lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

FIX #yogosha4448

Browse Source
This commit is contained in:
Laurent Destailleur 2020-09-17 12:30:14 +02:00
parent 33cefacf91
commit 0bf0312d50
7 changed files with 19 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
htdocs/fichinter/card-rec.php
View File

@ -131,7 +131,7 @@ if ($action == 'add') {
if (!$error) {
$object->id_origin = $id;
$object->title = GETPOST('titre', 'alpha');
$object->description = GETPOST('description', 'alpha');
$object->description = GETPOST('description', 'restricthtml');
$object->socid = GETPOST('socid', 'alpha');
$object->fk_project = GETPOST('projectid', 'int');
$object->fk_contract = GETPOST('contractid', 'int');

4
htdocs/fichinter/card.php
View File

@ -207,7 +207,7 @@ if (empty($reshook))
$object->fk_project = GETPOST('projectid', 'int');
$object->fk_contrat = GETPOST('contratid', 'int');
$object->author = $user->id;
$object->description = GETPOST('description', 'none');
$object->description = GETPOST('description', 'restricthtml');
$object->ref = $ref;
$object->model_pdf = GETPOST('model', 'alpha');
$object->note_private = GETPOST('note_private', 'none');
@ -415,7 +415,7 @@ if (empty($reshook))
$object->fk_project = GETPOST('projectid', 'int');
$object->fk_contrat = GETPOST('contratid', 'int');
$object->author = $user->id;
$object->description = GETPOST('description', 'alpha');
$object->description = GETPOST('description', 'restricthtml');
$object->ref = $ref;
$result = $object->update($user);

6
htdocs/holiday/card.php
View File

@ -144,7 +144,7 @@ if (empty($reshook))
elseif ($endhalfday == 'morning') $halfday = 1;
$valideur = GETPOST('valideur', 'int');
$description = trim(GETPOST('description', 'none'));
$description = trim(GETPOST('description', 'restricthtml'));
// If no type
if ($type <= 0)
@ -288,7 +288,7 @@ if (empty($reshook))
if ($cancreate)
{
$valideur = GETPOST('valideur', 'int');
$description = trim(GETPOST('description', 'none'));
$description = trim(GETPOST('description', 'restricthtml'));
// If no start date
if (empty($_POST['date_debut_'])) {
@ -1067,7 +1067,7 @@ if ((empty($id) && empty($ref)) || $action == 'add' || $action == 'request' || $
print '<tr>';
print '<td>'.$langs->trans("DescCP").'</td>';
print '<td class="tdtop">';
$doleditor = new DolEditor('description', GETPOST('description', 'none'), '', 80, 'dolibarr_notes', 'In', 0, false, true, ROWS_3, '90%');
$doleditor = new DolEditor('description', GETPOST('description', 'restricthtml'), '', 80, 'dolibarr_notes', 'In', 0, false, true, ROWS_3, '90%');
print $doleditor->Create(1);
print '</td></tr>';

12
htdocs/product/admin/dynamic_prices.php
View File

@ -64,7 +64,7 @@ if (!empty($action) && empty($cancel)) {
//Global variable actions
if ($action == 'create_variable' || $action == 'edit_variable') {
$price_globals->code = GETPOSTISSET('code') ?GETPOST('code', 'alpha') : $price_globals->code;
$price_globals->description = GETPOSTISSET('description') ?GETPOST('description', 'alpha') : $price_globals->description;
$price_globals->description = GETPOSTISSET('description') ?GETPOST('description', 'restricthtml') : $price_globals->description;
$price_globals->value = GETPOSTISSET('value') ?GETPOST('value', 'int') : $price_globals->value;
//Check if record already exists only when saving
if (!empty($save)) {
@ -101,11 +101,11 @@ if (!empty($action) && empty($cancel)) {
//Updaters actions
if ($action == 'create_updater' || $action == 'edit_updater') {
$price_updaters->type = GETPOSTISSET('type') ?GETPOST('type', 'int') : $price_updaters->type;
$price_updaters->description = GETPOSTISSET('description') ?GETPOST('description', 'alpha') : $price_updaters->description;
$price_updaters->parameters = GETPOSTISSET('parameters') ?GETPOST('parameters') : $price_updaters->parameters;
$price_updaters->fk_variable = GETPOSTISSET('fk_variable') ?GETPOST('fk_variable', 'int') : $price_updaters->fk_variable;
$price_updaters->update_interval = GETPOSTISSET('update_interval') ?GETPOST('update_interval', 'int') : $price_updaters->update_interval;
$price_updaters->type = GETPOSTISSET('type') ? GETPOST('type', 'int') : $price_updaters->type;
$price_updaters->description = GETPOSTISSET('description') ? GETPOST('description', 'restricthtml') : $price_updaters->description;
$price_updaters->parameters = GETPOSTISSET('parameters') ? GETPOST('parameters', 'alphanohtml') : $price_updaters->parameters;
$price_updaters->fk_variable = GETPOSTISSET('fk_variable') ? GETPOST('fk_variable', 'int') : $price_updaters->fk_variable;
$price_updaters->update_interval = GETPOSTISSET('update_interval') ? GETPOST('update_interval', 'int') : $price_updaters->update_interval;
}
if ($action == 'create_updater' && !empty($save)) {
//Verify if process() works

4
htdocs/projet/card.php
View File

@ -151,7 +151,7 @@ if (empty($reshook))
$object->ref = GETPOST('ref', 'alpha');
$object->title = GETPOST('title', 'none'); // Do not use 'alpha' here, we want field as it is
$object->socid = GETPOST('socid', 'int');
$object->description = GETPOST('description', 'none'); // Do not use 'alpha' here, we want field as it is
$object->description = GETPOST('description', 'restricthtml'); // Do not use 'alpha' here, we want field as it is
$object->public = GETPOST('public', 'alpha');
$object->opp_amount = price2num(GETPOST('opp_amount', 'alpha'));
$object->budget_amount = price2num(GETPOST('budget_amount', 'alpha'));
@ -251,7 +251,7 @@ if (empty($reshook))
$object->title = GETPOST('title', 'none'); // Do not use 'alpha' here, we want field as it is
$object->statut = GETPOST('status', 'int');
$object->socid = GETPOST('socid', 'int');
$object->description = GETPOST('description', 'none'); // Do not use 'alpha' here, we want field as it is
$object->description = GETPOST('description', 'restricthtml'); // Do not use 'alpha' here, we want field as it is
$object->public = GETPOST('public', 'alpha');
$object->date_start = (!GETPOST('projectstart')) ? '' : $date_start;
$object->date_end = (!GETPOST('projectend')) ? '' : $date_end;

2
htdocs/projet/tasks.php
View File

@ -95,7 +95,7 @@ $hookmanager->initHooks(array('projecttaskscard', 'globalcard'));
$progress = GETPOST('progress', 'int');
$label = GETPOST('label', 'alpha');
$description = GETPOST('description', 'none');
$description = GETPOST('description', 'restricthtml');
$planned_workloadhour = (GETPOST('planned_workloadhour', 'int') ?GETPOST('planned_workloadhour', 'int') : 0);
$planned_workloadmin = (GETPOST('planned_workloadmin', 'int') ?GETPOST('planned_workloadmin', 'int') : 0);
$planned_workload = $planned_workloadhour * 3600 + $planned_workloadmin * 60;

8
htdocs/resource/card.php
View File

@ -35,12 +35,12 @@ $langs->loadLangs(array('resource', 'companies', 'other', 'main'));
// Get parameters
$id = GETPOST('id', 'int');
$action = GETPOST('action', 'alpha');
$action = GETPOST('action', 'aZ09');
$cancel = GETPOST('cancel', 'alpha');
$ref = GETPOST('ref', 'alpha');
$description = GETPOST('description');
$confirm = GETPOST('confirm');
$fk_code_type_resource = GETPOST('fk_code_type_resource', 'alpha');
$description = GETPOST('description', 'restricthtml');
$confirm = GETPOST('confirm', 'aZ09');
$fk_code_type_resource = GETPOST('fk_code_type_resource', 'alpha');
$country_id = GETPOST('country_id', 'int');
// Protection if external user