[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Noalyss-commit] [noalyss] 08/23: Security remove direct access to $_REQ
From: |
Dany De Bontridder |
Subject: |
[Noalyss-commit] [noalyss] 08/23: Security remove direct access to $_REQUEST |
Date: |
Tue, 24 Nov 2020 14:22:40 -0500 (EST) |
sparkyx pushed a commit to branch master
in repository noalyss.
commit 82efa19bd0ab40f42f45922bc0fc55887f6e0683
Author: sparkyx <danydb@noalyss.eu>
AuthorDate: Thu Nov 12 18:00:55 2020 +0100
Security remove direct access to $_REQUEST
---
include/class/anc_print.class.php | 11 ++++++-----
1 file changed, 6 insertions(+), 5 deletions(-)
diff --git a/include/class/anc_print.class.php
b/include/class/anc_print.class.php
index dedefcb..9f72e49 100644
--- a/include/class/anc_print.class.php
+++ b/include/class/anc_print.class.php
@@ -62,19 +62,20 @@ class Anc_Print
*/
function get_request()
{
+ $http=new HttpInput();
if ( isset($_REQUEST['from']))
- $this->from=$_REQUEST['from'];
+ $this->from=$http->request('from');
if ( isset($_REQUEST['to']))
- $this->to=$_REQUEST['to'];
+ $this->to=$http->request('to');
if ( isset($_REQUEST['from_poste']))
- $this->from_poste=$_REQUEST['from_poste'];
+ $this->from_poste=$http->request('from_poste');
if ( isset($_REQUEST['to_poste']))
- $this->to_poste=$_REQUEST['to_poste'];
+ $this->to_poste=$http->request('to_poste');
if ( isset($_REQUEST['pa_id']))
- $this->pa_id=$_REQUEST['pa_id'];
+ $this->pa_id=$http->request('pa_id');
else
$this->pa_id="";
- [Noalyss-commit] [noalyss] branch master updated (8bd9ba4 -> a723604), Dany De Bontridder, 2020/11/24
- [Noalyss-commit] [noalyss] 02/23: translate en, Dany De Bontridder, 2020/11/24
- [Noalyss-commit] [noalyss] 03/23: rename upgrade18, Dany De Bontridder, 2020/11/24
- [Noalyss-commit] [noalyss] 01/23: Security administration : add a confirmation with generate random string and record it in audit, Dany De Bontridder, 2020/11/24
- [Noalyss-commit] [noalyss] 04/23: Security, Dany De Bontridder, 2020/11/24
- [Noalyss-commit] [noalyss] 05/23: Version 8.0, Dany De Bontridder, 2020/11/24
- [Noalyss-commit] [noalyss] 08/23: Security remove direct access to $_REQUEST,
Dany De Bontridder <=
- [Noalyss-commit] [noalyss] 06/23: Follow-up : list , the name is a tip, Dany De Bontridder, 2020/11/24
- [Noalyss-commit] [noalyss] 15/23: fixup! Translate , make failed chrome because of HTML in javascript message, Dany De Bontridder, 2020/11/24
- [Noalyss-commit] [noalyss] 17/23: Typo, Dany De Bontridder, 2020/11/24
- [Noalyss-commit] [noalyss] 20/23: Fix: template doesn't delete LOB files, Dany De Bontridder, 2020/11/24
- [Noalyss-commit] [noalyss] 09/23: IText require , used for admin and password, Dany De Bontridder, 2020/11/24
- [Noalyss-commit] [noalyss] 07/23: ANCGL : export CSV add the date of payment, Dany De Bontridder, 2020/11/24
- [Noalyss-commit] [noalyss] 16/23: IText : protect against Quote and Double Quote, Dany De Bontridder, 2020/11/24
- [Noalyss-commit] [noalyss] 18/23: Merge branch 'dev8000', Dany De Bontridder, 2020/11/24
- [Noalyss-commit] [noalyss] 13/23: Translate , make failed chrome because of HTML in javascript message, Dany De Bontridder, 2020/11/24
- [Noalyss-commit] [noalyss] 21/23: CfgPlugin : improve trace, Dany De Bontridder, 2020/11/24