[Noalyss-commit] [noalyss] 09/13: security

noalyss-commit

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Noalyss-commit] [noalyss] 09/13: security

From:	Dany De Bontridder
Subject:	[Noalyss-commit] [noalyss] 09/13: security
Date:	Mon, 30 Aug 2021 10:12:00 -0400 (EDT)

sparkyx pushed a commit to branch master
in repository noalyss.

commit 43f35352aa2a40892a1369a15062145bdc4bcb68
Author: sparkyx <danydb@noalyss.eu>
AuthorDate: Sun Aug 29 10:59:01 2021 +0200

    security
---
 html/export.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/html/export.php b/html/export.php
index 9b5044c..b26a20f 100644
--- a/html/export.php
+++ b/html/export.php
@@ -49,7 +49,7 @@ if ( $action=='X'  || $g_user->check_print($action)==0 )
 // get file and execute it
 
  $prfile=$cn->get_value("select me_file from menu_ref where 
me_code=$1",array($action));
- if ( $prfile == "") {
+ if ( $prfile == "" || !file_exists(NOALYSS_INCLUDE."/export/$prfile")) {
      print $action;
      die (_('Export impossible'));
  }

[Prev in Thread]

Current Thread

[Next in Thread]

[Noalyss-commit] [noalyss] branch master updated (07f215d -> 0fbb377), Dany De Bontridder, 2021/08/30
- [Noalyss-commit] [noalyss] 01/13: Bug : export currency in CSV bad column name, Dany De Bontridder, 2021/08/30
- [Noalyss-commit] [noalyss] 06/13: Bug : fix security , clean completely the session and prevent to set the menu public to an user, Dany De Bontridder, 2021/08/30
- [Noalyss-commit] [noalyss] 09/13: security, Dany De Bontridder <=
- [Noalyss-commit] [noalyss] 02/13: Fix code + add phpunit, Dany De Bontridder, 2021/08/30
- [Noalyss-commit] [noalyss] 03/13: Bug : fiche account not created automatically when empty , improve test, Dany De Bontridder, 2021/08/30
- [Noalyss-commit] [noalyss] 05/13: Add a button search_card, Dany De Bontridder, 2021/08/30
- [Noalyss-commit] [noalyss] 08/13: Bug fix : duplicate operation last date was not proposed, Dany De Bontridder, 2021/08/30
- [Noalyss-commit] [noalyss] 07/13: Code cleaning ; partial rewrite of user management, Dany De Bontridder, 2021/08/30
- [Noalyss-commit] [noalyss] 10/13: Cosmetic : export PDF of an operation, set decimal to 2 and add info, Dany De Bontridder, 2021/08/30
- [Noalyss-commit] [noalyss] 12/13: Apply patch when creating a DB, Dany De Bontridder, 2021/08/30
- [Noalyss-commit] [noalyss] 04/13: Cosmetic, Dany De Bontridder, 2021/08/30
- [Noalyss-commit] [noalyss] 13/13: cosmetic, Dany De Bontridder, 2021/08/30
- [Noalyss-commit] [noalyss] 11/13: Typo correct profile, Dany De Bontridder, 2021/08/30

Prev by Date: [Noalyss-commit] [noalyss] 06/13: Bug : fix security , clean completely the session and prevent to set the menu public to an user
Next by Date: [Noalyss-commit] [noalyss] 02/13: Fix code + add phpunit
Previous by thread: [Noalyss-commit] [noalyss] 06/13: Bug : fix security , clean completely the session and prevent to set the menu public to an user
Next by thread: [Noalyss-commit] [noalyss] 02/13: Fix code + add phpunit
Index(es):
- Date
- Thread