// small fixes

admin-dev/drawer.php

@@ -38,8 +38,12 @@ $height = Tools::getValue('height');
 $id_employee = Tools::getValue('id_employee');
 $id_lang = Tools::getValue('id_lang');
 
-if (Context::getContext()->employee->id != $id_employee)
-	die;
+
+if (!isset($cookie->id_employee) || !$cookie->id_employee  || $cookie->id_employee != $id_employee)
+    die(Tools::displayError());
+    
+if (!Validate::isModuleName($module))
+	die(Tools::displayError());
 
 if (!Tools::file_exists_cache($module_path = dirname(__FILE__).'/../modules/'.$module.'/'.$module.'.php'))
 	die(Tools::displayError());

admin-dev/grider.php

@@ -41,8 +41,9 @@ $dir = Tools::getValue('dir', 0); // Should be a String : Either ASC or DESC
 $id_employee = (int)(Tools::getValue('id_employee'));
 $id_lang = (int)(Tools::getValue('id_lang'));
 
-if (Context::getContext()->employee->id != $id_employee)
-	die;
+
+if (!isset($cookie->id_employee) || !$cookie->id_employee  || $cookie->id_employee != $id_employee)
+    die(Tools::displayError());
 
 if (!Validate::isModuleName($module))
 	die(Tools::displayError());

admin-dev/themes/default/template/controllers/products/images.tpl

@@ -48,7 +48,7 @@
 		<tr>
 			<td colspan="2" style="text-align:center;">
 				<input type="hidden" name="resizer" value="auto" />
-					{if Tools::getValue('id_image')}<input type="hidden" name="id_image" value="{Tools::getValue('id_image')}" />{/if}
+					{if Tools::getValue('id_image')}<input type="hidden" name="id_image" value="{Tools::getValue('id_image')|intval}" />{/if}
 			</td>
 		</tr>
 		<tr><td colspan="2" style="padding-bottom:10px;"><div class="separation"></div></td></tr>

classes/ModuleGraph.php

@@ -232,6 +232,8 @@ abstract class ModuleGraphCore extends Module
 
 	public function create($render, $type, $width, $height, $layers)
 	{
+		if (!Validate::isModuleName($render))
+			die(Tools::displayError());
 		if (!Tools::file_exists_cache($file = dirname(__FILE__).'/../modules/'.$render.'/'.$render.'.php'))
 			die(Tools::displayError());
 		require_once($file);
@@ -261,6 +263,8 @@ abstract class ModuleGraphCore extends Module
 		$context = Context::getContext();
 		if (!($render = Configuration::get('PS_STATS_RENDER')))
 			return Tools::displayError('No graph engine selected');
+		if (!Validate::isModuleName($render))
+			die(Tools::displayError());
 		if (!file_exists(dirname(__FILE__).'/../modules/'.$render.'/'.$render.'.php'))
 			return Tools::displayError('Graph engine selected is unavailable.');
 

classes/ModuleGrid.php

@@ -67,6 +67,8 @@ abstract class ModuleGridCore extends Module
 
 	public function create($render, $type, $width, $height, $start, $limit, $sort, $dir)
 	{
+		if (!Validate::isModuleName($render))
+			die(Tools::displayError());
 		if (!Tools::file_exists_cache($file = dirname(__FILE__).'/../modules/'.$render.'/'.$render.'.php'))
 			die(Tools::displayError());
 		require_once($file);
@@ -95,6 +97,8 @@ abstract class ModuleGridCore extends Module
 	{
 		if (!($render = Configuration::get('PS_STATS_GRID_RENDER')))
 			return Tools::displayError('No grid engine selected');
+		if (!Validate::isModuleName($render))
+			die(Tools::displayError());
 		if (!file_exists(dirname(__FILE__).'/../modules/'.$render.'/'.$render.'.php'))
 			return Tools::displayError('Grid engine selected is unavailable.');
 

classes/controller/AdminController.php

@@ -963,6 +963,8 @@ class AdminControllerCore extends Controller
 				$back = Tools::safeOutput(Tools::getValue('back', ''));
 				if (empty($back))
 					$back = self::$currentIndex.'&token='.$this->token;
+				if (!Validate::isCleanHtml($back))
+					die(Tools::displayError());
 				if (!$this->lite_display)
 					$this->toolbar_btn['back'] = array(
 						'href' => $back,

controllers/admin/AdminCustomerThreadsController.php

@@ -480,29 +480,29 @@ class AdminCustomerThreadsControllerCore extends AdminController
 
 		if ($thread->status != 'closed')
 			$actions['closed'] = array(
-				'href' => self::$currentIndex.'&viewcustomer_thread&setstatus=2&id_customer_thread='.Tools::getValue('id_customer_thread').'&viewmsg&token='.$this->token,
+				'href' => self::$currentIndex.'&viewcustomer_thread&setstatus=2&id_customer_thread='.(int)Tools::getValue('id_customer_thread').'&viewmsg&token='.$this->token,
 				'name' => $this->l('Mark this message as handled')
 			);
 
 		if ($thread->status != 'pending1')
 			$actions['pending1'] = array(
-				'href' => self::$currentIndex.'&viewcustomer_thread&setstatus=3&id_customer_thread='.Tools::getValue('id_customer_thread').'&viewmsg&token='.$this->token,
+				'href' => self::$currentIndex.'&viewcustomer_thread&setstatus=3&id_customer_thread='.(int)Tools::getValue('id_customer_thread').'&viewmsg&token='.$this->token,
 				'name' => $this->l('Mark this message as "pending 1" (will be answered later)')
 			);
 		else
 			$actions['pending1'] = array(
-				'href' => self::$currentIndex.'&viewcustomer_thread&setstatus=1&id_customer_thread='.Tools::getValue('id_customer_thread').'&viewmsg&token='.$this->token,
+				'href' => self::$currentIndex.'&viewcustomer_thread&setstatus=1&id_customer_thread='.(int)Tools::getValue('id_customer_thread').'&viewmsg&token='.$this->token,
 				'name' => $this->l('Disable pending status')
 			);
 
 		if ($thread->status != 'pending2')
 			$actions['pending2'] = array(
-				'href' => self::$currentIndex.'&viewcustomer_thread&setstatus=4&id_customer_thread='.Tools::getValue('id_customer_thread').'&viewmsg&token='.$this->token,
+				'href' => self::$currentIndex.'&viewcustomer_thread&setstatus=4&id_customer_thread='.(int)Tools::getValue('id_customer_thread').'&viewmsg&token='.$this->token,
 				'name' => $this->l('Mark this message as "pending 2" (will be answered later)')
 			);
 		else
 			$actions['pending2'] = array(
-				'href' => self::$currentIndex.'&viewcustomer_thread&setstatus=1&id_customer_thread='.Tools::getValue('id_customer_thread').'&viewmsg&token='.$this->token,
+				'href' => self::$currentIndex.'&viewcustomer_thread&setstatus=1&id_customer_thread='.(int)Tools::getValue('id_customer_thread').'&viewmsg&token='.$this->token,
 				'name' => $this->l('Disable pending status')
 			);
 

controllers/admin/AdminPreferencesController.php

@@ -91,7 +91,7 @@ class AdminPreferencesControllerCore extends AdminController
 			);
 
 			// No HTTPS activation if you haven't already.
-			if (!Tools::usingSecureMode())
+			if (!Tools::usingSecureMode() && !Configuration::get('PS_SSL_ENABLED'))
 			{
 				$fields['PS_SSL_ENABLED']['type'] = 'disabled';
 				$fields['PS_SSL_ENABLED']['disabled'] = '<a href="https://'.Tools::getShopDomainSsl().Tools::safeOutput($_SERVER['REQUEST_URI']).'">'.

controllers/admin/AdminTaxesController.php

@@ -107,8 +107,8 @@ class AdminTaxesControllerCore extends AdminController
 		$tpl_enable = $this->context->smarty->createTemplate('helpers/list/list_action_enable.tpl');
 		$tpl_enable->assign(array(
 			'enabled' => (bool)$value,
-			'url_enable' => self::$currentIndex.'&'.$this->identifier.'='.$id.'&'.$active.$this->table.
-				((int)$id_category && (int)$id_product ? '&id_category='.$id_category : '').'&token='.($token != null ? $token : $this->token),
+			'url_enable' => self::$currentIndex.'&'.$this->identifier.'='.(int)$id.'&'.$active.$this->table.
+				((int)$id_category && (int)$id_product ? '&id_category='.(int)$id_category : '').'&token='.($token != null ? $token : $this->token),
 			'confirm' => isset($confirm) ? $confirm : null,
 		));
 

controllers/admin/AdminTranslationsController.php

@@ -684,7 +684,11 @@ class AdminTranslationsControllerCore extends AdminController
 		else if (Tools::isSubmit('submitTranslationsMails') || Tools::isSubmit('submitTranslationsMailsAndStay'))
 		{
 		 	if ($this->tabAccess['edit'] === '1' && ($id_lang = Language::getIdByIso(Tools::getValue('lang'))) > 0)
+		 	{
+				if (!Validate::isLanguageIsoCode(Tools::strtolower($id_lang)))
+					die(Tools::displayError());
 		 		$this->submitTranslationsMails($id_lang);
+		 	}
 			else
 				$this->errors[] = Tools::displayError('You do not have permission to edit here.');
 		}
@@ -791,7 +795,11 @@ class AdminTranslationsControllerCore extends AdminController
 					if ($module_name_pipe_pos)
 					{
 						$module_name = substr($mail_name, 0, $module_name_pipe_pos);
+						if (!Validate::isModuleName($module_name))
+							die(Tools::displayError());
 						$mail_name = substr($mail_name, $module_name_pipe_pos + 1);
+						if (!Validate::isTplName($mail_name))
+							die(Tools::displayError());
 					}
 
 					if ($type_content == 'html')
@@ -939,6 +947,8 @@ class AdminTranslationsControllerCore extends AdminController
 	public function initFormFront($lang)
 	{
 		$missing_translations_front = array();
+		if (!Validate::isLangIsoCode($lang))
+			die(Tools::displayError());
 		$_LANG = $this->fileExists(_PS_THEME_DIR_.'lang', Tools::strtolower($lang).'.php', '_LANG');
 
 		/* List templates to parse */
@@ -1026,6 +1036,8 @@ class AdminTranslationsControllerCore extends AdminController
 
 	public function initFormBack($lang)
 	{
+		if (!Validate::isLangIsoCode($lang))
+			die(Tools::displayError());
 		$_LANGADM = $this->fileExists(_PS_TRANSLATIONS_DIR_.$lang, 'admin.php', '_LANGADM');
 		// count will contain the number of expressions of the page
 		$count = 0;
@@ -1223,6 +1235,8 @@ class AdminTranslationsControllerCore extends AdminController
 
 	public function initFormErrors($lang)
 	{
+		if (!Validate::isLangIsoCode($lang))
+			die(Tools::displayError());
 		$_ERRORS = $this->fileExists(_PS_TRANSLATIONS_DIR_.$lang, 'errors.php', '_ERRORS');
 		$count_empty = 0;
 
@@ -1287,6 +1301,8 @@ class AdminTranslationsControllerCore extends AdminController
 
 	public function initFormFields($lang)
 	{
+		if (!Validate::isLangIsoCode($lang))
+			die(Tools::displayError());
 		$_FIELDS = $this->fileExists(_PS_TRANSLATIONS_DIR_.$lang, 'fields.php', '_FIELDS');
 		$missing_translations_fields = array();
 		$str_output = '';