projects
/
fa-stable.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
|
inline
| side by side (parent:
f9f2b12
)
A couple of security issues fixed.
author
Janusz Dobrowolski
<janusz@frontaccounting.eu>
Fri, 25 Apr 2014 22:01:46 +0000
(
00:01
+0200)
committer
Janusz Dobrowolski
<janusz@frontaccounting.eu>
Wed, 21 May 2014 12:23:16 +0000
(14:23 +0200)
access/logout.php
patch
|
blob
|
history
admin/create_coy.php
patch
|
blob
|
history
admin/db/users_db.inc
patch
|
blob
|
history
includes/current_user.inc
patch
|
blob
|
history
includes/session.inc
patch
|
blob
|
history
inventory/includes/db/items_db.inc
patch
|
blob
|
history
taxes/db/tax_types_db.inc
patch
|
blob
|
history
diff --git
a/access/logout.php
b/access/logout.php
index 3a8831a198b6d3ca6415f2dde26bde6c605192ba..0e28a56db7c16434d63c99879c3f2dc88918291e 100644
(file)
--- a/
access/logout.php
+++ b/
access/logout.php
@@
-9,6
+9,9
@@
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
See the License here <http://www.gnu.org/licenses/gpl-3.0.html>.
***********************************************************************/
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
See the License here <http://www.gnu.org/licenses/gpl-3.0.html>.
***********************************************************************/
+
+define("FA_LOGOUT_PHP_FILE","");
+
$page_security = 'SA_OPEN';
$path_to_root="..";
include($path_to_root . "/includes/session.inc");
$page_security = 'SA_OPEN';
$path_to_root="..";
include($path_to_root . "/includes/session.inc");
diff --git
a/admin/create_coy.php
b/admin/create_coy.php
index 128da260f70bc4df96bd2cf6b1e9e47a73264f8c..db276a063fa5b0627a704966204fe9d40b45a6b5 100644
(file)
--- a/
admin/create_coy.php
+++ b/
admin/create_coy.php
@@
-25,11
+25,11
@@
$comp_subdirs = array('images', 'pdf_files', 'backup','js_cache', 'reporting', '
//---------------------------------------------------------------------------------------------
if (isset($_GET['selected_id']))
{
//---------------------------------------------------------------------------------------------
if (isset($_GET['selected_id']))
{
- $selected_id = $_GET['selected_id'];
+ $selected_id =
(int)
$_GET['selected_id'];
}
elseif (isset($_POST['selected_id']))
{
}
elseif (isset($_POST['selected_id']))
{
- $selected_id = $_POST['selected_id'];
+ $selected_id =
(int)
$_POST['selected_id'];
}
else
$selected_id = -1;
}
else
$selected_id = -1;
@@
-172,7
+172,7
@@
function handle_delete()
{
global $def_coy, $db_connections, $comp_subdirs, $path_to_root;
{
global $def_coy, $db_connections, $comp_subdirs, $path_to_root;
- $id = $_GET['id'];
+ $id =
(int)
$_GET['id'];
// First make sure all company directories from the one under removal are writable.
// Without this after operation we end up with changed per-company owners!
// First make sure all company directories from the one under removal are writable.
// Without this after operation we end up with changed per-company owners!
diff --git
a/admin/db/users_db.inc
b/admin/db/users_db.inc
index 267029c96f2c2bd685fbbd60f6b5bd5d316c82de..767dad30339d1363a6d1b2e1d3797683b457c036 100644
(file)
--- a/
admin/db/users_db.inc
+++ b/
admin/db/users_db.inc
@@
-197,7
+197,7
@@
function show_users_online()
}
// Add user to database
}
// Add user to database
- db_query("INSERT INTO ".TB_PREF."useronline (timestamp, ip, file) VALUES ('". $timestamp ."',
'". $ip ."','". $_SERVER['PHP_SELF'] ."'
)");
+ db_query("INSERT INTO ".TB_PREF."useronline (timestamp, ip, file) VALUES ('". $timestamp ."',
". db_escape($ip) .",". db_escape($_SERVER['PHP_SELF']) ."
)");
//Remove users that were not online within $timeoutseconds.
db_query("DELETE FROM ".TB_PREF."useronline WHERE timestamp<". $timeout);
//Remove users that were not online within $timeoutseconds.
db_query("DELETE FROM ".TB_PREF."useronline WHERE timestamp<". $timeout);
@@
-210,4
+210,4
@@
function show_users_online()
return "$users ".($users == 1 ? _("user online") : _("users online"));
}
return "$users ".($users == 1 ? _("user online") : _("users online"));
}
-?>
\ No newline at end of file
+?>
diff --git
a/includes/current_user.inc
b/includes/current_user.inc
index 76d52f2f126f5228c4b74e6a1d2e406de14e4106..7c7592e8139fa4da2c06e21941ae30305635c2d8 100644
(file)
--- a/
includes/current_user.inc
+++ b/
includes/current_user.inc
@@
-54,7
+54,7
@@
class current_user
function set_company($company)
{
function set_company($company)
{
- $this->company = $company;
+ $this->company =
(int)
$company;
}
function login($company, $loginname, $password)
}
function login($company, $loginname, $password)
diff --git
a/includes/session.inc
b/includes/session.inc
index 0089095be1fd341a3b9dc02f19e4b0cc3944ed0e..869ce9a805820d5ee5ccb4145b72e07ebf850f00 100644
(file)
--- a/
includes/session.inc
+++ b/
includes/session.inc
@@
-412,7
+412,7
@@
html_cleanup($_SERVER);
// logout.php is the only page we should have always
// accessable regardless of access level and current login status.
// logout.php is the only page we should have always
// accessable regardless of access level and current login status.
-if (
strstr($_SERVER['PHP_SELF'], 'logout.php') == false
){
+if (
!defined('FA_LOGOUT_PHP_FILE')
){
login_timeout();
login_timeout();
@@
-481,4
+481,4
@@
$SysPrefs = &$_SESSION['SysPrefs'];
// We quote all values later with db_escape() before db update.
$_POST = strip_quotes($_POST);
// We quote all values later with db_escape() before db update.
$_POST = strip_quotes($_POST);
-?>
\ No newline at end of file
+?>
diff --git
a/inventory/includes/db/items_db.inc
b/inventory/includes/db/items_db.inc
index de6ce056ccd7376d6594a92a74e283f2c459e6fa..b4666edbd184063ac21d8793c176664e1fe183ac 100644
(file)
--- a/
inventory/includes/db/items_db.inc
+++ b/
inventory/includes/db/items_db.inc
@@
-29,10
+29,10
@@
function update_item($stock_id, $description, $long_description, $category_id,
editable=".db_escape($editable);
if ($units != '')
editable=".db_escape($editable);
if ($units != '')
- $sql .= ", units=
'$units'"
;
+ $sql .= ", units=
".db_escape($units)
;
if ($mb_flag != '')
if ($mb_flag != '')
- $sql .= ", mb_flag=
'$mb_flag'"
;
+ $sql .= ", mb_flag=
".db_escape($mb_flag)
;
$sql .= " WHERE stock_id=".db_escape($stock_id);
$sql .= " WHERE stock_id=".db_escape($stock_id);
@@
-158,4
+158,4
@@
function item_in_foreign_codes($stock_id)
}
return $msg;
}
}
return $msg;
}
-?>
\ No newline at end of file
+?>
diff --git
a/taxes/db/tax_types_db.inc
b/taxes/db/tax_types_db.inc
index f42470eff9b5b3134a02d70e9520ad44e211510f..a9325b60b10fd8b561beffc2ff19394e0e5da2d6 100644
(file)
--- a/
taxes/db/tax_types_db.inc
+++ b/
taxes/db/tax_types_db.inc
@@
-83,7
+83,7
@@
function delete_tax_type($type_id)
db_query($sql, "could not delete tax type");
// also delete any item tax exemptions associated with this type
db_query($sql, "could not delete tax type");
// also delete any item tax exemptions associated with this type
- $sql = "DELETE FROM ".TB_PREF."item_tax_type_exemptions WHERE tax_type_id=
$type_id"
;
+ $sql = "DELETE FROM ".TB_PREF."item_tax_type_exemptions WHERE tax_type_id=
".db_escape($type_id)
;
db_query($sql, "could not delete item tax type exemptions");
db_query($sql, "could not delete item tax type exemptions");
@@
-127,4
+127,4
@@
function is_tax_account($account_code)
}
}
-?>
\ No newline at end of file
+?>