It's much more fun, when you can discuss your problems with others...
You are not logged in. Please login or register.
FrontAccounting forum → Report Bugs here → Forbidden characters of Item code input
Line 182 of inventory/manage/items.php should be
elseif (strstr($_POST['NewStockID'], "-") || strstr($_POST['NewStockID'],"'") || to prevent the - symbol entered by user
Can someone explain about the forbidden characters in the Item code (- ' " + & space), is the reason security ?
The user input control functions that provide the dropdown select box php code should not get confused and the search delimiters should not be ambiguous. URL encoding too will convert space to "+".
We can also add the back tick character to the forbidden list it as well - "`". A semicolon too may be added to the list.
Here is an elegant way to check a string for presence of any character in an array:
$arrayOfBadCharacters =array(' ', "'", '"', '+', '&', chr(9), chr(10), chr(13), '`', ';');
$chars = preg_quote(implode('', $arrayOfBadCharacters));
if(preg_match('/['.$chars.']/', $_POST['NewStockID']) {
// bad character(s) found
} These bad characters may be stripped off and the code used instead of throwing an error.
FrontAccounting forum → Report Bugs here → Forbidden characters of Item code input
Powered by PunBB, supported by Informer Technologies, Inc.
Currently installed 4 official extensions. Copyright © 2003–2009 PunBB.