From ddedb68aeb5776b2c5d125f0736fbfda912b896f Mon Sep 17 00:00:00 2001 From: Regis Houssin Date: Mon, 5 Mar 2012 07:59:00 +0100 Subject: [PATCH 1/2] Fix: php unit test warning --- htdocs/admin/commande.php | 4 ++-- htdocs/admin/facture.php | 4 ++-- htdocs/admin/fournisseur.php | 6 +++--- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/htdocs/admin/commande.php b/htdocs/admin/commande.php index b4cdebd4bc5..852c8751d5c 100644 --- a/htdocs/admin/commande.php +++ b/htdocs/admin/commande.php @@ -73,7 +73,7 @@ if ($action == 'specimen') // Search template files $file=''; $classname=''; $filefound=0; - $dirmodels=array_merge(array('/'),(array)$conf->modules_parts['models']); + $dirmodels=array_merge(array('/'),(array) $conf->modules_parts['models']); foreach($dirmodels as $reldir) { $file=dol_buildpath($reldir."core/modules/commande/doc/pdf_".$modele.".modules.php",0); @@ -223,7 +223,7 @@ if ($action == 'set_COMMANDE_FREE_TEXT') * View */ -$dirmodels=array_merge(array('/'),(array)$conf->modules_parts['models']); +$dirmodels=array_merge(array('/'),(array) $conf->modules_parts['models']); llxHeader(); diff --git a/htdocs/admin/facture.php b/htdocs/admin/facture.php index d039f69926b..06b749d7afc 100644 --- a/htdocs/admin/facture.php +++ b/htdocs/admin/facture.php @@ -72,7 +72,7 @@ if ($action == 'specimen') // Search template files $file=''; $classname=''; $filefound=0; - $dirmodels=array_merge(array('/'),(array)$conf->modules_parts['models']); + $dirmodels=array_merge(array('/'),(array) $conf->modules_parts['models']); foreach($dirmodels as $reldir) { $file=dol_buildpath($reldir."core/modules/facture/doc/pdf_".$modele.".modules.php",0); @@ -291,7 +291,7 @@ if ($action == 'setforcedate') * View */ -$dirmodels=array_merge(array('/'),(array)$conf->modules_parts['models']); +$dirmodels=array_merge(array('/'),(array) $conf->modules_parts['models']); llxHeader("",$langs->trans("BillsSetup"),'EN:Invoice_Configuration|FR:Configuration_module_facture|ES:ConfiguracionFactura'); diff --git a/htdocs/admin/fournisseur.php b/htdocs/admin/fournisseur.php index 266c7e4940a..7ab06bcbc6c 100644 --- a/htdocs/admin/fournisseur.php +++ b/htdocs/admin/fournisseur.php @@ -78,7 +78,7 @@ if ($action == 'specimen') // For orders // Search template files $file=''; $classname=''; $filefound=0; - $dirmodels=array_merge(array('/'),(array)$conf->modules_parts['models']); + $dirmodels=array_merge(array('/'),(array) $conf->modules_parts['models']); foreach($dirmodels as $reldir) { $file=dol_buildpath($reldir."core/modules/supplier_order/pdf/pdf_".$modele.".modules.php",0); @@ -124,7 +124,7 @@ if ($action == 'specimenfacture') // For invoices // Search template files $file=''; $classname=''; $filefound=0; - $dirmodels=array_merge(array('/'),(array)$conf->modules_parts['models']); + $dirmodels=array_merge(array('/'),(array) $conf->modules_parts['models']); foreach($dirmodels as $reldir) { $file=dol_buildpath($reldir."core/modules/supplier_invoice/pdf/pdf_".$modele.".modules.php",0); @@ -262,7 +262,7 @@ if ($action == 'set_SUPPLIER_INVOICE_FREE_TEXT') * View */ -$dirmodels=array_merge(array('/'),(array)$conf->modules_parts['models']); +$dirmodels=array_merge(array('/'),(array) $conf->modules_parts['models']); llxHeader(); From 743489ae1d817167e17639b6bffc82824ed3d024 Mon Sep 17 00:00:00 2001 From: simnandez Date: Mon, 5 Mar 2012 11:16:30 +0100 Subject: [PATCH 2/2] Fix: Security --- htdocs/fichinter/apercu.php | 4 +- htdocs/fichinter/contact.php | 42 +++++----- htdocs/fichinter/document.php | 14 ++-- htdocs/fichinter/fiche.php | 144 +++++++++++++++++----------------- htdocs/fichinter/list.php | 27 ++++--- htdocs/fichinter/note.php | 10 +-- 6 files changed, 122 insertions(+), 119 deletions(-) diff --git a/htdocs/fichinter/apercu.php b/htdocs/fichinter/apercu.php index f338c0b5b0d..2ef4628759d 100644 --- a/htdocs/fichinter/apercu.php +++ b/htdocs/fichinter/apercu.php @@ -2,7 +2,7 @@ /* Copyright (C) 2002-2005 Rodolphe Quiedeville * Copyright (C) 2004-2005 Laurent Destailleur * Copyright (C) 2005-2011 Regis Houssin - * Copyright (C) 2011 Juanjo Menent + * Copyright (C) 2011-2012 Juanjo Menent * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -36,7 +36,7 @@ $langs->load('interventions'); // Security check $socid=0; $id = GETPOST('id','int'); -$ref = GETPOST("ref"); +$ref = GETPOST('ref','alpha'); if ($user->societe_id) $socid=$user->societe_id; $result = restrictedArea($user, 'ficheinter', $id, 'fichinter'); diff --git a/htdocs/fichinter/contact.php b/htdocs/fichinter/contact.php index 74fa3b5b9a3..e9fc602ed29 100644 --- a/htdocs/fichinter/contact.php +++ b/htdocs/fichinter/contact.php @@ -1,6 +1,7 @@ * Copyright (C) 2007-2009 Laurent Destailleur + * Copyright (C) 2012 Juanjo Menent * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -32,7 +33,8 @@ $langs->load("interventions"); $langs->load("sendings"); $langs->load("companies"); -$fichinterid = isset($_GET["id"])?$_GET["id"]:''; +$fichinterid = GETPOST('id','int'); +$action = GETPOST('action','alpha'); // Security check if ($user->societe_id) $socid=$user->societe_id; @@ -43,16 +45,16 @@ $result = restrictedArea($user, 'ficheinter', $fichinterid, 'fichinter'); * Ajout d'un nouveau contact */ -if ($_POST["action"] == 'addcontact' && $user->rights->ficheinter->creer) +if ($action == 'addcontact' && $user->rights->ficheinter->creer) { $result = 0; $fichinter = new Fichinter($db); - $result = $fichinter->fetch($_GET["id"]); + $result = $fichinter->fetch($fichinterid); - if ($result > 0 && $_GET["id"] > 0) + if ($result > 0 && $fichinterid > 0) { - $result = $fichinter->add_contact($_POST["contactid"], $_POST["type"], $_POST["source"]); + $result = $fichinter->add_contact(GETPOST('contactid','int'), GETPOST('type','int'), GETPOST('source','alpha')); } if ($result >= 0) @@ -75,12 +77,12 @@ if ($_POST["action"] == 'addcontact' && $user->rights->ficheinter->creer) } // bascule du statut d'un contact -if ($_GET["action"] == 'swapstatut' && $user->rights->ficheinter->creer) +if ($action == 'swapstatut' && $user->rights->ficheinter->creer) { $fichinter = new Fichinter($db); - if ($fichinter->fetch(GETPOST('id','int'))) + if ($fichinter->fetch($fichinterid)) { - $result=$fichinter->swapContactStatus(GETPOST('ligne')); + $result=$fichinter->swapContactStatus(GETPOST('ligne','int')); } else { @@ -89,11 +91,11 @@ if ($_GET["action"] == 'swapstatut' && $user->rights->ficheinter->creer) } // Efface un contact -if ($_GET["action"] == 'deleteline' && $user->rights->ficheinter->creer) +if ($action == 'deleteline' && $user->rights->ficheinter->creer) { $fichinter = new Fichinter($db); - $fichinter->fetch($_GET["id"]); - $result = $fichinter->delete_contact($_GET["lineid"]); + $fichinter->fetch($fichinterid); + $result = $fichinter->delete_contact(GETPOST('lineid','int')); if ($result >= 0) { @@ -125,11 +127,11 @@ $userstatic=new User($db); /* *************************************************************************** */ dol_htmloutput_mesg($mesg); -$id = $_GET["id"]; -if ($id > 0) + +if ($fichinterid > 0) { $fichinter = new Fichinter($db); - if ($fichinter->fetch($_GET['id']) > 0) + if ($fichinter->fetch($fichinterid) > 0) { $soc = new Societe($db); $soc->fetch($fichinter->socid); @@ -168,7 +170,7 @@ if ($id > 0) * Ajouter une ligne de contact * Non affiche en mode modification de ligne */ - if ($_GET["action"] != 'editline' && $user->rights->ficheinter->creer) + if ($action != 'editline' && $user->rights->ficheinter->creer) { print ''; print ''.$langs->trans("Source").''; @@ -180,11 +182,11 @@ if ($id > 0) $var = false; - print '
'; + print ''; print ''; print ''; print ''; - print ''; + print ''; // Ligne ajout pour contact interne print ""; @@ -209,11 +211,11 @@ if ($id > 0) print '
'; - print '
'; + print ''; print ''; print ''; print ''; - print ''; + print ''; // Ligne ajout pour contact externe $var=!$var; @@ -224,7 +226,7 @@ if ($id > 0) print ''; print ''; - $selectedCompany = isset($_GET["newcompany"])?$_GET["newcompany"]:$fichinter->client->id; + $selectedCompany = GETPOST('newcompany','int')?GETPOST('newcompany','int'):$fichinter->client->id; $selectedCompany = $formcompany->selectCompaniesForNewContact($fichinter, 'id', $selectedCompany, $htmlname = 'newcompany'); print ''; diff --git a/htdocs/fichinter/document.php b/htdocs/fichinter/document.php index 23c1196a088..df672ab5a3a 100644 --- a/htdocs/fichinter/document.php +++ b/htdocs/fichinter/document.php @@ -4,7 +4,7 @@ * Copyright (C) 2005 Marc Barilley / Ocebo * Copyright (C) 2005-2009 Regis Houssin * Copyright (C) 2005 Simon TOSSER - * Copyright (C) 2011 Juanjo Menent + * Copyright (C) 2011-2012 Juanjo Menent * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -39,7 +39,7 @@ $langs->load("companies"); $langs->load("interventions"); $id = GETPOST('id','int'); -$action = GETPOST("action"); +$action = GETPOST('action','alpha'); // Security check if ($user->societe_id) $socid=$user->societe_id; @@ -47,9 +47,9 @@ $result = restrictedArea($user, 'ficheinter', $id, 'fichinter'); // Get parameters -$sortfield = GETPOST("sortfield",'alpha'); -$sortorder = GETPOST("sortorder",'alpha'); -$page = GETPOST("page",'int'); +$sortfield = GETPOST('sortfield','alpha'); +$sortorder = GETPOST('sortorder','alpha'); +$page = GETPOST('page','int'); if ($page == -1) { $page = 0; } $offset = $conf->liste_limit * $page; $pageprev = $page - 1; @@ -69,7 +69,7 @@ $modulepart='fichinter'; * Actions */ -if (GETPOST("sendit") && ! empty($conf->global->MAIN_UPLOAD_DOC)) +if (GETPOST('sendit','alpha') && ! empty($conf->global->MAIN_UPLOAD_DOC)) { require_once(DOL_DOCUMENT_ROOT."/core/lib/files.lib.php"); @@ -133,7 +133,7 @@ if ($object->id) if ($action == 'delete') { - $file = $upload_dir . '/' . GETPOST("urlfile"); // Do not use urldecode here ($_GET and $_REQUEST are already decoded by PHP). + $file = $upload_dir . '/' . GETPOST('urlfile','alpha'); // Do not use urldecode here ($_GET and $_REQUEST are already decoded by PHP). $result=dol_delete_file($file); //if ($result >= 0) $mesg=$langs->trans("FileWasRemoced"); } diff --git a/htdocs/fichinter/fiche.php b/htdocs/fichinter/fiche.php index 9f753db3060..28b9fc49260 100644 --- a/htdocs/fichinter/fiche.php +++ b/htdocs/fichinter/fiche.php @@ -2,7 +2,7 @@ /* Copyright (C) 2002-2007 Rodolphe Quiedeville * Copyright (C) 2004-2011 Laurent Destailleur * Copyright (C) 2005-2011 Regis Houssin - * Copyright (C) 2011 Juanjo Menent + * Copyright (C) 2011-2012 Juanjo Menent * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -44,11 +44,11 @@ $langs->load("companies"); $langs->load("interventions"); $id = GETPOST('id','int'); -$ref = GETPOST('ref'); +$ref = GETPOST('ref','alpha'); $socid = GETPOST('socid','int'); -$action = GETPOST("action"); -$confirm = GETPOST("confirm"); -$mesg = GETPOST("msg"); +$action = GETPOST('action','alpha'); +$confirm = GETPOST('confirm','alpha'); +$mesg = GETPOST('msg','alpha'); // Security check if ($user->societe_id) $socid=$user->societe_id; @@ -72,14 +72,14 @@ if ($action == 'confirm_validate' && $confirm == 'yes') // Define output language $outputlangs = $langs; $newlang=''; - if ($conf->global->MAIN_MULTILANGS && empty($newlang) && ! empty($_REQUEST['lang_id'])) $newlang=$_REQUEST['lang_id']; + if ($conf->global->MAIN_MULTILANGS && empty($newlang) && GETPOST('lang_id','alpha')) $newlang=GETPOST('lang_id','alpha'); if ($conf->global->MAIN_MULTILANGS && empty($newlang)) $newlang=$object->client->default_lang; if (! empty($newlang)) { $outputlangs = new Translate("",$conf); $outputlangs->setDefaultLang($newlang); } - $result=fichinter_create($db, $object, $_REQUEST['model'], $outputlangs); + $result=fichinter_create($db, $object, GETPOST('model','alpha'), $outputlangs); Header('Location: '.$_SERVER["PHP_SELF"].'?id='.$object->id); exit; } @@ -100,14 +100,14 @@ if ($action == 'confirm_modify' && $confirm == 'yes') // Define output language $outputlangs = $langs; $newlang=''; - if ($conf->global->MAIN_MULTILANGS && empty($newlang) && ! empty($_REQUEST['lang_id'])) $newlang=$_REQUEST['lang_id']; + if ($conf->global->MAIN_MULTILANGS && empty($newlang) && GETPOST('lang_id','alpha')) $newlang=GETPOST('lang_id','alpha'); if ($conf->global->MAIN_MULTILANGS && empty($newlang)) $newlang=$object->client->default_lang; if (! empty($newlang)) { $outputlangs = new Translate("",$conf); $outputlangs->setDefaultLang($newlang); } - $result=fichinter_create($db, $object, (empty($_REQUEST['model'])?$object->model:$_REQUEST['model']), $outputlangs); + $result=fichinter_create($db, $object, (!GETPOST('model','alpha'))?$object->model:GETPOST('model','apha'), $outputlangs); Header('Location: '.$_SERVER["PHP_SELF"].'?id='.$object->id); exit; } @@ -120,14 +120,14 @@ if ($action == 'confirm_modify' && $confirm == 'yes') if ($action == 'add') { $object->socid = $socid; - $object->duree = $_POST["duree"]; - $object->fk_project = $_POST["projectid"]; + $object->duree = GETPOST('duree','int'); + $object->fk_project = GETPOST('projectid','int'); $object->author = $user->id; - $object->description = $_POST["description"]; + $object->description = GETPOST('description','alpha'); $object->ref = $ref; - $object->modelpdf = $_POST["model"]; - $object->note_private = $_POST["note_private"]; - $object->note_public = $_POST["note_public"]; + $object->modelpdf = GETPOST('model','alpha'); + $object->note_private = GETPOST('note_private','alpha'); + $object->note_public = GETPOST('note_public','alpha'); if ($object->socid > 0) { @@ -155,9 +155,9 @@ if ($action == 'update') $object->fetch($id); $object->socid = $socid; - $object->fk_project = $_POST["projectid"]; + $object->fk_project = GETPOST('projectid','int'); $object->author = $user->id; - $object->description = $_POST["description"]; + $object->description = GETPOST('description','alpha'); $object->ref = $ref; $object->update(); @@ -172,22 +172,22 @@ if ($action == 'builddoc') // En get ou en post $object->fetch_thirdparty(); $object->fetch_lines(); - if ($_REQUEST['model']) + if (GETPOST('model','alpha')) { - $object->setDocModel($user, $_REQUEST['model']); + $object->setDocModel($user, GETPOST('model','alpha')); } // Define output language $outputlangs = $langs; $newlang=''; - if ($conf->global->MAIN_MULTILANGS && empty($newlang) && ! empty($_REQUEST['lang_id'])) $newlang=$_REQUEST['lang_id']; + if ($conf->global->MAIN_MULTILANGS && empty($newlang) && GETPOST('lang_id','alpha')) $newlang=GETPOST('lang_id','alpha'); if ($conf->global->MAIN_MULTILANGS && empty($newlang)) $newlang=$object->client->default_lang; if (! empty($newlang)) { $outputlangs = new Translate("",$conf); $outputlangs->setDefaultLang($newlang); } - $result=fichinter_create($db, $object, $_REQUEST['model'], $outputlangs); + $result=fichinter_create($db, $object, GETPOST('model','alpha'), $outputlangs); if ($result <= 0) { dol_print_error($db,$result); @@ -199,7 +199,7 @@ if ($action == 'builddoc') // En get ou en post if ($action == 'classin') { $object->fetch($id); - $result=$object->setProject($_POST['projectid']); + $result=$object->setProject(GETPOST('projectid','int')); if ($result < 0) dol_print_error($db,$object->error); } @@ -217,31 +217,31 @@ if ($action == 'confirm_delete' && $confirm == 'yes') if ($action == 'setdescription') { $object->fetch($id); - $result=$object->set_description($user,$_POST['description']); + $result=$object->set_description($user,GETPOST('description','alpha')); if ($result < 0) dol_print_error($db,$object->error); } if ($action == 'setnote_public') { $object->fetch($id); - $result=$object->update_note_public($_POST['note_public']); + $result=$object->update_note_public(GETPOST('note_public','alpha')); if ($result < 0) dol_print_error($db,$object->error); } if ($action == 'setnote_private') { $object->fetch($id); - $result=$object->update_note($_POST['note_private']); + $result=$object->update_note(GETPOST('note_private','alpha')); if ($result < 0) dol_print_error($db,$object->error); } // Add line if ($action == "addline" && $user->rights->ficheinter->creer) { - if (empty($_POST['np_desc'])) + if (!GETPOST('np_desc','alpha')) { $mesg='
'.$langs->trans("ErrorFieldRequired",$langs->transnoentitiesnoconv("Description")).'
'; $error++; } - if (empty($_POST['durationhour']) && empty($_POST['durationmin'])) + if (!GETPOST('durationhour','int') && !GETPOST('durationmin','int')) { $mesg='
'.$langs->trans("ErrorFieldRequired",$langs->transnoentitiesnoconv("Duration")).'
'; $error++; @@ -253,9 +253,9 @@ if ($action == "addline" && $user->rights->ficheinter->creer) $ret=$object->fetch($id); $object->fetch_thirdparty(); - $desc=$_POST['np_desc']; - $date_intervention = dol_mktime($_POST["dihour"], $_POST["dimin"], 0, $_POST["dimonth"], $_POST["diday"], $_POST["diyear"]); - $duration = convertTime2Seconds($_POST['durationhour'],$_POST['durationmin']); + $desc=GETPOST('np_desc','alpha'); + $date_intervention = dol_mktime(GETPOST('dihour','int'), GETPOST('dimin','int'), 0, GETPOST('dimonth','int'), GETPOST('diday','int'), GETPOST('diyear','int')); + $duration = convertTime2Seconds(GETPOST('durationhour','int'),GETPOST('durationmin','int')); $result=$object->addline( $id, @@ -267,7 +267,7 @@ if ($action == "addline" && $user->rights->ficheinter->creer) // Define output language $outputlangs = $langs; $newlang=''; - if ($conf->global->MAIN_MULTILANGS && empty($newlang) && ! empty($_REQUEST['lang_id'])) $newlang=$_REQUEST['lang_id']; + if ($conf->global->MAIN_MULTILANGS && empty($newlang) && GETPOST('lang_id','alpha')) $newlang=GETPOST('lang_id','alpha'); if ($conf->global->MAIN_MULTILANGS && empty($newlang)) $newlang=$object->client->default_lang; if (! empty($newlang)) { @@ -310,10 +310,10 @@ if ($action == 'classifybilled') /* * Mise a jour d'une ligne d'intervention */ -if ($action == 'updateline' && $user->rights->ficheinter->creer && $_POST["save"] == $langs->trans("Save")) +if ($action == 'updateline' && $user->rights->ficheinter->creer && GETPOST('save','alpha') == $langs->trans("Save")) { $objectline = new FichinterLigne($db); - if ($objectline->fetch($_POST['line_id']) <= 0) + if ($objectline->fetch(GETPOST('line_id','int')) <= 0) { dol_print_error($db); exit; @@ -326,9 +326,9 @@ if ($action == 'updateline' && $user->rights->ficheinter->creer && $_POST["save" } $object->fetch_thirdparty(); - $desc = $_POST['np_desc']; - $date_inter = dol_mktime($_POST["dihour"], $_POST["dimin"], 0, $_POST["dimonth"], $_POST["diday"], $_POST["diyear"]); - $duration = convertTime2Seconds($_POST['durationhour'],$_POST['durationmin']); + $desc = GETPOST('np_desc','alpha'); + $date_inter = dol_mktime(GETPOST('dihour','int'), GETPOST('dimin','int'), 0, GETPOST('dimonth','int'), GETPOST('diday','int'), GETPOST('diyear','int')); + $duration = convertTime2Seconds(GETPOST('durationhour','int'),GETPOST('durationmin','int')); $objectline->datei = $date_inter; $objectline->desc = $desc; @@ -343,7 +343,7 @@ if ($action == 'updateline' && $user->rights->ficheinter->creer && $_POST["save" // Define output language $outputlangs = $langs; $newlang=''; - if ($conf->global->MAIN_MULTILANGS && empty($newlang) && ! empty($_REQUEST['lang_id'])) $newlang=$_REQUEST['lang_id']; + if ($conf->global->MAIN_MULTILANGS && empty($newlang) && GETPOST('lang_id','alpha')) $newlang=GETPOST('lang_id','alpha'); if ($conf->global->MAIN_MULTILANGS && empty($newlang)) $newlang=$object->client->default_lang; if (! empty($newlang)) { @@ -364,7 +364,7 @@ if ($action == 'confirm_deleteline' && $confirm == 'yes') if ($user->rights->ficheinter->creer) { $objectline = new FichinterLigne($db); - if ($objectline->fetch($_GET['line_id']) <= 0) + if ($objectline->fetch(GETPOST('line_id','int')) <= 0) { dol_print_error($db); exit; @@ -380,7 +380,7 @@ if ($action == 'confirm_deleteline' && $confirm == 'yes') // Define output language $outputlangs = $langs; $newlang=''; - if ($conf->global->MAIN_MULTILANGS && empty($newlang) && ! empty($_REQUEST['lang_id'])) $newlang=$_REQUEST['lang_id']; + if ($conf->global->MAIN_MULTILANGS && empty($newlang) && GETPOST('lang_id','alpha')) $newlang=GETPOST('lang_id','alpha'); if ($conf->global->MAIN_MULTILANGS && empty($newlang)) $newlang=$object->client->default_lang; if (! empty($newlang)) { @@ -401,12 +401,12 @@ if ($action == 'up' && $user->rights->ficheinter->creer) { $object->fetch($id); $object->fetch_thirdparty(); - $object->line_up($_GET['line_id']); + $object->line_up(GETPOST('line_id','int')); // Define output language $outputlangs = $langs; $newlang=''; - if ($conf->global->MAIN_MULTILANGS && empty($newlang) && ! empty($_REQUEST['lang_id'])) $newlang=$_REQUEST['lang_id']; + if ($conf->global->MAIN_MULTILANGS && empty($newlang) && GETPOST('lang_id','alpha')) $newlang=GETPOST('lang_id','alpha'); if ($conf->global->MAIN_MULTILANGS && empty($newlang)) $newlang=$object->client->default_lang; if (! empty($newlang)) { @@ -414,7 +414,7 @@ if ($action == 'up' && $user->rights->ficheinter->creer) $outputlangs->setDefaultLang($newlang); } fichinter_create($db, $object, $object->modelpdf, $outputlangs); - Header('Location: '.$_SERVER["PHP_SELF"].'?id='.$object->id.'#'.$_GET['line_id']); + Header('Location: '.$_SERVER["PHP_SELF"].'?id='.$object->id.'#'.GETPOST('line_id','int')); exit; } @@ -422,12 +422,12 @@ if ($action == 'down' && $user->rights->ficheinter->creer) { $object->fetch($id); $object->fetch_thirdparty(); - $object->line_down($_GET['line_id']); + $object->line_down(GETPOST('line_id','int')); // Define output language $outputlangs = $langs; $newlang=''; - if ($conf->global->MAIN_MULTILANGS && empty($newlang) && ! empty($_REQUEST['lang_id'])) $newlang=$_REQUEST['lang_id']; + if ($conf->global->MAIN_MULTILANGS && empty($newlang) && GETPOST('lang_id','alpha')) $newlang=GETPOST('lang_id','alpha'); if ($conf->global->MAIN_MULTILANGS && empty($newlang)) $newlang=$object->client->default_lang; if (! empty($newlang)) { @@ -435,7 +435,7 @@ if ($action == 'down' && $user->rights->ficheinter->creer) $outputlangs->setDefaultLang($newlang); } fichinter_create($db, $object, $object->modelpdf, $outputlangs); - Header('Location: '.$_SERVER["PHP_SELF"].'?id='.$object->id.'#'.$_GET['line_id']); + Header('Location: '.$_SERVER["PHP_SELF"].'?id='.$object->id.'#'.GETPOST('line_id','int')); exit; } @@ -443,7 +443,7 @@ if ($action == 'down' && $user->rights->ficheinter->creer) /* * Add file in email form */ -if ($_POST['addfile']) +if (GETPOST('addfile','alpha')) { require_once(DOL_DOCUMENT_ROOT."/core/lib/files.lib.php"); @@ -459,7 +459,7 @@ if ($_POST['addfile']) /* * Remove file in email form */ -if (! empty($_POST['removedfile'])) +if (GETPOST('removedfile','alpha')) { require_once(DOL_DOCUMENT_ROOT."/core/lib/files.lib.php"); @@ -468,7 +468,7 @@ if (! empty($_POST['removedfile'])) $upload_dir_tmp = $vardir.'/temp'; // TODO Delete only files that was uploaded from email form - $mesg=dol_remove_file_process($_POST['removedfile'],0); + $mesg=dol_remove_file_process(GETPOST('removedfile','alpha'),0); $action='presend'; } @@ -476,7 +476,7 @@ if (! empty($_POST['removedfile'])) /* * Send mail */ -if ($action == 'send' && ! $_POST['cancel'] && (empty($conf->global->MAIN_USE_ADVANCED_PERMS) || $user->rights->ficheinter->ficheinter_advance->send)) +if ($action == 'send' && ! GETPOST('cancel','alpha') && (empty($conf->global->MAIN_USE_ADVANCED_PERMS) || $user->rights->ficheinter->ficheinter_advance->send)) { $langs->load('mails'); @@ -489,24 +489,24 @@ if ($action == 'send' && ! $_POST['cancel'] && (empty($conf->global->MAIN_USE_AD { $object->fetch_thirdparty(); - if ($_POST['sendto']) + if (GETPOST('sendto','alpha')) { // Le destinataire a ete fourni via le champ libre - $sendto = $_POST['sendto']; + $sendto = GETPOST('sendto','alpha'); $sendtoid = 0; } - elseif ($_POST['receiver'] != '-1') + elseif (GETPOST('receiver','alpha') != '-1') { // Recipient was provided from combo list - if ($_POST['receiver'] == 'thirdparty') // Id of third party + if (GETPOST('receiver','alpha') == 'thirdparty') // Id of third party { $sendto = $object->client->email; $sendtoid = 0; } else // Id du contact { - $sendto = $object->client->contact_get_email($_POST['receiver']); - $sendtoid = $_POST['receiver']; + $sendto = $object->client->contact_get_email(GETPOST('receiver','alpha')); + $sendtoid = GETPOST('receiver','alpha'); } } @@ -514,15 +514,15 @@ if ($action == 'send' && ! $_POST['cancel'] && (empty($conf->global->MAIN_USE_AD { $langs->load("commercial"); - $from = $_POST['fromname'] . ' <' . $_POST['frommail'] .'>'; - $replyto = $_POST['replytoname']. ' <' . $_POST['replytomail'].'>'; - $message = $_POST['message']; - $sendtocc = $_POST['sendtocc']; - $deliveryreceipt = $_POST['deliveryreceipt']; + $from = GETPOST('fromname','alpha') . ' <' . GETPOST('frommail','alpha') .'>'; + $replyto = GETPOST('replytoname','alpha'). ' <' . GETPOST('replytomail','alpha').'>'; + $message = GETPOST('message','alpha'); + $sendtocc = GETPOST('sendtocc','alpha'); + $deliveryreceipt = GETPOST('deliveryreceipt','alpha'); if ($action == 'send') { - if (strlen($_POST['subject'])) $subject = $_POST['subject']; + if (strlen(GETPOST('subject','alphs'))) $subject = GETPOST('subject','alpha'); else $subject = $langs->transnoentities('Intervention').' '.$object->ref; $actiontypecode='AC_FICH'; $actionmsg = $langs->transnoentities('MailSentBy').' '.$from.' '.$langs->transnoentities('To').' '.$sendto.".\n"; @@ -695,7 +695,7 @@ if ($action == 'create') $langs->load("project"); print ''.$langs->trans("Project").''; - $numprojet=select_projects($soc->id,$_POST["projectid"],'projectid'); + $numprojet=select_projects($soc->id,GETPOST('projectid','int'),'projectid'); if ($numprojet==0) { print '   '.$langs->trans("AddProject").''; @@ -796,7 +796,7 @@ else if ($id > 0 || ! empty($ref)) // Confirmation de la suppression d'une ligne d'intervention if ($action == 'ask_deleteline') { - $ret=$form->form_confirm($_SERVER["PHP_SELF"].'?id='.$object->id.'&line_id='.$_GET["line_id"], $langs->trans('DeleteInterventionLine'), $langs->trans('ConfirmDeleteInterventionLine'), 'confirm_deleteline','',0,1); + $ret=$form->form_confirm($_SERVER["PHP_SELF"].'?id='.$object->id.'&line_id='.GETPOST('line_id','int'), $langs->trans('DeleteInterventionLine'), $langs->trans('ConfirmDeleteInterventionLine'), 'confirm_deleteline','',0,1); if ($ret == 'html') print '
'; } @@ -908,7 +908,7 @@ else if ($id > 0 || ! empty($ref)) $var=!$var; // Ligne en mode visu - if ($action != 'editline' || $_GET['line_id'] != $objp->rowid) + if ($action != 'editline' || GETPOST('line_id','int') != $objp->rowid) { print ''; print ''; @@ -963,13 +963,13 @@ else if ($id > 0 || ! empty($ref)) } // Ligne en mode update - if ($object->statut == 0 && $action == 'editline' && $user->rights->ficheinter->creer && $_GET["line_id"] == $objp->rowid) + if ($object->statut == 0 && $action == 'editline' && $user->rights->ficheinter->creer && GETPOST('line_id','int') == $objp->rowid) { print 'rowid.'" method="post">'; print ''; print ''; print ''; - print ''; + print ''; print ''; print ''; print ''; // ancre pour retourner sur la ligne @@ -1031,21 +1031,21 @@ else if ($id > 0 || ! empty($ref)) print ''; // editeur wysiwyg require_once(DOL_DOCUMENT_ROOT."/core/class/doleditor.class.php"); - $doleditor=new DolEditor('np_desc',$_POST["np_desc"],'',100,'dolibarr_details','',false,true,$conf->global->FCKEDITOR_ENABLE_DETAILS,ROWS_2,70); + $doleditor=new DolEditor('np_desc',GETPOST('np_desc','alpha'),'',100,'dolibarr_details','',false,true,$conf->global->FCKEDITOR_ENABLE_DETAILS,ROWS_2,70); $doleditor->Create(); print ''; // Date intervention print ''; $timearray=dol_getdate(mktime()); - if (empty($_POST['diday'])) $timewithnohour=dol_mktime(0,0,0,$timearray['mon'],$timearray['mday'],$timearray['year']); - else $timewithnohour=dol_mktime($_POST['dihour'],$_POST['dimin'],$_POST['disec'],$_POST['dimonth'],$_POST['diday'],$_POST['diyear']); + if (!GETPOST('diday','int')) $timewithnohour=dol_mktime(0,0,0,$timearray['mon'],$timearray['mday'],$timearray['year']); + else $timewithnohour=dol_mktime(GETPOST('dihour','int'),GETPOST('dimin','int'),GETPOST('disec','int'),GETPOST('dimonth','int'),GETPOST('diday','int'),GETPOST('diyear','int')); $form->select_date($timewithnohour,'di',1,1,0,"addinter"); print ''; // Duration print ''; - $form->select_duration('duration',(empty($_POST["durationhour"]) && empty($_POST["durationmin"]))?3600:(60*60*$_POST["durationhour"]+60*$_POST["durationmin"])); + $form->select_duration('duration',(!GETPOST('durationhour','int') && !GETPOST('durationmin','int'))?3600:(60*60*GETPOST('durationhour','int')+60*GETPOST('durationmin','int'))); print ''; print ''; @@ -1191,7 +1191,7 @@ else if ($id > 0 || ! empty($ref)) $formmail->fromname = $user->getFullName($langs); $formmail->frommail = $user->email; $formmail->withfrom=1; - $formmail->withto=empty($_POST["sendto"])?1:$_POST["sendto"]; + $formmail->withto=(!GETPOST('sendto','alpha'))?1:GETPOST('sendto','alpha'); $formmail->withtosocid=$societe->id; $formmail->withtocc=1; $formmail->withtoccsocid=0; @@ -1212,7 +1212,7 @@ else if ($id > 0 || ! empty($ref)) $formmail->param['returnurl']=$_SERVER["PHP_SELF"].'?id='.$object->id; // Init list of files - if (! empty($_REQUEST["mode"]) && $_REQUEST["mode"]=='init') + if (GETPOST('mode','alpha')=='init') { $formmail->clear_attached_files(); $formmail->add_attached_files($file,$object->ref.'.pdf','application/pdf'); diff --git a/htdocs/fichinter/list.php b/htdocs/fichinter/list.php index a693e261e6c..20a9d7681d3 100755 --- a/htdocs/fichinter/list.php +++ b/htdocs/fichinter/list.php @@ -2,7 +2,7 @@ /* Copyright (C) 2002-2003 Rodolphe Quiedeville * Copyright (C) 2004-2011 Laurent Destailleur * Copyright (C) 2005-2009 Regis Houssin - * Copyright (C) 2011 Juanjo Menent + * Copyright (C) 2011-2012 Juanjo Menent * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -32,22 +32,23 @@ require_once(DOL_DOCUMENT_ROOT."/core/lib/date.lib.php"); $langs->load("companies"); $langs->load("interventions"); -$sortfield = GETPOST("sortfield",'alpha'); -$sortorder = GETPOST("sortorder",'alpha'); -$page = GETPOST("page",'int'); -if ($page == -1) { $page = 0; } -$offset = $conf->liste_limit * $page; -$pageprev = $page - 1; -$pagenext = $page + 1; - $socid=GETPOST('socid','int'); -$page=GETPOST("page"); // Security check $fichinterid = GETPOST('id','int'); if ($user->societe_id) $socid=$user->societe_id; $result = restrictedArea($user, 'ficheinter', $fichinterid,'fichinter'); +$sortfield = GETPOST('sortfield','alpha'); +$sortorder = GETPOST('sortorder','alpha'); +$page = GETPOST('page','int'); +if ($page == -1) { + $page = 0; +} +$offset = $conf->liste_limit * $page; +$pageprev = $page - 1; +$pagenext = $page + 1; + if (! $sortorder) $sortorder="DESC"; if (! $sortfield) $sortfield="fd.date"; if ($page == -1) { $page = 0 ; } @@ -57,9 +58,9 @@ $offset = $limit * $page ; $pageprev = $page - 1; $pagenext = $page + 1; -$search_ref=GETPOST("search_ref"); -$search_company=GETPOST("search_company"); -$search_desc=GETPOST("search_desc"); +$search_ref=GETPOST('search_ref','alpha'); +$search_company=GETPOST('search_company','alpha'); +$search_desc=GETPOST('search_desc','alpha'); /* diff --git a/htdocs/fichinter/note.php b/htdocs/fichinter/note.php index 891ffca9036..3c3154594f1 100644 --- a/htdocs/fichinter/note.php +++ b/htdocs/fichinter/note.php @@ -1,6 +1,6 @@ - * Copyright (C) 2011 Juanjo Menent + * Copyright (C) 2011-2012 Juanjo Menent * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -30,7 +30,7 @@ $langs->load('companies'); $langs->load("interventions"); $fichinterid = GETPOST('id','int'); -$action=GETPOST("action"); +$action=GETPOST('action','alpha'); // Security check if ($user->societe_id) $socid=$user->societe_id; @@ -48,7 +48,7 @@ if ($action == 'update_public' && $user->rights->ficheinter->creer) $db->begin(); - $res=$fichinter->update_note_public(GETPOST("note_public"),$user); + $res=$fichinter->update_note_public(GETPOST('note_public','alpha'),$user); if ($res < 0) { $mesg='
'.$fichinter->error.'
'; @@ -67,7 +67,7 @@ if ($action == 'update' && $user->rights->ficheinter->creer) $db->begin(); - $res=$fichinter->update_note(GETPOST("note_private"),$user); + $res=$fichinter->update_note(GETPOST('note_private','alpha'),$user); if ($res < 0) { $mesg='
'.$fichinter->error.'
'; @@ -157,7 +157,7 @@ if ($fichinterid) */ print '
'; - if ($user->rights->ficheinter->creer && GETPOST("action") <> 'edit') + if ($user->rights->ficheinter->creer && $action <> 'edit') { print ''.$langs->trans('Modify').''; }