[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Dolibarr-git] [Dolibarr/dolibarr] c0f4ec: FIX sanitize param $action
|
From: |
Laurent Destailleur |
|
Subject: |
[Dolibarr-git] [Dolibarr/dolibarr] c0f4ec: FIX sanitize param $action |
|
Date: |
Mon, 05 Nov 2018 11:29:50 -0800 |
Branch: refs/heads/develop
Home: https://github.com/Dolibarr/dolibarr
Commit: c0f4ec5a3e06c79c3a4629174cf1bfbf0389e668
https://github.com/Dolibarr/dolibarr/commit/c0f4ec5a3e06c79c3a4629174cf1bfbf0389e668
Author: Laurent Destailleur <address@hidden>
Date: 2018-11-05 (Mon, 05 Nov 2018)
Changed paths:
M htdocs/accountancy/admin/accountmodel.php
M htdocs/accountancy/admin/categories_list.php
M htdocs/accountancy/admin/defaultaccounts.php
M htdocs/accountancy/admin/export.php
M htdocs/accountancy/admin/fiscalyear_card.php
M htdocs/accountancy/admin/index.php
M htdocs/accountancy/admin/journals_list.php
M htdocs/accountancy/admin/productaccount.php
M htdocs/accountancy/bookkeeping/balance.php
M htdocs/accountancy/bookkeeping/list.php
M htdocs/accountancy/bookkeeping/listbyaccount.php
M htdocs/accountancy/customer/card.php
M htdocs/accountancy/expensereport/card.php
M htdocs/accountancy/supplier/card.php
M htdocs/adherents/admin/adherent_extrafields.php
M htdocs/adherents/admin/adherent_type_extrafields.php
M htdocs/adherents/admin/website.php
M htdocs/admin/agenda_extrafields.php
M htdocs/admin/bank.php
M htdocs/admin/bank_extrafields.php
M htdocs/admin/dav.php
M htdocs/admin/emailcollector_card.php
M htdocs/admin/expedition_extrafields.php
M htdocs/admin/expeditiondet_extrafields.php
M htdocs/admin/expensereport_extrafields.php
M htdocs/admin/livraison_extrafields.php
M htdocs/admin/livraisondet_extrafields.php
M htdocs/admin/loan.php
M htdocs/admin/multicurrency.php
M htdocs/admin/oauth.php
M htdocs/admin/order_extrafields.php
M htdocs/admin/orderdet_extrafields.php
M htdocs/admin/resource.php
M htdocs/admin/resource_extrafields.php
M htdocs/admin/salaries.php
M htdocs/admin/supplier_invoice.php
M htdocs/admin/supplier_order.php
M htdocs/admin/supplierinvoice_extrafields.php
M htdocs/admin/supplierinvoicedet_extrafields.php
M htdocs/admin/supplierorder_extrafields.php
M htdocs/admin/supplierorderdet_extrafields.php
M htdocs/admin/ticket.php
M htdocs/admin/ticket_extrafields.php
M htdocs/admin/tools/listevents.php
M htdocs/admin/tools/listsessions.php
M htdocs/admin/workflow.php
M htdocs/asset/admin/assets_extrafields.php
M htdocs/asset/admin/assets_type_extrafields.php
M htdocs/asset/admin/setup.php
M htdocs/asset/card.php
M htdocs/asset/note.php
M htdocs/categories/admin/categorie_extrafields.php
M htdocs/comm/action/document.php
M htdocs/comm/admin/propal_extrafields.php
M htdocs/comm/admin/propaldet_extrafields.php
M htdocs/comm/index.php
M htdocs/comm/propal/card.php
M htdocs/commande/card.php
M htdocs/compta/bank/document.php
M htdocs/compta/bank/releve.php
M htdocs/compta/bank/various_payment/card.php
M htdocs/compta/facture/admin/facture_cust_extrafields.php
M htdocs/compta/facture/admin/facture_rec_cust_extrafields.php
M htdocs/compta/facture/admin/facturedet_cust_extrafields.php
M htdocs/compta/facture/admin/facturedet_rec_cust_extrafields.php
M htdocs/compta/facture/card.php
M htdocs/compta/index.php
M htdocs/compta/paiement/cheque/card.php
M htdocs/compta/paiement_charge.php
M htdocs/contrat/admin/contract_extrafields.php
M htdocs/contrat/admin/contractdet_extrafields.php
M htdocs/core/ajax/selectobject.php
M htdocs/core/lib/functions.lib.php
M htdocs/core/modules/oauth/github_oauthcallback.php
M htdocs/core/modules/oauth/google_oauthcallback.php
M htdocs/core/modules/oauth/stripetest_oauthcallback.php
M htdocs/core/tpl/commonfields_add.tpl.php
M htdocs/datapolicy/admin/setup.php
M htdocs/datapolicy/admin/setupmail.php
M htdocs/datapolicy/public/index.php
M htdocs/don/admin/donation_extrafields.php
M htdocs/emailcollector/class/emailcollector.class.php
M htdocs/exports/export.php
M htdocs/fichinter/admin/fichinter_extrafields.php
M htdocs/fichinter/admin/fichinterdet_extrafields.php
M htdocs/fichinter/card-rec.php
M htdocs/fourn/commande/contact.php
M htdocs/fourn/commande/orderstoinvoice.php
M htdocs/holiday/card.php
M htdocs/hrm/admin/admin_hrm.php
M htdocs/langs/en_US/admin.lang
M htdocs/livraison/card.php
M htdocs/modulebuilder/admin/setup.php
M htdocs/modulebuilder/template/admin/about.php
M htdocs/modulebuilder/template/admin/setup.php
M htdocs/modulebuilder/template/mymoduleindex.php
M htdocs/modulebuilder/template/myobject_agenda.php
M htdocs/modulebuilder/template/myobject_card.php
M htdocs/modulebuilder/template/myobject_note.php
M htdocs/product/admin/dynamic_prices.php
M htdocs/product/admin/product_extrafields.php
M htdocs/product/admin/product_lot_extrafields.php
M htdocs/product/ajax/products.php
M htdocs/product/dynamic_price/editor.php
M htdocs/product/fournisseurs.php
M htdocs/product/inventory/card.php
M htdocs/product/price.php
M htdocs/projet/admin/project_extrafields.php
M htdocs/projet/admin/project_task_extrafields.php
M htdocs/projet/ajax/projects.php
M htdocs/projet/tasks.php
M htdocs/public/ticket/create_ticket.php
M htdocs/public/ticket/index.php
M htdocs/public/ticket/list.php
M htdocs/public/ticket/view.php
M htdocs/societe/admin/contact_extrafields.php
M htdocs/societe/admin/societe_extrafields.php
M htdocs/societe/ajax/company.php
M htdocs/societe/price.php
M htdocs/supplier_proposal/admin/supplier_proposal_extrafields.php
M htdocs/supplier_proposal/admin/supplier_proposaldet_extrafields.php
M htdocs/supplier_proposal/card.php
M htdocs/supplier_proposal/contact.php
M htdocs/takepos/admin/about.php
M htdocs/ticket/card.php
M htdocs/ticket/history.php
M htdocs/ticket/index.php
M htdocs/ticket/new.php
M htdocs/user/admin/group_extrafields.php
M htdocs/user/admin/user_extrafields.php
M htdocs/user/group/card.php
M htdocs/user/group/ldap.php
M htdocs/user/group/perms.php
M htdocs/user/passwordforgotten.php
M htdocs/user/perms.php
M htdocs/website/websiteaccount_card.php
Log Message:
-----------
FIX sanitize param $action
Commit: 763f3cd5189c0dbc9b18e9da15788da71773a4c6
https://github.com/Dolibarr/dolibarr/commit/763f3cd5189c0dbc9b18e9da15788da71773a4c6
Author: Laurent Destailleur <address@hidden>
Date: 2018-11-05 (Mon, 05 Nov 2018)
Changed paths:
M htdocs/core/lib/functions.lib.php
M htdocs/core/tpl/commonfields_add.tpl.php
M htdocs/core/tpl/commonfields_edit.tpl.php
M htdocs/core/tpl/commonfields_view.tpl.php
M htdocs/emailcollector/class/emailcollector.class.php
Log Message:
-----------
Debug modulebuilder
Commit: 4a25317f1036859eae8d53f8a71bd1775e727735
https://github.com/Dolibarr/dolibarr/commit/4a25317f1036859eae8d53f8a71bd1775e727735
Author: Laurent Destailleur <address@hidden>
Date: 2018-11-05 (Mon, 05 Nov 2018)
Changed paths:
M htdocs/accountancy/admin/export.php
M htdocs/accountancy/bookkeeping/listbyaccount.php
M htdocs/accountancy/customer/card.php
M htdocs/accountancy/expensereport/card.php
M htdocs/accountancy/supplier/card.php
M htdocs/adherents/admin/adherent_extrafields.php
M htdocs/adherents/admin/adherent_type_extrafields.php
M htdocs/adherents/admin/website.php
M htdocs/admin/agenda_extrafields.php
M htdocs/admin/bank.php
M htdocs/admin/bank_extrafields.php
M htdocs/admin/dav.php
M htdocs/admin/emailcollector_card.php
M htdocs/admin/expedition_extrafields.php
M htdocs/admin/expeditiondet_extrafields.php
M htdocs/admin/expensereport_extrafields.php
M htdocs/admin/livraison_extrafields.php
M htdocs/admin/livraisondet_extrafields.php
M htdocs/admin/loan.php
M htdocs/admin/multicurrency.php
M htdocs/admin/oauth.php
M htdocs/admin/order_extrafields.php
M htdocs/admin/orderdet_extrafields.php
M htdocs/admin/resource.php
M htdocs/admin/resource_extrafields.php
M htdocs/admin/salaries.php
M htdocs/admin/supplier_invoice.php
M htdocs/admin/supplier_order.php
M htdocs/admin/supplierinvoice_extrafields.php
M htdocs/admin/supplierinvoicedet_extrafields.php
M htdocs/admin/supplierorder_extrafields.php
M htdocs/admin/supplierorderdet_extrafields.php
M htdocs/admin/ticket.php
M htdocs/admin/ticket_extrafields.php
M htdocs/admin/tools/listevents.php
M htdocs/admin/tools/listsessions.php
M htdocs/admin/workflow.php
M htdocs/asset/admin/assets_extrafields.php
M htdocs/asset/admin/assets_type_extrafields.php
M htdocs/asset/admin/setup.php
M htdocs/asset/card.php
M htdocs/asset/note.php
M htdocs/categories/admin/categorie_extrafields.php
M htdocs/comm/action/document.php
M htdocs/comm/admin/propal_extrafields.php
M htdocs/comm/admin/propaldet_extrafields.php
M htdocs/comm/index.php
M htdocs/comm/propal/card.php
M htdocs/commande/card.php
M htdocs/compta/bank/document.php
M htdocs/compta/bank/releve.php
M htdocs/compta/bank/various_payment/card.php
M htdocs/compta/facture/admin/facture_cust_extrafields.php
M htdocs/compta/facture/admin/facture_rec_cust_extrafields.php
M htdocs/compta/facture/admin/facturedet_cust_extrafields.php
M htdocs/compta/facture/admin/facturedet_rec_cust_extrafields.php
M htdocs/compta/facture/card.php
M htdocs/compta/index.php
M htdocs/compta/paiement/cheque/card.php
M htdocs/compta/paiement_charge.php
M htdocs/contrat/admin/contract_extrafields.php
M htdocs/contrat/admin/contractdet_extrafields.php
M htdocs/core/ajax/selectobject.php
M htdocs/core/class/translate.class.php
M htdocs/core/lib/functions.lib.php
M htdocs/core/modules/oauth/github_oauthcallback.php
M htdocs/core/modules/oauth/google_oauthcallback.php
M htdocs/core/modules/oauth/stripetest_oauthcallback.php
M htdocs/datapolicy/admin/setup.php
M htdocs/datapolicy/admin/setupmail.php
M htdocs/datapolicy/public/index.php
M htdocs/don/admin/donation_extrafields.php
M htdocs/emailcollector/class/emailcollector.class.php
M htdocs/exports/export.php
M htdocs/fichinter/admin/fichinter_extrafields.php
M htdocs/fichinter/admin/fichinterdet_extrafields.php
M htdocs/fichinter/card-rec.php
M htdocs/fourn/commande/contact.php
M htdocs/fourn/commande/orderstoinvoice.php
M htdocs/holiday/card.php
M htdocs/hrm/admin/admin_hrm.php
M htdocs/langs/en_US/admin.lang
M htdocs/livraison/card.php
M htdocs/modulebuilder/admin/setup.php
M htdocs/modulebuilder/template/admin/about.php
M htdocs/modulebuilder/template/admin/setup.php
M htdocs/modulebuilder/template/mymoduleindex.php
M htdocs/modulebuilder/template/myobject_agenda.php
M htdocs/modulebuilder/template/myobject_note.php
M htdocs/product/admin/dynamic_prices.php
M htdocs/product/admin/product_extrafields.php
M htdocs/product/admin/product_lot_extrafields.php
M htdocs/product/ajax/products.php
M htdocs/product/dynamic_price/editor.php
M htdocs/product/fournisseurs.php
M htdocs/product/inventory/card.php
M htdocs/product/price.php
M htdocs/projet/admin/project_extrafields.php
M htdocs/projet/admin/project_task_extrafields.php
M htdocs/projet/ajax/projects.php
M htdocs/projet/tasks.php
M htdocs/public/ticket/create_ticket.php
M htdocs/public/ticket/index.php
M htdocs/societe/admin/contact_extrafields.php
M htdocs/societe/admin/societe_extrafields.php
M htdocs/societe/ajax/company.php
M htdocs/societe/price.php
M htdocs/supplier_proposal/admin/supplier_proposal_extrafields.php
M htdocs/supplier_proposal/admin/supplier_proposaldet_extrafields.php
M htdocs/supplier_proposal/card.php
M htdocs/supplier_proposal/contact.php
M htdocs/takepos/admin/about.php
M htdocs/user/admin/group_extrafields.php
M htdocs/user/admin/user_extrafields.php
M htdocs/user/group/card.php
M htdocs/user/group/ldap.php
M htdocs/user/group/perms.php
M htdocs/user/passwordforgotten.php
M htdocs/user/perms.php
M htdocs/website/websiteaccount_card.php
Log Message:
-----------
Fix security on GETPOST('action'). Param must be sanitized.
Compare:
https://github.com/Dolibarr/dolibarr/compare/dd70f1bf0890...4a25317f1036
**NOTE:** This service has been marked for deprecation:
https://developer.github.com/changes/2018-04-25-github-services-deprecation/
Functionality will be removed from GitHub.com on January 31st, 2019.
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Dolibarr-git] [Dolibarr/dolibarr] c0f4ec: FIX sanitize param $action,
Laurent Destailleur <=