/218: Merge branch 'master' into r700-currency, Dany De Bontridder, 2019/09/12
- [Noalyss-commit] [noalyss] 117/218: Currency : cosmetic display history : show only the value of the card/accounting, Dany De Bontridder, 2019/09/12