[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Noalyss-commit] [noalyss] 09/13: security
From: |
Dany De Bontridder |
Subject: |
[Noalyss-commit] [noalyss] 09/13: security |
Date: |
Mon, 30 Aug 2021 10:12:00 -0400 (EDT) |
sparkyx pushed a commit to branch master
in repository noalyss.
commit 43f35352aa2a40892a1369a15062145bdc4bcb68
Author: sparkyx <danydb@noalyss.eu>
AuthorDate: Sun Aug 29 10:59:01 2021 +0200
security
---
html/export.php | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/html/export.php b/html/export.php
index 9b5044c..b26a20f 100644
--- a/html/export.php
+++ b/html/export.php
@@ -49,7 +49,7 @@ if ( $action=='X' || $g_user->check_print($action)==0 )
// get file and execute it
$prfile=$cn->get_value("select me_file from menu_ref where
me_code=$1",array($action));
- if ( $prfile == "") {
+ if ( $prfile == "" || !file_exists(NOALYSS_INCLUDE."/export/$prfile")) {
print $action;
die (_('Export impossible'));
}
- [Noalyss-commit] [noalyss] branch master updated (07f215d -> 0fbb377), Dany De Bontridder, 2021/08/30
- [Noalyss-commit] [noalyss] 01/13: Bug : export currency in CSV bad column name, Dany De Bontridder, 2021/08/30
- [Noalyss-commit] [noalyss] 06/13: Bug : fix security , clean completely the session and prevent to set the menu public to an user, Dany De Bontridder, 2021/08/30
- [Noalyss-commit] [noalyss] 09/13: security,
Dany De Bontridder <=
- [Noalyss-commit] [noalyss] 02/13: Fix code + add phpunit, Dany De Bontridder, 2021/08/30
- [Noalyss-commit] [noalyss] 03/13: Bug : fiche account not created automatically when empty , improve test, Dany De Bontridder, 2021/08/30
- [Noalyss-commit] [noalyss] 05/13: Add a button search_card, Dany De Bontridder, 2021/08/30
- [Noalyss-commit] [noalyss] 08/13: Bug fix : duplicate operation last date was not proposed, Dany De Bontridder, 2021/08/30
- [Noalyss-commit] [noalyss] 07/13: Code cleaning ; partial rewrite of user management, Dany De Bontridder, 2021/08/30
- [Noalyss-commit] [noalyss] 10/13: Cosmetic : export PDF of an operation, set decimal to 2 and add info, Dany De Bontridder, 2021/08/30
- [Noalyss-commit] [noalyss] 12/13: Apply patch when creating a DB, Dany De Bontridder, 2021/08/30
- [Noalyss-commit] [noalyss] 04/13: Cosmetic, Dany De Bontridder, 2021/08/30
- [Noalyss-commit] [noalyss] 13/13: cosmetic, Dany De Bontridder, 2021/08/30
- [Noalyss-commit] [noalyss] 11/13: Typo correct profile, Dany De Bontridder, 2021/08/30