EuskadiTech/Axia4
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

update

Browse Source
This commit is contained in:
naielv
2026-03-07 20:00:56 +01:00
parent b2c1314c69
commit 51437cca18
2 changed files with 7 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
public_html/_incl/tools.security.php
View File

@@ -1,5 +1,10 @@
<?php <?php
function Ssql($string) {
// Sanitize a SQL Parameter to be safe on html.
return htmlspecialchars($string);
}
function Sf($filename) { function Sf($filename) {
/** /**
* Sanitize a filename by removing any path information, null bytes, and replacing any characters that are not alphanumeric, dot, hyphen, or underscore with an underscore. * Sanitize a filename by removing any path information, null bytes, and replacing any characters that are not alphanumeric, dot, hyphen, or underscore with an underscore.

4
public_html/sysadmin/orgs.php
View File

@@ -19,7 +19,7 @@ $form_action = $_GET["form"] ?? "";
switch ($form_action) { switch ($form_action) {
case "create": case "create":
$org_id = safe_path_segment(Sf($_POST["org_id"] ?? "")); $org_id = safe_path_segment(Sf($_POST["org_id"] ?? ""));
$org_name = Sf($_POST["org_name"] ?? ""); $org_name = Ssql($_POST["org_name"] ?? "");
if (empty($org_id)) { if (empty($org_id)) {
die("Nombre de la organización no proporcionado."); die("Nombre de la organización no proporcionado.");
} }
@@ -41,7 +41,7 @@ switch ($form_action) {
break; break;
case "edit": case "edit":
$org_id = safe_path_segment(Sf($_GET['org'] ?? '')); $org_id = safe_path_segment(Sf($_GET['org'] ?? ''));
$org_name = Sf($_POST['org_name'] ?? ''); $org_name = Ssql($_POST['org_name'] ?? '');
if ($org_id === '' || $org_name === '') { if ($org_id === '' || $org_name === '') {
die("Datos inválidos para actualizar la organización."); die("Datos inválidos para actualizar la organización.");
} }