diff --git a/htdocs/accountancy/admin/account.php b/htdocs/accountancy/admin/account.php index acd9eba2c9d..5c4e836986e 100644 --- a/htdocs/accountancy/admin/account.php +++ b/htdocs/accountancy/admin/account.php @@ -37,7 +37,7 @@ $langs->load("salaries"); $mesg = ''; $action = GETPOST('action','aZ09'); -$cancel = GETPOST('cancel'); +$cancel = GETPOST('cancel','alpha'); $id = GETPOST('id', 'int'); $rowid = GETPOST('rowid', 'int'); @@ -84,8 +84,8 @@ $contextpage=GETPOST('contextpage','aZ')?GETPOST('contextpage','aZ'):'accounting * Actions */ -if (GETPOST('cancel')) { $action='list'; $massaction=''; } -if (! GETPOST('confirmmassaction')) { $massaction=''; } +if (GETPOST('cancel','alpha')) { $action='list'; $massaction=''; } +if (! GETPOST('confirmmassaction','alpha')) { $massaction=''; } $parameters=array(); $reshook=$hookmanager->executeHooks('doActions',$parameters,$object,$action); // Note that $action and $object may have been modified by some hooks diff --git a/htdocs/accountancy/admin/card.php b/htdocs/accountancy/admin/card.php index ef707bbc43a..ddfe57d4c5c 100644 --- a/htdocs/accountancy/admin/card.php +++ b/htdocs/accountancy/admin/card.php @@ -40,7 +40,7 @@ $action = GETPOST('action','aZ09'); $backtopage = GETPOST('backtopage'); $id = GETPOST('id', 'int'); $rowid = GETPOST('rowid', 'int'); -$cancel = GETPOST('cancel'); +$cancel = GETPOST('cancel','alpha'); // Security check @@ -52,7 +52,7 @@ $object = new AccountingAccount($db); * Action */ -if (GETPOST('cancel')) +if (GETPOST('cancel','alpha')) { $urltogo=$backtopage?$backtopage:dol_buildpath('/accountancy/admin/account.php',1); header("Location: ".$urltogo); diff --git a/htdocs/accountancy/admin/categories.php b/htdocs/accountancy/admin/categories.php index ec2602568fb..b281078a6bf 100644 --- a/htdocs/accountancy/admin/categories.php +++ b/htdocs/accountancy/admin/categories.php @@ -35,7 +35,7 @@ $langs->load("accountancy"); $mesg = ''; $id = GETPOST('id', 'int'); $rowid = GETPOST('rowid', 'int'); -$cancel = GETPOST('cancel'); +$cancel = GETPOST('cancel','alpha'); $action = GETPOST('action','aZ09'); $cat_id = GETPOST('account_category'); $selectcpt = GETPOST('cpt_bk', 'array'); diff --git a/htdocs/accountancy/admin/productaccount.php b/htdocs/accountancy/admin/productaccount.php index ec77bde58b1..bebca87404c 100644 --- a/htdocs/accountancy/admin/productaccount.php +++ b/htdocs/accountancy/admin/productaccount.php @@ -90,8 +90,8 @@ $arrayfields=array(); * Actions */ -if (GETPOST('cancel')) { $action='list'; $massaction=''; } -if (! GETPOST('confirmmassaction') && $massaction != 'presend' && $massaction != 'confirm_presend') { $massaction=''; } +if (GETPOST('cancel','alpha')) { $action='list'; $massaction=''; } +if (! GETPOST('confirmmassaction','alpha') && $massaction != 'presend' && $massaction != 'confirm_presend') { $massaction=''; } $parameters=array(); $reshook=$hookmanager->executeHooks('doActions',$parameters,$object,$action); // Note that $action and $object may have been modified by some hooks diff --git a/htdocs/accountancy/bookkeeping/list.php b/htdocs/accountancy/bookkeeping/list.php index 0bb24f116d3..c87b906f45e 100644 --- a/htdocs/accountancy/bookkeeping/list.php +++ b/htdocs/accountancy/bookkeeping/list.php @@ -108,8 +108,8 @@ if ($action != 'export_file' && ! isset($_POST['begin']) && ! isset($_GET['begin * Action */ -if (GETPOST('cancel')) { $action='list'; $massaction=''; } -if (! GETPOST('confirmmassaction') && $massaction != 'presend' && $massaction != 'confirm_presend') { $massaction=''; } +if (GETPOST('cancel','alpha')) { $action='list'; $massaction=''; } +if (! GETPOST('confirmmassaction','alpha') && $massaction != 'presend' && $massaction != 'confirm_presend') { $massaction=''; } if (GETPOST('button_removefilter_x','alpha') || GETPOST('button_removefilter.x','alpha') || GETPOST('button_removefilter','alpha')) // All tests are required to be compatible with all browsers { diff --git a/htdocs/accountancy/customer/list.php b/htdocs/accountancy/customer/list.php index 0288ee872d7..51f62ecabf6 100644 --- a/htdocs/accountancy/customer/list.php +++ b/htdocs/accountancy/customer/list.php @@ -101,8 +101,8 @@ $aarowid_p = $accounting->fetch('', $conf->global->ACCOUNTING_PRODUCT_SOLD_ACCOU * Action */ -if (GETPOST('cancel')) { $action='list'; $massaction=''; } -if (! GETPOST('confirmmassaction') && $massaction != 'presend' && $massaction != 'confirm_presend') { $massaction=''; } +if (GETPOST('cancel','alpha')) { $action='list'; $massaction=''; } +if (! GETPOST('confirmmassaction','alpha') && $massaction != 'presend' && $massaction != 'confirm_presend') { $massaction=''; } // Purge search criteria if (GETPOST('button_removefilter_x','alpha') || GETPOST('button_removefilter.x','alpha') || GETPOST('button_removefilter','alpha')) // All test are required to be compatible with all browsers diff --git a/htdocs/accountancy/expensereport/list.php b/htdocs/accountancy/expensereport/list.php index 6bf18f0da20..ee17976ca30 100644 --- a/htdocs/accountancy/expensereport/list.php +++ b/htdocs/accountancy/expensereport/list.php @@ -97,8 +97,8 @@ $accounting = new AccountingAccount($db); * Action */ -if (GETPOST('cancel')) { $action='list'; $massaction=''; } -if (! GETPOST('confirmmassaction') && $massaction != 'presend' && $massaction != 'confirm_presend') { $massaction=''; } +if (GETPOST('cancel','alpha')) { $action='list'; $massaction=''; } +if (! GETPOST('confirmmassaction','alpha') && $massaction != 'presend' && $massaction != 'confirm_presend') { $massaction=''; } // Purge search criteria if (GETPOST('button_removefilter_x','alpha') || GETPOST('button_removefilter.x','alpha') || GETPOST('button_removefilter','alpha')) // All test are required to be compatible with all browsers diff --git a/htdocs/accountancy/supplier/list.php b/htdocs/accountancy/supplier/list.php index ba5ecfe6bb7..0ebf66f1215 100644 --- a/htdocs/accountancy/supplier/list.php +++ b/htdocs/accountancy/supplier/list.php @@ -102,8 +102,8 @@ $aarowid_p = $accounting->fetch('', $conf->global->ACCOUNTING_PRODUCT_BUY_ACCOUN * Action */ -if (GETPOST('cancel')) { $action='list'; $massaction=''; } -if (! GETPOST('confirmmassaction') && $massaction != 'presend' && $massaction != 'confirm_presend') { $massaction=''; } +if (GETPOST('cancel','alpha')) { $action='list'; $massaction=''; } +if (! GETPOST('confirmmassaction','alpha') && $massaction != 'presend' && $massaction != 'confirm_presend') { $massaction=''; } // Purge search criteria if (GETPOST('button_removefilter_x','alpha') || GETPOST('button_removefilter.x','alpha') || GETPOST('button_removefilter','alpha')) // All test are required to be compatible with all browsers diff --git a/htdocs/adherents/list.php b/htdocs/adherents/list.php index cf98099fb7a..3dc5439f47f 100644 --- a/htdocs/adherents/list.php +++ b/htdocs/adherents/list.php @@ -138,8 +138,8 @@ if (is_array($extrafields->attribute_label) && count($extrafields->attribute_lab * Actions */ -if (GETPOST('cancel')) { $action='list'; $massaction=''; } -if (! GETPOST('confirmmassaction') && $massaction != 'presend' && $massaction != 'confirm_presend' && $massaction != 'confirm_createbills') { $massaction=''; } +if (GETPOST('cancel','alpha')) { $action='list'; $massaction=''; } +if (! GETPOST('confirmmassaction','alpha') && $massaction != 'presend' && $massaction != 'confirm_presend' && $massaction != 'confirm_createbills') { $massaction=''; } $parameters=array('socid'=>$socid); $reshook=$hookmanager->executeHooks('doActions',$parameters,$object,$action); // Note that $action and $object may have been modified by some hooks diff --git a/htdocs/adherents/subscription/card.php b/htdocs/adherents/subscription/card.php index 5cd4704ae37..f86da6d8fcc 100644 --- a/htdocs/adherents/subscription/card.php +++ b/htdocs/adherents/subscription/card.php @@ -39,7 +39,7 @@ $errmsg=''; $action=GETPOST("action",'alpha'); $rowid=GETPOST("rowid","int")?GETPOST("rowid","int"):GETPOST("id","int"); $typeid=GETPOST("typeid","int"); -$cancel=GETPOST('cancel'); +$cancel=GETPOST('cancel','alpha'); $confirm=GETPOST('confirm'); if (! $user->rights->adherent->cotisation->lire) diff --git a/htdocs/adherents/subscription/list.php b/htdocs/adherents/subscription/list.php index 1fee5ac545c..4d22ec1f6a6 100644 --- a/htdocs/adherents/subscription/list.php +++ b/htdocs/adherents/subscription/list.php @@ -75,8 +75,8 @@ $result=restrictedArea($user,'adherent','','','cotisation'); * Actions */ -if (GETPOST('cancel')) { $action='list'; $massaction=''; } -if (! GETPOST('confirmmassaction') && $massaction != 'presend' && $massaction != 'confirm_presend' && $massaction != 'confirm_createbills') { $massaction=''; } +if (GETPOST('cancel','alpha')) { $action='list'; $massaction=''; } +if (! GETPOST('confirmmassaction','alpha') && $massaction != 'presend' && $massaction != 'confirm_presend' && $massaction != 'confirm_createbills') { $massaction=''; } $parameters=array('socid'=>$socid); $reshook=$hookmanager->executeHooks('doActions',$parameters,$object,$action); // Note that $action and $object may have been modified by some hooks diff --git a/htdocs/admin/defaultvalues.php b/htdocs/admin/defaultvalues.php index 3565a2f5f20..b758506f8b5 100644 --- a/htdocs/admin/defaultvalues.php +++ b/htdocs/admin/defaultvalues.php @@ -69,8 +69,8 @@ $hookmanager->initHooks(array('admindefaultvalues','globaladmin')); * Actions */ -if (GETPOST('cancel')) { $action='list'; $massaction=''; } -if (! GETPOST('confirmmassaction') && $massaction != 'presend' && $massaction != 'confirm_presend') { $massaction=''; } +if (GETPOST('cancel','alpha')) { $action='list'; $massaction=''; } +if (! GETPOST('confirmmassaction','alpha') && $massaction != 'presend' && $massaction != 'confirm_presend') { $massaction=''; } $parameters=array('socid'=>$socid); $reshook=$hookmanager->executeHooks('doActions',$parameters,$object,$action); // Note that $action and $object may have been modified by some hooks diff --git a/htdocs/admin/ihm.php b/htdocs/admin/ihm.php index f764f40c054..56efe2b5d7d 100644 --- a/htdocs/admin/ihm.php +++ b/htdocs/admin/ihm.php @@ -55,7 +55,7 @@ if (! defined("MAIN_MOTD")) define("MAIN_MOTD",""); * Action */ -if (GETPOST('cancel')) +if (GETPOST('cancel','alpha')) { $action=''; } diff --git a/htdocs/admin/mails_templates.php b/htdocs/admin/mails_templates.php index d4862e2a7b3..c9b8120bd0f 100644 --- a/htdocs/admin/mails_templates.php +++ b/htdocs/admin/mails_templates.php @@ -179,8 +179,8 @@ $id = 25; * Actions */ -if (GETPOST('cancel')) { $action='list'; $massaction=''; } -if (! GETPOST('confirmmassaction') && $massaction != 'presend' && $massaction != 'confirm_presend') { $massaction=''; } +if (GETPOST('cancel','alpha')) { $action='list'; $massaction=''; } +if (! GETPOST('confirmmassaction','alpha') && $massaction != 'presend' && $massaction != 'confirm_presend') { $massaction=''; } $parameters=array(); $reshook=$hookmanager->executeHooks('doActions',$parameters,$object,$action); // Note that $action and $object may have been modified by some hooks diff --git a/htdocs/admin/translation.php b/htdocs/admin/translation.php index bffa9be01b6..e2d2db9e659 100644 --- a/htdocs/admin/translation.php +++ b/htdocs/admin/translation.php @@ -64,8 +64,8 @@ $hookmanager->initHooks(array('admintranslation','globaladmin')); * Actions */ -if (GETPOST('cancel')) { $action='list'; $massaction=''; } -if (! GETPOST('confirmmassaction') && $massaction != 'presend' && $massaction != 'confirm_presend') { $massaction=''; } +if (GETPOST('cancel','alpha')) { $action='list'; $massaction=''; } +if (! GETPOST('confirmmassaction','alpha') && $massaction != 'presend' && $massaction != 'confirm_presend') { $massaction=''; } $parameters=array('socid'=>$socid); $reshook=$hookmanager->executeHooks('doActions',$parameters,$object,$action); // Note that $action and $object may have been modified by some hooks diff --git a/htdocs/bookmarks/card.php b/htdocs/bookmarks/card.php index e9722669e7d..2c3b200b4e4 100644 --- a/htdocs/bookmarks/card.php +++ b/htdocs/bookmarks/card.php @@ -63,7 +63,7 @@ if ($action == 'add' || $action == 'addproduct' || $action == 'update') $error = 0; - if (GETPOST("cancel")) + if (GETPOST('cancel','alpha')) { if (empty($backtopage)) $backtopage=($urlsource?$urlsource:((! empty($url))?$url:DOL_URL_ROOT.'/bookmarks/list.php')); header("Location: ".$backtopage); diff --git a/htdocs/categories/edit.php b/htdocs/categories/edit.php index 59bee88b75b..4ccd9116d74 100644 --- a/htdocs/categories/edit.php +++ b/htdocs/categories/edit.php @@ -36,7 +36,7 @@ $ref=GETPOST('ref'); $type=GETPOST('type'); $action=GETPOST('action','aZ09'); $confirm=GETPOST('confirm'); -$cancel=GETPOST('cancel'); +$cancel=GETPOST('cancel','alpha'); $socid=GETPOST('socid','int'); $label=GETPOST('label'); diff --git a/htdocs/comm/address.php b/htdocs/comm/address.php index 72e2dbadff4..6547f453b21 100644 --- a/htdocs/comm/address.php +++ b/htdocs/comm/address.php @@ -52,7 +52,7 @@ $object = new Address($db); */ // Cancel -if (GETPOST("cancel") && ! empty($backtopage)) +if (GETPOST('cancel','alpha') && ! empty($backtopage)) { header("Location: ".$backtopage); exit; diff --git a/htdocs/comm/card.php b/htdocs/comm/card.php index 8c793de43fc..1b3d231382c 100644 --- a/htdocs/comm/card.php +++ b/htdocs/comm/card.php @@ -73,7 +73,7 @@ $pageprev = $page - 1; $pagenext = $page + 1; if (! $sortorder) $sortorder="ASC"; if (! $sortfield) $sortfield="nom"; -$cancelbutton = GETPOST('cancel'); +$cancelbutton = GETPOST('cancel','alpha'); $object = new Client($db); $extrafields = new ExtraFields($db); diff --git a/htdocs/comm/mailing/card.php b/htdocs/comm/mailing/card.php index 86a5504d409..2268687fff7 100644 --- a/htdocs/comm/mailing/card.php +++ b/htdocs/comm/mailing/card.php @@ -930,7 +930,7 @@ else * Boutons d'action */ - if (GETPOST("cancel") || $confirm=='no' || $action == '' || in_array($action,array('settodraft', 'valid','delete','sendall','clone'))) + if (GETPOST('cancel','alpha') || $confirm=='no' || $action == '' || in_array($action,array('settodraft', 'valid','delete','sendall','clone'))) { print "\n\n
\n"; diff --git a/htdocs/comm/propal/card.php b/htdocs/comm/propal/card.php index 49bab4faa71..7987555e569 100644 --- a/htdocs/comm/propal/card.php +++ b/htdocs/comm/propal/card.php @@ -602,7 +602,7 @@ if (empty($reshook)) } // Close proposal - else if ($action == 'setstatut' && $user->rights->propal->cloturer && ! GETPOST('cancel')) + else if ($action == 'setstatut' && $user->rights->propal->cloturer && ! GETPOST('cancel','alpha')) { if (! GETPOST('statut')) { setEventMessages($langs->trans("ErrorFieldRequired", $langs->transnoentitiesnoconv("CloseAs")), null, 'errors'); @@ -622,7 +622,7 @@ if (empty($reshook)) } // Reopen proposal - else if ($action == 'confirm_reopen' && $user->rights->propal->cloturer && ! GETPOST('cancel')) + else if ($action == 'confirm_reopen' && $user->rights->propal->cloturer && ! GETPOST('cancel','alpha')) { // prevent browser refresh from reopening proposal several times if ($object->statut == Propal::STATUS_SIGNED || $object->statut == Propal::STATUS_NOTSIGNED || $object->statut == Propal::STATUS_BILLED) @@ -1106,7 +1106,7 @@ if (empty($reshook)) } } - else if ($action == 'updateligne' && $user->rights->propal->creer && GETPOST('cancel')) + else if ($action == 'updateligne' && $user->rights->propal->creer && GETPOST('cancel','alpha')) { header('Location: ' . $_SERVER['PHP_SELF'] . '?id=' . $object->id); // Pour reaffichage de la fiche en cours d'edition exit(); diff --git a/htdocs/comm/propal/list.php b/htdocs/comm/propal/list.php index 4939d7e83f7..909b0f3ebc8 100644 --- a/htdocs/comm/propal/list.php +++ b/htdocs/comm/propal/list.php @@ -169,8 +169,8 @@ $object = new Propal($db); // To be passed as parameter of executeHooks that nee * Actions */ -if (GETPOST('cancel')) { $action='list'; $massaction=''; } -if (! GETPOST('confirmmassaction') && $massaction != 'presend' && $massaction != 'confirm_presend') { $massaction=''; } +if (GETPOST('cancel','alpha')) { $action='list'; $massaction=''; } +if (! GETPOST('confirmmassaction','alpha') && $massaction != 'presend' && $massaction != 'confirm_presend') { $massaction=''; } $parameters=array('socid'=>$socid); $reshook=$hookmanager->executeHooks('doActions',$parameters,$object,$action); // Note that $action and $object may have been modified by some hooks @@ -420,7 +420,7 @@ if ($resql) { $langs->load("mails"); - if (! GETPOST('cancel')) + if (! GETPOST('cancel','alpha')) { $objecttmp=new Propal($db); $listofselectedid=array(); diff --git a/htdocs/comm/remise.php b/htdocs/comm/remise.php index bca371977a7..1ad4612d879 100644 --- a/htdocs/comm/remise.php +++ b/htdocs/comm/remise.php @@ -46,7 +46,7 @@ $backtopage = GETPOST('backtopage','alpha'); * Actions */ -if (GETPOST('cancel') && ! empty($backtopage)) +if (GETPOST('cancel','alpha') && ! empty($backtopage)) { header("Location: ".$backtopage); exit; diff --git a/htdocs/comm/remx.php b/htdocs/comm/remx.php index 9964db9ecde..04eb2583fb5 100644 --- a/htdocs/comm/remx.php +++ b/htdocs/comm/remx.php @@ -49,7 +49,7 @@ if ($user->societe_id > 0) * Actions */ -if (GETPOST('cancel') && ! empty($backtopage)) +if (GETPOST('cancel','alpha') && ! empty($backtopage)) { header("Location: ".$backtopage); exit; diff --git a/htdocs/commande/card.php b/htdocs/commande/card.php index 13139da7ea3..214d6e36e18 100644 --- a/htdocs/commande/card.php +++ b/htdocs/commande/card.php @@ -1061,7 +1061,7 @@ if (empty($reshook)) } } - else if ($action == 'updateline' && $user->rights->commande->creer && GETPOST('cancel') == $langs->trans('Cancel')) { + else if ($action == 'updateline' && $user->rights->commande->creer && GETPOST('cancel','alpha') == $langs->trans('Cancel')) { header('Location: ' . $_SERVER['PHP_SELF'] . '?id=' . $object->id); // Pour reaffichage de la fiche en cours d'edition exit(); } diff --git a/htdocs/commande/list.php b/htdocs/commande/list.php index 8810a1be986..13841b108d9 100644 --- a/htdocs/commande/list.php +++ b/htdocs/commande/list.php @@ -149,8 +149,8 @@ if (is_array($extrafields->attribute_label) && count($extrafields->attribute_lab * Actions */ -if (GETPOST('cancel')) { $action='list'; $massaction=''; } -if (! GETPOST('confirmmassaction') && $massaction != 'presend' && $massaction != 'confirm_presend' && $massaction != 'confirm_createbills') { $massaction=''; } +if (GETPOST('cancel','alpha')) { $action='list'; $massaction=''; } +if (! GETPOST('confirmmassaction','alpha') && $massaction != 'presend' && $massaction != 'confirm_presend' && $massaction != 'confirm_createbills') { $massaction=''; } $parameters=array('socid'=>$socid); $reshook=$hookmanager->executeHooks('doActions',$parameters,$object,$action); // Note that $action and $object may have been modified by some hooks @@ -666,7 +666,7 @@ if ($resql) { $langs->load("mails"); - if (! GETPOST('cancel')) + if (! GETPOST('cancel','alpha')) { $objecttmp=new Commande($db); $listofselectedid=array(); diff --git a/htdocs/compta/bank/bankentries.php b/htdocs/compta/bank/bankentries.php index 67c16322a9d..cd4d659d743 100644 --- a/htdocs/compta/bank/bankentries.php +++ b/htdocs/compta/bank/bankentries.php @@ -161,8 +161,8 @@ if (is_array($extrafields->attribute_label) && count($extrafields->attribute_lab * Actions */ -if (GETPOST('cancel')) { $action='list'; $massaction=''; } -if (! GETPOST('confirmmassaction') && $massaction != 'presend' && $massaction != 'confirm_presend') { $massaction=''; } +if (GETPOST('cancel','alpha')) { $action='list'; $massaction=''; } +if (! GETPOST('confirmmassaction','alpha') && $massaction != 'presend' && $massaction != 'confirm_presend') { $massaction=''; } $parameters=array(); $reshook=$hookmanager->executeHooks('doActions',$parameters,$object,$action); // Note that $action and $object may have been modified by some hooks diff --git a/htdocs/compta/bank/index.php b/htdocs/compta/bank/index.php index 177e576b5d7..80bf9d6f50c 100644 --- a/htdocs/compta/bank/index.php +++ b/htdocs/compta/bank/index.php @@ -111,8 +111,8 @@ if (is_array($extrafields->attribute_label) && count($extrafields->attribute_lab * Actions */ -if (GETPOST('cancel')) { $action='list'; $massaction=''; } -if (! GETPOST('confirmmassaction') && $massaction != 'presend' && $massaction != 'confirm_presend') { $massaction=''; } +if (GETPOST('cancel','alpha')) { $action='list'; $massaction=''; } +if (! GETPOST('confirmmassaction','alpha') && $massaction != 'presend' && $massaction != 'confirm_presend') { $massaction=''; } $parameters=array('socid'=>$socid); $reshook=$hookmanager->executeHooks('doActions',$parameters,$object,$action); // Note that $action and $object may have been modified by some hooks diff --git a/htdocs/compta/bank/ligne.php b/htdocs/compta/bank/ligne.php index 525b7a72e12..c5af6ef7ef7 100644 --- a/htdocs/compta/bank/ligne.php +++ b/htdocs/compta/bank/ligne.php @@ -49,7 +49,7 @@ $confirm=GETPOST('confirm','alpha'); $rowid=GETPOST("rowid",'int'); $orig_account=GETPOST("orig_account"); $backtopage=GETPOST('backtopage'); -$cancel=GETPOST('cancel'); +$cancel=GETPOST('cancel','alpha'); // Security check $fieldvalue = (! empty($id) ? $id : (! empty($ref) ? $ref :'')); diff --git a/htdocs/compta/facture/card.php b/htdocs/compta/facture/card.php index d3e21f183a3..1e387bcd3fa 100644 --- a/htdocs/compta/facture/card.php +++ b/htdocs/compta/facture/card.php @@ -1762,7 +1762,7 @@ if (empty($reshook)) } } - elseif ($action == 'updateligne' && $user->rights->facture->creer && ! GETPOST('cancel')) + elseif ($action == 'updateligne' && $user->rights->facture->creer && ! GETPOST('cancel','alpha')) { if (! $object->fetch($id) > 0) dol_print_error($db); $object->fetch_thirdparty(); diff --git a/htdocs/compta/facture/fiche-rec.php b/htdocs/compta/facture/fiche-rec.php index 80ffffdfb39..98fc2cd2f62 100644 --- a/htdocs/compta/facture/fiche-rec.php +++ b/htdocs/compta/facture/fiche-rec.php @@ -139,8 +139,8 @@ if (is_array($extrafields->attribute_label) && count($extrafields->attribute_lab * Actions */ -if (GETPOST('cancel')) { $action='list'; $massaction=''; } -if (! GETPOST('confirmmassaction') && $massaction != 'presend' && $massaction != 'confirm_presend') { $massaction=''; } +if (GETPOST('cancel','alpha')) { $action='list'; $massaction=''; } +if (! GETPOST('confirmmassaction','alpha') && $massaction != 'presend' && $massaction != 'confirm_presend') { $massaction=''; } $parameters = array('socid' => $socid); $reshook = $hookmanager->executeHooks('doActions', $parameters, $object, $action); // Note that $action and $object may have been modified by some hooks @@ -148,7 +148,7 @@ if ($reshook < 0) setEventMessages($hookmanager->error, $hookmanager->errors, 'e if (empty($reshook)) { - if (GETPOST('cancel')) $action=''; + if (GETPOST('cancel','alpha')) $action=''; // Selection of new fields include DOL_DOCUMENT_ROOT.'/core/actions_changeselectedfields.inc.php'; @@ -728,7 +728,7 @@ if (empty($reshook)) } } - elseif ($action == 'updateligne' && $user->rights->facture->creer && ! GETPOST('cancel')) + elseif ($action == 'updateligne' && $user->rights->facture->creer && ! GETPOST('cancel','alpha')) { if (! $object->fetch($id) > 0) dol_print_error($db); $object->fetch_thirdparty(); diff --git a/htdocs/compta/facture/list.php b/htdocs/compta/facture/list.php index 3ffd0af9cd3..15a79d7fdd9 100644 --- a/htdocs/compta/facture/list.php +++ b/htdocs/compta/facture/list.php @@ -181,8 +181,8 @@ if (is_array($extrafields->attribute_label) && count($extrafields->attribute_lab * Actions */ -if (GETPOST('cancel')) { $action='list'; $massaction=''; } -if (! GETPOST('confirmmassaction') && $massaction != 'presend' && $massaction != 'confirm_presend') { $massaction=''; } +if (GETPOST('cancel','alpha')) { $action='list'; $massaction=''; } +if (! GETPOST('confirmmassaction','alpha') && $massaction != 'presend' && $massaction != 'confirm_presend') { $massaction=''; } $parameters=array('socid'=>$socid); $reshook=$hookmanager->executeHooks('doActions',$parameters,$object,$action); // Note that $action and $object may have been modified by some hooks @@ -612,7 +612,7 @@ if ($resql) { $langs->load("mails"); - if (! GETPOST('cancel')) + if (! GETPOST('cancel','alpha')) { $objecttmp=new Facture($db); $listofselectedid=array(); diff --git a/htdocs/contact/agenda.php b/htdocs/contact/agenda.php index cc7f36261cc..04c62107e83 100644 --- a/htdocs/contact/agenda.php +++ b/htdocs/contact/agenda.php @@ -115,7 +115,7 @@ if ($reshook < 0) setEventMessages($hookmanager->error, $hookmanager->errors, 'e if (empty($reshook)) { // Cancel - if (GETPOST("cancel") && ! empty($backtopage)) + if (GETPOST('cancel','alpha') && ! empty($backtopage)) { header("Location: ".$backtopage); exit; diff --git a/htdocs/contact/card.php b/htdocs/contact/card.php index d5854297f43..7dffd99f8bf 100644 --- a/htdocs/contact/card.php +++ b/htdocs/contact/card.php @@ -91,7 +91,7 @@ if ($reshook < 0) setEventMessages($hookmanager->error, $hookmanager->errors, 'e if (empty($reshook)) { // Cancel - if (GETPOST("cancel") && ! empty($backtopage)) + if (GETPOST('cancel','alpha') && ! empty($backtopage)) { header("Location: ".$backtopage); exit; diff --git a/htdocs/contact/list.php b/htdocs/contact/list.php index 6d89cd07cd4..ebf7bc611f9 100644 --- a/htdocs/contact/list.php +++ b/htdocs/contact/list.php @@ -176,8 +176,8 @@ if (($id > 0 || ! empty($ref)) && $action != 'add') * Actions */ -if (GETPOST('cancel')) { $action='list'; $massaction=''; } -if (! GETPOST('confirmmassaction') && $massaction != 'presend' && $massaction != 'confirm_presend') { $massaction=''; } +if (GETPOST('cancel','alpha')) { $action='list'; $massaction=''; } +if (! GETPOST('confirmmassaction','alpha') && $massaction != 'presend' && $massaction != 'confirm_presend') { $massaction=''; } $parameters=array(); $reshook=$hookmanager->executeHooks('doActions',$parameters, $object, $action); // Note that $action and $object may have been modified by some hooks diff --git a/htdocs/contrat/card.php b/htdocs/contrat/card.php index 26f9d0f6eae..5b109c7b0d7 100644 --- a/htdocs/contrat/card.php +++ b/htdocs/contrat/card.php @@ -636,7 +636,7 @@ if (empty($reshook)) } } - else if ($action == 'updateline' && $user->rights->contrat->creer && ! GETPOST('cancel')) + else if ($action == 'updateline' && $user->rights->contrat->creer && ! GETPOST('cancel','alpha')) { $objectline = new ContratLigne($db); if ($objectline->fetch(GETPOST('elrowid'))) @@ -822,7 +822,7 @@ if (empty($reshook)) } elseif ($action=='setref_supplier') { - $cancelbutton = GETPOST('cancel'); + $cancelbutton = GETPOST('cancel','alpha'); if (!$cancelbutton) { $result = $object->fetch($id); @@ -846,7 +846,7 @@ if (empty($reshook)) } elseif ($action=='setref_customer') { - $cancelbutton = GETPOST('cancel'); + $cancelbutton = GETPOST('cancel','alpha'); if (!$cancelbutton) { @@ -871,7 +871,7 @@ if (empty($reshook)) } elseif ($action=='setref') { - $cancelbutton = GETPOST('cancel'); + $cancelbutton = GETPOST('cancel','alpha'); if (!$cancelbutton) { $result = $object->fetch($id); @@ -895,7 +895,7 @@ if (empty($reshook)) } elseif ($action=='setdate_contrat') { - $cancelbutton = GETPOST('cancel'); + $cancelbutton = GETPOST('cancel','alpha'); if (!$cancelbutton) { $result = $object->fetch($id); diff --git a/htdocs/contrat/list.php b/htdocs/contrat/list.php index 17246751600..beba40103af 100644 --- a/htdocs/contrat/list.php +++ b/htdocs/contrat/list.php @@ -136,8 +136,8 @@ if (is_array($extrafields->attribute_label) && count($extrafields->attribute_lab * Action */ -if (GETPOST('cancel')) { $action='list'; $massaction=''; } -if (! GETPOST('confirmmassaction') && $massaction != 'presend' && $massaction != 'confirm_presend') { $massaction=''; } +if (GETPOST('cancel','alpha')) { $action='list'; $massaction=''; } +if (! GETPOST('confirmmassaction','alpha') && $massaction != 'presend' && $massaction != 'confirm_presend') { $massaction=''; } $parameters=array('socid'=>$socid); $reshook=$hookmanager->executeHooks('doActions',$parameters,$object,$action); // Note that $action and $object may have been modified by some hooks diff --git a/htdocs/contrat/services.php b/htdocs/contrat/services.php index aaf0d0cd796..cd445e682eb 100644 --- a/htdocs/contrat/services.php +++ b/htdocs/contrat/services.php @@ -140,8 +140,8 @@ if (is_array($extrafields->attribute_label) && count($extrafields->attribute_lab * Actions */ -if (GETPOST('cancel')) { $action='list'; $massaction=''; } -if (! GETPOST('confirmmassaction') && $massaction != 'presend' && $massaction != 'confirm_presend' && $massaction != 'confirm_createbills') { $massaction=''; } +if (GETPOST('cancel','alpha')) { $action='list'; $massaction=''; } +if (! GETPOST('confirmmassaction','alpha') && $massaction != 'presend' && $massaction != 'confirm_presend' && $massaction != 'confirm_createbills') { $massaction=''; } $parameters=array('socid'=>$socid); $reshook=$hookmanager->executeHooks('doActions',$parameters,$object,$action); // Note that $action and $object may have been modified by some hooks diff --git a/htdocs/core/actions_setnotes.inc.php b/htdocs/core/actions_setnotes.inc.php index 3fa76891124..39f63683575 100644 --- a/htdocs/core/actions_setnotes.inc.php +++ b/htdocs/core/actions_setnotes.inc.php @@ -28,7 +28,7 @@ // $id must be defined (object is loaded in this file with fetch) // Set public note -if ($action == 'setnote_public' && ! empty($permissionnote) && ! GETPOST('cancel')) +if ($action == 'setnote_public' && ! empty($permissionnote) && ! GETPOST('cancel','alpha')) { if (empty($action) || ! is_object($object) || empty($id)) dol_print_error('','Include of actions_setnotes.inc.php was done but required variable was not set before'); if (empty($object->id)) $object->fetch($id); // Fetch may not be already done @@ -36,7 +36,7 @@ if ($action == 'setnote_public' && ! empty($permissionnote) && ! GETPOST('cancel if ($result < 0) setEventMessages($object->error, $object->errors, 'errors'); } // Set public note -else if ($action == 'setnote_private' && ! empty($permissionnote) && ! GETPOST('cancel')) +else if ($action == 'setnote_private' && ! empty($permissionnote) && ! GETPOST('cancel','alpha')) { if (empty($action) || ! is_object($object) || empty($id)) dol_print_error('','Include of actions_setnotes.inc.php was done but required variable was not set before'); if (empty($object->id)) $object->fetch($id); // Fetch may not be already done diff --git a/htdocs/core/photos_resize.php b/htdocs/core/photos_resize.php index 5b29d25202e..69056ff02be 100644 --- a/htdocs/core/photos_resize.php +++ b/htdocs/core/photos_resize.php @@ -36,7 +36,7 @@ $action=GETPOST('action','alpha'); $modulepart=GETPOST('modulepart','alpha')?GETPOST('modulepart','alpha'):'produit|service'; $original_file = GETPOST("file"); $backtourl=GETPOST('backtourl'); -$cancel=GETPOST("cancel"); +$cancel=GETPOST('cancel','alpha'); // Security check if (empty($modulepart)) accessforbidden('Bad value for modulepart'); diff --git a/htdocs/cron/card.php b/htdocs/cron/card.php index dce56ff5468..a1255954014 100644 --- a/htdocs/cron/card.php +++ b/htdocs/cron/card.php @@ -41,7 +41,7 @@ if (!$user->rights->cron->create) accessforbidden(); $id=GETPOST('id','int'); $action=GETPOST('action','alpha'); $confirm=GETPOST('confirm','alpha'); -$cancel=GETPOST('cancel'); +$cancel=GETPOST('cancel','alpha'); $backtourl=GETPOST('backtourl','alpha'); $securitykey = GETPOST('securitykey','alpha'); diff --git a/htdocs/don/card.php b/htdocs/don/card.php index 72ea8e84792..6f3ab42d7fc 100644 --- a/htdocs/don/card.php +++ b/htdocs/don/card.php @@ -46,7 +46,7 @@ $langs->load("bills"); $id=GETPOST('rowid')?GETPOST('rowid','int'):GETPOST('id','int'); $action=GETPOST('action','alpha'); -$cancel=GETPOST('cancel'); +$cancel=GETPOST('cancel','alpha'); $amount=GETPOST('amount'); $donation_date=dol_mktime(12, 0, 0, GETPOST('remonth'), GETPOST('reday'), GETPOST('reyear')); $projectid = (GETPOST('projectid') ? GETPOST('projectid', 'int') : 0); diff --git a/htdocs/ecm/docfile.php b/htdocs/ecm/docfile.php index 61cce03cc1d..192240b4943 100644 --- a/htdocs/ecm/docfile.php +++ b/htdocs/ecm/docfile.php @@ -61,7 +61,7 @@ $pagenext = $page + 1; if (! $sortorder) $sortorder="ASC"; if (! $sortfield) $sortfield="label"; -$cancel=GETPOST('cancel'); +$cancel=GETPOST('cancel','alpha'); $action=GETPOST('action','aZ09'); $section=GETPOST("section"); if (! $section) diff --git a/htdocs/ecm/docmine.php b/htdocs/ecm/docmine.php index f418627d1be..c722ba9a208 100644 --- a/htdocs/ecm/docmine.php +++ b/htdocs/ecm/docmine.php @@ -138,7 +138,7 @@ if ($action == 'confirm_deletedir' && $confirm == 'yes') } // Update description -if ($action == 'update' && ! GETPOST('cancel')) +if ($action == 'update' && ! GETPOST('cancel','alpha')) { $error=0; diff --git a/htdocs/expedition/list.php b/htdocs/expedition/list.php index ab5fa27b13f..a5b693aa3f9 100644 --- a/htdocs/expedition/list.php +++ b/htdocs/expedition/list.php @@ -119,8 +119,8 @@ if (is_array($extrafields->attribute_label) && count($extrafields->attribute_lab * Actions */ -if (GETPOST('cancel')) { $action='list'; $massaction=''; } -if (! GETPOST('confirmmassaction')) { $massaction=''; } +if (GETPOST('cancel','alpha')) { $action='list'; $massaction=''; } +if (! GETPOST('confirmmassaction','alpha')) { $massaction=''; } $parameters=array('socid'=>$socid); $reshook=$hookmanager->executeHooks('doActions',$parameters,$object,$action); // Note that $action and $object may have been modified by some hooks diff --git a/htdocs/expensereport/card.php b/htdocs/expensereport/card.php index c231d2c6dd5..2b48f3d65b0 100644 --- a/htdocs/expensereport/card.php +++ b/htdocs/expensereport/card.php @@ -49,7 +49,7 @@ $langs->load("bills"); $langs->load("mails"); $action=GETPOST('action','aZ09'); -$cancel=GETPOST('cancel'); +$cancel=GETPOST('cancel','alpha'); $confirm = GETPOST('confirm', 'alpha'); $date_start = dol_mktime(0, 0, 0, GETPOST('date_debutmonth'), GETPOST('date_debutday'), GETPOST('date_debutyear')); diff --git a/htdocs/expensereport/list.php b/htdocs/expensereport/list.php index 28fcdefcf62..a02e23c3123 100644 --- a/htdocs/expensereport/list.php +++ b/htdocs/expensereport/list.php @@ -130,8 +130,8 @@ if (is_array($extrafields->attribute_label) && count($extrafields->attribute_lab * Actions */ -if (GETPOST('cancel')) { $action='list'; $massaction=''; } -if (! GETPOST('confirmmassaction') && $massaction != 'presend' && $massaction != 'confirm_presend') { $massaction=''; } +if (GETPOST('cancel','alpha')) { $action='list'; $massaction=''; } +if (! GETPOST('confirmmassaction','alpha') && $massaction != 'presend' && $massaction != 'confirm_presend') { $massaction=''; } $parameters=array('socid'=>$socid); $reshook=$hookmanager->executeHooks('doActions',$parameters,$object,$action); // Note that $action and $object may have been modified by some hooks diff --git a/htdocs/fichinter/list.php b/htdocs/fichinter/list.php index 866d8cab17c..9dca5d1badb 100644 --- a/htdocs/fichinter/list.php +++ b/htdocs/fichinter/list.php @@ -128,8 +128,8 @@ if (is_array($extrafields->attribute_label) && count($extrafields->attribute_lab * Actions */ -if (GETPOST('cancel')) { $action='list'; $massaction=''; } -if (! GETPOST('confirmmassaction') && $massaction != 'presend' && $massaction != 'confirm_presend' && $massaction != 'confirm_createbills') { $massaction=''; } +if (GETPOST('cancel','alpha')) { $action='list'; $massaction=''; } +if (! GETPOST('confirmmassaction','alpha') && $massaction != 'presend' && $massaction != 'confirm_presend' && $massaction != 'confirm_createbills') { $massaction=''; } $parameters=array('socid'=>$socid); $reshook=$hookmanager->executeHooks('doActions',$parameters,$object,$action); // Note that $action and $object may have been modified by some hooks diff --git a/htdocs/fourn/card.php b/htdocs/fourn/card.php index a413820cbe0..1f3d380dd1d 100644 --- a/htdocs/fourn/card.php +++ b/htdocs/fourn/card.php @@ -45,7 +45,7 @@ $langs->load('orders'); $langs->load('commercial'); $action = GETPOST('action','aZ09'); -$cancelbutton = GETPOST('cancel'); +$cancelbutton = GETPOST('cancel','alpha'); // Security check $id = (GETPOST('socid','int') ? GETPOST('socid','int') : GETPOST('id','int')); diff --git a/htdocs/fourn/commande/card.php b/htdocs/fourn/commande/card.php index 754e34e0d97..e92a7c25de3 100644 --- a/htdocs/fourn/commande/card.php +++ b/htdocs/fourn/commande/card.php @@ -542,7 +542,7 @@ if (empty($reshook)) /* * Updating a line in the order */ - if ($action == 'updateline' && $user->rights->fournisseur->commande->creer && ! GETPOST('cancel')) + if ($action == 'updateline' && $user->rights->fournisseur->commande->creer && ! GETPOST('cancel','alpha')) { $tva_tx = GETPOST('tva_tx'); @@ -1170,7 +1170,7 @@ if (empty($reshook)) include DOL_DOCUMENT_ROOT.'/core/actions_sendmails.inc.php'; - if ($action == 'webservice' && GETPOST('mode', 'alpha') == "send" && ! GETPOST('cancel')) + if ($action == 'webservice' && GETPOST('mode', 'alpha') == "send" && ! GETPOST('cancel','alpha')) { $ws_url = $object->thirdparty->webservices_url; $ws_key = $object->thirdparty->webservices_key; @@ -2269,7 +2269,7 @@ elseif (! empty($object->id)) /* * Action webservice */ - elseif ($action == 'webservice' && GETPOST('mode', 'alpha') != "send" && ! GETPOST('cancel')) + elseif ($action == 'webservice' && GETPOST('mode', 'alpha') != "send" && ! GETPOST('cancel','alpha')) { $mode = GETPOST('mode', 'alpha'); $ws_url = $object->thirdparty->webservices_url; diff --git a/htdocs/fourn/commande/list.php b/htdocs/fourn/commande/list.php index ac67d256824..4794d72da6a 100644 --- a/htdocs/fourn/commande/list.php +++ b/htdocs/fourn/commande/list.php @@ -172,8 +172,8 @@ if (is_array($extrafields->attribute_label) && count($extrafields->attribute_lab * Actions */ -if (GETPOST('cancel')) { $action='list'; $massaction=''; } -if (! GETPOST('confirmmassaction')) { $massaction=''; } +if (GETPOST('cancel','alpha')) { $action='list'; $massaction=''; } +if (! GETPOST('confirmmassaction','alpha')) { $massaction=''; } $parameters=array('socid'=>$socid); $reshook=$hookmanager->executeHooks('doActions',$parameters,$object,$action); // Note that $action and $object may have been modified by some hooks @@ -689,7 +689,7 @@ if ($resql) { $langs->load("mails"); - if (! GETPOST('cancel')) + if (! GETPOST('cancel','alpha')) { $objecttmp=new CommandeFournisseur($db); $listofselectedid=array(); diff --git a/htdocs/fourn/facture/list.php b/htdocs/fourn/facture/list.php index ec785c5e206..96473dd6e6e 100644 --- a/htdocs/fourn/facture/list.php +++ b/htdocs/fourn/facture/list.php @@ -183,8 +183,8 @@ if (is_array($extrafields->attribute_label) && count($extrafields->attribute_lab * Actions */ -if (GETPOST('cancel')) { $action='list'; $massaction=''; } -if (! GETPOST('confirmmassaction') && $massaction != 'presend' && $massaction != 'confirm_presend' && $massaction != 'confirm_createbills') { $massaction=''; } +if (GETPOST('cancel','alpha')) { $action='list'; $massaction=''; } +if (! GETPOST('confirmmassaction','alpha') && $massaction != 'presend' && $massaction != 'confirm_presend' && $massaction != 'confirm_createbills') { $massaction=''; } $parameters=array('socid'=>$socid); $reshook=$hookmanager->executeHooks('doActions',$parameters,$object,$action); // Note that $action and $object may have been modified by some hooks @@ -493,7 +493,7 @@ if ($resql) { $langs->load("mails"); - if (! GETPOST('cancel')) + if (! GETPOST('cancel','alpha')) { $objecttmp=new FactureFournisseur($db); $listofselectedid=array(); diff --git a/htdocs/fourn/product/list.php b/htdocs/fourn/product/list.php index 5707c0bff30..c6a8f24f98f 100644 --- a/htdocs/fourn/product/list.php +++ b/htdocs/fourn/product/list.php @@ -69,8 +69,8 @@ $extrafields = new ExtraFields($db); * Put here all code to do according to value of "action" parameter */ -if (GETPOST('cancel')) { $action='list'; $massaction=''; } -if (! GETPOST('confirmmassaction') && $massaction != 'presend' && $massaction != 'confirm_presend') { $massaction=''; } +if (GETPOST('cancel','alpha')) { $action='list'; $massaction=''; } +if (! GETPOST('confirmmassaction','alpha') && $massaction != 'presend' && $massaction != 'confirm_presend') { $massaction=''; } $parameters=array(); $reshook=$hookmanager->executeHooks('doActions',$parameters,$object,$action); // Note that $action and $object may have been modified by some hooks diff --git a/htdocs/holiday/define_holiday.php b/htdocs/holiday/define_holiday.php index 66e490ae420..de8a7147267 100644 --- a/htdocs/holiday/define_holiday.php +++ b/htdocs/holiday/define_holiday.php @@ -71,8 +71,8 @@ $holiday = new Holiday($db); * Actions */ -if (GETPOST('cancel')) { $action='list'; $massaction=''; } -if (! GETPOST('confirmmassaction') && $massaction != 'presend' && $massaction != 'confirm_presend') { $massaction=''; } +if (GETPOST('cancel','alpha')) { $action='list'; $massaction=''; } +if (! GETPOST('confirmmassaction','alpha') && $massaction != 'presend' && $massaction != 'confirm_presend') { $massaction=''; } $parameters=array(); $reshook=$hookmanager->executeHooks('doActions',$parameters,$object,$action); // Note that $action and $object may have been modified by some hooks diff --git a/htdocs/margin/checkMargins.php b/htdocs/margin/checkMargins.php index df44c6e6399..aa494a9ad0c 100644 --- a/htdocs/margin/checkMargins.php +++ b/htdocs/margin/checkMargins.php @@ -75,8 +75,8 @@ if (GETPOST("button_search_x") || GETPOST("button_search")) { * Actions */ -if (GETPOST('cancel')) { $action='list'; $massaction=''; } -if (! GETPOST('confirmmassaction') && $massaction != 'presend' && $massaction != 'confirm_presend') { $massaction=''; } +if (GETPOST('cancel','alpha')) { $action='list'; $massaction=''; } +if (! GETPOST('confirmmassaction','alpha') && $massaction != 'presend' && $massaction != 'confirm_presend') { $massaction=''; } $parameters=array(); $reshook=$hookmanager->executeHooks('doActions',$parameters, $object, $action); // Note that $action and $object may have been modified by some hooks diff --git a/htdocs/modulebuilder/template/myobject_agenda.php b/htdocs/modulebuilder/template/myobject_agenda.php index 8db9f0877c2..d6ccb79eea8 100644 --- a/htdocs/modulebuilder/template/myobject_agenda.php +++ b/htdocs/modulebuilder/template/myobject_agenda.php @@ -106,7 +106,7 @@ if ($reshook < 0) setEventMessages($hookmanager->error, $hookmanager->errors, 'e if (empty($reshook)) { // Cancel - if (GETPOST("cancel") && ! empty($backtopage)) + if (GETPOST('cancel','alpha') && ! empty($backtopage)) { header("Location: ".$backtopage); exit; diff --git a/htdocs/modulebuilder/template/myobject_list.php b/htdocs/modulebuilder/template/myobject_list.php index b89491b5d48..0d30d50df55 100644 --- a/htdocs/modulebuilder/template/myobject_list.php +++ b/htdocs/modulebuilder/template/myobject_list.php @@ -143,8 +143,8 @@ if (is_array($extrafields->attribute_label) && count($extrafields->attribute_lab * Put here all code to do according to value of "$action" parameter */ -if (GETPOST('cancel')) { $action='list'; $massaction=''; } -if (! GETPOST('confirmmassaction') && $massaction != 'presend' && $massaction != 'confirm_presend') { $massaction=''; } +if (GETPOST('cancel','alpha')) { $action='list'; $massaction=''; } +if (! GETPOST('confirmmassaction','alpha') && $massaction != 'presend' && $massaction != 'confirm_presend') { $massaction=''; } $parameters=array(); $reshook=$hookmanager->executeHooks('doActions', $parameters, $object, $action); // Note that $action and $object may have been modified by some hooks diff --git a/htdocs/opensurvey/card.php b/htdocs/opensurvey/card.php index c634ca1ceaa..4d71efe6395 100644 --- a/htdocs/opensurvey/card.php +++ b/htdocs/opensurvey/card.php @@ -35,7 +35,7 @@ if (!$user->rights->opensurvey->read) accessforbidden(); // Initialisation des variables $action=GETPOST('action','aZ09'); -$cancel=GETPOST('cancel'); +$cancel=GETPOST('cancel','alpha'); $numsondage = ''; diff --git a/htdocs/product/card.php b/htdocs/product/card.php index 53d553aca16..54afc80691f 100644 --- a/htdocs/product/card.php +++ b/htdocs/product/card.php @@ -69,7 +69,7 @@ $id=GETPOST('id', 'int'); $ref=GETPOST('ref', 'alpha'); $type=GETPOST('type','int'); $action=(GETPOST('action','alpha') ? GETPOST('action','alpha') : 'view'); -$cancel=GETPOST('cancel'); +$cancel=GETPOST('cancel','alpha'); $confirm=GETPOST('confirm','alpha'); $socid=GETPOST('socid','int'); $duration_value = GETPOST('duration_value'); @@ -358,7 +358,7 @@ if (empty($reshook)) // Update a product or service if ($action == 'update' && ($user->rights->produit->creer || $user->rights->service->creer)) { - if (GETPOST('cancel')) + if (GETPOST('cancel','alpha')) { $action = ''; } diff --git a/htdocs/product/inventory/list.php b/htdocs/product/inventory/list.php index 162567878d1..cf6d8a0f359 100644 --- a/htdocs/product/inventory/list.php +++ b/htdocs/product/inventory/list.php @@ -143,8 +143,8 @@ if (is_array($extrafields->attribute_label) && count($extrafields->attribute_lab * Put here all code to do according to value of "$action" parameter */ -if (GETPOST('cancel')) { $action='list'; $massaction=''; } -if (! GETPOST('confirmmassaction') && $massaction != 'presend' && $massaction != 'confirm_presend') { $massaction=''; } +if (GETPOST('cancel','alpha')) { $action='list'; $massaction=''; } +if (! GETPOST('confirmmassaction','alpha') && $massaction != 'presend' && $massaction != 'confirm_presend') { $massaction=''; } $parameters=array(); $reshook=$hookmanager->executeHooks('doActions',$parameters,$object,$action); // Note that $action and $object may have been modified by some hooks diff --git a/htdocs/product/list.php b/htdocs/product/list.php index 4f994660052..7d2b1a22b68 100644 --- a/htdocs/product/list.php +++ b/htdocs/product/list.php @@ -193,8 +193,8 @@ if (is_array($extrafields->attribute_label) && count($extrafields->attribute_lab * Actions */ -if (GETPOST('cancel')) { $action='list'; $massaction=''; } -if (! GETPOST('confirmmassaction') && $massaction != 'presend' && $massaction != 'confirm_presend') { $massaction=''; } +if (GETPOST('cancel','alpha')) { $action='list'; $massaction=''; } +if (! GETPOST('confirmmassaction','alpha') && $massaction != 'presend' && $massaction != 'confirm_presend') { $massaction=''; } $parameters=array(); $reshook=$hookmanager->executeHooks('doActions',$parameters, $object, $action); // Note that $action and $object may have been modified by some hooks diff --git a/htdocs/product/stock/card.php b/htdocs/product/stock/card.php index 0f843e97b61..b2a2f102ade 100644 --- a/htdocs/product/stock/card.php +++ b/htdocs/product/stock/card.php @@ -39,7 +39,7 @@ $langs->load("companies"); $langs->load("categories"); $action=GETPOST('action','aZ09'); -$cancel=GETPOST('cancel'); +$cancel=GETPOST('cancel','alpha'); $confirm=GETPOST('confirm'); $sortfield = GETPOST("sortfield",'alpha'); diff --git a/htdocs/product/stock/mouvement.php b/htdocs/product/stock/mouvement.php index 8659dfe8461..4b878c03260 100644 --- a/htdocs/product/stock/mouvement.php +++ b/htdocs/product/stock/mouvement.php @@ -51,7 +51,7 @@ $id=GETPOST('id','int'); $msid=GETPOST('msid','int'); $product_id=GETPOST("product_id"); $action=GETPOST('action','aZ09'); -$cancel=GETPOST('cancel'); +$cancel=GETPOST('cancel','alpha'); $idproduct = GETPOST('idproduct','int'); $year = GETPOST("year"); $month = GETPOST("month"); @@ -112,8 +112,8 @@ $object = new MouvementStock($db); // To be passed as parameter of executeHooks * Actions */ -if (GETPOST('cancel')) { $action='list'; $massaction=''; } -if (! GETPOST('confirmmassaction') && $massaction != 'presend' && $massaction != 'confirm_presend') { $massaction=''; } +if (GETPOST('cancel','alpha')) { $action='list'; $massaction=''; } +if (! GETPOST('confirmmassaction','alpha') && $massaction != 'presend' && $massaction != 'confirm_presend') { $massaction=''; } $parameters=array(); $reshook=$hookmanager->executeHooks('doActions',$parameters,$object,$action); // Note that $action and $object may have been modified by some hooks diff --git a/htdocs/product/stock/product.php b/htdocs/product/stock/product.php index 0a5b6183689..96395ab6874 100644 --- a/htdocs/product/stock/product.php +++ b/htdocs/product/stock/product.php @@ -53,13 +53,13 @@ if (! empty($conf->productbatch->enabled)) $langs->load("productbatch"); $backtopage=GETPOST('backtopage'); $action=GETPOST('action','aZ09'); -$cancel=GETPOST('cancel'); +$cancel=GETPOST('cancel','alpha'); $id=GETPOST('id', 'int'); $ref=GETPOST('ref', 'alpha'); $stocklimit = GETPOST('seuil_stock_alerte'); $desiredstock = GETPOST('desiredstock'); -$cancel = GETPOST('cancel'); +$cancel = GETPOST('cancel','alpha'); $fieldid = isset($_GET["ref"])?'ref':'rowid'; $d_eatby=dol_mktime(0, 0, 0, $_POST['eatbymonth'], $_POST['eatbyday'], $_POST['eatbyyear']); $d_sellby=dol_mktime(0, 0, 0, $_POST['sellbymonth'], $_POST['sellbyday'], $_POST['sellbyyear']); diff --git a/htdocs/product/stock/productlot_card.php b/htdocs/product/stock/productlot_card.php index a9e342a466d..e4dcfde07c4 100644 --- a/htdocs/product/stock/productlot_card.php +++ b/htdocs/product/stock/productlot_card.php @@ -150,7 +150,7 @@ if (empty($reshook)) // Action to add record if ($action == 'add') { - if (GETPOST('cancel')) + if (GETPOST('cancel','alpha')) { $urltogo=$backtopage?$backtopage:dol_buildpath('/stock/list.php',1); header("Location: ".$urltogo); @@ -198,10 +198,10 @@ if (empty($reshook)) } // Cancel - if ($action == 'update' && GETPOST('cancel')) $action='view'; + if ($action == 'update' && GETPOST('cancel','alpha')) $action='view'; // Action to update record - if ($action == 'update' && ! GETPOST('cancel')) + if ($action == 'update' && ! GETPOST('cancel','alpha')) { $error=0; diff --git a/htdocs/product/stock/productlot_list.php b/htdocs/product/stock/productlot_list.php index 3cf1e022e7f..37b66f5c7f3 100644 --- a/htdocs/product/stock/productlot_list.php +++ b/htdocs/product/stock/productlot_list.php @@ -132,8 +132,8 @@ if (($id > 0 || ! empty($ref)) && $action != 'add') * Actions */ -if (GETPOST('cancel')) { $action='list'; $massaction=''; } -if (! GETPOST('confirmmassaction') && $massaction != 'confirm_presend') { $massaction=''; } +if (GETPOST('cancel','alpha')) { $action='list'; $massaction=''; } +if (! GETPOST('confirmmassaction','alpha') && $massaction != 'confirm_presend') { $massaction=''; } $parameters=array(); $reshook=$hookmanager->executeHooks('doActions',$parameters,$object,$action); // Note that $action and $object may have been modified by some hooks diff --git a/htdocs/projet/list.php b/htdocs/projet/list.php index 5d0af329952..657e6d610d3 100644 --- a/htdocs/projet/list.php +++ b/htdocs/projet/list.php @@ -148,8 +148,8 @@ $object = new Project($db); * Actions */ -if (GETPOST('cancel')) { $action='list'; $massaction=''; } -if (! GETPOST('confirmmassaction') && $massaction != 'presend' && $massaction != 'confirm_presend' && $massaction != 'confirm_createbills') { $massaction=''; } +if (GETPOST('cancel','alpha')) { $action='list'; $massaction=''; } +if (! GETPOST('confirmmassaction','alpha') && $massaction != 'presend' && $massaction != 'confirm_presend' && $massaction != 'confirm_createbills') { $massaction=''; } $parameters=array('socid'=>$socid); $reshook=$hookmanager->executeHooks('doActions',$parameters,$object,$action); // Note that $action and $object may have been modified by some hooks diff --git a/htdocs/projet/tasks.php b/htdocs/projet/tasks.php index c00e93e239f..41413645906 100644 --- a/htdocs/projet/tasks.php +++ b/htdocs/projet/tasks.php @@ -39,7 +39,7 @@ $id = GETPOST('id', 'int'); $ref = GETPOST('ref', 'alpha'); $taskref = GETPOST('taskref', 'alpha'); $backtopage=GETPOST('backtopage','alpha'); -$cancel=GETPOST('cancel'); +$cancel=GETPOST('cancel','alpha'); $search_user_id = GETPOST('search_user_id', 'int'); diff --git a/htdocs/projet/tasks/list.php b/htdocs/projet/tasks/list.php index 3d239921c60..c730fd074d5 100644 --- a/htdocs/projet/tasks/list.php +++ b/htdocs/projet/tasks/list.php @@ -138,8 +138,8 @@ $object = new Task($db); * Actions */ -if (GETPOST('cancel')) { $action='list'; $massaction=''; } -if (! GETPOST('confirmmassaction') && $massaction != 'presend' && $massaction != 'confirm_presend' && $massaction != 'confirm_createbills') { $massaction=''; } +if (GETPOST('cancel','alpha')) { $action='list'; $massaction=''; } +if (! GETPOST('confirmmassaction','alpha') && $massaction != 'presend' && $massaction != 'confirm_presend' && $massaction != 'confirm_createbills') { $massaction=''; } $parameters=array('socid'=>$socid); $reshook=$hookmanager->executeHooks('doActions',$parameters,$object,$action); // Note that $action and $object may have been modified by some hooks diff --git a/htdocs/resource/element_resource.php b/htdocs/resource/element_resource.php index a886dcf475b..9c89b516eff 100644 --- a/htdocs/resource/element_resource.php +++ b/htdocs/resource/element_resource.php @@ -108,7 +108,7 @@ if ($action == 'add_element_resource' && ! $cancel) } // Update ressource -if ($action == 'update_linked_resource' && $user->rights->resource->write && !GETPOST('cancel') ) +if ($action == 'update_linked_resource' && $user->rights->resource->write && !GETPOST('cancel','alpha') ) { $res = $object->fetch_element_resource($lineid); if($res) diff --git a/htdocs/societe/agenda.php b/htdocs/societe/agenda.php index 497b9593142..0dea66946ec 100644 --- a/htdocs/societe/agenda.php +++ b/htdocs/societe/agenda.php @@ -76,7 +76,7 @@ if ($reshook < 0) setEventMessages($hookmanager->error, $hookmanager->errors, 'e if (empty($reshook)) { // Cancel - if (GETPOST("cancel") && ! empty($backtopage)) + if (GETPOST('cancel','alpha') && ! empty($backtopage)) { header("Location: ".$backtopage); exit; diff --git a/htdocs/societe/card.php b/htdocs/societe/card.php index bc51fb39375..45101a79d45 100644 --- a/htdocs/societe/card.php +++ b/htdocs/societe/card.php @@ -56,7 +56,7 @@ if (! empty($conf->notification->enabled)) $langs->load("mails"); $mesg=''; $error=0; $errors=array(); $action = (GETPOST('action','aZ09') ? GETPOST('action','aZ09') : 'view'); -$cancel = GETPOST('cancel'); +$cancel = GETPOST('cancel','alpha'); $backtopage = GETPOST('backtopage','alpha'); $confirm = GETPOST('confirm'); $socid = GETPOST('socid','int'); @@ -421,7 +421,7 @@ if (empty($reshook)) else if (! empty($_FILES['photo']['name'])) $object->logo = dol_sanitizeFileName($_FILES['photo']['name']); // Check parameters - if (! GETPOST("cancel")) + if (! GETPOST('cancel','alpha')) { if (! empty($object->email) && ! isValidEMail($object->email)) { @@ -580,7 +580,7 @@ if (empty($reshook)) if ($action == 'update') { - if (GETPOST("cancel")) + if (GETPOST('cancel','alpha')) { if (! empty($backtopage)) { diff --git a/htdocs/societe/list.php b/htdocs/societe/list.php index 02b717feb9b..e23a457cea5 100644 --- a/htdocs/societe/list.php +++ b/htdocs/societe/list.php @@ -208,8 +208,8 @@ $object = new Societe($db); * Actions */ -if (GETPOST('cancel')) { $action='list'; $massaction=''; } -if (! GETPOST('confirmmassaction') && $massaction != 'presend' && $massaction != 'confirm_presend') { $massaction=''; } +if (GETPOST('cancel','alpha')) { $action='list'; $massaction=''; } +if (! GETPOST('confirmmassaction','alpha') && $massaction != 'presend' && $massaction != 'confirm_presend') { $massaction=''; } $parameters=array(); $reshook=$hookmanager->executeHooks('doActions',$parameters, $object, $action); // Note that $action and $object may have been modified by some hooks diff --git a/htdocs/supplier_proposal/card.php b/htdocs/supplier_proposal/card.php index 04d0a09a804..fda4eea65ea 100644 --- a/htdocs/supplier_proposal/card.php +++ b/htdocs/supplier_proposal/card.php @@ -434,7 +434,7 @@ if (empty($reshook)) } // Reopen proposal - else if ($action == 'confirm_reopen' && $user->rights->supplier_proposal->cloturer && ! GETPOST('cancel')) { + else if ($action == 'confirm_reopen' && $user->rights->supplier_proposal->cloturer && ! GETPOST('cancel','alpha')) { // prevent browser refresh from reopening proposal several times if ($object->statut == SupplierProposal::STATUS_SIGNED || $object->statut == SupplierProposal::STATUS_NOTSIGNED || $object->statut == SupplierProposal::STATUS_CLOSE) { $object->reopen($user, SupplierProposal::STATUS_VALIDATED); @@ -442,7 +442,7 @@ if (empty($reshook)) } // Close proposal - else if ($action == 'close' && $user->rights->supplier_proposal->cloturer && ! GETPOST('cancel')) { + else if ($action == 'close' && $user->rights->supplier_proposal->cloturer && ! GETPOST('cancel','alpha')) { // prevent browser refresh from reopening proposal several times if ($object->statut == SupplierProposal::STATUS_SIGNED) { $object->setStatut(SupplierProposal::STATUS_CLOSE); @@ -450,7 +450,7 @@ if (empty($reshook)) } // Set accepted/refused - else if ($action == 'setstatut' && $user->rights->supplier_proposal->cloturer && ! GETPOST('cancel')) { + else if ($action == 'setstatut' && $user->rights->supplier_proposal->cloturer && ! GETPOST('cancel','alpha')) { if (! GETPOST('statut')) { setEventMessages($langs->trans("ErrorFieldRequired", $langs->transnoentities("CloseAs")), null, 'errors'); $action = 'statut'; @@ -871,7 +871,7 @@ if (empty($reshook)) } } - else if ($action == 'updateligne' && $user->rights->supplier_proposal->creer && GETPOST('cancel') == $langs->trans('Cancel')) { + else if ($action == 'updateligne' && $user->rights->supplier_proposal->creer && GETPOST('cancel','alpha') == $langs->trans('Cancel')) { header('Location: ' . $_SERVER['PHP_SELF'] . '?id=' . $object->id); // Pour reaffichage de la fiche en cours d'edition exit(); } diff --git a/htdocs/supplier_proposal/list.php b/htdocs/supplier_proposal/list.php index f92c0e6305d..96d1079b92a 100644 --- a/htdocs/supplier_proposal/list.php +++ b/htdocs/supplier_proposal/list.php @@ -168,8 +168,8 @@ if (is_array($extrafields->attribute_label) && count($extrafields->attribute_lab * Actions */ -if (GETPOST('cancel')) { $action='list'; $massaction=''; } -if (! GETPOST('confirmmassaction') && $massaction != 'presend' && $massaction != 'confirm_presend') { $massaction=''; } +if (GETPOST('cancel','alpha')) { $action='list'; $massaction=''; } +if (! GETPOST('confirmmassaction','alpha') && $massaction != 'presend' && $massaction != 'confirm_presend') { $massaction=''; } $parameters=array('socid'=>$socid); $reshook=$hookmanager->executeHooks('doActions',$parameters,$object,$action); // Note that $action and $object may have been modified by some hooks @@ -420,7 +420,7 @@ if ($resql) { $langs->load("mails"); - if (! GETPOST('cancel')) + if (! GETPOST('cancel','alpha')) { $objecttmp=new SupplierProposal($db); $listofselectedid=array(); diff --git a/htdocs/user/card.php b/htdocs/user/card.php index 0eac875046b..a495290f47a 100644 --- a/htdocs/user/card.php +++ b/htdocs/user/card.php @@ -55,7 +55,7 @@ $mode = GETPOST('mode','alpha'); $confirm = GETPOST('confirm','alpha'); $subaction = GETPOST('subaction','alpha'); $group = GETPOST("group","int",3); -$cancel = GETPOST('cancel'); +$cancel = GETPOST('cancel','alpha'); // Users/Groups management only in master entity if transverse mode if (($action == 'create' || $action == 'adduserldap') && ! empty($conf->multicompany->enabled) && $conf->entity > 1 && $conf->global->MULTICOMPANY_TRANSVERSE_MODE) diff --git a/htdocs/user/clicktodial.php b/htdocs/user/clicktodial.php index 2ba3c67d0b4..64919029536 100644 --- a/htdocs/user/clicktodial.php +++ b/htdocs/user/clicktodial.php @@ -53,7 +53,7 @@ $reshook=$hookmanager->executeHooks('doActions',$parameters,$object,$action); if ($reshook < 0) setEventMessages($hookmanager->error, $hookmanager->errors, 'errors'); if (empty($reshook)) { - if ($action == 'update' && !GETPOST('cancel')) { + if ($action == 'update' && !GETPOST('cancel','alpha')) { $edituser = new User($db); $edituser->fetch($id); diff --git a/htdocs/user/group/index.php b/htdocs/user/group/index.php index 9624e462a71..f4b962fb86f 100644 --- a/htdocs/user/group/index.php +++ b/htdocs/user/group/index.php @@ -68,8 +68,8 @@ $fieldstosearchall = array( * Actions */ -if (GETPOST('cancel')) { $action='list'; $massaction=''; } -if (! GETPOST('confirmmassaction') && $massaction != 'presend' && $massaction != 'confirm_presend' && $massaction != 'confirm_createbills') { $massaction=''; } +if (GETPOST('cancel','alpha')) { $action='list'; $massaction=''; } +if (! GETPOST('confirmmassaction','alpha') && $massaction != 'presend' && $massaction != 'confirm_presend' && $massaction != 'confirm_createbills') { $massaction=''; } $parameters=array(); $reshook=$hookmanager->executeHooks('doActions',$parameters); // Note that $action and $object may have been modified by some hooks diff --git a/htdocs/user/index.php b/htdocs/user/index.php index f9989827021..04bbbcf8b81 100644 --- a/htdocs/user/index.php +++ b/htdocs/user/index.php @@ -135,8 +135,8 @@ if ($mode == 'employee') $search_employee=1; * Actions */ -if (GETPOST('cancel')) { $action='list'; $massaction=''; } -if (! GETPOST('confirmmassaction') && $massaction != 'presend' && $massaction != 'confirm_presend' && $massaction != 'confirm_createbills') { $massaction=''; } +if (GETPOST('cancel','alpha')) { $action='list'; $massaction=''; } +if (! GETPOST('confirmmassaction','alpha') && $massaction != 'presend' && $massaction != 'confirm_presend' && $massaction != 'confirm_createbills') { $massaction=''; } $parameters=array(); $reshook=$hookmanager->executeHooks('doActions',$parameters); // Note that $action and $object may have been modified by some hooks diff --git a/htdocs/variants/combinations.php b/htdocs/variants/combinations.php index 0ec1bf07b68..f5feba2e606 100644 --- a/htdocs/variants/combinations.php +++ b/htdocs/variants/combinations.php @@ -41,7 +41,7 @@ $massaction=GETPOST('massaction','alpha'); $show_files=GETPOST('show_files','int'); $confirm=GETPOST('confirm','alpha'); $toselect = GETPOST('toselect', 'array'); -$cancel = GETPOST('cancel'); +$cancel = GETPOST('cancel','alpha'); // Security check $fieldvalue = (! empty($id) ? $id : $ref);