[Noalyss-commit] [noalyss] 77/107: Security : replace direct use of $

noalyss-commit

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Noalyss-commit] [noalyss] 77/107: Security : replace direct use of $_GE

From:	Dany De Bontridder
Subject:	[Noalyss-commit] [noalyss] 77/107: Security : replace direct use of $_GET
Date:	Mon, 26 Aug 2019 10:32:05 -0400 (EDT)

sparkyx pushed a commit to branch master
in repository noalyss.

commit 12b607e9fad4ae6ab57ff06f3768a6436736dcce
Author: Dany De Bontridder <address@hidden>
Date:   Fri Aug 9 13:25:07 2019 +0200

    Security : replace direct use of $_GET
---
 include/class/print_ledger_simple.class.php | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/include/class/print_ledger_simple.class.php 
b/include/class/print_ledger_simple.class.php
index ef21133..e2f81cd 100644
--- a/include/class/print_ledger_simple.class.php
+++ b/include/class/print_ledger_simple.class.php
@@ -24,12 +24,14 @@
  *  of any ledgers
  */
 require_once NOALYSS_INCLUDE.'/class/pdf.class.php';
+require_once NOALYSS_INCLUDE.'/lib/http_input.class.php';
 
 class Print_Ledger_Simple extends PDF
 {
     public function __construct ($p_cn,  Acc_Ledger $p_jrn)
     {
 
+        $http=new HttpInput();
         if($p_cn == null) die("No database connection. Abort.");
 
         parent::__construct($p_cn,'L', 'mm', 'A4');
@@ -48,7 +50,8 @@ class Print_Ledger_Simple extends PDF
          * get rappel to initialize amount rap_xx
          *the easiest way is to compute sum from quant_
          */
-        $this->previous=$this->ledger->previous_amount($_GET['from_periode']);
+        $from_periode=$http->get('from_periode',"number");
+        $this->previous=$this->ledger->previous_amount($from_periode);
 
         /* initialize the amount to report */
         foreach($this->previous['tva'] as $line_tva)
@@ -203,8 +206,10 @@ class Print_Ledger_Simple extends PDF
     function export()
     {
       bcscale(2);
-        $a_jrn=$this->ledger->get_operation($_GET['from_periode'],
-                                            $_GET['to_periode']);
+        $http=new HttpInput();
+
+        
$a_jrn=$this->ledger->get_operation($http->get('from_periode',"number"),
+                                            $http->get('to_periode',"number"));
 
         if ( $a_jrn == null ) return;
         for ( $i=0;$i<count($a_jrn);$i++)

[Prev in Thread]

Current Thread

[Next in Thread]

[Noalyss-commit] [noalyss] 80/107: translation, (continued)
- [Noalyss-commit] [noalyss] 80/107: translation, Dany De Bontridder, 2019/08/26
- [Noalyss-commit] [noalyss] 82/107: DatabaseCore fix silent when not debug, Dany De Bontridder, 2019/08/26
- [Noalyss-commit] [noalyss] 72/107: Improve message progress bar + translation, Dany De Bontridder, 2019/08/26
- [Noalyss-commit] [noalyss] 94/107: Bug : Database::fetch_all returns an array or FALSE, because of pg_fetch_all, the version PHP7 cannot use anymore a boolean with count()., Dany De Bontridder, 2019/08/26
- [Noalyss-commit] [noalyss] 63/107: remove background color, Dany De Bontridder, 2019/08/26
- [Noalyss-commit] [noalyss] 66/107: Code cleaning : rename table mod_payment to payment_method, Dany De Bontridder, 2019/08/26
- [Noalyss-commit] [noalyss] 53/107: Select_Box new Object, Dany De Bontridder, 2019/08/26
- [Noalyss-commit] [noalyss] 55/107: Merge branch 'master' of gitlab.noalyss.eu:noalyss/noalyss, Dany De Bontridder, 2019/08/26
- [Noalyss-commit] [noalyss] 57/107: PDF_Core : code cleaning, Dany De Bontridder, 2019/08/26
- [Noalyss-commit] [noalyss] 71/107: Select_Box add a search, Dany De Bontridder, 2019/08/26
- [Noalyss-commit] [noalyss] 77/107: Security : replace direct use of $_GET, Dany De Bontridder <=
- [Noalyss-commit] [noalyss] 45/107: Replace PHPCOMPTA by NOALYSS, Dany De Bontridder, 2019/08/26
- [Noalyss-commit] [noalyss] 90/107: Cosmetic : add button close in history card & accounting, Dany De Bontridder, 2019/08/26
- [Noalyss-commit] [noalyss] 88/107: SQL : correct SQL script to take care of users who delete the profile no 2, Dany De Bontridder, 2019/08/26
- [Noalyss-commit] [noalyss] 104/107: 0001728: Aide à l'encodage - Journaux négatifs (note de crédit) Unit test, Dany De Bontridder, 2019/08/26
- [Noalyss-commit] [noalyss] 48/107: Doxygen does not allow to document javascript Remove tag for using with jsdoc, Dany De Bontridder, 2019/08/26
- [Noalyss-commit] [noalyss] 89/107: Task #1735: Détail opération utilisation icone poubelle, Dany De Bontridder, 2019/08/26
- [Noalyss-commit] [noalyss] 103/107: Fix 0001728: Aide à l'encodage - Journaux négatifs (note de crédit) SQL Scripts, Dany De Bontridder, 2019/08/26
- [Noalyss-commit] [noalyss] 97/107: New : InputSwitch, display a switch and change the value of a hidden variable, Dany De Bontridder, 2019/08/26
- [Noalyss-commit] [noalyss] 102/107: New Task 1728: Aide à l'encodage - Journaux négatifs (note de crédit), Dany De Bontridder, 2019/08/26
- [Noalyss-commit] [noalyss] 42/107: squash! PHPUnit : adapt to new version, Dany De Bontridder, 2019/08/26

Prev by Date: [Noalyss-commit] [noalyss] 71/107: Select_Box add a search
Next by Date: [Noalyss-commit] [noalyss] 45/107: Replace PHPCOMPTA by NOALYSS
Previous by thread: [Noalyss-commit] [noalyss] 71/107: Select_Box add a search
Next by thread: [Noalyss-commit] [noalyss] 45/107: Replace PHPCOMPTA by NOALYSS
Index(es):
- Date
- Thread