Sec: Sanitize all input for ids.
This commit is contained in:
Laurent Destailleur
parent
9f40d520ce
commit
1645ddbe47
@ -37,7 +37,7 @@ $langs->load("members");
|
||||
|
||||
$mesg=isset($_GET["mesg"])?'<div class="ok">'.$_GET["mesg"].'</div>':'';
|
||||
|
||||
$id = GETPOST("id");
|
||||
$id = GETPOST('id','int');
|
||||
|
||||
// Security check
|
||||
if (! $user->rights->adherent->lire) accessforbidden();
|
||||
|
||||
@ -141,10 +141,10 @@ if ($action == 'setsocid')
|
||||
$error=0;
|
||||
if (! $error)
|
||||
{
|
||||
if (GETPOST("socid") != $adh->fk_soc) // If link differs from currently in database
|
||||
if (GETPOST('socid','int') != $adh->fk_soc) // If link differs from currently in database
|
||||
{
|
||||
$sql ="SELECT rowid FROM ".MAIN_DB_PREFIX."adherent";
|
||||
$sql.=" WHERE fk_soc = '".GETPOST("socid")."'";
|
||||
$sql.=" WHERE fk_soc = '".GETPOST('socid','int')."'";
|
||||
$resql = $db->query($sql);
|
||||
if ($resql)
|
||||
{
|
||||
@ -154,7 +154,7 @@ if ($action == 'setsocid')
|
||||
$othermember=new Adherent($db);
|
||||
$othermember->fetch($obj->rowid);
|
||||
$thirdparty=new Societe($db);
|
||||
$thirdparty->fetch(GETPOST("socid"));
|
||||
$thirdparty->fetch(GETPOST('socid','int'));
|
||||
$error++;
|
||||
$mesg='<div class="error">'.$langs->trans("ErrorMemberIsAlreadyLinkedToThisThirdParty",$othermember->getFullName($langs),$othermember->login,$thirdparty->name).'</div>';
|
||||
}
|
||||
@ -162,7 +162,7 @@ if ($action == 'setsocid')
|
||||
|
||||
if (! $error)
|
||||
{
|
||||
$result=$adh->setThirdPartyId(GETPOST("socid"));
|
||||
$result=$adh->setThirdPartyId(GETPOST('socid','int'));
|
||||
if ($result < 0) dol_print_error($adh->db,$adh->error);
|
||||
$_POST['action']='';
|
||||
$action='';
|
||||
|
||||
@ -37,7 +37,7 @@ $langs->load('other');
|
||||
$mesg = "";
|
||||
|
||||
// Security check
|
||||
$id = GETPOST('id');
|
||||
$id = GETPOST('id','int');
|
||||
if ($user->societe_id > 0)
|
||||
{
|
||||
$id = $user->societe_id;
|
||||
|
||||
@ -34,7 +34,7 @@ $langs->load("members");
|
||||
$langs->load("ldap");
|
||||
$langs->load("admin");
|
||||
|
||||
$rowid = GETPOST("id");
|
||||
$rowid = GETPOST('id','int');
|
||||
$action = GETPOST('action');
|
||||
|
||||
// Protection
|
||||
|
||||
@ -28,7 +28,7 @@ require_once(DOL_DOCUMENT_ROOT.'/adherents/class/adherent.class.php');
|
||||
require_once(DOL_DOCUMENT_ROOT."/adherents/class/adherent_type.class.php");
|
||||
|
||||
$action=GETPOST('action');
|
||||
$id=GETPOST("id");
|
||||
$id=GETPOST('id','int');
|
||||
|
||||
$langs->load("companies");
|
||||
$langs->load("members");
|
||||
|
||||
@ -31,8 +31,8 @@ require_once(DOL_DOCUMENT_ROOT."/core/lib/member.lib.php");
|
||||
$WIDTH=500;
|
||||
$HEIGHT=200;
|
||||
|
||||
$userid=GETPOST('userid'); if ($userid < 0) $userid=0;
|
||||
$socid=GETPOST('socid'); if ($socid < 0) $socid=0;
|
||||
$userid=GETPOST('userid','int'); if ($userid < 0) $userid=0;
|
||||
$socid=GETPOST('socid','int'); if ($socid < 0) $socid=0;
|
||||
// Security check
|
||||
if ($user->societe_id > 0)
|
||||
{
|
||||
|
||||
@ -296,7 +296,7 @@ complete_dictionnary_with_modules($taborder,$tabname,$tablib,$tabsql,$tabsqlsort
|
||||
// Define elementList and sourceList (used for dictionnary "type of contacts")
|
||||
$elementList = array();
|
||||
$sourceList=array();
|
||||
if (GETPOST("id") == 11)
|
||||
if (GETPOST('id','int') == 11)
|
||||
{
|
||||
$langs->load("orders");
|
||||
$langs->load("contracts");
|
||||
@ -702,7 +702,7 @@ if ($_GET["id"])
|
||||
if ($num > $listlimit)
|
||||
{
|
||||
print '<tr class="none"><td align="right" colspan="'.(3+count($fieldlist)).'">';
|
||||
print_fleche_navigation($page,$_SERVER["PHP_SELF"],'&id='.GETPOST('id'),($num > $listlimit),$langs->trans("Page").' '.($page+1));
|
||||
print_fleche_navigation($page,$_SERVER["PHP_SELF"],'&id='.GETPOST('id','int'),($num > $listlimit),$langs->trans("Page").' '.($page+1));
|
||||
print '</td></tr>';
|
||||
}
|
||||
|
||||
@ -737,10 +737,10 @@ if ($_GET["id"])
|
||||
// Affiche nom du champ
|
||||
if ($showfield)
|
||||
{
|
||||
print_liste_field_titre($valuetoshow,"dict.php",$fieldlist[$field],($page?'page='.$page.'&':'').'&id='.GETPOST("id"),"","",$sortfield,$sortorder);
|
||||
print_liste_field_titre($valuetoshow,"dict.php",$fieldlist[$field],($page?'page='.$page.'&':'').'&id='.GETPOST('id','int'),"","",$sortfield,$sortorder);
|
||||
}
|
||||
}
|
||||
print_liste_field_titre($langs->trans("Status"),"dict.php","active",($page?'page='.$page.'&':'').'&id='.GETPOST("id"),"",'align="center"',$sortfield,$sortorder);
|
||||
print_liste_field_titre($langs->trans("Status"),"dict.php","active",($page?'page='.$page.'&':'').'&id='.GETPOST('id','int'),"",'align="center"',$sortfield,$sortorder);
|
||||
print '<td colspan="2" class="liste_titre"> </td>';
|
||||
print '</tr>';
|
||||
|
||||
@ -756,7 +756,7 @@ if ($_GET["id"])
|
||||
{
|
||||
print '<form action="dict.php" method="post">';
|
||||
print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
|
||||
print '<input type="hidden" name="id" value="'.GETPOST("id").'">';
|
||||
print '<input type="hidden" name="id" value="'.GETPOST('id','int').'">';
|
||||
print '<input type="hidden" name="page" value="'.$page.'">';
|
||||
print '<input type="hidden" name="rowid" value="'.$_GET["rowid"].'">';
|
||||
|
||||
|
||||
@ -49,11 +49,11 @@ if (GETPOST("action") == 'set')
|
||||
{
|
||||
$db->begin();
|
||||
|
||||
if (GETPOST("socid") < 0) $_POST["socid"]='';
|
||||
if (GETPOST('socid','int') < 0) $_POST["socid"]='';
|
||||
/*if (GETPOST("CASHDESK_ID_BANKACCOUNT") < 0) $_POST["CASHDESK_ID_BANKACCOUNT"]='';
|
||||
if (GETPOST("CASHDESK_ID_WAREHOUSE") < 0) $_POST["CASHDESK_ID_WAREHOUSE"]='';*/
|
||||
|
||||
$res = dolibarr_set_const($db,"CASHDESK_ID_THIRDPARTY",GETPOST("socid"),'chaine',0,'',$conf->entity);
|
||||
$res = dolibarr_set_const($db,"CASHDESK_ID_THIRDPARTY",GETPOST('socid','int'),'chaine',0,'',$conf->entity);
|
||||
$res = dolibarr_set_const($db,"CASHDESK_ID_BANKACCOUNT_CASH",GETPOST("CASHDESK_ID_BANKACCOUNT_CASH"),'chaine',0,'',$conf->entity);
|
||||
$res = dolibarr_set_const($db,"CASHDESK_ID_BANKACCOUNT_CHEQUE",GETPOST("CASHDESK_ID_BANKACCOUNT_CHEQUE"),'chaine',0,'',$conf->entity);
|
||||
$res = dolibarr_set_const($db,"CASHDESK_ID_BANKACCOUNT_CB",GETPOST("CASHDESK_ID_BANKACCOUNT_CB"),'chaine',0,'',$conf->entity);
|
||||
|
||||
@ -93,7 +93,7 @@ print '<td>';
|
||||
$disabled=0;
|
||||
$langs->load("companies");
|
||||
if (! empty($conf->global->CASHDESK_ID_THIRDPARTY)) $disabled=1; // If a particular third party is defined, we disable choice
|
||||
print $form->select_company(GETPOST('socid')?GETPOST('socid'):$conf->global->CASHDESK_ID_THIRDPARTY,'socid','s.client in (1,3)',!$disabled,$disabled,1);
|
||||
print $form->select_company(GETPOST('socid','int')?GETPOST('socid','int'):$conf->global->CASHDESK_ID_THIRDPARTY,'socid','s.client in (1,3)',!$disabled,$disabled,1);
|
||||
//print '<input name="warehouse_id" class="texte_login" type="warehouse_id" value="" />';
|
||||
print '</td>';
|
||||
print "</tr>\n";
|
||||
|
||||
@ -30,7 +30,7 @@ $langs->load("cashdesk");
|
||||
|
||||
$username = GETPOST("txtUsername");
|
||||
$password = GETPOST("pwdPassword");
|
||||
$thirdpartyid = (GETPOST("socid")!='')?GETPOST("socid"):$conf->global->CASHDESK_ID_THIRDPARTY;
|
||||
$thirdpartyid = (GETPOST('socid','int')!='')?GETPOST('socid','int'):$conf->global->CASHDESK_ID_THIRDPARTY;
|
||||
$warehouseid = (GETPOST("warehouseid")!='')?GETPOST("warehouseid"):$conf->global->CASHDESK_ID_WAREHOUSE;
|
||||
|
||||
// Check username
|
||||
|
||||
@ -20,7 +20,7 @@ include_once(DOL_DOCUMENT_ROOT.'/compta/facture/class/facture.class.php');
|
||||
$langs->load("main");
|
||||
header("Content-type: text/html; charset=".$conf->file->character_set_client);
|
||||
|
||||
$facid=GETPOST('facid');
|
||||
$facid=GETPOST('facid','int');
|
||||
$object=new Facture($db);
|
||||
$object->fetch($facid);
|
||||
|
||||
|
||||
@ -32,8 +32,8 @@ require_once(DOL_DOCUMENT_ROOT."/categories/class/categorie.class.php");
|
||||
$langs->load("categories");
|
||||
$langs->load("products");
|
||||
|
||||
$socid = GETPOST('socid');
|
||||
$id = GETPOST('id');
|
||||
$socid = GETPOST('socid','int');
|
||||
$id = GETPOST('id','int');
|
||||
$ref = GETPOST('ref');
|
||||
$type = GETPOST('type');
|
||||
$mesg = GETPOST('mesg');
|
||||
|
||||
@ -28,7 +28,7 @@ require("../main.inc.php");
|
||||
require_once(DOL_DOCUMENT_ROOT."/categories/class/categorie.class.php");
|
||||
|
||||
|
||||
$id=GETPOST('id');
|
||||
$id=GETPOST('id','int');
|
||||
$ref=GETPOST('ref');
|
||||
$type=GETPOST('type');
|
||||
$action=GETPOST('action');
|
||||
|
||||
@ -31,7 +31,7 @@ $langs->load("categories");
|
||||
|
||||
|
||||
// Security check
|
||||
$socid=GETPOST('socid');
|
||||
$socid=GETPOST('socid','int');
|
||||
if (!$user->rights->categorie->lire) accessforbidden();
|
||||
|
||||
$action = GETPOST('action');
|
||||
|
||||
@ -35,7 +35,7 @@ $langs->load("bills");
|
||||
|
||||
$mesg = '';
|
||||
|
||||
$id=GETPOST('id');
|
||||
$id=GETPOST('id','int');
|
||||
$ref=GETPOST('ref');
|
||||
$type=GETPOST('type');
|
||||
$action=GETPOST('action');
|
||||
|
||||
@ -31,7 +31,7 @@ require_once(DOL_DOCUMENT_ROOT."/core/lib/categories.lib.php");
|
||||
$langs->load("categories");
|
||||
|
||||
$mesg = '';
|
||||
$id=GETPOST('id');
|
||||
$id=GETPOST('id','int');
|
||||
$ref=GETPOST('ref');
|
||||
$type=GETPOST('type');
|
||||
$action=GETPOST('action');
|
||||
|
||||
@ -40,7 +40,7 @@ $langs->load("other");
|
||||
$langs->load("bills");
|
||||
|
||||
if (isset($_GET["error"])) $error=$_GET["error"];
|
||||
$objectid = GETPOST("id");
|
||||
$objectid = GETPOST('id','int');
|
||||
|
||||
// Security check
|
||||
if ($user->societe_id > 0)
|
||||
|
||||
@ -153,10 +153,10 @@ if ($action == 'add_action')
|
||||
|
||||
$actioncomm->note = trim($_POST["note"]);
|
||||
if (isset($_POST["contactid"])) $actioncomm->contact = $contact;
|
||||
if (GETPOST("socid") > 0)
|
||||
if (GETPOST('socid','int') > 0)
|
||||
{
|
||||
$societe = new Societe($db);
|
||||
$societe->fetch(GETPOST("socid"));
|
||||
$societe->fetch(GETPOST('socid','int'));
|
||||
$actioncomm->societe = $societe;
|
||||
}
|
||||
|
||||
@ -508,12 +508,12 @@ if ($action == 'create')
|
||||
|
||||
// Societe, contact
|
||||
print '<tr><td width="30%" nowrap="nowrap">'.$langs->trans("ActionOnCompany").'</td><td>';
|
||||
if (GETPOST("socid") > 0)
|
||||
if (GETPOST('socid','int') > 0)
|
||||
{
|
||||
$societe = new Societe($db);
|
||||
$societe->fetch(GETPOST("socid"));
|
||||
$societe->fetch(GETPOST('socid','int'));
|
||||
print $societe->getNomUrl(1);
|
||||
print '<input type="hidden" name="socid" value="'.GETPOST("socid").'">';
|
||||
print '<input type="hidden" name="socid" value="'.GETPOST('socid','int').'">';
|
||||
}
|
||||
else
|
||||
{
|
||||
@ -522,10 +522,10 @@ if ($action == 'create')
|
||||
print '</td></tr>';
|
||||
|
||||
// If company is forced, we propose contacts (may be contact is also forced)
|
||||
if (GETPOST("contactid") > 0 || GETPOST("socid") > 0)
|
||||
if (GETPOST("contactid") > 0 || GETPOST('socid','int') > 0)
|
||||
{
|
||||
print '<tr><td nowrap>'.$langs->trans("ActionOnContact").'</td><td>';
|
||||
$form->select_contacts(GETPOST("socid"),GETPOST('contactid'),'contactid',1);
|
||||
$form->select_contacts(GETPOST('socid','int'),GETPOST('contactid'),'contactid',1);
|
||||
print '</td></tr>';
|
||||
}
|
||||
|
||||
|
||||
@ -40,7 +40,7 @@ if (! $sortorder) $sortorder="DESC";
|
||||
if (! $sortfield) $sortfield="a.datep";
|
||||
|
||||
// Security check
|
||||
$socid = GETPOST("socid");
|
||||
$socid = GETPOST('socid','int');
|
||||
if ($user->societe_id) $socid=$user->societe_id;
|
||||
$result = restrictedArea($user, 'agenda', $socid, '', 'myactions');
|
||||
|
||||
@ -53,7 +53,7 @@ $langs->load("commercial");
|
||||
if ($_GET["action"] == 'builddoc')
|
||||
{
|
||||
$cat = new CommActionRapport($db, $_GET["month"], $_GET["year"]);
|
||||
$result=$cat->write_file(GETPOST("id"));
|
||||
$result=$cat->write_file(GETPOST('id','int'));
|
||||
if ($result < 0)
|
||||
{
|
||||
$mesg=$cat->error;
|
||||
|
||||
@ -40,7 +40,7 @@ $offset = $limit * $page ;
|
||||
$type=$_GET["type"];
|
||||
|
||||
// Security check
|
||||
$socid = GETPOST('socid');
|
||||
$socid = GETPOST('socid','int');
|
||||
if ($user->societe_id) $socid=$user->societe_id;
|
||||
$result = restrictedArea($user, 'societe',$socid,'');
|
||||
|
||||
|
||||
@ -49,7 +49,7 @@ if ($conf->notification->enabled) $langs->load("mails");
|
||||
if (!empty($conf->global->MAIN_MODULE_CHRONODOCS)) $langs->load("chronodocs");
|
||||
|
||||
// Security check
|
||||
$id = (GETPOST('socid','int') ? GETPOST('socid','int') : GETPOST('id'));
|
||||
$id = (GETPOST('socid','int') ? GETPOST('socid','int') : GETPOST('id','int'));
|
||||
if ($user->societe_id > 0) $id=$user->societe_id;
|
||||
$result = restrictedArea($user,'societe',$id,'&societe');
|
||||
|
||||
|
||||
@ -32,7 +32,7 @@ $langs->load("suppliers");
|
||||
$langs->load("commercial");
|
||||
|
||||
// Security check
|
||||
$socid = GETPOST("socid");
|
||||
$socid = GETPOST('socid','int');
|
||||
if ($user->societe_id) $socid=$user->societe_id;
|
||||
$result = restrictedArea($user,'societe',$socid,'');
|
||||
|
||||
|
||||
@ -47,7 +47,7 @@ $pagenext = $page + 1;
|
||||
if (! $sortorder) $sortorder="ASC";
|
||||
if (! $sortfield) $sortfield="email";
|
||||
|
||||
$id=GETPOST('rowid')?GETPOST('rowid'):GETPOST('id');
|
||||
$id=GETPOST('rowid')?GETPOST('rowid'):GETPOST('id','int');
|
||||
$action=GETPOST("action");
|
||||
$search_nom=GETPOST("search_nom");
|
||||
$search_prenom=GETPOST("search_prenom");
|
||||
|
||||
@ -1080,7 +1080,7 @@ if ($id > 0 || ! empty($ref))
|
||||
//'text' => $langs->trans("ConfirmClone"),
|
||||
//array('type' => 'checkbox', 'name' => 'clone_content', 'label' => $langs->trans("CloneMainAttributes"), 'value' => 1),
|
||||
//array('type' => 'checkbox', 'name' => 'update_prices', 'label' => $langs->trans("PuttingPricesUpToDate"), 'value' => 1),
|
||||
array('type' => 'other', 'name' => 'socid', 'label' => $langs->trans("SelectThirdParty"), 'value' => $form->select_company(GETPOST('socid'),'socid','(s.client=1 OR s.client=3)'))
|
||||
array('type' => 'other', 'name' => 'socid', 'label' => $langs->trans("SelectThirdParty"), 'value' => $form->select_company(GETPOST('socid','int'),'socid','(s.client=1 OR s.client=3)'))
|
||||
);
|
||||
// Paiement incomplet. On demande si motif = escompte ou autre
|
||||
$formconfirm=$form->formconfirm($_SERVER["PHP_SELF"].'?id='.$object->id,$langs->trans('ClonePropal'),$langs->trans('ConfirmClonePropal',$object->ref),'confirm_clone',$formquestion,'yes',1);
|
||||
@ -1352,11 +1352,11 @@ if ($id > 0 || ! empty($ref))
|
||||
|
||||
if ($action == 'editdelivery_address')
|
||||
{
|
||||
$formother->form_address($_SERVER['PHP_SELF'].'?id='.$object->id,$object->fk_delivery_address,GETPOST('socid'),'fk_address','propal',$object->id);
|
||||
$formother->form_address($_SERVER['PHP_SELF'].'?id='.$object->id,$object->fk_delivery_address,GETPOST('socid','int'),'fk_address','propal',$object->id);
|
||||
}
|
||||
else
|
||||
{
|
||||
$formother->form_address($_SERVER['PHP_SELF'].'?id='.$object->id,$object->fk_delivery_address,GETPOST('socid'),'none','propal',$object->id);
|
||||
$formother->form_address($_SERVER['PHP_SELF'].'?id='.$object->id,$object->fk_delivery_address,GETPOST('socid','int'),'none','propal',$object->id);
|
||||
}
|
||||
print '</td></tr>';
|
||||
}
|
||||
|
||||
@ -37,7 +37,7 @@ $langs->load('compta');
|
||||
|
||||
// Security check
|
||||
$socid=0;
|
||||
$id = GETPOST("id");
|
||||
$id = GETPOST('id','int');
|
||||
$ref = GETPOST("ref");
|
||||
if ($user->societe_id) $socid=$user->societe_id;
|
||||
$result = restrictedArea($user, 'propale', $id, 'propal');
|
||||
|
||||
@ -35,7 +35,7 @@ $langs->load('other');
|
||||
|
||||
$action = GETPOST('action');
|
||||
$confirm = GETPOST('confirm');
|
||||
$id = GETPOST('id');
|
||||
$id = GETPOST('id','int');
|
||||
$ref = GETPOST('ref');
|
||||
|
||||
// Security check
|
||||
|
||||
@ -30,8 +30,8 @@ require_once(DOL_DOCUMENT_ROOT."/core/class/dolgraph.class.php");
|
||||
$WIDTH=500;
|
||||
$HEIGHT=200;
|
||||
|
||||
$userid=GETPOST('userid'); if ($userid < 0) $userid=0;
|
||||
$socid=GETPOST('socid'); if ($socid < 0) $socid=0;
|
||||
$userid=GETPOST('userid','int'); if ($userid < 0) $userid=0;
|
||||
$socid=GETPOST('socid','int'); if ($socid < 0) $socid=0;
|
||||
// Security check
|
||||
if ($user->societe_id > 0)
|
||||
{
|
||||
|
||||
@ -37,7 +37,7 @@ $langs->load('projects');
|
||||
$langs->load('propal');
|
||||
|
||||
// Security check
|
||||
$socid = GETPOST("socid");
|
||||
$socid = GETPOST('socid','int');
|
||||
if ($user->societe_id) $socid=$user->societe_id;
|
||||
$result = restrictedArea($user, 'societe', $socid, '&societe');
|
||||
|
||||
|
||||
@ -36,7 +36,7 @@ $action=GETPOST('action','alpha');
|
||||
$backtopage=GETPOST('backtopage','alpha');
|
||||
|
||||
// Security check
|
||||
$socid = GETPOST("id");
|
||||
$socid = GETPOST('id','int');
|
||||
if ($user->societe_id > 0)
|
||||
{
|
||||
$socid = $user->societe_id;
|
||||
@ -189,7 +189,7 @@ if (GETPOST("action") == 'confirm_remove' && GETPOST("confirm")=='yes')
|
||||
if ($result > 0)
|
||||
{
|
||||
$db->commit();
|
||||
header("Location: ".$_SERVER["PHP_SELF"].'?id='.GETPOST('id')); // To avoid pb whith back
|
||||
header("Location: ".$_SERVER["PHP_SELF"].'?id='.GETPOST('id','int')); // To avoid pb whith back
|
||||
exit;
|
||||
}
|
||||
else
|
||||
|
||||
@ -40,7 +40,7 @@ $langs->load('sendings');
|
||||
|
||||
// Security check
|
||||
$socid=0;
|
||||
$id = GETPOST("id");
|
||||
$id = GETPOST('id','int');
|
||||
$ref = GETPOST("ref");
|
||||
if ($user->societe_id) $socid=$user->societe_id;
|
||||
$result=restrictedArea($user,'commande',$id,'');
|
||||
|
||||
@ -79,7 +79,7 @@ if ($_POST["action"] == 'addcontact' && $user->rights->commande->creer)
|
||||
if ($_GET["action"] == 'swapstatut' && $user->rights->commande->creer)
|
||||
{
|
||||
$commande = new Commande($db);
|
||||
if ($commande->fetch(GETPOST("id")))
|
||||
if ($commande->fetch(GETPOST('id','int')))
|
||||
{
|
||||
$result=$commande->swapContactStatus(GETPOST('ligne'));
|
||||
}
|
||||
|
||||
@ -36,7 +36,7 @@ $langs->load('other');
|
||||
|
||||
$action = GETPOST('action');
|
||||
$confirm = GETPOST('confirm');
|
||||
$id = GETPOST('id');
|
||||
$id = GETPOST('id','int');
|
||||
$ref = GETPOST('ref');
|
||||
|
||||
// Security check
|
||||
|
||||
@ -51,9 +51,9 @@ $langs->load('propal');
|
||||
$langs->load('deliveries');
|
||||
$langs->load('products');
|
||||
|
||||
$id = (GETPOST("id")?GETPOST("id"):GETPOST("orderid"));
|
||||
$id = (GETPOST('id','int')?GETPOST('id','int'):GETPOST("orderid"));
|
||||
$ref = GETPOST('ref');
|
||||
$socid = GETPOST('socid');
|
||||
$socid = GETPOST('socid','int');
|
||||
$action = GETPOST('action');
|
||||
$confirm = GETPOST('confirm');
|
||||
$lineid = GETPOST('lineid');
|
||||
@ -191,7 +191,7 @@ if ($action == 'add' && $user->rights->commande->creer)
|
||||
$datecommande = dol_mktime(12, 0, 0, $_POST['remonth'], $_POST['reday'], $_POST['reyear']);
|
||||
$datelivraison = dol_mktime(12, 0, 0, $_POST['liv_month'],$_POST['liv_day'],$_POST['liv_year']);
|
||||
|
||||
$object->socid=GETPOST('socid');
|
||||
$object->socid=GETPOST('socid','int');
|
||||
$object->fetch_thirdparty();
|
||||
|
||||
$db->begin();
|
||||
@ -1652,7 +1652,7 @@ else
|
||||
//'text' => $langs->trans("ConfirmClone"),
|
||||
//array('type' => 'checkbox', 'name' => 'clone_content', 'label' => $langs->trans("CloneMainAttributes"), 'value' => 1),
|
||||
//array('type' => 'checkbox', 'name' => 'update_prices', 'label' => $langs->trans("PuttingPricesUpToDate"), 'value' => 1),
|
||||
array('type' => 'other', 'name' => 'socid', 'label' => $langs->trans("SelectThirdParty"), 'value' => $form->select_company(GETPOST('socid'),'socid','(s.client=1 OR s.client=3)'))
|
||||
array('type' => 'other', 'name' => 'socid', 'label' => $langs->trans("SelectThirdParty"), 'value' => $form->select_company(GETPOST('socid','int'),'socid','(s.client=1 OR s.client=3)'))
|
||||
);
|
||||
// Paiement incomplet. On demande si motif = escompte ou autre
|
||||
$formconfirm=$form->formconfirm($_SERVER["PHP_SELF"].'?id='.$object->id,$langs->trans('CloneOrder'),$langs->trans('ConfirmCloneOrder',$object->ref),'confirm_clone',$formquestion,'yes',1);
|
||||
|
||||
@ -33,7 +33,7 @@ if (!$user->rights->commande->lire) accessforbidden();
|
||||
$langs->load("orders");
|
||||
|
||||
// Security check
|
||||
$socid=GETPOST('socid');
|
||||
$socid=GETPOST('socid','int');
|
||||
if ($user->societe_id > 0)
|
||||
{
|
||||
$action = '';
|
||||
|
||||
@ -44,7 +44,7 @@ $sall=GETPOST('sall');
|
||||
$socid=GETPOST('socid','int');
|
||||
|
||||
// Security check
|
||||
$id = (GETPOST('orderid')?GETPOST('orderid'):GETPOST('id'));
|
||||
$id = (GETPOST('orderid')?GETPOST('orderid'):GETPOST('id','int'));
|
||||
if ($user->societe_id) $socid=$user->societe_id;
|
||||
$result = restrictedArea($user, 'commande', $id,'');
|
||||
|
||||
|
||||
@ -34,8 +34,8 @@ $mode=GETPOST("mode")?GETPOST("mode"):'customer';
|
||||
if ($mode == 'customer' && ! $user->rights->commande->lire) accessforbidden();
|
||||
if ($mode == 'supplier' && ! $user->rights->fournisseur->commande->lire) accessforbidden();
|
||||
|
||||
$userid=GETPOST('userid'); if ($userid < 0) $userid=0;
|
||||
$socid=GETPOST('socid'); if ($socid < 0) $socid=0;
|
||||
$userid=GETPOST('userid','int'); if ($userid < 0) $userid=0;
|
||||
$socid=GETPOST('socid','int'); if ($socid < 0) $socid=0;
|
||||
// Security check
|
||||
if ($user->societe_id > 0)
|
||||
{
|
||||
|
||||
@ -468,10 +468,10 @@ else
|
||||
/* */
|
||||
/* ************************************************************************** */
|
||||
|
||||
if (GETPOST("id") && $action == 'edit' && $user->rights->banque->configurer)
|
||||
if (GETPOST('id','int') && $action == 'edit' && $user->rights->banque->configurer)
|
||||
{
|
||||
$account = new Account($db);
|
||||
$account->fetch(GETPOST("id"));
|
||||
$account->fetch(GETPOST('id','int'));
|
||||
|
||||
print_fiche_titre($langs->trans("EditFinancialAccount"));
|
||||
print "<br>";
|
||||
|
||||
@ -36,7 +36,7 @@ $langs->load("trips");
|
||||
|
||||
|
||||
// Security check
|
||||
$id = GETPOST('id');
|
||||
$id = GETPOST('id','int');
|
||||
if ($user->societe_id) $socid=$user->societe_id;
|
||||
$result = restrictedArea($user, 'deplacement', $id,'');
|
||||
|
||||
@ -287,7 +287,7 @@ if ($action == 'create')
|
||||
// Company
|
||||
print "<tr>";
|
||||
print '<td>'.$langs->trans("CompanyVisited").'</td><td>';
|
||||
print $form->select_company(GETPOST("socid"),'socid','',1);
|
||||
print $form->select_company(GETPOST('socid','int'),'socid','',1);
|
||||
print '</td></tr>';
|
||||
|
||||
// Public note
|
||||
|
||||
@ -32,7 +32,7 @@ $langs->load("users");
|
||||
$langs->load("trips");
|
||||
|
||||
// Security check
|
||||
$socid = GETPOST('socid');
|
||||
$socid = GETPOST('socid','int');
|
||||
if ($user->societe_id) $socid=$user->societe_id;
|
||||
$result = restrictedArea($user, 'deplacement','','');
|
||||
|
||||
|
||||
@ -30,7 +30,7 @@ require_once(DOL_DOCUMENT_ROOT."/compta/deplacement/class/deplacement.class.php"
|
||||
$langs->load("trips");
|
||||
|
||||
// Security check
|
||||
$id = GETPOST('id');
|
||||
$id = GETPOST('id','int');
|
||||
if ($user->societe_id) $socid=$user->societe_id;
|
||||
$result = restrictedArea($user, 'deplacement', $id, '');
|
||||
|
||||
|
||||
@ -32,7 +32,7 @@ $langs->load("users");
|
||||
$langs->load("trips");
|
||||
|
||||
// Security check
|
||||
$socid = GETPOST('socid');
|
||||
$socid = GETPOST('socid','int');
|
||||
if ($user->societe_id) $socid=$user->societe_id;
|
||||
$result = restrictedArea($user, 'deplacement','','');
|
||||
|
||||
|
||||
@ -31,8 +31,8 @@ $langs->load("trips");
|
||||
$WIDTH=500;
|
||||
$HEIGHT=200;
|
||||
|
||||
$userid=GETPOST('userid'); if ($userid < 0) $userid=0;
|
||||
$socid=GETPOST('socid'); if ($socid < 0) $socid=0;
|
||||
$userid=GETPOST('userid','int'); if ($userid < 0) $userid=0;
|
||||
$socid=GETPOST('socid','int'); if ($socid < 0) $socid=0;
|
||||
// Securite acces client
|
||||
if ($user->societe_id > 0)
|
||||
{
|
||||
|
||||
@ -34,7 +34,7 @@ $langs->load("companies");
|
||||
$langs->load("donations");
|
||||
$langs->load("bills");
|
||||
|
||||
$id=GETPOST('rowid')?GETPOST('rowid'):GETPOST('id');
|
||||
$id=GETPOST('rowid')?GETPOST('rowid'):GETPOST('id','int');
|
||||
$action=GETPOST('action');
|
||||
|
||||
$mesg="";
|
||||
|
||||
@ -53,7 +53,7 @@ if (GETPOST('mesg','int',1) && isset($_SESSION['message'])) $mesg=$_SESSION['mes
|
||||
$sall=trim(GETPOST('sall'));
|
||||
$projectid=(GETPOST('projectid')?GETPOST('projectid','int'):0);
|
||||
|
||||
$id=(GETPOST('id')?GETPOST('id','int'):GETPOST('facid','int')); // For backward compatibility
|
||||
$id=(GETPOST('id','int')?GETPOST('id','int'):GETPOST('facid','int')); // For backward compatibility
|
||||
$ref=GETPOST('ref','alpha');
|
||||
$socid=GETPOST('socid','int');
|
||||
$action=GETPOST('action','alpha');
|
||||
@ -558,7 +558,7 @@ if ($action == 'confirm_converttoreduc' && $confirm == 'yes' && $user->rights->f
|
||||
*/
|
||||
if ($action == 'add' && $user->rights->facture->creer)
|
||||
{
|
||||
$object->socid=GETPOST('socid');
|
||||
$object->socid=GETPOST('socid','int');
|
||||
|
||||
$db->begin();
|
||||
|
||||
|
||||
@ -36,7 +36,7 @@ $langs->load("bills");
|
||||
|
||||
// Security check
|
||||
$socid=0;
|
||||
$id = GETPOST("facid");
|
||||
$id = GETPOST('facid','int');
|
||||
$ref = GETPOST("ref");
|
||||
if ($user->societe_id) $socid=$user->societe_id;
|
||||
$result = restrictedArea($user, 'facture', $id);
|
||||
|
||||
@ -32,7 +32,9 @@ require_once(DOL_DOCUMENT_ROOT.'/core/class/html.formcompany.class.php');
|
||||
$langs->load("bills");
|
||||
$langs->load("companies");
|
||||
|
||||
$facid = isset($_GET["facid"])?$_GET["facid"]:'';
|
||||
$facid = GETPOST('facid');
|
||||
$id = GETPOST('facid');
|
||||
$ref= GETPOST('ref');
|
||||
|
||||
// Security check
|
||||
if ($user->societe_id) $socid=$user->societe_id;
|
||||
@ -45,12 +47,11 @@ $result = restrictedArea($user, 'facture', $facid);
|
||||
|
||||
if ($_POST["action"] == 'addcontact' && $user->rights->facture->creer)
|
||||
{
|
||||
|
||||
$result = 0;
|
||||
$facture = new Facture($db);
|
||||
$result = $facture->fetch($_GET["facid"]);
|
||||
$result = $facture->fetch($facid);
|
||||
|
||||
if ($result > 0 && $_GET["facid"] > 0)
|
||||
if ($result > 0 && $facid > 0)
|
||||
{
|
||||
$result = $facture->add_contact($_POST["contactid"], $_POST["type"], $_POST["source"]);
|
||||
}
|
||||
@ -78,7 +79,7 @@ if ($_POST["action"] == 'addcontact' && $user->rights->facture->creer)
|
||||
if ($_GET["action"] == 'swapstatut' && $user->rights->facture->creer)
|
||||
{
|
||||
$facture = new Facture($db);
|
||||
if ($facture->fetch(GETPOST("facid")))
|
||||
if ($facture->fetch($facid))
|
||||
{
|
||||
$result=$facture->swapContactStatus(GETPOST('ligne'));
|
||||
}
|
||||
@ -92,7 +93,7 @@ if ($_GET["action"] == 'swapstatut' && $user->rights->facture->creer)
|
||||
if ($_GET["action"] == 'deleteline' && $user->rights->facture->creer)
|
||||
{
|
||||
$facture = new Facture($db);
|
||||
$facture->fetch($_GET["facid"]);
|
||||
$facture->fetch($facid);
|
||||
$result = $facture->delete_contact($_GET["lineid"]);
|
||||
|
||||
if ($result >= 0)
|
||||
@ -125,8 +126,6 @@ $userstatic=new User($db);
|
||||
/* *************************************************************************** */
|
||||
dol_htmloutput_mesg($mesg);
|
||||
|
||||
$id = $_GET['facid'];
|
||||
$ref= $_GET['ref'];
|
||||
if ($id > 0 || ! empty($ref))
|
||||
{
|
||||
$facture = new Facture($db);
|
||||
|
||||
@ -39,7 +39,7 @@ $langs->load("bills");
|
||||
|
||||
$action = GETPOST('action');
|
||||
$confirm = GETPOST('confirm');
|
||||
$id = GETPOST('facid');
|
||||
$id = GETPOST('facid','int');
|
||||
$ref = GETPOST('ref');
|
||||
|
||||
// Security check
|
||||
|
||||
@ -31,7 +31,7 @@ require_once(DOL_DOCUMENT_ROOT."/product/class/product.class.php");
|
||||
$langs->load('bills');
|
||||
|
||||
// Security check
|
||||
$facid=GETPOST("facid");
|
||||
$facid=GETPOST('facid','int');
|
||||
$action=GETPOST("action");
|
||||
if ($user->societe_id) $socid=$user->societe_id;
|
||||
$objecttype = 'facture_rec';
|
||||
@ -81,7 +81,7 @@ if ($_POST["action"] == 'add')
|
||||
if ($_REQUEST["action"] == 'delete' && $user->rights->facture->supprimer)
|
||||
{
|
||||
$facrec = new FactureRec($db);
|
||||
$facrec->fetch(GETPOST("facid"));
|
||||
$facrec->fetch(GETPOST('facid','int'));
|
||||
$facrec->delete();
|
||||
$facid = 0 ;
|
||||
}
|
||||
|
||||
@ -33,8 +33,8 @@ $mode=GETPOST("mode")?GETPOST("mode"):'customer';
|
||||
if ($mode == 'customer' && ! $user->rights->facture->lire) accessforbidden();
|
||||
if ($mode == 'supplier' && ! $user->rights->fournisseur->facture->lire) accessforbidden();
|
||||
|
||||
$userid=GETPOST('userid'); if ($userid < 0) $userid=0;
|
||||
$socid=GETPOST('socid'); if ($socid < 0) $socid=0;
|
||||
$userid=GETPOST('userid','int'); if ($userid < 0) $userid=0;
|
||||
$socid=GETPOST('socid','int'); if ($socid < 0) $socid=0;
|
||||
// Security check
|
||||
if ($user->societe_id > 0)
|
||||
{
|
||||
|
||||
@ -75,7 +75,7 @@ $modetax = $conf->global->TAX_MODE;
|
||||
if (isset($_REQUEST["modetax"])) $modetax=$_REQUEST["modetax"];
|
||||
|
||||
// Security check
|
||||
$socid = GETPOST("socid");
|
||||
$socid = GETPOST('socid','int');
|
||||
if ($user->societe_id) $socid=$user->societe_id;
|
||||
$result = restrictedArea($user, 'tax', '', '', 'charges');
|
||||
|
||||
|
||||
@ -37,7 +37,7 @@ $langs->load('banks');
|
||||
$action = GETPOST('action');
|
||||
$confirm = GETPOST('confirm');
|
||||
|
||||
$facid = GETPOST('facid');
|
||||
$facid = GETPOST('facid','int');
|
||||
$socname = GETPOST('socname');
|
||||
$accountid = GETPOST('accountid');
|
||||
$paymentnum = GETPOST('num_paiement');
|
||||
|
||||
@ -35,7 +35,7 @@ $langs->load('banks');
|
||||
$langs->load('companies');
|
||||
$langs->load('compta');
|
||||
|
||||
$id =GETPOST("id");
|
||||
$id =GETPOST('id','int');
|
||||
$ref=GETPOST("ref");
|
||||
$action=GETPOST('action');
|
||||
|
||||
@ -67,7 +67,7 @@ $filteraccountid=GETPOST('accountid');
|
||||
if ($action == 'setdate' && $user->rights->banque->cheque)
|
||||
{
|
||||
$remisecheque = new RemiseCheque($db);
|
||||
$result = $remisecheque->fetch(GETPOST('id'));
|
||||
$result = $remisecheque->fetch(GETPOST('id','int'));
|
||||
if ($result > 0)
|
||||
{
|
||||
//print "x ".$_POST['liv_month'].", ".$_POST['liv_day'].", ".$_POST['liv_year'];
|
||||
|
||||
@ -30,9 +30,9 @@ require_once(DOL_DOCUMENT_ROOT.'/compta/bank/class/account.class.php');
|
||||
$langs->load("bills");
|
||||
|
||||
// Security check
|
||||
$facid =GETPOST("facid");
|
||||
$socid =GETPOST("socid");
|
||||
$userid=GETPOST('userid');
|
||||
$facid =GETPOST('facid','int');
|
||||
$socid =GETPOST('socid','int');
|
||||
$userid=GETPOST('userid','int');
|
||||
if ($user->societe_id) $socid=$user->societe_id;
|
||||
$result = restrictedArea($user, 'facture',$facid,'');
|
||||
|
||||
|
||||
@ -33,7 +33,7 @@ $langs->load("categories");
|
||||
|
||||
// Security check
|
||||
$socid=0;
|
||||
$id = GETPOST("id");
|
||||
$id = GETPOST('id','int');
|
||||
$ref = GETPOST("ref");
|
||||
if ($user->societe_id) $socid=$user->societe_id;
|
||||
$result = restrictedArea($user, 'prelevement', $id);
|
||||
|
||||
@ -31,7 +31,7 @@ $langs->load("widthdrawals");
|
||||
$langs->load("categories");
|
||||
|
||||
// Security check
|
||||
$socid = GETPOST("socid");
|
||||
$socid = GETPOST('socid','int');
|
||||
if ($user->societe_id) $socid=$user->societe_id;
|
||||
$result = restrictedArea($user, 'prelevement','','','bons');
|
||||
|
||||
|
||||
@ -32,7 +32,7 @@ $langs->load("companies");
|
||||
$langs->load("categories");
|
||||
|
||||
// Security check
|
||||
$socid = GETPOST("socid");
|
||||
$socid = GETPOST('socid','int');
|
||||
if ($user->societe_id) $socid=$user->societe_id;
|
||||
$result = restrictedArea($user, 'prelevement','','','bons');
|
||||
|
||||
|
||||
@ -37,8 +37,8 @@ $langs->load("categories");
|
||||
if ($user->societe_id > 0) accessforbidden();
|
||||
|
||||
// Get supervariables
|
||||
$prev_id = GETPOST("id");
|
||||
$socid = GETPOST("socid");
|
||||
$prev_id = GETPOST('id','int');
|
||||
$socid = GETPOST('socid','int');
|
||||
$page = GETPOST("page");
|
||||
$sortorder = ((GETPOST("sortorder")=="")) ? "DESC" : GETPOST("sortorder");
|
||||
$sortfield = ((GETPOST("sortfield")=="")) ? "p.ref" : GETPOST("sortfield");
|
||||
|
||||
@ -35,7 +35,7 @@ $langs->load("categories");
|
||||
if ($user->societe_id > 0) accessforbidden();
|
||||
|
||||
// Get supervariables
|
||||
$prev_id = GETPOST("id");
|
||||
$prev_id = GETPOST('id','int');
|
||||
$page = GETPOST("page");
|
||||
|
||||
/*
|
||||
|
||||
@ -34,7 +34,7 @@ $langs->load("withdrawals");
|
||||
$langs->load("categories");
|
||||
|
||||
// Get supervariables
|
||||
$prev_id = GETPOST("id");
|
||||
$prev_id = GETPOST('id','int');
|
||||
$page = GETPOST("page");
|
||||
|
||||
/*
|
||||
|
||||
@ -40,7 +40,7 @@ if ($user->societe_id > 0) accessforbidden();
|
||||
|
||||
// Get supervariables
|
||||
$action = GETPOST("action");
|
||||
$id = GETPOST("id");
|
||||
$id = GETPOST('id','int');
|
||||
|
||||
/*
|
||||
* Actions
|
||||
|
||||
@ -32,7 +32,7 @@ $langs->load("withdrawals");
|
||||
$langs->load("categories");
|
||||
|
||||
// Security check
|
||||
$socid = GETPOST("socid");
|
||||
$socid = GETPOST('socid','int');
|
||||
if ($user->societe_id) $socid=$user->societe_id;
|
||||
$result = restrictedArea($user, 'prelevement','','');
|
||||
|
||||
|
||||
@ -39,8 +39,8 @@ $langs->load("categories");
|
||||
|
||||
// Get supervariables
|
||||
$action = GETPOST("action");
|
||||
$id = GETPOST("id");
|
||||
$socid = GETPOST("socid");
|
||||
$id = GETPOST('id','int');
|
||||
$socid = GETPOST('socid','int');
|
||||
|
||||
$page = GETPOST("page");
|
||||
$sortorder = GETPOST("sortorder");
|
||||
|
||||
@ -36,8 +36,8 @@ if ($user->societe_id > 0) accessforbidden();
|
||||
$langs->load("categories");
|
||||
|
||||
// Get supervariables
|
||||
$prev_id = GETPOST("id");
|
||||
$socid = GETPOST("socid");
|
||||
$prev_id = GETPOST('id','int');
|
||||
$socid = GETPOST('socid','int');
|
||||
$page = GETPOST("page");
|
||||
$sortorder = ((GETPOST("sortorder")=="")) ? "DESC" : GETPOST("sortorder");
|
||||
$sortfield = ((GETPOST("sortfield")=="")) ? "pl.fk_soc" : GETPOST("sortfield");
|
||||
|
||||
@ -32,7 +32,7 @@ $langs->load("companies");
|
||||
$langs->load("categories");
|
||||
|
||||
// Security check
|
||||
$socid = GETPOST("socid");
|
||||
$socid = GETPOST('socid','int');
|
||||
if ($user->societe_id) $socid=$user->societe_id;
|
||||
$result = restrictedArea($user, 'prelevement','','','bons');
|
||||
|
||||
|
||||
@ -30,7 +30,7 @@ $langs->load("companies");
|
||||
$langs->load("categories");
|
||||
|
||||
// Security check
|
||||
$socid = GETPOST("socid");
|
||||
$socid = GETPOST('socid','int');
|
||||
if ($user->societe_id) $socid=$user->societe_id;
|
||||
$result = restrictedArea($user, 'prelevement','','','bons');
|
||||
|
||||
|
||||
@ -31,7 +31,7 @@ $langs->load("companies");
|
||||
$langs->load("categories");
|
||||
|
||||
// Security check
|
||||
$socid = GETPOST("socid");
|
||||
$socid = GETPOST('socid','int');
|
||||
if ($user->societe_id) $socid=$user->societe_id;
|
||||
$result = restrictedArea($user, 'prelevement','','','bons');
|
||||
|
||||
|
||||
@ -33,7 +33,7 @@ require_once(DOL_DOCUMENT_ROOT."/core/lib/date.lib.php");
|
||||
$langs->load("bills");
|
||||
|
||||
// Security check
|
||||
$socid = GETPOST("socid");
|
||||
$socid = GETPOST('socid','int');
|
||||
if ($user->societe_id > 0) $socid = $user->societe_id;
|
||||
if (!$user->rights->compta->resultat->lire && !$user->rights->accounting->comptarapport->lire) accessforbidden();
|
||||
|
||||
|
||||
@ -38,7 +38,7 @@ else {
|
||||
}
|
||||
|
||||
// Security check
|
||||
$socid = GETPOST('socid');
|
||||
$socid = GETPOST('socid','int');
|
||||
if ($user->societe_id > 0) $socid = $user->societe_id;
|
||||
if (!$user->rights->compta->resultat->lire && !$user->rights->accounting->comptarapport->lire)
|
||||
accessforbidden();
|
||||
|
||||
@ -30,11 +30,11 @@ require_once(DOL_DOCUMENT_ROOT."/core/lib/tax.lib.php");
|
||||
$langs->load("compta");
|
||||
$langs->load("bills");
|
||||
|
||||
$id=GETPOST("id");
|
||||
$id=GETPOST('id','int');
|
||||
$action=GETPOST("action");
|
||||
|
||||
// Security check
|
||||
$socid = GETPOST("socid");
|
||||
$socid = GETPOST('socid','int');
|
||||
if ($user->societe_id) $socid=$user->societe_id;
|
||||
$result = restrictedArea($user, 'tax', $langs->trans("SocialContribution"), '', 'charges');
|
||||
|
||||
|
||||
@ -38,7 +38,7 @@ $langs->load("companies");
|
||||
$langs->load("compta");
|
||||
$langs->load("bills");
|
||||
|
||||
$id = GETPOST("id");
|
||||
$id = GETPOST('id','int');
|
||||
$action = GETPOST("action");
|
||||
|
||||
// Security check
|
||||
|
||||
@ -29,11 +29,11 @@ require_once(DOL_DOCUMENT_ROOT."/core/lib/functions2.lib.php");
|
||||
$langs->load("compta");
|
||||
$langs->load("bills");
|
||||
|
||||
$id=GETPOST("id");
|
||||
$id=GETPOST('id','int');
|
||||
$action=GETPOST("action");
|
||||
|
||||
// Security check
|
||||
$socid = GETPOST("socid");
|
||||
$socid = GETPOST('socid','int');
|
||||
if ($user->societe_id) $socid=$user->societe_id;
|
||||
$result = restrictedArea($user, 'tax', $langs->trans("SocialContribution"), '', 'charges');
|
||||
|
||||
|
||||
@ -37,8 +37,8 @@ else {
|
||||
$year_end=$year_start + ($nbofyear-1);
|
||||
}
|
||||
|
||||
$userid=GETPOST('userid');
|
||||
$socid=GETPOST('socid');
|
||||
$userid=GETPOST('userid','int');
|
||||
$socid=GETPOST('socid','int');
|
||||
// Security check
|
||||
if ($user->societe_id > 0) $socid = $user->societe_id;
|
||||
if (!$user->rights->compta->resultat->lire && !$user->rights->accounting->comptarapport->lire) accessforbidden();
|
||||
|
||||
@ -78,7 +78,7 @@ $modetax = $conf->global->TAX_MODE;
|
||||
if (isset($_REQUEST["modetax"])) $modetax=$_REQUEST["modetax"];
|
||||
|
||||
// Security check
|
||||
$socid = GETPOST("socid");
|
||||
$socid = GETPOST('socid','int');
|
||||
if ($user->societe_id) $socid=$user->societe_id;
|
||||
$result = restrictedArea($user, 'tax', '', '', 'charges');
|
||||
|
||||
|
||||
@ -85,7 +85,7 @@ if (isset($_REQUEST["modetax"])) $modetax=$_REQUEST["modetax"];
|
||||
if (empty($modetax)) $modetax=0;
|
||||
|
||||
// Security check
|
||||
$socid = GETPOST("socid");
|
||||
$socid = GETPOST('socid','int');
|
||||
if ($user->societe_id) $socid=$user->societe_id;
|
||||
$result = restrictedArea($user, 'tax', '', '', 'charges');
|
||||
|
||||
|
||||
@ -32,10 +32,10 @@ echo $this->control->tpl['ajax_selectcountry'];
|
||||
|
||||
<br>
|
||||
|
||||
<form method="post" name="formsoc" action="<?php echo $_SERVER["PHP_SELF"].'?id='.GETPOST("id"); ?>">
|
||||
<form method="post" name="formsoc" action="<?php echo $_SERVER["PHP_SELF"].'?id='.GETPOST('id','int'); ?>">
|
||||
<input type="hidden" name="token" value="<?php echo $_SESSION['newtoken']; ?>">
|
||||
<input type="hidden" name="canvas" value="<?php echo $canvas ?>">
|
||||
<input type="hidden" name="id" value="<?php echo GETPOST("id"); ?>">
|
||||
<input type="hidden" name="id" value="<?php echo GETPOST('id','int'); ?>">
|
||||
<input type="hidden" name="action" value="update">
|
||||
<input type="hidden" name="contactid" value="<?php echo $this->control->tpl['id']; ?>">
|
||||
<input type="hidden" name="old_name" value="<?php echo $this->control->tpl['name']; ?>">
|
||||
|
||||
@ -390,7 +390,7 @@ else
|
||||
}
|
||||
else {
|
||||
print '<tr><td>'.$langs->trans("Company").'</td><td colspan="3">';
|
||||
print $form->select_company(GETPOST("socid"),'socid','',1);
|
||||
print $form->select_company(GETPOST('socid','int'),'socid','',1);
|
||||
print '</td></tr>';
|
||||
}
|
||||
}
|
||||
@ -562,7 +562,7 @@ else
|
||||
{
|
||||
print '<tr><td>'.$langs->trans("Company").'</td>';
|
||||
print '<td colspan="3">';
|
||||
print $form->select_company(GETPOST("socid")?GETPOST("socid"):($object->socid?$object->socid:-1),'socid','',1);
|
||||
print $form->select_company(GETPOST('socid','int')?GETPOST('socid','int'):($object->socid?$object->socid:-1),'socid','',1);
|
||||
print '</td>';
|
||||
print '</tr>';
|
||||
}
|
||||
|
||||
@ -77,7 +77,7 @@ if ($_POST["action"] == 'addcontact' && $user->rights->contrat->creer)
|
||||
if ($_GET["action"] == 'swapstatut' && $user->rights->contrat->creer)
|
||||
{
|
||||
$contrat = new Contrat($db);
|
||||
if ($contrat->fetch(GETPOST("id")))
|
||||
if ($contrat->fetch(GETPOST('id','int')))
|
||||
{
|
||||
$result=$contrat->swapContactStatus(GETPOST('ligne'));
|
||||
}
|
||||
|
||||
@ -41,8 +41,8 @@ $langs->load("bills");
|
||||
$langs->load("products");
|
||||
|
||||
$action=GETPOST('action');
|
||||
$socid = GETPOST("socid");
|
||||
$contratid = GETPOST("id");
|
||||
$socid = GETPOST('socid','int');
|
||||
$contratid = GETPOST('id','int');
|
||||
|
||||
// Security check
|
||||
if ($user->societe_id) $socid=$user->societe_id;
|
||||
|
||||
@ -48,10 +48,10 @@ $search_nom=GETPOST("search_nom");
|
||||
$search_contract=GETPOST("search_contract");
|
||||
$search_service=GETPOST("search_service");
|
||||
$statut=isset($_GET["statut"])?$_GET["statut"]:1;
|
||||
$socid=GETPOST("socid");
|
||||
$socid=GETPOST('socid','int');
|
||||
|
||||
// Security check
|
||||
$contratid = GETPOST("id");
|
||||
$contratid = GETPOST('id','int');
|
||||
if ($user->societe_id) $socid=$user->societe_id;
|
||||
$result = restrictedArea($user, 'contrat',$contratid,'');
|
||||
|
||||
|
||||
@ -50,7 +50,7 @@ $result = restrictedArea($user, 'ecm', 0);
|
||||
$user->getrights('ecm');
|
||||
|
||||
// Get parameters
|
||||
$socid=GETPOST('socid');
|
||||
$socid=GETPOST('socid','int');
|
||||
$action=GETPOST("action");
|
||||
$section=GETPOST("section");
|
||||
$module=GETPOST("module");
|
||||
|
||||
@ -50,7 +50,7 @@ $langs->load('other');
|
||||
$langs->load('propal');
|
||||
|
||||
$origin = GETPOST("origin")?GETPOST("origin"):'expedition'; // Example: commande, propal
|
||||
$origin_id = GETPOST("id")?GETPOST("id"):'';
|
||||
$origin_id = GETPOST('id','int')?GETPOST('id','int'):'';
|
||||
if (empty($origin_id)) $origin_id = GETPOST("origin_id"); // Id of order or propal
|
||||
if (empty($origin_id)) $origin_id = GETPOST("object_id"); // Id of order or propal
|
||||
$id = $origin_id;
|
||||
|
||||
@ -35,7 +35,7 @@ $langs->load('interventions');
|
||||
|
||||
// Security check
|
||||
$socid=0;
|
||||
$id = GETPOST("id");
|
||||
$id = GETPOST('id','int');
|
||||
$ref = GETPOST("ref");
|
||||
if ($user->societe_id) $socid=$user->societe_id;
|
||||
$result = restrictedArea($user, 'ficheinter', $id, 'fichinter');
|
||||
|
||||
@ -78,7 +78,7 @@ if ($_POST["action"] == 'addcontact' && $user->rights->ficheinter->creer)
|
||||
if ($_GET["action"] == 'swapstatut' && $user->rights->ficheinter->creer)
|
||||
{
|
||||
$fichinter = new Fichinter($db);
|
||||
if ($fichinter->fetch(GETPOST("id")))
|
||||
if ($fichinter->fetch(GETPOST('id','int')))
|
||||
{
|
||||
$result=$fichinter->swapContactStatus(GETPOST('ligne'));
|
||||
}
|
||||
|
||||
@ -38,7 +38,7 @@ $langs->load("fichinter");
|
||||
$langs->load("companies");
|
||||
$langs->load("interventions");
|
||||
|
||||
$id = GETPOST("id");
|
||||
$id = GETPOST('id','int');
|
||||
$action = GETPOST("action");
|
||||
|
||||
// Security check
|
||||
|
||||
@ -43,9 +43,9 @@ if (! empty($conf->global->FICHEINTER_ADDON) && is_readable(DOL_DOCUMENT_ROOT ."
|
||||
$langs->load("companies");
|
||||
$langs->load("interventions");
|
||||
|
||||
$id = GETPOST('id');
|
||||
$id = GETPOST('id','int');
|
||||
$ref = GETPOST('ref');
|
||||
$socid = GETPOST('socid');
|
||||
$socid = GETPOST('socid','int');
|
||||
$action = GETPOST("action");
|
||||
$confirm = GETPOST("confirm");
|
||||
$mesg = GETPOST("msg");
|
||||
|
||||
@ -31,7 +31,7 @@ require_once(DOL_DOCUMENT_ROOT."/core/lib/fichinter.lib.php");
|
||||
$langs->load('companies');
|
||||
$langs->load("interventions");
|
||||
|
||||
$fichinterid = GETPOST("id");
|
||||
$fichinterid = GETPOST('id','int');
|
||||
|
||||
// Security check
|
||||
if ($user->societe_id) $socid=$user->societe_id;
|
||||
|
||||
@ -40,11 +40,11 @@ $offset = $conf->liste_limit * $page;
|
||||
$pageprev = $page - 1;
|
||||
$pagenext = $page + 1;
|
||||
|
||||
$socid=GETPOST("socid");
|
||||
$socid=GETPOST('socid','int');
|
||||
$page=GETPOST("page");
|
||||
|
||||
// Security check
|
||||
$fichinterid = GETPOST("id");
|
||||
$fichinterid = GETPOST('id','int');
|
||||
if ($user->societe_id) $socid=$user->societe_id;
|
||||
$result = restrictedArea($user, 'ficheinter', $fichinterid,'fichinter');
|
||||
|
||||
|
||||
@ -29,7 +29,7 @@ require_once(DOL_DOCUMENT_ROOT."/core/lib/fichinter.lib.php");
|
||||
$langs->load('companies');
|
||||
$langs->load("interventions");
|
||||
|
||||
$fichinterid = GETPOST("id");
|
||||
$fichinterid = GETPOST('id','int');
|
||||
$action=GETPOST("action");
|
||||
|
||||
// Security check
|
||||
|
||||
@ -47,12 +47,12 @@ $langs->load('deliveries');
|
||||
$langs->load('products');
|
||||
$langs->load('stocks');
|
||||
|
||||
$id = GETPOST("id");
|
||||
$id = GETPOST('id','int');
|
||||
$ref = GETPOST("ref");
|
||||
$action = GETPOST("action");
|
||||
$confirm = GETPOST("confirm");
|
||||
$comclientid = GETPOST("comid");
|
||||
$socid = GETPOST("socid");
|
||||
$socid = GETPOST('socid','int');
|
||||
$projectid = GETPOST("projectid");
|
||||
|
||||
// Security check
|
||||
|
||||
@ -80,7 +80,7 @@ if ($_POST["action"] == 'addcontact' && $user->rights->fournisseur->facture->cre
|
||||
if ($_GET["action"] == 'swapstatut' && $user->rights->fournisseur->facture->creer)
|
||||
{
|
||||
$facture = new FactureFournisseur($db);
|
||||
if ($facture->fetch(GETPOST("facid")))
|
||||
if ($facture->fetch(GETPOST('facid','int')))
|
||||
{
|
||||
$result=$facture->swapContactStatus(GETPOST('ligne'));
|
||||
}
|
||||
|
||||
@ -35,7 +35,7 @@ $langs->load('bills');
|
||||
$langs->load('other');
|
||||
$langs->load("companies");
|
||||
|
||||
$facid = GETPOST("facid")?GETPOST("facid"):GETPOST("id");
|
||||
$facid = GETPOST('facid','int')?GETPOST('facid','int'):GETPOST('id','int');
|
||||
$action=empty($_GET['action']) ? (empty($_POST['action']) ? '' : $_POST['action']) : $_GET['action'];
|
||||
|
||||
// Security check
|
||||
|
||||
@ -42,7 +42,7 @@ $langs->load('suppliers');
|
||||
$langs->load('companies');
|
||||
|
||||
$mesg='';
|
||||
$id = (GETPOST("facid") ? GETPOST("facid") : GETPOST("id"));
|
||||
$id = (GETPOST('facid','int') ? GETPOST('facid','int') : GETPOST('id','int'));
|
||||
$action = GETPOST("action");
|
||||
$confirm = GETPOST("confirm");
|
||||
|
||||
|
||||
@ -34,7 +34,7 @@ if (!$user->rights->fournisseur->facture->lire) accessforbidden();
|
||||
$langs->load("companies");
|
||||
$langs->load("bills");
|
||||
|
||||
$socid = GETPOST("socid");
|
||||
$socid = GETPOST('socid','int');
|
||||
|
||||
// Security check
|
||||
if ($user->societe_id > 0)
|
||||
|
||||
@ -31,7 +31,7 @@ require_once(DOL_DOCUMENT_ROOT.'/fourn/class/fournisseur.facture.class.php');
|
||||
$langs->load('bills');
|
||||
$langs->load("companies");
|
||||
|
||||
$facid = GETPOST("facid")?GETPOST("facid"):GETPOST('id');
|
||||
$facid = GETPOST('facid','int')?GETPOST('facid','int'):GETPOST('id','int');
|
||||
$action = GETPOST('action');
|
||||
|
||||
// Security check
|
||||
|
||||
@ -34,7 +34,7 @@ $langs->load('companies');
|
||||
$langs->load('bills');
|
||||
$langs->load('banks');
|
||||
|
||||
$facid=GETPOST('facid');
|
||||
$facid=GETPOST('facid','int');
|
||||
$action=GETPOST('action');
|
||||
$socid=GETPOST('socid','int');
|
||||
|
||||
|
||||
@ -42,7 +42,7 @@ $langs->load('commercial');
|
||||
$action = GETPOST('action');
|
||||
|
||||
// Security check
|
||||
$id = (GETPOST("socid") ? GETPOST("socid") : GETPOST("id"));
|
||||
$id = (GETPOST('socid','int') ? GETPOST('socid','int') : GETPOST('id','int'));
|
||||
if ($user->societe_id) $id=$user->societe_id;
|
||||
$result = restrictedArea($user, 'societe&fournisseur', $id, '');
|
||||
|
||||
|
||||
@ -39,7 +39,7 @@ $search_compta_fournisseur = GETPOST("search_compta_fournisseur");
|
||||
$search_datec = GETPOST("search_datec");
|
||||
|
||||
// Security check
|
||||
$socid = GETPOST('socid');
|
||||
$socid = GETPOST('socid','int');
|
||||
if ($user->societe_id) $socid=$user->societe_id;
|
||||
$result = restrictedArea($user,'societe',$socid,'');
|
||||
|
||||
|
||||
@ -49,7 +49,7 @@ $id = GETPOST('id', 'int');
|
||||
$ref = GETPOST('ref', 'alpha');
|
||||
$action=(GETPOST('action') ? GETPOST('action') : 'view');
|
||||
$confirm=GETPOST('confirm');
|
||||
$socid=GETPOST("socid");
|
||||
$socid=GETPOST('socid','int');
|
||||
if ($user->societe_id) $socid=$user->societe_id;
|
||||
|
||||
$object = new Product($db);
|
||||
|
||||
@ -34,7 +34,7 @@ $langs->load("products");
|
||||
$langs->load("bills");
|
||||
$langs->load("other");
|
||||
|
||||
$id = GETPOST('id');
|
||||
$id = GETPOST('id','int');
|
||||
$ref = GETPOST('ref');
|
||||
$mode = (GETPOST('mode') ? GETPOST('mode') : 'byunit');
|
||||
$error = 0;
|
||||
|
||||
@ -34,7 +34,7 @@ $langs->load('projects');
|
||||
|
||||
$action=GETPOST('action');
|
||||
$mode=GETPOST("mode");
|
||||
$id=GETPOST('id');
|
||||
$id=GETPOST('id','int');
|
||||
|
||||
$mine=0;
|
||||
if ($mode == 'mine') $mine=1;
|
||||
|
||||
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue
Block a user