[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Dolibarr-bugtrack] [bug #18801] trop de stripslashes
From: |
Franky Van Liedekerke |
Subject: |
[Dolibarr-bugtrack] [bug #18801] trop de stripslashes |
Date: |
Tue, 16 Jan 2007 15:56:58 +0000 |
User-agent: |
Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.9) Gecko/20070102 Ubuntu/dapper-security Firefox/1.5.0.9 |
URL:
<http://savannah.nongnu.org/bugs/?18801>
Summary: trop de stripslashes
Project: Dolibarr
Submitted by: liedekef
Submitted on: Tuesday 01/16/2007 at 15:56
Severity: 3 - Normal
Status: None
Privacy: Public
Assigned to: None
Open/Closed: Open
Discussion Lock: Any
Release: None
Operating System: None
_______________________________________________________
Details:
Bonjour,
j'ai vu que dolibarr fait le suivant en main.inc.php:
if (get_magic_quotes_gpc())
{
$_GET = array_map('stripslashes_deep', $_GET);
$_POST = array_map('stripslashes_deep', $_POST);
$_COOKIE = array_map('stripslashes_deep', $_COOKIE);
$_REQUEST = array_map('stripslashes_deep', $_REQUEST);
}
ceci est tres bon (et alors mon besoignes de stripslashes dans le fonction de
Yannick n'est plus valable).
Mais: j'ai trouvé dans le code:
htdocs/telephonie/client/new.php: $soc->nom =
stripslashes($_POST["nom"]);
htdocs/telephonie/client/new.php: $soc->adresse =
stripslashes($_POST["adresse"]);
htdocs/telephonie/client/new.php: $soc->cp =
stripslashes($_POST["cp"]);
htdocs/telephonie/client/new.php: $soc->ville =
stripslashes($_POST["ville"]);
htdocs/telephonie/client/new.php: $soc->pays_id =
stripslashes($_POST["pays_id"]);
htdocs/telephonie/client/new.php: $soc->tel =
stripslashes($_POST["tel"]);
htdocs/telephonie/client/new.php: $soc->fax =
stripslashes($_POST["fax"]);
htdocs/telephonie/client/new.php: $soc->code_fournisseur =
stripslashes($_POST["code_fournisseur"]);
htdocs/telephonie/client/new.php: $soc->codeclient_modifiable =
stripslashes($_POST["codeclient_modifiable"]);
htdocs/telephonie/client/new.php: $soc->codefournisseur_modifiable =
stripslashes($_POST["codefournisseur_modifiable"]);
htdocs/compta/prelevement/liste_factures.php: print '<input size="20"
class="flat" type="text" name="search_nom"
value="'.stripslashes($_GET["search_nom"]).'">';
htdocs/projet/liste.php: print '<input type="text" class="flat"
name="search_label" value="'.stripslashes($_GET["search_label"]).'">';
Je crois bien qu'il faut enlever le stripslashes ici, non?
Franky
_______________________________________________________
Reply to this item at:
<http://savannah.nongnu.org/bugs/?18801>
_______________________________________________
Message sent via/by Savannah
http://savannah.nongnu.org/
- [Dolibarr-bugtrack] [bug #18801] trop de stripslashes,
Franky Van Liedekerke <=