diff --git a/htdocs/comm/propal.php b/htdocs/comm/propal.php index d09cf9b934b..2fed1737e49 100644 --- a/htdocs/comm/propal.php +++ b/htdocs/comm/propal.php @@ -119,18 +119,18 @@ if ($action == 'confirm_clone' && $confirm == 'yes') else { $mesg=$object->error; - $_GET['action']=''; - $_GET['id']=$_REQUEST['id']; + $action=''; + //$_GET['id']=$_REQUEST['id']; } } } // Suppression de la propale -if ($_REQUEST['action'] == 'confirm_delete' && $_REQUEST['confirm'] == 'yes') +if ($action == 'confirm_delete' && $confirm == 'yes') { if ($user->rights->propale->supprimer) { - $object->fetch($_GET["id"]); + $object->fetch($id); $result=$object->delete($user); $id = 0; $brouillon = 1; @@ -150,13 +150,13 @@ if ($_REQUEST['action'] == 'confirm_delete' && $_REQUEST['confirm'] == 'yes') } // Remove line -if ($_REQUEST['action'] == 'confirm_deleteline' && $_REQUEST['confirm'] == 'yes') +if ($action == 'confirm_deleteline' && $confirm == 'yes') { if ($user->rights->propale->creer) { - $object->fetch($_GET["id"]); + $object->fetch($id); $object->fetch_thirdparty(); - $result = $object->deleteline($_GET['lineid']); + $result = $object->deleteline($lineid); // reorder lines if ($result) $object->line_order(true); @@ -182,9 +182,9 @@ if ($_REQUEST['action'] == 'confirm_deleteline' && $_REQUEST['confirm'] == 'yes' } // Validation -if ($_REQUEST['action'] == 'confirm_validate' && $_REQUEST['confirm'] == 'yes' && $user->rights->propale->valider) +if ($action == 'confirm_validate' && $confirm == 'yes' && $user->rights->propale->valider) { - $object->fetch($_GET["id"]); + $object->fetch($id); $object->fetch_thirdparty(); $result=$object->valid($user); @@ -210,26 +210,26 @@ if ($_REQUEST['action'] == 'confirm_validate' && $_REQUEST['confirm'] == 'yes' & if ($_POST['action'] == 'setdate') { - $object->fetch($_GET["id"]); + $object->fetch($id); $result=$object->set_date($user,dol_mktime(12, 0, 0, $_POST['remonth'], $_POST['reday'], $_POST['reyear'])); if ($result < 0) dol_print_error($db,$object->error); } if ($_POST['action'] == 'setecheance') { - $object->fetch($_GET["id"]); + $object->fetch($id); $result=$object->set_echeance($user,dol_mktime(12, 0, 0, $_POST['echmonth'], $_POST['echday'], $_POST['echyear'])); if ($result < 0) dol_print_error($db,$object->error); } if ($_POST['action'] == 'setdate_livraison') { - $object->fetch($_GET["id"]); + $object->fetch($id); $result=$object->set_date_livraison($user,dol_mktime(12, 0, 0, $_POST['liv_month'], $_POST['liv_day'], $_POST['liv_year'])); if ($result < 0) dol_print_error($db,$object->error); } if ($_POST['action'] == 'setaddress' && $user->rights->propale->creer) { - $object->fetch($_GET["id"]); + $object->fetch($id); $result=$object->set_adresse_livraison($user,$_POST['fk_address']); if ($result < 0) dol_print_error($db,$object->error); } @@ -237,7 +237,7 @@ if ($_POST['action'] == 'setaddress' && $user->rights->propale->creer) // Positionne ref client if ($_POST['action'] == 'set_ref_client' && $user->rights->propale->creer) { - $object->fetch($_GET["id"]); + $object->fetch($id); $object->set_ref_client($user, $_POST['ref_client']); } @@ -371,9 +371,9 @@ if ($_POST['action'] == 'add' && $user->rights->propale->creer) } // Classify billed -if ($_GET["action"] == 'classifybilled') +if ($action == 'classifybilled') { - $object->fetch($_GET["id"]); + $object->fetch($id); $object->cloture($user, 4, ''); } @@ -387,12 +387,12 @@ if (GETPOST('action') == 'setstatut' && $user->rights->propale->cloturer) if (! GETPOST('statut')) { $mesg='
'.$langs->trans("ErrorFieldRequired",$langs->transnoentities("CloseAs")).'
'; - $_REQUEST['action']='statut'; - $_GET['action']='statut'; + $action='statut'; + $action='statut'; } else { - $object->fetch($_GET["id"]); + $object->fetch($id); // prevent browser refresh from closing proposal several times if ($object->statut==1) { @@ -416,7 +416,7 @@ if ($_POST['addfile']) $mesg=dol_add_file_process($upload_dir,0,0); - $_GET["action"]='presend'; + $action='presend'; $_POST["action"]='presend'; } @@ -433,7 +433,7 @@ if (! empty($_POST['removedfile'])) $mesg=dol_remove_file_process($_POST['removedfile'],0); - $_GET["action"]='presend'; + $action='presend'; $_POST["action"]='presend'; } @@ -590,12 +590,12 @@ if ($_POST['action'] == 'send' && ! $_POST['addfile'] && ! $_POST['removedfile'] } } -if ($_GET['action'] == 'modif' && $user->rights->propale->creer) +if ($action == 'modif' && $user->rights->propale->creer) { /* * Repasse la propale en mode brouillon */ - $object->fetch($_GET["id"]); + $object->fetch($id); $object->fetch_thirdparty(); $object->set_draft($user); @@ -617,8 +617,8 @@ if ($_POST['action'] == "setabsolutediscount" && $user->rights->propale->creer) { if ($_POST["remise_id"]) { - $object->id=$_GET["id"]; - $ret=$object->fetch($_GET["id"]); + $object->id=$id; + $ret=$object->fetch($id); if ($ret > 0) { $result=$object->insert_discount($_POST["remise_id"]); @@ -849,9 +849,9 @@ if ($_POST['action'] == 'updateligne' && $user->rights->propale->creer && $_POST /* * Generation doc (depuis lien ou depuis cartouche doc) */ -if ($_REQUEST['action'] == 'builddoc' && $user->rights->propale->creer) +if ($action == 'builddoc' && $user->rights->propale->creer) { - $object->fetch($_GET["id"]); + $object->fetch($id); $object->fetch_thirdparty(); if ($_REQUEST['model']) @@ -885,7 +885,7 @@ if ($_REQUEST['action'] == 'builddoc' && $user->rights->propale->creer) // Set project if ($_POST['action'] == 'classin') { - $object->fetch($_GET['id']); + $object->fetch($id); $object->setProject($_POST['projectid']); } @@ -894,7 +894,7 @@ if ($_POST["action"] == 'setavailability') { $object->fetch($_REQUEST['id']); $result = $object->availability($_POST['availability_id']); - $_GET['id']=$_REQUEST['id']; + $id=$_REQUEST['id']; } // Origine de la propale @@ -902,7 +902,7 @@ if ($_POST["action"] == 'setdemandreason') { $object->fetch($_REQUEST['id']); $result = $object->demand_reason($_POST['demand_reason_id']); - $_GET['id']=$_REQUEST['id']; + $id=$_REQUEST['id']; } // Conditions de reglement @@ -910,21 +910,21 @@ if ($_POST["action"] == 'setconditions') { $object->fetch($_REQUEST['id']); $result = $object->cond_reglement($_POST['cond_reglement_id']); - $_GET['id']=$_REQUEST['id']; + $id=$_REQUEST['id']; } -if ($_REQUEST['action'] == 'setremisepercent' && $user->rights->propale->creer) +if ($action == 'setremisepercent' && $user->rights->propale->creer) { $object->fetch($_REQUEST["id"]); $result = $object->set_remise_percent($user, $_POST['remise_percent']); - $_GET["id"]=$_REQUEST["id"]; + $id=$_REQUEST["id"]; } -if ($_REQUEST['action'] == 'setremiseabsolue' && $user->rights->propale->creer) +if ($action == 'setremiseabsolue' && $user->rights->propale->creer) { $object->fetch($_REQUEST["id"]); $result = $object->set_remise_absolue($user, $_POST['remise_absolue']); - $_GET["id"]=$_REQUEST["id"]; + $id=$_REQUEST["id"]; } // Mode de reglement @@ -932,18 +932,18 @@ if ($_POST["action"] == 'setmode') { $object->fetch($_REQUEST["id"]); $result = $object->mode_reglement($_POST['mode_reglement_id']); - $_GET["id"]=$_REQUEST["id"]; + $id=$_REQUEST["id"]; } /* * Ordonnancement des lignes */ -if ($_GET['action'] == 'up' && $user->rights->propale->creer) +if ($action == 'up' && $user->rights->propale->creer) { - $object->fetch($_GET["id"]); + $object->fetch($id); $object->fetch_thirdparty(); - $object->line_up($_GET['rowid']); + $object->line_up(GETPOST('rowid')); // Define output language $outputlangs = $langs; @@ -957,15 +957,15 @@ if ($_GET['action'] == 'up' && $user->rights->propale->creer) } propale_pdf_create($db, $object, $object->modelpdf, $outputlangs, GETPOST('hidedetails'), GETPOST('hidedesc'), GETPOST('hideref')); - Header ('Location: '.$_SERVER["PHP_SELF"].'?id='.$_GET["id"].'#'.$_GET['rowid']); + Header ('Location: '.$_SERVER["PHP_SELF"].'?id='.$id.'#'.GETPOST('rowid')); exit; } -if ($_GET['action'] == 'down' && $user->rights->propale->creer) +if ($action == 'down' && $user->rights->propale->creer) { - $object->fetch($_GET['id']); + $object->fetch($id); $object->fetch_thirdparty(); - $object->line_down($_GET['rowid']); + $object->line_down(GETPOST('rowid')); // Define output language $outputlangs = $langs; @@ -979,7 +979,7 @@ if ($_GET['action'] == 'down' && $user->rights->propale->creer) } propale_pdf_create($db, $object, $object->modelpdf, $outputlangs, GETPOST('hidedetails'), GETPOST('hidedesc'), GETPOST('hideref')); - Header ('Location: '.$_SERVER["PHP_SELF"].'?id='.$_GET["id"].'#'.$_GET['rowid']); + Header ('Location: '.$_SERVER["PHP_SELF"].'?id='.$id.'#'.GETPOST('rowid')); exit; } @@ -1111,10 +1111,10 @@ if ($id > 0 || ! empty($ref)) print ''; - if ($_GET['action'] != 'refclient' && $object->brouillon) print ''; + if ($action != 'refclient' && $object->brouillon) print ''; print '
'; print $langs->trans('RefCustomer').''; print ''.img_edit($langs->trans('Modify')).''.img_edit($langs->trans('Modify')).'
'; print ''; - if ($user->rights->propale->creer && $_GET['action'] == 'refclient') + if ($user->rights->propale->creer && $action == 'refclient') { print '
'; print ''; @@ -1172,10 +1172,10 @@ if ($id > 0 || ! empty($ref)) print ''; - if ($_GET['action'] != 'editdate' && $object->brouillon) print ''; + if ($action != 'editdate' && $object->brouillon) print ''; print '
'; print $langs->trans('Date'); print 'id.'">'.img_edit($langs->trans('SetDate'),1).'id.'">'.img_edit($langs->trans('SetDate'),1).'
'; print ''; - if ($object->brouillon && $_GET['action'] == 'editdate') + if ($object->brouillon && $action == 'editdate') { print ''; print ''; @@ -1217,10 +1217,10 @@ if ($id > 0 || ! empty($ref)) print ''; - if ($_GET['action'] != 'editecheance' && $object->brouillon) print ''; + if ($action != 'editecheance' && $object->brouillon) print ''; print '
'; print $langs->trans('DateEndPropal'); print 'id.'">'.img_edit($langs->trans('SetConditions'),1).'id.'">'.img_edit($langs->trans('SetConditions'),1).'
'; print ''; - if ($object->brouillon && $_GET['action'] == 'editecheance') + if ($object->brouillon && $action == 'editecheance') { print ''; print ''; @@ -1250,10 +1250,10 @@ if ($id > 0 || ! empty($ref)) print ''; - if ($_GET['action'] != 'editdate_livraison' && $object->brouillon) print ''; + if ($action != 'editdate_livraison' && $object->brouillon) print ''; print '
'; print $langs->trans('DeliveryDate'); print 'id.'">'.img_edit($langs->trans('SetDeliveryDate'),1).'id.'">'.img_edit($langs->trans('SetDeliveryDate'),1).'
'; print ''; - if ($_GET['action'] == 'editdate_livraison') + if ($action == 'editdate_livraison') { print ''; print ''; @@ -1277,17 +1277,17 @@ if ($id > 0 || ! empty($ref)) print $langs->trans('DeliveryAddress'); print ''; - if ($_GET['action'] != 'editdelivery_address' && $object->brouillon) print 'socid.'&id='.$object->id.'">'.img_edit($langs->trans('SetDeliveryAddress'),1).''; + if ($action != 'editdelivery_address' && $object->brouillon) print 'socid.'&id='.$object->id.'">'.img_edit($langs->trans('SetDeliveryAddress'),1).''; print ''; print ''; - if ($_GET['action'] == 'editdelivery_address') + if ($action == 'editdelivery_address') { - $html->form_address($_SERVER['PHP_SELF'].'?id='.$object->id,$object->fk_delivery_address,$_GET['socid'],'fk_address','propal',$object->id); + $html->form_address($_SERVER['PHP_SELF'].'?id='.$object->id,$object->fk_delivery_address,GETPOST('socid'),'fk_address','propal',$object->id); } else { - $html->form_address($_SERVER['PHP_SELF'].'?id='.$object->id,$object->fk_delivery_address,$_GET['socid'],'none','propal',$object->id); + $html->form_address($_SERVER['PHP_SELF'].'?id='.$object->id,$object->fk_delivery_address,GETPOST('socid'),'none','propal',$object->id); } print ''; } @@ -1298,10 +1298,10 @@ if ($id > 0 || ! empty($ref)) print $langs->trans('AvailabilityPeriod'); if ($conf->commande->enabled) print ' ('.$langs->trans('AfterOrder').')'; print ''; - if ($_GET['action'] != 'editavailability' && $object->brouillon) print 'id.'">'.img_edit($langs->trans('SetAvailability'),1).''; + if ($action != 'editavailability' && $object->brouillon) print 'id.'">'.img_edit($langs->trans('SetAvailability'),1).''; print ''; print ''; - if ($_GET['action'] == 'editavailability') + if ($action == 'editavailability') { $html->form_availability($_SERVER['PHP_SELF'].'?id='.$object->id,$object->availability_id,'availability_id'); } @@ -1318,10 +1318,10 @@ if ($id > 0 || ! empty($ref)) print ''; - if ($_GET['action'] != 'editdemandreason' && $object->brouillon) print ''; + if ($action != 'editdemandreason' && $object->brouillon) print ''; print '
'; print $langs->trans('Source'); print 'id.'">'.img_edit($langs->trans('SetDemandReason'),1).'id.'">'.img_edit($langs->trans('SetDemandReason'),1).'
'; print ''; - if ($_GET['action'] == 'editdemandreason') + if ($action == 'editdemandreason') { $html->form_demand_reason($_SERVER['PHP_SELF'].'?id='.$object->id,$object->demand_reason_id,'demand_reason_id'); } @@ -1338,10 +1338,10 @@ if ($id > 0 || ! empty($ref)) print ''; - if ($_GET['action'] != 'editconditions' && $object->brouillon) print ''; + if ($action != 'editconditions' && $object->brouillon) print ''; print '
'; print $langs->trans('PaymentConditionsShort'); print 'id.'">'.img_edit($langs->trans('SetConditions'),1).'id.'">'.img_edit($langs->trans('SetConditions'),1).'
'; print ''; - if ($_GET['action'] == 'editconditions') + if ($action == 'editconditions') { $html->form_conditions_reglement($_SERVER['PHP_SELF'].'?id='.$object->id,$object->cond_reglement_id,'cond_reglement_id'); } @@ -1358,10 +1358,10 @@ if ($id > 0 || ! empty($ref)) print ''; - if ($_GET['action'] != 'editmode' && $object->brouillon) print ''; + if ($action != 'editmode' && $object->brouillon) print ''; print '
'; print $langs->trans('PaymentMode'); print 'id.'">'.img_edit($langs->trans('SetMode'),1).'id.'">'.img_edit($langs->trans('SetMode'),1).'
'; print ''; - if ($_GET['action'] == 'editmode') + if ($action == 'editmode') { $html->form_modes_reglement($_SERVER['PHP_SELF'].'?id='.$object->id,$object->mode_reglement_id,'mode_reglement_id'); } @@ -1380,10 +1380,10 @@ if ($id > 0 || ! empty($ref)) print $langs->trans('Project').''; if ($user->rights->propale->creer) { - if ($_GET['action'] != 'classer') print ''.img_edit($langs->trans('SetProject')).''; + if ($action != 'classer') print ''.img_edit($langs->trans('SetProject')).''; print ''; print ''; - if ($_GET['action'] == 'classer') + if ($action == 'classer') { $html->form_project($_SERVER['PHP_SELF'].'?id='.$object->id, $object->socid, $object->fk_project, 'projectid'); } @@ -1741,8 +1741,8 @@ else $pageprev = $page - 1; $pagenext = $page + 1; - $viewstatut=$db->escape($_GET['viewstatut']); - $object_statut = $db->escape($_GET['propal_statut']); + $viewstatut=$db->escape(GETPOST('viewstatut')); + $object_statut = $db->escape(GETPOST('propal_statut')); if($object_statut != '') $viewstatut=$object_statut; @@ -1766,17 +1766,17 @@ else { $sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id; } - if (!empty($_GET['search_ref'])) + if (GETPOST('search_ref')) { - $sql.= " AND p.ref LIKE '%".$db->escape($_GET['search_ref'])."%'"; + $sql.= " AND p.ref LIKE '%".$db->escape(GETPOST('search_ref'))."%'"; } if (!empty($_GET['search_societe'])) { - $sql.= " AND s.nom LIKE '%".$db->escape($_GET['search_societe'])."%'"; + $sql.= " AND s.nom LIKE '%".$db->escape(GETPOST('search_societe'))."%'"; } if (!empty($_GET['search_montant_ht'])) { - $sql.= " AND p.total_ht='".$db->escape($_GET['search_montant_ht'])."'"; + $sql.= " AND p.total_ht='".$db->escape(GETPOST('search_montant_ht'))."'"; } if ($sall) $sql.= " AND (s.nom like '%".$db->escape($sall)."%' OR p.note like '%".$db->escape($sall)."%' OR pd.description like '%".$db->escape($sall)."%')"; if ($socid) $sql.= ' AND s.rowid = '.$socid; @@ -1833,10 +1833,10 @@ else print ''; print ''; - print ''; + print ''; print ''; print ''; - print ''; + print ''; print ''; print ''; print $langs->trans('Month').': '; @@ -1848,7 +1848,7 @@ else print ''; print ' '; print ''; - print ''; + print ''; print ''; print ' '; print '';