noalyss-commit
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Noalyss-commit] [noalyss] 01/14: Protect $_POST variable

From: Dany De Bontridder
Subject: [Noalyss-commit] [noalyss] 01/14: Protect $_POST variable
Date: Wed, 28 Oct 2015 09:56:54 +0000 
sparkyx pushed a commit to branch master
in repository noalyss.

commit b7d27af6e91b71c9030113e627886ac45f81337b
Author: Dany De Bontridder <address@hidden>
Date:   Sun Oct 25 17:32:51 2015 +0100

    Protect $_POST variable
---
 include/ajax/ajax_ledger.php |    5 ++++-
 1 files changed, 4 insertions(+), 1 deletions(-)

diff --git a/include/ajax/ajax_ledger.php b/include/ajax/ajax_ledger.php
index 4b639bc..d1f455f 100644
--- a/include/ajax/ajax_ledger.php
+++ b/include/ajax/ajax_ledger.php
@@ -146,7 +146,10 @@ case 'rmop':
             {
                 $cn->start();
                 $oLedger=new Acc_Ledger($cn,$ledger);
-                $oLedger->jr_id=$_REQUEST['jr_id'];
+                
$oLedger->jr_id=HtmlInput::default_value_request($_REQUEST['jr_id'],0);
+                if ( $oLedger->jr_id == 0 || 
+                     isNumber($oLedger->jr_id) == 0)
+                    throw new Exception (_('Donnée invalide'));
                 $oLedger->delete();
                 $cn->commit();
                 echo _("Opération Effacée");
reply via email to
[Prev in Thread] Current Thread [Next in Thread]