diff --git a/htdocs/fichinter/card-rec.php b/htdocs/fichinter/card-rec.php index ca8cc20807e..d297313675e 100644 --- a/htdocs/fichinter/card-rec.php +++ b/htdocs/fichinter/card-rec.php @@ -131,7 +131,7 @@ if ($action == 'add') { if (!$error) { $object->id_origin = $id; $object->title = GETPOST('titre', 'alpha'); - $object->description = GETPOST('description', 'alpha'); + $object->description = GETPOST('description', 'restricthtml'); $object->socid = GETPOST('socid', 'alpha'); $object->fk_project = GETPOST('projectid', 'int'); $object->fk_contract = GETPOST('contractid', 'int'); diff --git a/htdocs/fichinter/card.php b/htdocs/fichinter/card.php index 612529b6cc1..0bd23036351 100644 --- a/htdocs/fichinter/card.php +++ b/htdocs/fichinter/card.php @@ -207,7 +207,7 @@ if (empty($reshook)) $object->fk_project = GETPOST('projectid', 'int'); $object->fk_contrat = GETPOST('contratid', 'int'); $object->author = $user->id; - $object->description = GETPOST('description', 'none'); + $object->description = GETPOST('description', 'restricthtml'); $object->ref = $ref; $object->model_pdf = GETPOST('model', 'alpha'); $object->note_private = GETPOST('note_private', 'none'); @@ -415,7 +415,7 @@ if (empty($reshook)) $object->fk_project = GETPOST('projectid', 'int'); $object->fk_contrat = GETPOST('contratid', 'int'); $object->author = $user->id; - $object->description = GETPOST('description', 'alpha'); + $object->description = GETPOST('description', 'restricthtml'); $object->ref = $ref; $result = $object->update($user); diff --git a/htdocs/holiday/card.php b/htdocs/holiday/card.php index 617de720ae5..a705af0ea1a 100644 --- a/htdocs/holiday/card.php +++ b/htdocs/holiday/card.php @@ -144,7 +144,7 @@ if (empty($reshook)) elseif ($endhalfday == 'morning') $halfday = 1; $valideur = GETPOST('valideur', 'int'); - $description = trim(GETPOST('description', 'none')); + $description = trim(GETPOST('description', 'restricthtml')); // If no type if ($type <= 0) @@ -288,7 +288,7 @@ if (empty($reshook)) if ($cancreate) { $valideur = GETPOST('valideur', 'int'); - $description = trim(GETPOST('description', 'none')); + $description = trim(GETPOST('description', 'restricthtml')); // If no start date if (empty($_POST['date_debut_'])) { @@ -1067,7 +1067,7 @@ if ((empty($id) && empty($ref)) || $action == 'add' || $action == 'request' || $ print ''; print ''.$langs->trans("DescCP").''; print ''; - $doleditor = new DolEditor('description', GETPOST('description', 'none'), '', 80, 'dolibarr_notes', 'In', 0, false, true, ROWS_3, '90%'); + $doleditor = new DolEditor('description', GETPOST('description', 'restricthtml'), '', 80, 'dolibarr_notes', 'In', 0, false, true, ROWS_3, '90%'); print $doleditor->Create(1); print ''; diff --git a/htdocs/product/admin/dynamic_prices.php b/htdocs/product/admin/dynamic_prices.php index ea8e595f9c1..bc9f1048b4b 100644 --- a/htdocs/product/admin/dynamic_prices.php +++ b/htdocs/product/admin/dynamic_prices.php @@ -64,7 +64,7 @@ if (!empty($action) && empty($cancel)) { //Global variable actions if ($action == 'create_variable' || $action == 'edit_variable') { $price_globals->code = GETPOSTISSET('code') ?GETPOST('code', 'alpha') : $price_globals->code; - $price_globals->description = GETPOSTISSET('description') ?GETPOST('description', 'alpha') : $price_globals->description; + $price_globals->description = GETPOSTISSET('description') ?GETPOST('description', 'restricthtml') : $price_globals->description; $price_globals->value = GETPOSTISSET('value') ?GETPOST('value', 'int') : $price_globals->value; //Check if record already exists only when saving if (!empty($save)) { @@ -101,11 +101,11 @@ if (!empty($action) && empty($cancel)) { //Updaters actions if ($action == 'create_updater' || $action == 'edit_updater') { - $price_updaters->type = GETPOSTISSET('type') ?GETPOST('type', 'int') : $price_updaters->type; - $price_updaters->description = GETPOSTISSET('description') ?GETPOST('description', 'alpha') : $price_updaters->description; - $price_updaters->parameters = GETPOSTISSET('parameters') ?GETPOST('parameters') : $price_updaters->parameters; - $price_updaters->fk_variable = GETPOSTISSET('fk_variable') ?GETPOST('fk_variable', 'int') : $price_updaters->fk_variable; - $price_updaters->update_interval = GETPOSTISSET('update_interval') ?GETPOST('update_interval', 'int') : $price_updaters->update_interval; + $price_updaters->type = GETPOSTISSET('type') ? GETPOST('type', 'int') : $price_updaters->type; + $price_updaters->description = GETPOSTISSET('description') ? GETPOST('description', 'restricthtml') : $price_updaters->description; + $price_updaters->parameters = GETPOSTISSET('parameters') ? GETPOST('parameters', 'alphanohtml') : $price_updaters->parameters; + $price_updaters->fk_variable = GETPOSTISSET('fk_variable') ? GETPOST('fk_variable', 'int') : $price_updaters->fk_variable; + $price_updaters->update_interval = GETPOSTISSET('update_interval') ? GETPOST('update_interval', 'int') : $price_updaters->update_interval; } if ($action == 'create_updater' && !empty($save)) { //Verify if process() works diff --git a/htdocs/projet/card.php b/htdocs/projet/card.php index ff7eaf6c146..b0b830fb666 100644 --- a/htdocs/projet/card.php +++ b/htdocs/projet/card.php @@ -151,7 +151,7 @@ if (empty($reshook)) $object->ref = GETPOST('ref', 'alpha'); $object->title = GETPOST('title', 'none'); // Do not use 'alpha' here, we want field as it is $object->socid = GETPOST('socid', 'int'); - $object->description = GETPOST('description', 'none'); // Do not use 'alpha' here, we want field as it is + $object->description = GETPOST('description', 'restricthtml'); // Do not use 'alpha' here, we want field as it is $object->public = GETPOST('public', 'alpha'); $object->opp_amount = price2num(GETPOST('opp_amount', 'alpha')); $object->budget_amount = price2num(GETPOST('budget_amount', 'alpha')); @@ -251,7 +251,7 @@ if (empty($reshook)) $object->title = GETPOST('title', 'none'); // Do not use 'alpha' here, we want field as it is $object->statut = GETPOST('status', 'int'); $object->socid = GETPOST('socid', 'int'); - $object->description = GETPOST('description', 'none'); // Do not use 'alpha' here, we want field as it is + $object->description = GETPOST('description', 'restricthtml'); // Do not use 'alpha' here, we want field as it is $object->public = GETPOST('public', 'alpha'); $object->date_start = (!GETPOST('projectstart')) ? '' : $date_start; $object->date_end = (!GETPOST('projectend')) ? '' : $date_end; diff --git a/htdocs/projet/tasks.php b/htdocs/projet/tasks.php index 48ea2a15efe..522468257e0 100644 --- a/htdocs/projet/tasks.php +++ b/htdocs/projet/tasks.php @@ -95,7 +95,7 @@ $hookmanager->initHooks(array('projecttaskscard', 'globalcard')); $progress = GETPOST('progress', 'int'); $label = GETPOST('label', 'alpha'); -$description = GETPOST('description', 'none'); +$description = GETPOST('description', 'restricthtml'); $planned_workloadhour = (GETPOST('planned_workloadhour', 'int') ?GETPOST('planned_workloadhour', 'int') : 0); $planned_workloadmin = (GETPOST('planned_workloadmin', 'int') ?GETPOST('planned_workloadmin', 'int') : 0); $planned_workload = $planned_workloadhour * 3600 + $planned_workloadmin * 60; diff --git a/htdocs/resource/card.php b/htdocs/resource/card.php index 8d965c69c2c..b1fec3058c0 100644 --- a/htdocs/resource/card.php +++ b/htdocs/resource/card.php @@ -35,12 +35,12 @@ $langs->loadLangs(array('resource', 'companies', 'other', 'main')); // Get parameters $id = GETPOST('id', 'int'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $cancel = GETPOST('cancel', 'alpha'); $ref = GETPOST('ref', 'alpha'); -$description = GETPOST('description'); -$confirm = GETPOST('confirm'); -$fk_code_type_resource = GETPOST('fk_code_type_resource', 'alpha'); +$description = GETPOST('description', 'restricthtml'); +$confirm = GETPOST('confirm', 'aZ09'); +$fk_code_type_resource = GETPOST('fk_code_type_resource', 'alpha'); $country_id = GETPOST('country_id', 'int'); // Protection if external user