[Noalyss-commit] [noalyss] 74/219: Security : SQL use directly $

noalyss-commit

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Noalyss-commit] [noalyss] 74/219: Security : SQL use directly $_SESSION

From:	Dany De Bontridder
Subject:	[Noalyss-commit] [noalyss] 74/219: Security : SQL use directly $_SESSION
Date:	Mon, 18 Dec 2017 13:22:40 -0500 (EST)

sparkyx pushed a commit to branch master
in repository noalyss.

commit 4fed33db3385486ca88383ac7426b958a47532fa
Author: Dany De Bontridder <address@hidden>
Date:   Sun Oct 8 14:39:44 2017 +0200

    Security : SQL use directly $_SESSION
---
 include/class/acc_ledger.class.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/include/class/acc_ledger.class.php 
b/include/class/acc_ledger.class.php
index bbb9dcf..e5ba145 100644
--- a/include/class/acc_ledger.class.php
+++ b/include/class/acc_ledger.class.php
@@ -2934,7 +2934,7 @@ class Acc_Ledger extends jrn_def_sql
                {
                        $fil_sec = $and . " jr_def_id in ( select uj_jrn_id " .
                                        " from user_sec_jrn where " .
-                                       " uj_login='" . $_SESSION['g_user'] . 
"'" .
+                                       " uj_login='" 
.sql_string($_SESSION['g_user']) . "'" .
                                        " and uj_priv in ('R','W'))";
                }
                $where = $fil_ledger . $fil_amount . $fil_date . $fil_desc . 
$fil_sec . $fil_amount . $fil_qcode . $fil_paid . $fil_account.$fil_date_paid;

[Prev in Thread]

Current Thread

[Next in Thread]

[Noalyss-commit] [noalyss] 72/219: Warning : use new icon, (continued)
- [Noalyss-commit] [noalyss] 72/219: Warning : use new icon, Dany De Bontridder, 2017/12/18
- [Noalyss-commit] [noalyss] 36/219: Task #0001411: Faire des boutons du menu des... boutons. uniquement classic & light, Dany De Bontridder, 2017/12/18
- [Noalyss-commit] [noalyss] 66/219: CFGSEC : action and ledger are set thanks ajax Inplace_Switch : new class for ajax with a swith button, Dany De Bontridder, 2017/12/18
- [Noalyss-commit] [noalyss] 96/219: esthetic style-r692 : size icon, arrow ..., Dany De Bontridder, 2017/12/18
- [Noalyss-commit] [noalyss] 04/219: Translation, Dany De Bontridder, 2017/12/18
- [Noalyss-commit] [noalyss] 01/219: new coding convention , Change File name : class_ becomes file.class.php, Dany De Bontridder, 2017/12/18
- [Noalyss-commit] [noalyss] 37/219: Task #0001411: Faire des boutons du menu des... boutons Ajout nouveau style-r692, Dany De Bontridder, 2017/12/18
- [Noalyss-commit] [noalyss] 57/219: New : inplace_edit permit the developer to create easily a "inplace" edit field, Dany De Bontridder, 2017/12/18
- [Noalyss-commit] [noalyss] 93/219: Change background title inner_box, Dany De Bontridder, 2017/12/18
- [Noalyss-commit] [noalyss] 118/219: Task #0001297: Perfectionnement menu COMPTA/ADV/OPEN Improve operation message, Dany De Bontridder, 2017/12/18
- [Noalyss-commit] [noalyss] 74/219: Security : SQL use directly $_SESSION, Dany De Bontridder <=
- [Noalyss-commit] [noalyss] 103/219: Réécriture de CFGPCMN pour utiliser ManageTable Ajout bouton ajout dans menu, Dany De Bontridder, 2017/12/18
- [Noalyss-commit] [noalyss] 120/219: Task #0001328: Problème affichage totaux achat, Dany De Bontridder, 2017/12/18
- [Noalyss-commit] [noalyss] 119/219: Task #0001297: Perfectionnement menu COMPTA/ADV/OPEN Improve operation message, Dany De Bontridder, 2017/12/18
- [Noalyss-commit] [noalyss] 80/219: Bug : export_document the parameters id, ag_id and value are optionnal, Dany De Bontridder, 2017/12/18
- [Noalyss-commit] [noalyss] 45/219: Improve SQL class generation, Dany De Bontridder, 2017/12/18
- [Noalyss-commit] [noalyss] 101/219: Réécriture de CFGPCMN pour utiliser ManageTable, Dany De Bontridder, 2017/12/18
- [Noalyss-commit] [noalyss] 17/219: Add test for Manage_Table_SQL, Dany De Bontridder, 2017/12/18
- [Noalyss-commit] [noalyss] 127/219: Task #0001484: CA : opération diverses , possibilité d'ajouter une fiche Add card to misc operation ANC, - implemented also in Printing : balance , History , General Ledger..., Dany De Bontridder, 2017/12/18
- [Noalyss-commit] [noalyss] 144/219: ANC : Bouton "recherche" sont des loupes, Dany De Bontridder, 2017/12/18
- [Noalyss-commit] [noalyss] 25/219: Ajout des ASBL, Dany De Bontridder, 2017/12/18

Prev by Date: [Noalyss-commit] [noalyss] 118/219: Task #0001297: Perfectionnement menu COMPTA/ADV/OPEN Improve operation message
Next by Date: [Noalyss-commit] [noalyss] 103/219: Réécriture de CFGPCMN pour utiliser ManageTable Ajout bouton ajout dans menu
Previous by thread: [Noalyss-commit] [noalyss] 118/219: Task #0001297: Perfectionnement menu COMPTA/ADV/OPEN Improve operation message
Next by thread: [Noalyss-commit] [noalyss] 103/219: Réécriture de CFGPCMN pour utiliser ManageTable Ajout bouton ajout dans menu
Index(es):
- Date
- Thread