[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Noalyss-commit] [noalyss] 60/238: Security fix : f_id is a number
From: |
Dany De Bontridder |
Subject: |
[Noalyss-commit] [noalyss] 60/238: Security fix : f_id is a number |
Date: |
Sat, 26 Oct 2019 04:40:33 -0400 (EDT) |
sparkyx pushed a commit to annotated tag rel7110
in repository noalyss.
commit 169fb9cf51dbc25ef44a27a2966735bd55eca152
Author: Dany De Bontridder <address@hidden>
Date: Sat Jun 2 08:33:03 2018 +0200
Security fix : f_id is a number
---
include/lib/html_input.class.php | 1 +
1 file changed, 1 insertion(+)
diff --git a/include/lib/html_input.class.php b/include/lib/html_input.class.php
index 0892966..d1f88f9 100755
--- a/include/lib/html_input.class.php
+++ b/include/lib/html_input.class.php
@@ -827,6 +827,7 @@ class HtmlInput
static function title_box($p_name, $p_div, $p_mod="close", $p_js="",
$p_draggable="n")
{
+ $p_div=strip_tags($p_div);
$r='<div class="bxbutton">';
// If draggable : display a icon to unpin and move the dialog box
- [Noalyss-commit] [noalyss] 59/238: Security fix : f_id is a number, (continued)
- [Noalyss-commit] [noalyss] 59/238: Security fix : f_id is a number, Dany De Bontridder, 2019/10/26
- [Noalyss-commit] [noalyss] 74/238: Merge branch 'r700-currency' of gitlab.noalyss.eu:noalyss/noalyss into r700-currency, Dany De Bontridder, 2019/10/26
- [Noalyss-commit] [noalyss] 63/238: CFGLED : security fix : remove $_REQUEST, Dany De Bontridder, 2019/10/26
- [Noalyss-commit] [noalyss] 66/238: Remove the default "<div class=content>" which lead to cosmetic bug in the plugins, Dany De Bontridder, 2019/10/26
- [Noalyss-commit] [noalyss] 75/238: Improve waiting box, Dany De Bontridder, 2019/10/26
- [Noalyss-commit] [noalyss] 88/238: FIN : cosmetic : bug due the currency feature in the input there are 2 supplementary rows for total in EUR and CURRENCY. Those rows don't exist for FIN, Dany De Bontridder, 2019/10/26
- [Noalyss-commit] [noalyss] 85/238: Currency : financial ledger can be set to a specific currency, Dany De Bontridder, 2019/10/26
- [Noalyss-commit] [noalyss] 105/238: Background color, Dany De Bontridder, 2019/10/26
- [Noalyss-commit] [noalyss] 107/238: Currency : export PDF and CSV with currency for printing financial ledger listing(oneline), Dany De Bontridder, 2019/10/26
- [Noalyss-commit] [noalyss] 55/238: integrate fix for bug in insert_quant_purchase which cannot save private fee Conflicts: include/sql/patch/upgrade128.sql, Dany De Bontridder, 2019/10/26
- [Noalyss-commit] [noalyss] 60/238: Security fix : f_id is a number,
Dany De Bontridder <=
- [Noalyss-commit] [noalyss] 57/238: Security : direct injection, Dany De Bontridder, 2019/10/26
- [Noalyss-commit] [noalyss] 67/238: Documentation, Dany De Bontridder, 2019/10/26
- [Noalyss-commit] [noalyss] 73/238: Merge branch 'r700-currency' of gitlab.noalyss.eu:noalyss/noalyss into r700-currency, Dany De Bontridder, 2019/10/26
- [Noalyss-commit] [noalyss] 71/238: Check for date and number : isdate and isnumeric, Dany De Bontridder, 2019/10/26
- [Noalyss-commit] [noalyss] 79/238: Bug : in Purchase and Sale , the last rows disappear when we change the ledger, Dany De Bontridder, 2019/10/26
- [Noalyss-commit] [noalyss] 49/238: Update documentation, Dany De Bontridder, 2019/10/26
- [Noalyss-commit] [noalyss] 54/238: Bug 1600 : alphanumeric accounting must be case insensitive, Dany De Bontridder, 2019/10/26
- [Noalyss-commit] [noalyss] 56/238: Fix todo_list : if list empty , gets an error in php 7.2, Dany De Bontridder, 2019/10/26
- [Noalyss-commit] [noalyss] 61/238: Task #1619 : CFGLED change label for "Donner ici la fiche du compte en banque", Dany De Bontridder, 2019/10/26
- [Noalyss-commit] [noalyss] 69/238: Create lib for Tabs, Dany De Bontridder, 2019/10/26