[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Noalyss-commit] [noalyss] 74/219: Security : SQL use directly $_SESSION
From: |
Dany De Bontridder |
Subject: |
[Noalyss-commit] [noalyss] 74/219: Security : SQL use directly $_SESSION |
Date: |
Mon, 18 Dec 2017 13:22:40 -0500 (EST) |
sparkyx pushed a commit to branch master
in repository noalyss.
commit 4fed33db3385486ca88383ac7426b958a47532fa
Author: Dany De Bontridder <address@hidden>
Date: Sun Oct 8 14:39:44 2017 +0200
Security : SQL use directly $_SESSION
---
include/class/acc_ledger.class.php | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/include/class/acc_ledger.class.php
b/include/class/acc_ledger.class.php
index bbb9dcf..e5ba145 100644
--- a/include/class/acc_ledger.class.php
+++ b/include/class/acc_ledger.class.php
@@ -2934,7 +2934,7 @@ class Acc_Ledger extends jrn_def_sql
{
$fil_sec = $and . " jr_def_id in ( select uj_jrn_id " .
" from user_sec_jrn where " .
- " uj_login='" . $_SESSION['g_user'] .
"'" .
+ " uj_login='"
.sql_string($_SESSION['g_user']) . "'" .
" and uj_priv in ('R','W'))";
}
$where = $fil_ledger . $fil_amount . $fil_date . $fil_desc .
$fil_sec . $fil_amount . $fil_qcode . $fil_paid . $fil_account.$fil_date_paid;
- [Noalyss-commit] [noalyss] 72/219: Warning : use new icon, (continued)
- [Noalyss-commit] [noalyss] 72/219: Warning : use new icon, Dany De Bontridder, 2017/12/18
- [Noalyss-commit] [noalyss] 36/219: Task #0001411: Faire des boutons du menu des... boutons. uniquement classic & light, Dany De Bontridder, 2017/12/18
- [Noalyss-commit] [noalyss] 66/219: CFGSEC : action and ledger are set thanks ajax Inplace_Switch : new class for ajax with a swith button, Dany De Bontridder, 2017/12/18
- [Noalyss-commit] [noalyss] 96/219: esthetic style-r692 : size icon, arrow ..., Dany De Bontridder, 2017/12/18
- [Noalyss-commit] [noalyss] 04/219: Translation, Dany De Bontridder, 2017/12/18
- [Noalyss-commit] [noalyss] 01/219: new coding convention , Change File name : class_ becomes file.class.php, Dany De Bontridder, 2017/12/18
- [Noalyss-commit] [noalyss] 37/219: Task #0001411: Faire des boutons du menu des... boutons Ajout nouveau style-r692, Dany De Bontridder, 2017/12/18
- [Noalyss-commit] [noalyss] 57/219: New : inplace_edit permit the developer to create easily a "inplace" edit field, Dany De Bontridder, 2017/12/18
- [Noalyss-commit] [noalyss] 93/219: Change background title inner_box, Dany De Bontridder, 2017/12/18
- [Noalyss-commit] [noalyss] 118/219: Task #0001297: Perfectionnement menu COMPTA/ADV/OPEN Improve operation message, Dany De Bontridder, 2017/12/18
- [Noalyss-commit] [noalyss] 74/219: Security : SQL use directly $_SESSION,
Dany De Bontridder <=
- [Noalyss-commit] [noalyss] 103/219: Réécriture de CFGPCMN pour utiliser ManageTable Ajout bouton ajout dans menu, Dany De Bontridder, 2017/12/18
- [Noalyss-commit] [noalyss] 120/219: Task #0001328: Problème affichage totaux achat, Dany De Bontridder, 2017/12/18
- [Noalyss-commit] [noalyss] 119/219: Task #0001297: Perfectionnement menu COMPTA/ADV/OPEN Improve operation message, Dany De Bontridder, 2017/12/18
- [Noalyss-commit] [noalyss] 80/219: Bug : export_document the parameters id, ag_id and value are optionnal, Dany De Bontridder, 2017/12/18
- [Noalyss-commit] [noalyss] 45/219: Improve SQL class generation, Dany De Bontridder, 2017/12/18
- [Noalyss-commit] [noalyss] 101/219: Réécriture de CFGPCMN pour utiliser ManageTable, Dany De Bontridder, 2017/12/18
- [Noalyss-commit] [noalyss] 17/219: Add test for Manage_Table_SQL, Dany De Bontridder, 2017/12/18
- [Noalyss-commit] [noalyss] 127/219: Task #0001484: CA : opération diverses , possibilité d'ajouter une fiche Add card to misc operation ANC, - implemented also in Printing : balance , History , General Ledger..., Dany De Bontridder, 2017/12/18
- [Noalyss-commit] [noalyss] 144/219: ANC : Bouton "recherche" sont des loupes, Dany De Bontridder, 2017/12/18
- [Noalyss-commit] [noalyss] 25/219: Ajout des ASBL, Dany De Bontridder, 2017/12/18