diff --git a/htdocs/adherents/card.php b/htdocs/adherents/card.php
index 7d24b330d3e..21bcc17bd42 100644
--- a/htdocs/adherents/card.php
+++ b/htdocs/adherents/card.php
@@ -243,18 +243,16 @@ if (empty($reshook))
require_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php';
$birthdate = '';
- if (isset($_POST["birthday"]) && $_POST["birthday"]
- && isset($_POST["birthmonth"]) && $_POST["birthmonth"]
- && isset($_POST["birthyear"]) && $_POST["birthyear"])
+ if (GETPOST("birthday", 'int') && GETPOST("birthmonth", 'int') && GETPOST("birthyear", 'int'))
{
- $birthdate = dol_mktime(12, 0, 0, $_POST["birthmonth"], $_POST["birthday"], $_POST["birthyear"]);
+ $birthdate = dol_mktime(12, 0, 0, GETPOST("birthmonth", 'int'), GETPOST("birthday", 'int'), GETPOST("birthyear", 'int'));
}
- $lastname = $_POST["lastname"];
- $firstname = $_POST["firstname"];
- $gender = $_POST["gender"];
- $societe = $_POST["societe"];
- $morphy = $_POST["morphy"];
- $login = $_POST["login"];
+ $lastname = GETPOST("lastname", 'alphanohtml');
+ $firstname = GETPOST("firstname", 'alphanohtml');
+ $gender = GETPOST("gender", 'alphanohtml');
+ $societe = GETPOST("societe", 'alphanohtml');
+ $morphy = GETPOST("morphy", 'alphanohtml');
+ $login = GETPOST("login", 'alphanohtml');
if ($morphy != 'mor' && empty($lastname)) {
$error++;
$langs->load("errors");
@@ -284,19 +282,19 @@ if (empty($reshook))
$object->oldcopy = clone $object;
// Change values
- $object->civility_id = trim(GETPOST("civility_id", 'alpha'));
- $object->firstname = trim(GETPOST("firstname", 'alpha'));
- $object->lastname = trim(GETPOST("lastname", 'alpha'));
- $object->gender = trim(GETPOST("gender", 'alpha'));
+ $object->civility_id = trim(GETPOST("civility_id", 'alphanohtml'));
+ $object->firstname = trim(GETPOST("firstname", 'alphanohtml'));
+ $object->lastname = trim(GETPOST("lastname", 'alphanohtml'));
+ $object->gender = trim(GETPOST("gender", 'alphanohtml'));
$object->login = trim(GETPOST("login", 'alpha'));
$object->pass = trim(GETPOST("pass", 'alpha'));
- $object->societe = trim(GETPOST("societe", 'alpha')); // deprecated
- $object->company = trim(GETPOST("societe", 'alpha'));
+ $object->societe = trim(GETPOST("societe", 'alphanohtml')); // deprecated
+ $object->company = trim(GETPOST("societe", 'alphanohtml'));
- $object->address = trim(GETPOST("address", 'alpha'));
- $object->zip = trim(GETPOST("zipcode", 'alpha'));
- $object->town = trim(GETPOST("town", 'alpha'));
+ $object->address = trim(GETPOST("address", 'alphanohtml'));
+ $object->zip = trim(GETPOST("zipcode", 'alphanohtml'));
+ $object->town = trim(GETPOST("town", 'alphanohtml'));
$object->state_id = GETPOST("state_id", 'int');
$object->country_id = GETPOST("country_id", 'int');
@@ -442,14 +440,14 @@ if (empty($reshook))
}
$typeid = GETPOST("typeid", 'int');
- $civility_id = GETPOST("civility_id", 'alpha');
- $lastname = GETPOST("lastname", 'alpha');
- $firstname = GETPOST("firstname", 'alpha');
- $gender = GETPOST("gender", 'alpha');
- $societe = GETPOST("societe", 'alpha');
- $address = GETPOST("address", 'alpha');
- $zip = GETPOST("zipcode", 'alpha');
- $town = GETPOST("town", 'alpha');
+ $civility_id = GETPOST("civility_id", 'alphanohtml');
+ $lastname = GETPOST("lastname", 'alphanohtml');
+ $firstname = GETPOST("firstname", 'alphanohtml');
+ $gender = GETPOST("gender", 'alphanohtml');
+ $societe = GETPOST("societe", 'alphanohtml');
+ $address = GETPOST("address", 'alphanohtml');
+ $zip = GETPOST("zipcode", 'alphanohtml');
+ $town = GETPOST("town", 'alphanohtml');
$state_id = GETPOST("state_id", 'int');
$country_id = GETPOST("country_id", 'int');
@@ -465,9 +463,8 @@ if (empty($reshook))
$pass = GETPOST("password", 'alpha');
$photo = GETPOST("photo", 'alpha');
//$comment=GETPOST("comment",'none');
- $morphy = GETPOST("morphy", 'alpha');
- $subscription = GETPOST("subscription", 'alpha');
- $public = GETPOST("public", 'alpha');
+ $morphy = GETPOST("morphy", 'alphanohtml');
+ $public = GETPOST("public", 'alphanohtml');
$userid = GETPOST("userid", 'int');
$socid = GETPOST("socid", 'int');
@@ -976,7 +973,7 @@ else
print "\n";
// Company
- print '| '.$langs->trans("Company").' | |
';
+ print '| '.$langs->trans("Company").' | |
';
// Civility
print '| '.$langs->trans("UserTitle").' | ';
@@ -984,39 +981,39 @@ else
print ' |
';
// Lastname
- print '| '.$langs->trans("Lastname").' | | ';
+ print '
| '.$langs->trans("Lastname").' | | ';
print '
';
// Firstname
- print '| '.$langs->trans("Firstname").' | | ';
+ print '
| '.$langs->trans("Firstname").' | | ';
print '
';
// Gender
print '| '.$langs->trans("Gender").' | ';
print '';
$arraygender = array('man'=>$langs->trans("Genderman"), 'woman'=>$langs->trans("Genderwoman"));
- print $form->selectarray('gender', $arraygender, GETPOST('gender'), 1);
+ print $form->selectarray('gender', $arraygender, GETPOST('gender', 'alphanohtml'), 1);
print ' |
';
// EMail
- print '| '.img_picto('', 'object_email').' '.($conf->global->ADHERENT_MAIL_REQUIRED ? '' : '').$langs->trans("EMail").($conf->global->ADHERENT_MAIL_REQUIRED ? '' : '').' | |
';
+ print '| '.img_picto('', 'object_email').' '.($conf->global->ADHERENT_MAIL_REQUIRED ? '' : '').$langs->trans("EMail").($conf->global->ADHERENT_MAIL_REQUIRED ? '' : '').' | |
';
// Address
print '| '.$langs->trans("Address").' | ';
- print '';
+ print '';
print ' |
';
// Zip / Town
print '| '.$langs->trans("Zip").' / '.$langs->trans("Town").' | ';
- print $formcompany->select_ziptown((GETPOST('zipcode', 'alphanohtml') ?GETPOST('zipcode', 'alphanohtml') : $object->zip), 'zipcode', array('town', 'selectcountry_id', 'state_id'), 6);
+ print $formcompany->select_ziptown((GETPOSTISSET('zipcode') ? GETPOST('zipcode', 'alphanohtml') : $object->zip), 'zipcode', array('town', 'selectcountry_id', 'state_id'), 6);
print ' ';
- print $formcompany->select_ziptown((GETPOST('town', 'alphanohtml') ?GETPOST('town', 'alphanohtml') : $object->town), 'town', array('zipcode', 'selectcountry_id', 'state_id'));
+ print $formcompany->select_ziptown((GETPOSTISSET('town') ? GETPOST('town', 'alphanohtml') : $object->town), 'town', array('zipcode', 'selectcountry_id', 'state_id'));
print ' |
';
// Country
$object->country_id = $object->country_id ? $object->country_id : $mysoc->country_id;
print '| '.$langs->trans('Country').' | ';
- print $form->select_country(GETPOST('country_id', 'alpha') ?GETPOST('country_id', 'alpha') : $object->country_id, 'country_id');
+ print $form->select_country(GETPOSTISSET('country_id') ? GETPOST('country_id', 'alpha') : $object->country_id, 'country_id');
if ($user->admin) print info_admin($langs->trans("YouCanChangeValuesForThisListFromDictionarySetup"), 1);
print ' |
';
@@ -1026,7 +1023,7 @@ else
print '| '.$langs->trans('State').' | ';
if ($object->country_id)
{
- print $formcompany->select_state(GETPOST('state_id', 'int') ?GETPOST('state_id', 'int') : $object->state_id, $object->country_code);
+ print $formcompany->select_state(GETPOSTISSET('state_id') ? GETPOST('state_id', 'int') : $object->state_id, $object->country_code);
}
else
{
@@ -1036,18 +1033,18 @@ else
}
// Pro phone
- print ' |
| '.img_picto('', 'object_phoning').' '.$langs->trans("PhonePro").' | |
';
+ print '| '.img_picto('', 'object_phoning').' '.$langs->trans("PhonePro").' | |
';
// Personal phone
- print '| '.img_picto('', 'object_phoning').' '.$langs->trans("PhonePerso").' | |
';
+ print '| '.img_picto('', 'object_phoning').' '.$langs->trans("PhonePerso").' | |
';
// Mobile phone
- print '| '.img_picto('', 'object_phoning_mobile').' '.$langs->trans("PhoneMobile").' | |
';
+ print '| '.img_picto('', 'object_phoning_mobile').' '.$langs->trans("PhoneMobile").' | |
';
if (!empty($conf->socialnetworks->enabled)) {
foreach ($socialnetworks as $key => $value) {
if (!$value['active']) break;
- print '| '.$langs->trans($value['label']).' | |
';
+ print '| '.$langs->trans($value['label']).' | |
';
}
}
@@ -1196,14 +1193,14 @@ else
$morphys["phy"] = $langs->trans("Physical");
$morphys["mor"] = $langs->trans("Moral");
print '| '.$langs->trans("MemberNature").' | ';
- print $form->selectarray("morphy", $morphys, (GETPOSTISSET("morphy") ?GETPOST("morphy", 'alpha') : $object->morphy));
+ print $form->selectarray("morphy", $morphys, (GETPOSTISSET("morphy") ? GETPOST("morphy", 'alpha') : $object->morphy));
print " |
";
// Type
print '| '.$langs->trans("Type").' | ';
if ($user->rights->adherent->creer)
{
- print $form->selectarray("typeid", $adht->liste_array(), (GETPOSTISSET("typeid") ?GETPOST("typeid", 'int') : $object->typeid));
+ print $form->selectarray("typeid", $adht->liste_array(), (GETPOSTISSET("typeid") ? GETPOST("typeid", 'int') : $object->typeid));
}
else
{
@@ -1213,27 +1210,27 @@ else
print " |
";
// Company
- print '| '.$langs->trans("Company").' | company).'"> |
';
+ print '| '.$langs->trans("Company").' | company).'"> |
';
// Civility
print '| '.$langs->trans("UserTitle").' | ';
- print $formcompany->select_civility(isset($_POST["civility_id"]) ? $_POST["civility_id"] : $object->civility_id)."\n";
+ print $formcompany->select_civility(GETPOSTISSET("civility_id") ? GETPOST("civility_id", 'alpha') : $object->civility_id)."\n";
print ' | ';
print '
';
// Lastname
- print '| '.$langs->trans("Lastname").' | lastname).'"> | ';
+ print '
| '.$langs->trans("Lastname").' | lastname).'"> | ';
print '
';
// Firstname
- print '| '.$langs->trans("Firstname").' | firstname).'"> | ';
+ print '
| '.$langs->trans("Firstname").' | firstname).'"> | ';
print '
';
// Gender
print '| '.$langs->trans("Gender").' | ';
print '';
$arraygender = array('man'=>$langs->trans("Genderman"), 'woman'=>$langs->trans("Genderwoman"));
- print $form->selectarray('gender', $arraygender, GETPOST('gender') ?GETPOST('gender') : $object->gender, 1);
+ print $form->selectarray('gender', $arraygender, GETPOSTISSET('gender') ? GETPOST('gender', 'alphanohtml') : $object->gender, 1);
print ' |
';
// Photo
@@ -1256,14 +1253,14 @@ else
// Address
print '| '.$langs->trans("Address").' | ';
- print '';
+ print '';
print ' |
';
// Zip / Town
print '| '.$langs->trans("Zip").' / '.$langs->trans("Town").' | ';
- print $formcompany->select_ziptown((isset($_POST["zipcode"]) ?GETPOST("zipcode", '', 2) : $object->zip), 'zipcode', array('town', 'selectcountry_id', 'state_id'), 6);
+ print $formcompany->select_ziptown((GETPOSTISSET("zipcode") ? GETPOST("zipcode", 'alphanohtml', 2) : $object->zip), 'zipcode', array('town', 'selectcountry_id', 'state_id'), 6);
print ' ';
- print $formcompany->select_ziptown((isset($_POST["town"]) ?GETPOST("town", '', 2) : $object->town), 'town', array('zipcode', 'selectcountry_id', 'state_id'));
+ print $formcompany->select_ziptown((GETPOSTISSET("town") ? GETPOST("town", 'alphanohtml', 2) : $object->town), 'town', array('zipcode', 'selectcountry_id', 'state_id'));
print ' |
';
// Country
@@ -1282,18 +1279,18 @@ else
}
// Pro phone
- print '| '.img_picto('', 'object_phoning').' '.$langs->trans("PhonePro").' | phone).'"> |
';
+ print '| '.img_picto('', 'object_phoning').' '.$langs->trans("PhonePro").' | phone).'"> |
';
// Personal phone
- print '| '.img_picto('', 'object_phoning').' '.$langs->trans("PhonePerso").' | phone_perso).'"> |
';
+ print '| '.img_picto('', 'object_phoning').' '.$langs->trans("PhonePerso").' | phone_perso).'"> |
';
// Mobile phone
- print '| '.img_picto('', 'object_phoning_mobile').' '.$langs->trans("PhoneMobile").' | phone_mobile).'"> |
';
+ print '| '.img_picto('', 'object_phoning_mobile').' '.$langs->trans("PhoneMobile").' | phone_mobile).'"> |
';
if (!empty($conf->socialnetworks->enabled)) {
foreach ($socialnetworks as $key => $value) {
if (!$value['active']) break;
- print '| '.$langs->trans($value['label']).' | |
';
+ print '| '.$langs->trans($value['label']).' | |
';
}
}
@@ -1304,7 +1301,7 @@ else
// Public profil
print "| ".$langs->trans("Public")." | \n";
- print $form->selectyesno("public", (isset($_POST["public"]) ?GETPOST("public", '', 2) : $object->public), 1);
+ print $form->selectyesno("public", (GETPOSTISSET("public") ? GETPOST("public", 'alphanohtml', 2) : $object->public), 1);
print " |
\n";
// Categories
diff --git a/htdocs/install/mysql/migration/repair.sql b/htdocs/install/mysql/migration/repair.sql
index b21429a4d1b..28fe1697449 100644
--- a/htdocs/install/mysql/migration/repair.sql
+++ b/htdocs/install/mysql/migration/repair.sql
@@ -519,3 +519,7 @@ UPDATE llx_facturedet SET situation_percent = 100 WHERE situation_percent IS NUL
-- update llx_societe set code_compta_fournisseur = concat('401', substr(code_fournisseur, 3, 2),substr(code_fournisseur, 8, 5)) where fournisseur in (1,2,3) and code_fournisseur is not null;
+-- To fix a table with error 'ERROR 1118 (42000): Row size too large. The maximum row size for the used table type, not counting BLOBs, is 8126. This includes storage overhead, check the manual. You have to change some columns to TEXT or BLOBs'
+--ALTER TABLE llx_tablename ROW_FORMAT=DYNAMIC;
+
+
diff --git a/htdocs/product/card.php b/htdocs/product/card.php
index ad793f4f7d3..59f2eb13170 100644
--- a/htdocs/product/card.php
+++ b/htdocs/product/card.php
@@ -193,7 +193,7 @@ if (empty($reshook))
{
$error = 0;
- if (!GETPOST('label'))
+ if (!GETPOST('label', 'alphanohtml'))
{
setEventMessages($langs->trans('ErrorFieldRequired', $langs->transnoentities('Label')), null, 'errors');
$action = "create";
@@ -217,8 +217,8 @@ if (empty($reshook))
$units = GETPOST('units', 'int');
$object->ref = $ref;
- $object->label = GETPOST('label');
- $object->price_base_type = GETPOST('price_base_type');
+ $object->label = GETPOST('label', 'alphanohtml');
+ $object->price_base_type = GETPOST('price_base_type', 'aZ09');
if ($object->price_base_type == 'TTC')
$object->price_ttc = GETPOST('price');
@@ -293,7 +293,7 @@ if (empty($reshook))
$object->url = GETPOST('url');
$object->note_private = dol_htmlcleanlastbr(GETPOST('note_private', 'none'));
$object->note = $object->note_private; // deprecated
- $object->customcode = GETPOST('customcode', 'alpha');
+ $object->customcode = GETPOST('customcode', 'alphanohtml');
$object->country_id = GETPOST('country_id', 'int');
$object->duration_value = $duration_value;
$object->duration_unit = $duration_unit;
@@ -394,7 +394,7 @@ if (empty($reshook))
$object->oldcopy = clone $object;
$object->ref = $ref;
- $object->label = GETPOST('label');
+ $object->label = GETPOST('label', 'alphanohtml');
$object->description = dol_htmlcleanlastbr(GETPOST('desc', 'none'));
$object->url = GETPOST('url');
if (!empty($conf->global->MAIN_DISABLE_NOTES_TAB))
@@ -975,7 +975,7 @@ else
print '';
$tmpcode = '';
if (!empty($modCodeProduct->code_auto)) $tmpcode = $modCodeProduct->getNextValue($object, $type);
- print '| '.$langs->trans("Ref").' | ';
+ print ' | '.$langs->trans("Ref").' | ';
if ($refalreadyexists)
{
print $langs->trans("RefAlreadyExists");
@@ -983,7 +983,7 @@ else
print ' |
';
// Label
- print '| '.$langs->trans("Label").' | |
';
+ print '| '.$langs->trans("Label").' | |
';
// On sell
print '| '.$langs->trans("Status").' ('.$langs->trans("Sell").') | ';
diff --git a/htdocs/societe/card.php b/htdocs/societe/card.php
index 9cc5febc2ca..2b4f0fc57af 100644
--- a/htdocs/societe/card.php
+++ b/htdocs/societe/card.php
@@ -390,23 +390,23 @@ if (empty($reshook))
if (GETPOST("private", 'int') == 1) // Ask to create a contact
{
- $object->particulier = GETPOST("private");
+ $object->particulier = GETPOST("private", 'int');
- $object->name = dolGetFirstLastname(GETPOST('firstname', 'alpha'), GETPOST('name', 'alpha'));
- $object->civility_id = GETPOST('civility_id'); // Note: civility id is a code, not an int
+ $object->name = dolGetFirstLastname(GETPOST('firstname', 'alphanohtml'), GETPOST('name', 'alphanohtml'));
+ $object->civility_id = GETPOST('civility_id', 'alphanohtml'); // Note: civility id is a code, not an int
// Add non official properties
- $object->name_bis = GETPOST('name', 'alpha');
- $object->firstname = GETPOST('firstname', 'alpha');
+ $object->name_bis = GETPOST('name', 'alphanohtml');
+ $object->firstname = GETPOST('firstname', 'alphanohtml');
}
else
{
- $object->name = GETPOST('name', 'alpha');
+ $object->name = GETPOST('name', 'alphanohtml');
}
- $object->entity = (GETPOSTISSET('entity') ?GETPOST('entity', 'int') : $conf->entity);
- $object->name_alias = GETPOST('name_alias');
- $object->address = GETPOST('address');
- $object->zip = GETPOST('zipcode', 'alpha');
- $object->town = GETPOST('town', 'alpha');
+ $object->entity = (GETPOSTISSET('entity') ? GETPOST('entity', 'int') : $conf->entity);
+ $object->name_alias = GETPOST('name_alias', 'alphanohtml');
+ $object->address = GETPOST('address', 'alphanohtml');
+ $object->zip = GETPOST('zipcode', 'alphanohtml');
+ $object->town = GETPOST('town', 'alphanohtml');
$object->country_id = GETPOST('country_id', 'int');
$object->state_id = GETPOST('state_id', 'int');
//$object->skype = GETPOST('skype', 'alpha');
@@ -425,19 +425,19 @@ if (empty($reshook))
$object->fax = GETPOST('fax', 'alpha');
$object->email = trim(GETPOST('email', 'custom', 0, FILTER_SANITIZE_EMAIL));
$object->url = trim(GETPOST('url', 'custom', 0, FILTER_SANITIZE_URL));
- $object->idprof1 = trim(GETPOST('idprof1', 'alpha'));
- $object->idprof2 = trim(GETPOST('idprof2', 'alpha'));
- $object->idprof3 = trim(GETPOST('idprof3', 'alpha'));
- $object->idprof4 = trim(GETPOST('idprof4', 'alpha'));
- $object->idprof5 = trim(GETPOST('idprof5', 'alpha'));
- $object->idprof6 = trim(GETPOST('idprof6', 'alpha'));
- $object->prefix_comm = GETPOST('prefix_comm', 'alpha');
+ $object->idprof1 = trim(GETPOST('idprof1', 'alphanohtml'));
+ $object->idprof2 = trim(GETPOST('idprof2', 'alphanohtml'));
+ $object->idprof3 = trim(GETPOST('idprof3', 'alphanohtml'));
+ $object->idprof4 = trim(GETPOST('idprof4', 'alphanohtml'));
+ $object->idprof5 = trim(GETPOST('idprof5', 'alphanohtml'));
+ $object->idprof6 = trim(GETPOST('idprof6', 'alphanohtml'));
+ $object->prefix_comm = GETPOST('prefix_comm', 'alphanohtml');
$object->code_client = GETPOSTISSET('customer_code') ?GETPOST('customer_code', 'alpha') : GETPOST('code_client', 'alpha');
$object->code_fournisseur = GETPOSTISSET('supplier_code') ?GETPOST('supplier_code', 'alpha') : GETPOST('code_fournisseur', 'alpha');
- $object->capital = GETPOST('capital', 'alpha');
- $object->barcode = GETPOST('barcode', 'alpha');
+ $object->capital = GETPOST('capital', 'alphanohtml');
+ $object->barcode = GETPOST('barcode', 'alphanohtml');
- $object->tva_intra = GETPOST('tva_intra', 'alpha');
+ $object->tva_intra = GETPOST('tva_intra', 'alphanohtml');
$object->tva_assuj = GETPOST('assujtva_value', 'alpha');
$object->status = GETPOST('status', 'alpha');
@@ -964,16 +964,16 @@ else
if (GETPOST("type") == 'p') { $object->client = 2; }
if (!empty($conf->fournisseur->enabled) && (GETPOST("type") == 'f' || (GETPOST("type") == '' && !empty($conf->global->THIRDPARTY_SUPPLIER_BY_DEFAULT)))) { $object->fournisseur = 1; }
- $object->name = GETPOST('name', 'alpha');
- $object->name_alias = GETPOST('name_alias', 'alpha');
- $object->firstname = GETPOST('firstname', 'alpha');
+ $object->name = GETPOST('name', 'alphanohtml');
+ $object->name_alias = GETPOST('name_alias', 'alphanohtml');
+ $object->firstname = GETPOST('firstname', 'alphanohtml');
$object->particulier = $private;
- $object->prefix_comm = GETPOST('prefix_comm', 'alpha');
+ $object->prefix_comm = GETPOST('prefix_comm', 'alphanohtml');
$object->client = GETPOST('client', 'int') ?GETPOST('client', 'int') : $object->client;
if (empty($duplicate_code_error)) {
$object->code_client = GETPOST('customer_code', 'alpha');
- $object->fournisseur = GETPOST('fournisseur') ?GETPOST('fournisseur') : $object->fournisseur;
+ $object->fournisseur = GETPOST('fournisseur') ? GETPOST('fournisseur', 'int') : $object->fournisseur;
$object->code_fournisseur = GETPOST('supplier_code', 'alpha');
}
else {
@@ -981,9 +981,9 @@ else
}
- $object->address = GETPOST('address', 'alpha');
- $object->zip = GETPOST('zipcode', 'alpha');
- $object->town = GETPOST('town', 'alpha');
+ $object->address = GETPOST('address', 'alphanohtml');
+ $object->zip = GETPOST('zipcode', 'alphanohtml');
+ $object->town = GETPOST('town', 'alphanohtml');
$object->state_id = GETPOST('state_id', 'int');
//$object->skype = GETPOST('skype', 'alpha');
//$object->twitter = GETPOST('twitter', 'alpha');
@@ -1001,14 +1001,14 @@ else
$object->fax = GETPOST('fax', 'alpha');
$object->email = GETPOST('email', 'custom', 0, FILTER_SANITIZE_EMAIL);
$object->url = GETPOST('url', 'custom', 0, FILTER_SANITIZE_URL);
- $object->capital = GETPOST('capital', 'alpha');
- $object->barcode = GETPOST('barcode', 'alpha');
- $object->idprof1 = GETPOST('idprof1', 'alpha');
- $object->idprof2 = GETPOST('idprof2', 'alpha');
- $object->idprof3 = GETPOST('idprof3', 'alpha');
- $object->idprof4 = GETPOST('idprof4', 'alpha');
- $object->idprof5 = GETPOST('idprof5', 'alpha');
- $object->idprof6 = GETPOST('idprof6', 'alpha');
+ $object->capital = GETPOST('capital', 'alphanohtml');
+ $object->barcode = GETPOST('barcode', 'alphanohtml');
+ $object->idprof1 = GETPOST('idprof1', 'alphanohtml');
+ $object->idprof2 = GETPOST('idprof2', 'alphanohtml');
+ $object->idprof3 = GETPOST('idprof3', 'alphanohtml');
+ $object->idprof4 = GETPOST('idprof4', 'alphanohtml');
+ $object->idprof5 = GETPOST('idprof5', 'alphanohtml');
+ $object->idprof6 = GETPOST('idprof6', 'alphanohtml');
$object->typent_id = GETPOST('typent_id', 'int');
$object->effectif_id = GETPOST('effectif_id', 'int');
$object->civility_id = GETPOST('civility_id', 'alpha');
@@ -1023,7 +1023,7 @@ else
$object->localtax1_value = GETPOST('lt1', 'int');
$object->localtax2_value = GETPOST('lt2', 'int');
- $object->tva_intra = GETPOST('tva_intra', 'alpha');
+ $object->tva_intra = GETPOST('tva_intra', 'alphanohtml');
$object->commercial_id = GETPOST('commercial_id', 'int');
$object->default_lang = GETPOST('default_lang');
@@ -1252,7 +1252,7 @@ else
print ' | '.$form->editfieldkey('Vendor', 'fournisseur', '', $object, 0, 'string', '', 1).' | ';
$default = -1;
if (!empty($conf->global->THIRDPARTY_SUPPLIER_BY_DEFAULT)) $default = 1;
- print $form->selectyesno("fournisseur", (GETPOST('fournisseur', 'int') != '' ?GETPOST('fournisseur', 'int') : (GETPOST("type", 'alpha') == '' ? $default : $object->fournisseur)), 1, 0, (GETPOST("type", 'alpha') == '' ? 1 : 0));
+ print $form->selectyesno("fournisseur", (GETPOST('fournisseur', 'int') != '' ? GETPOST('fournisseur', 'int') : (GETPOST("type", 'alpha') == '' ? $default : $object->fournisseur)), 1, 0, (GETPOST("type", 'alpha') == '' ? 1 : 0));
print ' | ';
@@ -1651,15 +1651,15 @@ else
if (GETPOSTISSET('name'))
{
// We overwrite with values if posted
- $object->name = GETPOST('name', 'alpha');
- $object->prefix_comm = GETPOST('prefix_comm', 'alpha');
+ $object->name = GETPOST('name', 'alphanohtml');
+ $object->prefix_comm = GETPOST('prefix_comm', 'alphanohtml');
$object->client = GETPOST('client', 'int');
$object->code_client = GETPOST('customer_code', 'alpha');
$object->fournisseur = GETPOST('fournisseur', 'int');
$object->code_fournisseur = GETPOST('supplier_code', 'alpha');
- $object->address = GETPOST('address', 'alpha');
- $object->zip = GETPOST('zipcode', 'alpha');
- $object->town = GETPOST('town', 'alpha');
+ $object->address = GETPOST('address', 'alphanohtml');
+ $object->zip = GETPOST('zipcode', 'alphanohtml');
+ $object->town = GETPOST('town', 'alphanohtml');
$object->country_id = GETPOST('country_id') ?GETPOST('country_id', 'int') : $mysoc->country_id;
$object->state_id = GETPOST('state_id', 'int');
//$object->skype = GETPOST('skype', 'alpha');
@@ -1678,21 +1678,21 @@ else
$object->fax = GETPOST('fax', 'alpha');
$object->email = GETPOST('email', 'custom', 0, FILTER_SANITIZE_EMAIL);
$object->url = GETPOST('url', 'custom', 0, FILTER_SANITIZE_URL);
- $object->capital = GETPOST('capital', 'alpha');
- $object->idprof1 = GETPOST('idprof1', 'alpha');
- $object->idprof2 = GETPOST('idprof2', 'alpha');
- $object->idprof3 = GETPOST('idprof3', 'alpha');
- $object->idprof4 = GETPOST('idprof4', 'alpha');
- $object->idprof5 = GETPOST('idprof5', 'alpha');
- $object->idprof6 = GETPOST('idprof6', 'alpha');
+ $object->capital = GETPOST('capital', 'alphanohtml');
+ $object->idprof1 = GETPOST('idprof1', 'alphanohtml');
+ $object->idprof2 = GETPOST('idprof2', 'alphanohtml');
+ $object->idprof3 = GETPOST('idprof3', 'alphanohtml');
+ $object->idprof4 = GETPOST('idprof4', 'alphanohtml');
+ $object->idprof5 = GETPOST('idprof5', 'alphanohtml');
+ $object->idprof6 = GETPOST('idprof6', 'alphanohtml');
$object->typent_id = GETPOST('typent_id', 'int');
$object->effectif_id = GETPOST('effectif_id', 'int');
- $object->barcode = GETPOST('barcode', 'alpha');
+ $object->barcode = GETPOST('barcode', 'alphanohtml');
$object->forme_juridique_code = GETPOST('forme_juridique_code', 'int');
$object->default_lang = GETPOST('default_lang', 'alpha');
$object->tva_assuj = GETPOST('assujtva_value', 'int');
- $object->tva_intra = GETPOST('tva_intra', 'alpha');
+ $object->tva_intra = GETPOST('tva_intra', 'alphanohtml');
$object->status = GETPOST('status', 'int');
// Webservices url/key
diff --git a/htdocs/ticket/card.php b/htdocs/ticket/card.php
index d59581fa914..64ad5de4906 100644
--- a/htdocs/ticket/card.php
+++ b/htdocs/ticket/card.php
@@ -129,11 +129,11 @@ if ($cancel)
if (GETPOST('add', 'alpha') && $user->rights->ticket->write) {
$error = 0;
- if (!GETPOST("subject", 'alpha')) {
+ if (!GETPOST("subject", 'alphanohtml')) {
$error++;
setEventMessages($langs->trans("ErrorFieldRequired", $langs->transnoentities("Subject")), null, 'errors');
$action = 'create';
- } elseif (!GETPOST("message", 'alpha')) {
+ } elseif (!GETPOST("message", 'restricthtml')) {
$error++;
setEventMessages($langs->trans("ErrorFieldRequired", $langs->transnoentities("Message")), null, 'errors');
$action = 'create';
@@ -142,10 +142,10 @@ if (GETPOST('add', 'alpha') && $user->rights->ticket->write) {
if (!$error) {
$db->begin();
- $object->ref = GETPOST("ref", 'alpha');
+ $object->ref = GETPOST("ref", 'alphanohtml');
$object->fk_soc = GETPOST("socid", 'int') > 0 ? GETPOST("socid", 'int') : 0;
- $object->subject = GETPOST("subject", 'alpha');
- $object->message = GETPOST("message", 'none');
+ $object->subject = GETPOST("subject", 'alphanohtml');
+ $object->message = GETPOST("message", 'restricthtml');
$object->type_code = GETPOST("type_code", 'alpha');
$object->category_code = GETPOST("category_code", 'alpha');
@@ -274,7 +274,7 @@ if (GETPOST('update', 'alpha') && GETPOST('id', 'int') && $user->rights->ticket-
$error++;
array_push($object->errors, $langs->trans("ErrorFieldRequired", $langs->transnoentities("Label")));
$action = 'edit';
- } elseif (!GETPOST("subject")) {
+ } elseif (!GETPOST("subject", 'alphanohtml')) {
$error++;
array_push($object->errors, $langs->trans("ErrorFieldRequired", $langs->transnoentities("Subject")));
$action = 'edit';
@@ -284,7 +284,7 @@ if (GETPOST('update', 'alpha') && GETPOST('id', 'int') && $user->rights->ticket-
$db->begin();
$object->label = GETPOST("label", 'alphanohtml');
- $object->description = GETPOST("description", 'none');
+ $object->description = GETPOST("description", 'restricthtml');
//...
$ret = $object->update($user);
@@ -459,7 +459,7 @@ if ($action == 'set_progression' && $user->rights->ticket->write) {
if ($action == 'setsubject') {
if ($object->fetch(GETPOST('id', 'int'))) {
if ($action == 'setsubject') {
- $object->subject = trim(GETPOST('subject', 'alpha'));
+ $object->subject = trim(GETPOST('subject', 'alphanohtml'));
}
if ($action == 'setsubject' && empty($object->subject)) {
@@ -512,7 +512,7 @@ elseif ($action == 'setcontract' && $user->rights->ticket->write) {
if (!GETPOST('cancel')) {
$object->fetch('', '', GETPOST('track_id', 'alpha'));
$oldvalue_message = $object->message;
- $fieldtomodify = GETPOST('message_initial');
+ $fieldtomodify = GETPOST('message_initial', 'restricthtml');
$object->message = $fieldtomodify;
$ret = $object->update($user);