lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

FIX Yogosha report 4448 (backport)

Browse Source
This commit is contained in:
Alexandre SPANGARO 2020-09-18 02:16:17 +02:00
parent f453e43cca
commit 0943d3993b
7 changed files with 17 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
htdocs/fichinter/card-rec.php
View File

@ -130,7 +130,7 @@ if ($action == 'add') {
if (! $error) {
$object->id_origin = $id;
$object->titre = GETPOST('titre', 'alpha');
$object->description = GETPOST('description', 'alpha');
$object->description = GETPOST('description', 'restricthtml');
$object->socid = GETPOST('socid', 'alpha');
$object->fk_project = GETPOST('projectid', 'int');
$object->fk_contract = GETPOST('contractid', 'int');

4
htdocs/fichinter/card.php
View File

@ -216,7 +216,7 @@ if (empty($reshook))
$object->fk_project = GETPOST('projectid', 'int');
$object->fk_contrat = GETPOST('contratid', 'int');
$object->author = $user->id;
$object->description = GETPOST('description', 'none');
$object->description = GETPOST('description', 'restricthtml');
$object->ref = $ref;
$object->modelpdf = GETPOST('model', 'alpha');
$object->note_private = GETPOST('note_private', 'none');
@ -438,7 +438,7 @@ if (empty($reshook))
$object->fk_project = GETPOST('projectid', 'int');
$object->fk_contrat = GETPOST('contratid', 'int');
$object->author = $user->id;
$object->description = GETPOST('description', 'alpha');
$object->description = GETPOST('description', 'restricthtml');
$object->ref = $ref;
$result=$object->update($user);

6
htdocs/holiday/card.php
View File

@ -125,7 +125,7 @@ if ($action == 'create')
elseif ($endhalfday == 'morning') $halfday=1;
$valideur = GETPOST('valideur', 'int');
$description = trim(GETPOST('description'));
$description = trim(GETPOST('description', 'restricthtml'));
// If no type
if ($type <= 0)
@ -273,7 +273,7 @@ if ($action == 'update' && ! GETPOSTISSET('savevalidator'))
if ($cancreate)
{
$valideur = GETPOST('valideur', 'int');
$description = trim(GETPOST('description', 'none'));
$description = trim(GETPOST('description', 'restricthtml'));
// If no start date
if (empty($_POST['date_debut_'])) {
@ -1047,7 +1047,7 @@ if ((empty($id) && empty($ref)) || $action == 'add' || $action == 'request' || $
print '<tr>';
print '<td>'.$langs->trans("DescCP").'</td>';
print '<td class="tdtop">';
$doleditor = new DolEditor('description', GETPOST('description', 'none'), '', 80, 'dolibarr_notes', 'In', 0, false, true, ROWS_3, '90%');
$doleditor = new DolEditor('description', GETPOST('description', 'restricthtml'), '', 80, 'dolibarr_notes', 'In', 0, false, true, ROWS_3, '90%');
print $doleditor->Create(1);
print '</td></tr>';

10
htdocs/product/admin/dynamic_prices.php
View File

@ -101,11 +101,11 @@ if (!empty($action) && empty($cancel)) {
//Updaters actions
if ($action == 'create_updater' || $action == 'edit_updater') {
$price_updaters->type = isset($_POST['type'])?GETPOST('type', 'int'):$price_updaters->type;
$price_updaters->description = isset($_POST['description'])?GETPOST('description', 'alpha'):$price_updaters->description;
$price_updaters->parameters = isset($_POST['parameters'])?GETPOST('parameters'):$price_updaters->parameters;
$price_updaters->fk_variable = isset($_POST['fk_variable'])?GETPOST('fk_variable', 'int'):$price_updaters->fk_variable;
$price_updaters->update_interval = isset($_POST['update_interval'])?GETPOST('update_interval', 'int'):$price_updaters->update_interval;
$price_updaters->type = GETPOSTISSET('type') ? GETPOST('type', 'int') : $price_updaters->type;
$price_updaters->description = GETPOSTISSET('description') ? GETPOST('description', 'restricthtml') : $price_updaters->description;
$price_updaters->parameters = GETPOSTISSET('parameters') ? GETPOST('parameters', 'alphanohtml') : $price_updaters->parameters;
$price_updaters->fk_variable = GETPOSTISSET('fk_variable') ? GETPOST('fk_variable', 'int') : $price_updaters->fk_variable;
$price_updaters->update_interval = GETPOSTISSET('update_interval') ? GETPOST('update_interval', 'int') : $price_updaters->update_interval;
}
if ($action == 'create_updater' && !empty($save)) {
//Verify if process() works

4
htdocs/projet/card.php
View File

@ -152,7 +152,7 @@ if (empty($reshook))
$object->ref = GETPOST('ref', 'alpha');
$object->title = GETPOST('title', 'none'); // Do not use 'alpha' here, we want field as it is
$object->socid = GETPOST('socid', 'int');
$object->description = GETPOST('description', 'none'); // Do not use 'alpha' here, we want field as it is
$object->description = GETPOST('description', 'restricthtml'); // Do not use 'alpha' here, we want field as it is
$object->public = GETPOST('public', 'alpha');
$object->opp_amount = price2num(GETPOST('opp_amount', 'alpha'));
$object->budget_amount = price2num(GETPOST('budget_amount', 'alpha'));
@ -255,7 +255,7 @@ if (empty($reshook))
$object->title = GETPOST('title', 'none'); // Do not use 'alpha' here, we want field as it is
$object->statut = GETPOST('status', 'int');
$object->socid = GETPOST('socid', 'int');
$object->description = GETPOST('description', 'none'); // Do not use 'alpha' here, we want field as it is
$object->description = GETPOST('description', 'restricthtml'); // Do not use 'alpha' here, we want field as it is
$object->public = GETPOST('public', 'alpha');
$object->date_start = empty($_POST["projectstart"])?'':$date_start;
$object->date_end = empty($_POST["projectend"])?'':$date_end;

2
htdocs/projet/tasks.php
View File

@ -91,7 +91,7 @@ $hookmanager->initHooks(array('projecttaskscard','globalcard'));
$progress=GETPOST('progress', 'int');
$label=GETPOST('label', 'alpha');
$description=GETPOST('description');
$description = GETPOST('description', 'restricthtml');
$planned_workloadhour=(GETPOST('planned_workloadhour', 'int')?GETPOST('planned_workloadhour', 'int'):0);
$planned_workloadmin=(GETPOST('planned_workloadmin', 'int')?GETPOST('planned_workloadmin', 'int'):0);
$planned_workload=$planned_workloadhour*3600+$planned_workloadmin*60;

6
htdocs/resource/card.php
View File

@ -35,11 +35,11 @@ $langs->loadLangs(array('resource', 'companies', 'other', 'main'));
// Get parameters
$id = GETPOST('id', 'int');
$action = GETPOST('action', 'alpha');
$action = GETPOST('action', 'aZ09');
$cancel = GETPOST('cancel', 'alpha');
$ref = GETPOST('ref', 'alpha');
$description = GETPOST('description');
$confirm = GETPOST('confirm');
$description = GETPOST('description', 'restricthtml');
$confirm = GETPOST('confirm', 'aZ09');
$fk_code_type_resource = GETPOST('fk_code_type_resource', 'alpha');
$country_id = GETPOST('country_id', 'int');