From 1690468da5cf1587078522e678e79cda124bfa8c Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Wed, 30 Sep 2020 18:39:23 +0200
Subject: [PATCH] Fix delete of profiles

---
 htdocs/exports/class/export.class.php | 2 +-
 htdocs/exports/export.php             | 8 ++++----
 htdocs/imports/class/import.class.php | 2 +-
 htdocs/imports/import.php             | 6 +++---
 4 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/htdocs/exports/class/export.class.php b/htdocs/exports/class/export.class.php
index c7d7f4eea89..a33437166ea 100644
--- a/htdocs/exports/class/export.class.php
+++ b/htdocs/exports/class/export.class.php
@@ -736,7 +736,7 @@ class Export
     {
 		$sql = 'SELECT em.rowid, em.label, em.type, em.field, em.filter';
 		$sql .= ' FROM '.MAIN_DB_PREFIX.'export_model as em';
-		$sql .= ' WHERE em.rowid = '.$id;
+		$sql .= ' WHERE em.rowid = '.((int) $id);
 
 		dol_syslog("Export::fetch", LOG_DEBUG);
 		$result = $this->db->query($sql);
diff --git a/htdocs/exports/export.php b/htdocs/exports/export.php
index a5f11264a43..70e04d46cbb 100644
--- a/htdocs/exports/export.php
+++ b/htdocs/exports/export.php
@@ -302,9 +302,9 @@ if ($step == 5 && $action == 'confirm_deletefile' && $confirm == 'yes')
 
 if ($action == 'deleteprof')
 {
-	if ($_GET["id"])
+	if (GETPOST("id", 'int'))
 	{
-		$objexport->fetch($_GET["id"]);
+		$objexport->fetch(GETPOST('id', 'int'));
 		$result = $objexport->delete($user);
 	}
 }
@@ -1054,7 +1054,7 @@ if ($step == 4 && $datatoexport)
 
 		print '<tr class="oddeven">';
 		print '<td><input name="export_name" size="32" value=""></td><td class="right">';
-        print '<input type="submit" class="button" value="'.$langs->trans("Save").'">';
+        print '<input type="submit" class="button reposition" value="'.$langs->trans("Save").'">';
         print '</td></tr>';
 
         // List of existing export profils
@@ -1074,7 +1074,7 @@ if ($step == 4 && $datatoexport)
 				print '<tr class="oddeven"><td>';
 				print $obj->label;
 				print '</td><td class="right">';
-				print '<a href="'.$_SERVER["PHP_SELF"].'?step='.$step.'&datatoexport='.$datatoexport.'&action=deleteprof&id='.$obj->rowid.'">';
+				print '<a class="reposition" href="'.$_SERVER["PHP_SELF"].'?step='.$step.'&datatoexport='.$datatoexport.'&action=deleteprof&token='.newToken().'&id='.$obj->rowid.'">';
 				print img_delete();
 				print '</a>';
 				print '</tr>';
diff --git a/htdocs/imports/class/import.class.php b/htdocs/imports/class/import.class.php
index 72d1eb16f66..77128589c25 100644
--- a/htdocs/imports/class/import.class.php
+++ b/htdocs/imports/class/import.class.php
@@ -278,7 +278,7 @@ class Import
 	{
 		$sql = 'SELECT em.rowid, em.field, em.label, em.type';
 		$sql .= ' FROM '.MAIN_DB_PREFIX.'import_model as em';
-		$sql .= ' WHERE em.rowid = '.$id;
+		$sql .= ' WHERE em.rowid = '.((int) $id);
 
 		dol_syslog(get_class($this)."::fetch", LOG_DEBUG);
 		$result = $this->db->query($sql);
diff --git a/htdocs/imports/import.php b/htdocs/imports/import.php
index 9fdc5330103..6fab34557d1 100644
--- a/htdocs/imports/import.php
+++ b/htdocs/imports/import.php
@@ -148,9 +148,9 @@ if ($action == 'builddoc')
 
 if ($action == 'deleteprof')
 {
-	if ($_GET["id"])
+	if (GETPOST("id", 'int'))
 	{
-		$objimport->fetch($_GET["id"]);
+		$objimport->fetch(GETPOST("id", 'int'));
 		$result = $objimport->delete($user);
 	}
 }
@@ -1160,7 +1160,7 @@ if ($step == 4 && $datatoimport)
 				print '<tr class="oddeven"><td>';
 				print $obj->label;
 				print '</td><td style="text-align:right">';
-				print '<a href="'.$_SERVER["PHP_SELF"].'?step='.$step.$param.'&action=deleteprof&id='.$obj->rowid.'&filetoimport='.urlencode($filetoimport).'">';
+				print '<a class="reposition" href="'.$_SERVER["PHP_SELF"].'?step='.$step.$param.'&action=deleteprof&token='.newToken().'&id='.$obj->rowid.'&filetoimport='.urlencode($filetoimport).'">';
 				print img_delete();
 				print '</a>';
 				print '</tr>';