diff --git a/htdocs/accountancy/admin/account.php b/htdocs/accountancy/admin/account.php index b3ddbc43feb..2ab72322db3 100644 --- a/htdocs/accountancy/admin/account.php +++ b/htdocs/accountancy/admin/account.php @@ -51,7 +51,7 @@ if (! $user->rights->accounting->chartofaccount) accessforbidden(); // Load variable for pagination $limit = GETPOST('limit', 'int')?GETPOST('limit', 'int'):$conf->liste_limit; $sortfield = GETPOST('sortfield', 'alpha'); -$sortorder = GETPOST('sortorder', 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOST('page', 'int'); if (empty($page) || $page == -1) { $page = 0; } // If $page is not defined, or '' or -1 $offset = $limit * $page; diff --git a/htdocs/accountancy/admin/fiscalyear.php b/htdocs/accountancy/admin/fiscalyear.php index fff0118c224..f6f5dbe0c76 100644 --- a/htdocs/accountancy/admin/fiscalyear.php +++ b/htdocs/accountancy/admin/fiscalyear.php @@ -30,7 +30,7 @@ $action = GETPOST('action', 'aZ09'); // Load variable for pagination $limit = GETPOST('limit', 'int')?GETPOST('limit', 'int'):$conf->liste_limit; $sortfield = GETPOST('sortfield', 'alpha'); -$sortorder = GETPOST('sortorder', 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOST('page', 'int'); if (empty($page) || $page == -1) { $page = 0; } // If $page is not defined, or '' or -1 $offset = $limit * $page; diff --git a/htdocs/accountancy/admin/productaccount.php b/htdocs/accountancy/admin/productaccount.php index 52ec326e502..e1ec4bbbda2 100644 --- a/htdocs/accountancy/admin/productaccount.php +++ b/htdocs/accountancy/admin/productaccount.php @@ -69,7 +69,7 @@ if (empty($accounting_product_mode)) $accounting_product_mode='ACCOUNTANCY_SELL' $limit = GETPOST('limit', 'int')?GETPOST('limit', 'int'):(empty($conf->global->ACCOUNTING_LIMIT_LIST_VENTILATION)?$conf->liste_limit:$conf->global->ACCOUNTING_LIMIT_LIST_VENTILATION); $sortfield = GETPOST("sortfield", 'alpha'); -$sortorder = GETPOST("sortorder", 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOST("page", 'int'); if (empty($page) || $page == -1) { $page = 0; } // If $page is not defined, or '' or -1 $offset = $limit * $page; diff --git a/htdocs/accountancy/bookkeeping/balance.php b/htdocs/accountancy/bookkeeping/balance.php index 52cb1370cfc..2ad4001eeee 100644 --- a/htdocs/accountancy/bookkeeping/balance.php +++ b/htdocs/accountancy/bookkeeping/balance.php @@ -47,7 +47,7 @@ if (GETPOST("exportcsv", 'alpha')) $action = 'export_csv'; // Load variable for pagination $limit = GETPOST('limit', 'int')?GETPOST('limit', 'int'):$conf->liste_limit; $sortfield = GETPOST('sortfield', 'alpha'); -$sortorder = GETPOST('sortorder', 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOST('page', 'int'); if (empty($page) || $page == -1 || GETPOST('button_search', 'alpha') || GETPOST('button_removefilter', 'alpha') || (empty($toselect) && $massaction === '0')) { $page = 0; } // If $page is not defined, or '' or -1 or if we click on clear filters or if we select empty mass action $offset = $limit * $page; diff --git a/htdocs/accountancy/bookkeeping/list.php b/htdocs/accountancy/bookkeeping/list.php index 7ada77d0bd6..a25f74addf1 100644 --- a/htdocs/accountancy/bookkeeping/list.php +++ b/htdocs/accountancy/bookkeeping/list.php @@ -88,7 +88,7 @@ $search_lettering_code = GETPOST('search_lettering_code', 'alpha'); // Load variable for pagination $limit = GETPOST('limit', 'int')?GETPOST('limit', 'int'):(empty($conf->global->ACCOUNTING_LIMIT_LIST_VENTILATION)?$conf->liste_limit:$conf->global->ACCOUNTING_LIMIT_LIST_VENTILATION); $sortfield = GETPOST('sortfield', 'alpha'); -$sortorder = GETPOST('sortorder', 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOST('page', 'int'); if (empty($page) || $page < 0) { $page = 0; } $offset = $limit * $page; diff --git a/htdocs/accountancy/bookkeeping/listbyaccount.php b/htdocs/accountancy/bookkeeping/listbyaccount.php index bacfdcb714a..8eff5630657 100644 --- a/htdocs/accountancy/bookkeeping/listbyaccount.php +++ b/htdocs/accountancy/bookkeeping/listbyaccount.php @@ -40,7 +40,7 @@ $langs->loadLangs(array("accountancy")); $page = GETPOST("page"); $sortorder = GETPOST("sortorder"); $sortfield = GETPOST("sortfield"); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $search_date_start = dol_mktime(0, 0, 0, GETPOST('search_date_startmonth', 'int'), GETPOST('search_date_startday', 'int'), GETPOST('search_date_startyear', 'int')); $search_date_end = dol_mktime(0, 0, 0, GETPOST('search_date_endmonth', 'int'), GETPOST('search_date_endday', 'int'), GETPOST('search_date_endyear', 'int')); $search_doc_date = dol_mktime(0, 0, 0, GETPOST('doc_datemonth', 'int'), GETPOST('doc_dateday', 'int'), GETPOST('doc_dateyear', 'int')); @@ -64,7 +64,7 @@ $search_credit = GETPOST('search_credit', 'alpha'); // Load variable for pagination $limit = GETPOST('limit', 'int')?GETPOST('limit', 'int'):(empty($conf->global->ACCOUNTING_LIMIT_LIST_VENTILATION)?$conf->liste_limit:$conf->global->ACCOUNTING_LIMIT_LIST_VENTILATION); $sortfield = GETPOST('sortfield', 'alpha'); -$sortorder = GETPOST('sortorder', 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOST('page', 'int'); if (empty($page) || $page < 0) { $page = 0; } $offset = $limit * $page; diff --git a/htdocs/accountancy/customer/card.php b/htdocs/accountancy/customer/card.php index eb66b235d0b..c4610395f3c 100644 --- a/htdocs/accountancy/customer/card.php +++ b/htdocs/accountancy/customer/card.php @@ -30,7 +30,7 @@ require_once DOL_DOCUMENT_ROOT . '/core/class/html.formaccounting.class.php'; // Load translation files required by the page $langs->loadLangs(array("bills","accountancy")); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $cancel = GETPOST('cancel', 'alpha'); $backtopage = GETPOST('backtopage', 'alpha'); diff --git a/htdocs/accountancy/customer/lines.php b/htdocs/accountancy/customer/lines.php index 3da2c129e30..ae1e5751331 100644 --- a/htdocs/accountancy/customer/lines.php +++ b/htdocs/accountancy/customer/lines.php @@ -57,7 +57,7 @@ $search_tvaintra = GETPOST('search_tvaintra', 'alpha'); // Load variable for pagination $limit = GETPOST('limit', 'int')?GETPOST('limit', 'int'):(empty($conf->global->ACCOUNTING_LIMIT_LIST_VENTILATION)?$conf->liste_limit:$conf->global->ACCOUNTING_LIMIT_LIST_VENTILATION); $sortfield = GETPOST('sortfield', 'alpha'); -$sortorder = GETPOST('sortorder', 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOST('page', 'int'); if (empty($page) || $page < 0) $page = 0; $pageprev = $page - 1; diff --git a/htdocs/accountancy/customer/list.php b/htdocs/accountancy/customer/list.php index cd1c285217c..033ba8d7903 100644 --- a/htdocs/accountancy/customer/list.php +++ b/htdocs/accountancy/customer/list.php @@ -68,7 +68,7 @@ $btn_ventil = GETPOST('ventil', 'alpha'); // Load variable for pagination $limit = GETPOST('limit', 'int')?GETPOST('limit', 'int'):(empty($conf->global->ACCOUNTING_LIMIT_LIST_VENTILATION)?$conf->liste_limit:$conf->global->ACCOUNTING_LIMIT_LIST_VENTILATION); $sortfield = GETPOST('sortfield', 'alpha'); -$sortorder = GETPOST('sortorder', 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOST('page', 'int'); if (empty($page) || $page < 0) { $page = 0; } $offset = $limit * $page; diff --git a/htdocs/accountancy/expensereport/card.php b/htdocs/accountancy/expensereport/card.php index 1052a1d485d..b6399167871 100644 --- a/htdocs/accountancy/expensereport/card.php +++ b/htdocs/accountancy/expensereport/card.php @@ -34,7 +34,7 @@ require_once DOL_DOCUMENT_ROOT . '/core/class/html.formaccounting.class.php'; // Load translation files required by the page $langs->loadLangs(array("bills","accountancy","trips")); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $cancel = GETPOST('cancel', 'alpha'); $backtopage = GETPOST('backtopage', 'alpha'); diff --git a/htdocs/accountancy/expensereport/lines.php b/htdocs/accountancy/expensereport/lines.php index d15ef52ad39..a236da06646 100644 --- a/htdocs/accountancy/expensereport/lines.php +++ b/htdocs/accountancy/expensereport/lines.php @@ -52,7 +52,7 @@ $search_year=GETPOST("search_year", "int"); // Load variable for pagination $limit = GETPOST('limit', 'int')?GETPOST('limit', 'int'):(empty($conf->global->ACCOUNTING_LIMIT_LIST_VENTILATION)?$conf->liste_limit:$conf->global->ACCOUNTING_LIMIT_LIST_VENTILATION); $sortfield = GETPOST('sortfield', 'alpha'); -$sortorder = GETPOST('sortorder', 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOST('page', 'int'); if (empty($page) || $page < 0) $page = 0; $pageprev = $page - 1; diff --git a/htdocs/accountancy/expensereport/list.php b/htdocs/accountancy/expensereport/list.php index 60b24638775..e7cad536057 100644 --- a/htdocs/accountancy/expensereport/list.php +++ b/htdocs/accountancy/expensereport/list.php @@ -62,7 +62,7 @@ $btn_ventil = GETPOST('ventil', 'alpha'); // Load variable for pagination $limit = GETPOST('limit', 'int')?GETPOST('limit', 'int'):(empty($conf->global->ACCOUNTING_LIMIT_LIST_VENTILATION)?$conf->liste_limit:$conf->global->ACCOUNTING_LIMIT_LIST_VENTILATION); $sortfield = GETPOST('sortfield', 'alpha'); -$sortorder = GETPOST('sortorder', 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOST('page', 'int'); if (empty($page) || $page < 0) { $page = 0; } $offset = $limit * $page; diff --git a/htdocs/accountancy/supplier/card.php b/htdocs/accountancy/supplier/card.php index 97f7d618ce8..06309a7f3e4 100644 --- a/htdocs/accountancy/supplier/card.php +++ b/htdocs/accountancy/supplier/card.php @@ -34,7 +34,7 @@ require_once DOL_DOCUMENT_ROOT . '/core/class/html.formaccounting.class.php'; // Load translation files required by the page $langs->loadLangs(array("bills","accountancy")); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $cancel = GETPOST('cancel', 'alpha'); $backtopage = GETPOST('backtopage', 'alpha'); diff --git a/htdocs/accountancy/supplier/lines.php b/htdocs/accountancy/supplier/lines.php index 659d428b93b..4f3c89b2db3 100644 --- a/htdocs/accountancy/supplier/lines.php +++ b/htdocs/accountancy/supplier/lines.php @@ -59,7 +59,7 @@ $search_tvaintra = GETPOST('search_tvaintra', 'alpha'); // Load variable for pagination $limit = GETPOST('limit', 'int')?GETPOST('limit', 'int'):(empty($conf->global->ACCOUNTING_LIMIT_LIST_VENTILATION)?$conf->liste_limit:$conf->global->ACCOUNTING_LIMIT_LIST_VENTILATION); $sortfield = GETPOST('sortfield', 'alpha'); -$sortorder = GETPOST('sortorder', 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOST('page', 'int'); if (empty($page) || $page < 0) $page = 0; $offset = $limit * $page; diff --git a/htdocs/accountancy/supplier/list.php b/htdocs/accountancy/supplier/list.php index 879b708d32e..dac359338da 100644 --- a/htdocs/accountancy/supplier/list.php +++ b/htdocs/accountancy/supplier/list.php @@ -68,7 +68,7 @@ $btn_ventil = GETPOST('ventil', 'alpha'); // Load variable for pagination $limit = GETPOST('limit', 'int')?GETPOST('limit', 'int'):(empty($conf->global->ACCOUNTING_LIMIT_LIST_VENTILATION)?$conf->liste_limit:$conf->global->ACCOUNTING_LIMIT_LIST_VENTILATION); $sortfield = GETPOST('sortfield', 'alpha'); -$sortorder = GETPOST('sortorder', 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOST('page', 'int'); if (empty($page) || $page < 0) { $page = 0; } $offset = $limit * $page; diff --git a/htdocs/adherents/admin/adherent.php b/htdocs/adherents/admin/adherent.php index b62820054b7..8af24c54b6a 100644 --- a/htdocs/adherents/admin/adherent.php +++ b/htdocs/adherents/admin/adherent.php @@ -41,7 +41,7 @@ if (! $user->admin) accessforbidden(); $type=array('yesno','texte','chaine'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); /* diff --git a/htdocs/adherents/admin/adherent_emails.php b/htdocs/adherents/admin/adherent_emails.php index 3f901539380..54b283bda9a 100644 --- a/htdocs/adherents/admin/adherent_emails.php +++ b/htdocs/adherents/admin/adherent_emails.php @@ -41,7 +41,7 @@ if (! $user->admin) accessforbidden(); $oldtypetonewone=array('texte'=>'text','chaine'=>'string'); // old type to new ones -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $error = 0; diff --git a/htdocs/adherents/subscription.php b/htdocs/adherents/subscription.php index 006edce6319..ad63c4a05b7 100644 --- a/htdocs/adherents/subscription.php +++ b/htdocs/adherents/subscription.php @@ -48,7 +48,7 @@ $typeid=GETPOST('typeid', 'int'); // Load variable for pagination $limit = GETPOST('limit', 'int')?GETPOST('limit', 'int'):$conf->liste_limit; $sortfield = GETPOST('sortfield', 'alpha'); -$sortorder = GETPOST('sortorder', 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOST('page', 'int'); if (empty($page) || $page == -1) { $page = 0; } // If $page is not defined, or '' or -1 $offset = $limit * $page; diff --git a/htdocs/adherents/subscription/list.php b/htdocs/adherents/subscription/list.php index 512f3935177..c02f9c62054 100644 --- a/htdocs/adherents/subscription/list.php +++ b/htdocs/adherents/subscription/list.php @@ -52,7 +52,7 @@ $date_select=GETPOST("date_select", 'alpha'); $limit = GETPOST('limit', 'int')?GETPOST('limit', 'int'):$conf->liste_limit; $sortfield = GETPOST("sortfield", 'alpha'); -$sortorder = GETPOST("sortorder", 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOST("page", 'int'); if (empty($page) || $page == -1) { $page = 0; } // If $page is not defined, or '' or -1 $offset = $limit * $page ; diff --git a/htdocs/adherents/type.php b/htdocs/adherents/type.php index f41275a4c71..83fa99ff932 100644 --- a/htdocs/adherents/type.php +++ b/htdocs/adherents/type.php @@ -36,7 +36,7 @@ require_once DOL_DOCUMENT_ROOT.'/core/class/extrafields.class.php'; $langs->load("members"); $rowid = GETPOST('rowid', 'int'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $cancel = GETPOST('cancel', 'alpha'); $backtopage = GETPOST('backtopage', 'alpha'); diff --git a/htdocs/adherents/type_ldap.php b/htdocs/adherents/type_ldap.php index 6fe29379b58..413a797ebf5 100644 --- a/htdocs/adherents/type_ldap.php +++ b/htdocs/adherents/type_ldap.php @@ -33,7 +33,7 @@ require_once DOL_DOCUMENT_ROOT.'/core/lib/ldap.lib.php'; $langs->loadLangs(array("admin","members","ldap")); $id = GETPOST('rowid', 'int'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); // Security check $result=restrictedArea($user, 'adherent', $id, 'adherent_type'); diff --git a/htdocs/admin/agenda.php b/htdocs/admin/agenda.php index 4c5c02d0b3d..654bee4a889 100644 --- a/htdocs/admin/agenda.php +++ b/htdocs/admin/agenda.php @@ -34,7 +34,7 @@ if (!$user->admin) // Load translation files required by the page $langs->loadLangs(array('admin', 'other', 'agenda')); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $cancel = GETPOST('cancel', 'alpha'); $search_event = GETPOST('search_event', 'alpha'); diff --git a/htdocs/admin/agenda_other.php b/htdocs/admin/agenda_other.php index ce9db532f21..c7d1d03f877 100644 --- a/htdocs/admin/agenda_other.php +++ b/htdocs/admin/agenda_other.php @@ -37,7 +37,7 @@ if (!$user->admin) // Load translation files required by the page $langs->loadLangs(array('admin', 'other', 'agenda', 'users')); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $value = GETPOST('value', 'alpha'); $param = GETPOST('param', 'alpha'); $cancel = GETPOST('cancel', 'alpha'); diff --git a/htdocs/admin/agenda_reminder.php b/htdocs/admin/agenda_reminder.php index 3af179ba2e7..25d7d8dc4fe 100644 --- a/htdocs/admin/agenda_reminder.php +++ b/htdocs/admin/agenda_reminder.php @@ -32,7 +32,7 @@ if (!$user->admin) // Load translation files required by the page $langs->loadLangs(array("admin","other","agenda")); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $value = GETPOST('value', 'alpha'); $param = GETPOST('param', 'alpha'); $cancel = GETPOST('cancel', 'alpha'); diff --git a/htdocs/admin/bank.php b/htdocs/admin/bank.php index 2a0a66fe269..fad285934f9 100644 --- a/htdocs/admin/bank.php +++ b/htdocs/admin/bank.php @@ -37,7 +37,7 @@ $langs->loadLangs(array("admin","companies","bills","other","banks")); if (!$user->admin) accessforbidden(); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $value = GETPOST('value', 'alpha'); $label = GETPOST('label', 'alpha'); $scandir = GETPOST('scan_dir', 'alpha'); diff --git a/htdocs/admin/barcode.php b/htdocs/admin/barcode.php index 993af489989..9968d173b25 100644 --- a/htdocs/admin/barcode.php +++ b/htdocs/admin/barcode.php @@ -33,7 +33,7 @@ $langs->load("admin"); if (!$user->admin) accessforbidden(); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); /* diff --git a/htdocs/admin/bom.php b/htdocs/admin/bom.php index b6e62973cf7..2e84e67a867 100644 --- a/htdocs/admin/bom.php +++ b/htdocs/admin/bom.php @@ -32,7 +32,7 @@ $langs->loadLangs(array('admin', 'errors', 'mrp', 'other')); if (! $user->admin) accessforbidden(); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $value = GETPOST('value', 'alpha'); $label = GETPOST('label', 'alpha'); $scandir = GETPOST('scan_dir', 'alpha'); diff --git a/htdocs/admin/boxes.php b/htdocs/admin/boxes.php index 70672f9b6fb..f3f8ef85746 100644 --- a/htdocs/admin/boxes.php +++ b/htdocs/admin/boxes.php @@ -34,7 +34,7 @@ $langs->loadLangs(array('admin', 'boxes')); if (! $user->admin) accessforbidden(); $rowid = GETPOST('rowid', 'int'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); // Define possible position of boxes diff --git a/htdocs/admin/chequereceipts.php b/htdocs/admin/chequereceipts.php index efc192e6de1..53212de35c4 100644 --- a/htdocs/admin/chequereceipts.php +++ b/htdocs/admin/chequereceipts.php @@ -37,7 +37,7 @@ $langs->loadLangs(array("admin","companies","bills","other","banks")); if (!$user->admin) accessforbidden(); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $value = GETPOST('value', 'alpha'); diff --git a/htdocs/admin/commande.php b/htdocs/admin/commande.php index 455175220a8..447967d42da 100644 --- a/htdocs/admin/commande.php +++ b/htdocs/admin/commande.php @@ -41,7 +41,7 @@ $langs->loadLangs(array('admin', 'errors', 'orders', 'other')); if (! $user->admin) accessforbidden(); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $value = GETPOST('value', 'alpha'); $label = GETPOST('label', 'alpha'); $scandir = GETPOST('scan_dir', 'alpha'); diff --git a/htdocs/admin/compta.php b/htdocs/admin/compta.php index 5bbfd15a0c4..02621d82b91 100644 --- a/htdocs/admin/compta.php +++ b/htdocs/admin/compta.php @@ -35,7 +35,7 @@ $langs->loadLangs(array('admin', 'compta', 'accountancy')); if (!$user->admin) accessforbidden(); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); // Other parameters ACCOUNTING_* $list = array( diff --git a/htdocs/admin/contract.php b/htdocs/admin/contract.php index 63597eaa22b..f24fc54339e 100644 --- a/htdocs/admin/contract.php +++ b/htdocs/admin/contract.php @@ -33,7 +33,7 @@ $langs->loadLangs(array("admin","errors","contracts")); if (!$user->admin) accessforbidden(); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $value = GETPOST('value', 'alpha'); $label = GETPOST('label', 'alpha'); $scandir = GETPOST('scan_dir', 'alpha'); diff --git a/htdocs/admin/dav.php b/htdocs/admin/dav.php index 6ac210c1ddb..0c6b8132e8d 100644 --- a/htdocs/admin/dav.php +++ b/htdocs/admin/dav.php @@ -32,7 +32,7 @@ if (!$user->admin) accessforbidden(); // Parameters -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $backtopage = GETPOST('backtopage', 'alpha'); $arrayofparameters=array( diff --git a/htdocs/admin/emailcollector_list.php b/htdocs/admin/emailcollector_list.php index 14cb63cd923..cec326b799a 100644 --- a/htdocs/admin/emailcollector_list.php +++ b/htdocs/admin/emailcollector_list.php @@ -52,7 +52,7 @@ $id = GETPOST('id', 'int'); // Load variable for pagination $limit = GETPOST('limit', 'int')?GETPOST('limit', 'int'):$conf->liste_limit; $sortfield = GETPOST('sortfield', 'alpha'); -$sortorder = GETPOST('sortorder', 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOST('page', 'int'); if (empty($page) || $page == -1 || GETPOST('button_search', 'alpha') || GETPOST('button_removefilter', 'alpha') || (empty($toselect) && $massaction === '0')) { $page = 0; } // If $page is not defined, or '' or -1 or if we click on clear filters or if we select empty mass action $offset = $limit * $page; diff --git a/htdocs/admin/expensereport.php b/htdocs/admin/expensereport.php index da77c0e78d3..2746b3d4969 100644 --- a/htdocs/admin/expensereport.php +++ b/htdocs/admin/expensereport.php @@ -39,7 +39,7 @@ $langs->loadLangs(array('admin', 'errors', 'trips', 'other')); if (! $user->admin) accessforbidden(); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $value = GETPOST('value', 'alpha'); $label = GETPOST('label', 'alpha'); $scandir = GETPOST('scan_dir', 'alpha'); diff --git a/htdocs/admin/expensereport_ik.php b/htdocs/admin/expensereport_ik.php index e79e7888f69..63df71df21c 100644 --- a/htdocs/admin/expensereport_ik.php +++ b/htdocs/admin/expensereport_ik.php @@ -39,7 +39,7 @@ if (!$user->admin) accessforbidden(); $error = false; $message = false; -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $id = GETPOST('id', 'int'); $offset = GETPOST('offset', 'int'); $coef = GETPOST('coef', 'int'); diff --git a/htdocs/admin/expensereport_rules.php b/htdocs/admin/expensereport_rules.php index 835a4b2b824..c6b4da2b678 100644 --- a/htdocs/admin/expensereport_rules.php +++ b/htdocs/admin/expensereport_rules.php @@ -40,7 +40,7 @@ if (!$user->admin) accessforbidden(); $error = false; $message = false; -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $id = GETPOST('id', 'int'); $apply_to = GETPOST('apply_to'); diff --git a/htdocs/admin/facture.php b/htdocs/admin/facture.php index e21dc942284..7520ab45ebc 100644 --- a/htdocs/admin/facture.php +++ b/htdocs/admin/facture.php @@ -38,7 +38,7 @@ $langs->loadLangs(array('admin', 'errors', 'other', 'bills')); if (! $user->admin) accessforbidden(); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $value = GETPOST('value', 'alpha'); $label = GETPOST('label', 'alpha'); $scandir = GETPOST('scan_dir', 'alpha'); diff --git a/htdocs/admin/fckeditor.php b/htdocs/admin/fckeditor.php index 6c7cc5a7f66..b18ac702d70 100644 --- a/htdocs/admin/fckeditor.php +++ b/htdocs/admin/fckeditor.php @@ -31,7 +31,7 @@ require_once DOL_DOCUMENT_ROOT.'/core/class/doleditor.class.php'; // Load translation files required by the page $langs->loadLangs(array('admin', 'fckeditor')); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); // Possible modes are: // dolibarr_details // dolibarr_notes diff --git a/htdocs/admin/fichinter.php b/htdocs/admin/fichinter.php index 27f105435d5..c52c16e4c28 100644 --- a/htdocs/admin/fichinter.php +++ b/htdocs/admin/fichinter.php @@ -39,7 +39,7 @@ $langs->loadLangs(array('admin', 'errors', 'interventions', 'other')); if (! $user->admin) accessforbidden(); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $value = GETPOST('value', 'alpha'); $label = GETPOST('label', 'alpha'); $scandir = GETPOST('scan_dir', 'alpha'); diff --git a/htdocs/admin/holiday.php b/htdocs/admin/holiday.php index 27dddf8668a..40010b3b420 100644 --- a/htdocs/admin/holiday.php +++ b/htdocs/admin/holiday.php @@ -35,7 +35,7 @@ $langs->loadLangs(array("admin", "errors", "holiday")); if (!$user->admin) accessforbidden(); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $value = GETPOST('value', 'alpha'); $label = GETPOST('label', 'alpha'); $scandir = GETPOST('scan_dir', 'alpha'); diff --git a/htdocs/admin/limits.php b/htdocs/admin/limits.php index a43f86d0e28..fe86728e237 100644 --- a/htdocs/admin/limits.php +++ b/htdocs/admin/limits.php @@ -31,7 +31,7 @@ $langs->loadLangs(array('companies', 'products', 'admin')); if (! $user->admin) accessforbidden(); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); if ($action == 'update') { diff --git a/htdocs/admin/loan.php b/htdocs/admin/loan.php index 56d80c2e7d7..28643c497af 100644 --- a/htdocs/admin/loan.php +++ b/htdocs/admin/loan.php @@ -35,7 +35,7 @@ $langs->loadLangs(array('admin', 'loan')); if (!$user->admin) accessforbidden(); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); // Other parameters LOAN_* $list = array ( diff --git a/htdocs/admin/mailing.php b/htdocs/admin/mailing.php index d10e0e9a497..b83aef64b78 100644 --- a/htdocs/admin/mailing.php +++ b/htdocs/admin/mailing.php @@ -32,7 +32,7 @@ $langs->loadLangs(array("admin", "mails")); if (!$user->admin) accessforbidden(); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); diff --git a/htdocs/admin/mails_senderprofile_list.php b/htdocs/admin/mails_senderprofile_list.php index 931d1168238..85e1ac63434 100644 --- a/htdocs/admin/mails_senderprofile_list.php +++ b/htdocs/admin/mails_senderprofile_list.php @@ -47,7 +47,7 @@ $id = GETPOST('id', 'int'); // Load variable for pagination $limit = GETPOST('limit', 'int')?GETPOST('limit', 'int'):$conf->liste_limit; $sortfield = GETPOST('sortfield', 'alpha'); -$sortorder = GETPOST('sortorder', 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOST('page', 'int'); if (empty($page) || $page == -1) { $page = 0; } // If $page is not defined, or '' or -1 $offset = $limit * $page; diff --git a/htdocs/admin/menus/edit.php b/htdocs/admin/menus/edit.php index cf42f294d03..6fbc3e4144a 100644 --- a/htdocs/admin/menus/edit.php +++ b/htdocs/admin/menus/edit.php @@ -31,6 +31,8 @@ require_once DOL_DOCUMENT_ROOT.'/core/class/menubase.class.php'; // Load translation files required by the page $langs->loadLangs(array("other","admin")); +$cancel = GETPOST('cancel', 'alphanohtml'); // We click on a Cancel button + if (! $user->admin) accessforbidden(); $dirstandard = array(); @@ -64,46 +66,46 @@ if (GETPOST("menu_handler")) $menu_handler=GETPOST("menu_handler"); if ($action == 'update') { - if (! $_POST['cancel']) - { - $leftmenu=''; $mainmenu=''; - if (! empty($_POST['menuIdParent']) && ! is_numeric($_POST['menuIdParent'])) - { - $tmp=explode('&', $_POST['menuIdParent']); - foreach($tmp as $s) - { - if (preg_match('/fk_mainmenu=/', $s)) - { - $mainmenu=preg_replace('/fk_mainmenu=/', '', $s); - } - if (preg_match('/fk_leftmenu=/', $s)) - { - $leftmenu=preg_replace('/fk_leftmenu=/', '', $s); - } - } - } + if (!$cancel) + { + $leftmenu=''; $mainmenu=''; + if (GETPOST('menuIdParent', 'alphanohtml') && !is_numeric(GETPOST('menuIdParent', 'alphanohtml'))) + { + $tmp=explode('&', GETPOST('menuIdParent', 'alphanohtml')); + foreach ($tmp as $s) + { + if (preg_match('/fk_mainmenu=/', $s)) + { + $mainmenu=preg_replace('/fk_mainmenu=/', '', $s); + } + if (preg_match('/fk_leftmenu=/', $s)) + { + $leftmenu=preg_replace('/fk_leftmenu=/', '', $s); + } + } + } $menu = new Menubase($db); $result=$menu->fetch(GETPOST('menuId', 'int')); if ($result > 0) { - $menu->titre=GETPOST('titre', 'alpha'); + $menu->titre=GETPOST('titre', 'alphanohtml'); $menu->leftmenu=GETPOST('leftmenu', 'aZ09'); - $menu->url=GETPOST('url', 'alpha'); - $menu->langs=GETPOST('langs', 'alpha'); + $menu->url=GETPOST('url', 'alphanohtml'); + $menu->langs=GETPOST('langs', 'alphanohtml'); $menu->position=GETPOST('position', 'int'); - $menu->enabled=GETPOST('enabled', 'alpha'); - $menu->perms=GETPOST('perms', 'alpha'); - $menu->target=GETPOST('target', 'alpha'); - $menu->user=GETPOST('user', 'alpha'); - $menu->mainmenu=GETPOST('propertymainmenu', 'alpha'); - if (is_numeric(GETPOST('menuIdParent', 'alpha'))) + $menu->enabled=GETPOST('enabled', 'alphanohtml'); + $menu->perms=GETPOST('perms', 'alphanohtml'); + $menu->target=GETPOST('target', 'alphanohtml'); + $menu->user=GETPOST('user', 'alphanohtml'); + $menu->mainmenu=GETPOST('propertymainmenu', 'alphanohtml'); + if (is_numeric(GETPOST('menuIdParent', 'alphanohtml'))) { - $menu->fk_menu=GETPOST('menuIdParent', 'alpha'); + $menu->fk_menu=GETPOST('menuIdParent', 'alphanohtml'); } else { - if (GETPOST('type', 'alpha') == 'top') $menu->fk_menu=0; + if (GETPOST('type', 'alphanohtml') == 'top') $menu->fk_menu=0; else $menu->fk_menu=-1; $menu->fk_mainmenu=$mainmenu; $menu->fk_leftmenu=$leftmenu; @@ -144,9 +146,9 @@ if ($action == 'add') } $leftmenu=''; $mainmenu=''; - if (GETPOST('menuId', 'alpha', 3) && ! is_numeric(GETPOST('menuId', 'alpha', 3))) + if (GETPOST('menuId', 'alphanohtml', 3) && ! is_numeric(GETPOST('menuId', 'alphanohtml', 3))) { - $tmp=explode('&', GETPOST('menuId', 'alpha', 3)); + $tmp=explode('&', GETPOST('menuId', 'alphanohtml', 3)); foreach($tmp as $s) { if (preg_match('/fk_mainmenu=/', $s)) @@ -204,23 +206,23 @@ if ($action == 'add') { $menu = new Menubase($db); $menu->menu_handler=preg_replace('/_menu$/', '', GETPOST('menu_handler', 'aZ09')); - $menu->type=GETPOST('type', 'alpha'); - $menu->titre=GETPOST('titre', 'alpha'); - $menu->url=GETPOST('url', 'alpha'); - $menu->langs=GETPOST('langs', 'alpha'); + $menu->type=GETPOST('type', 'alphanohtml'); + $menu->titre=GETPOST('titre', 'alphanohtml'); + $menu->url=GETPOST('url', 'alphanohtml'); + $menu->langs=GETPOST('langs', 'alphanohtml'); $menu->position=GETPOST('position', 'int'); - $menu->enabled=GETPOST('enabled', 'alpha'); - $menu->perms=GETPOST('perms', 'alpha'); - $menu->target=GETPOST('target', 'alpha'); - $menu->user=GETPOST('user', 'alpha'); - $menu->mainmenu=GETPOST('propertymainmenu', 'alpha'); - if (is_numeric(GETPOST('menuId', 'alpha', 3))) + $menu->enabled=GETPOST('enabled', 'alphanohtml'); + $menu->perms=GETPOST('perms', 'alphanohtml'); + $menu->target=GETPOST('target', 'alphanohtml'); + $menu->user=GETPOST('user', 'alphanohtml'); + $menu->mainmenu=GETPOST('propertymainmenu', 'alphanohtml'); + if (is_numeric(GETPOST('menuId', 'alphanohtml', 3))) { - $menu->fk_menu=GETPOST('menuId', 'alpha', 3); + $menu->fk_menu=GETPOST('menuId', 'alphanohtml', 3); } else { - if (GETPOST('type', 'alpha') == 'top') $menu->fk_menu=0; + if (GETPOST('type', 'alphanohtml') == 'top') $menu->fk_menu=0; else $menu->fk_menu=-1; $menu->fk_mainmenu=$mainmenu; $menu->fk_leftmenu=$leftmenu; @@ -368,7 +370,7 @@ if ($action == 'create') // Mainmenu code print ''.$langs->trans('MainMenuCode').''; - print ''; + print ''; print ''; print $langs->trans("Example").': mytopmenukey'; print ''; @@ -381,23 +383,23 @@ if ($action == 'create') } else { - print ''; + print ''; } print ''.$langs->trans('DetailMenuIdParent'); print ', '.$langs->trans("Example").': fk_mainmenu=abc&fk_leftmenu=def'; print ''; // Title - print ''.$langs->trans('Title').''.$langs->trans('DetailTitre').''; + print ''.$langs->trans('Title').''.$langs->trans('DetailTitre').''; // URL - print ''.$langs->trans('URL').''.$langs->trans('DetailUrl').''; + print ''.$langs->trans('URL').''.$langs->trans('DetailUrl').''; // Langs print ''.$langs->trans('LangFile').''.$langs->trans('DetailLangs').''; // Position - print ''.$langs->trans('Position').''.$langs->trans('DetailPosition').''; + print ''.$langs->trans('Position').''.$langs->trans('DetailPosition').''; // Target print ''.$langs->trans('Target').''.$langs->trans('DetailTarget').''; // Enabled - print ''.$langs->trans('Enabled').''.$langs->trans('DetailEnabled').''; + print ''.$langs->trans('Enabled').''.$langs->trans('DetailEnabled').''; // Perms - print ''.$langs->trans('Rights').''.$langs->trans('DetailRight').''; + print ''.$langs->trans('Rights').''.$langs->trans('DetailRight').''; print ''; @@ -472,7 +474,7 @@ elseif ($action == 'edit') } else {*/ - print 'mainmenu).'">'; + print 'mainmenu).'">'; //} print ''; print $langs->trans("Example").': mytopmenukey'; diff --git a/htdocs/admin/multicurrency.php b/htdocs/admin/multicurrency.php index 206c251309e..83880392e0a 100644 --- a/htdocs/admin/multicurrency.php +++ b/htdocs/admin/multicurrency.php @@ -38,7 +38,7 @@ if (! $user->admin) { } // Parameters -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); /* diff --git a/htdocs/admin/oauth.php b/htdocs/admin/oauth.php index 0f7206a5d73..9652af8e72f 100644 --- a/htdocs/admin/oauth.php +++ b/htdocs/admin/oauth.php @@ -40,7 +40,7 @@ $langs->loadLangs(array('admin', 'oauth')); if (!$user->admin) accessforbidden(); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); /* diff --git a/htdocs/admin/oauthlogintokens.php b/htdocs/admin/oauthlogintokens.php index e284d4b4834..d603d28a927 100644 --- a/htdocs/admin/oauthlogintokens.php +++ b/htdocs/admin/oauthlogintokens.php @@ -33,7 +33,7 @@ $langs->loadLangs(array('admin', 'printing', 'oauth')); if (! $user->admin) accessforbidden(); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $mode = GETPOST('mode', 'alpha'); $value = GETPOST('value', 'alpha'); $varname = GETPOST('varname', 'alpha'); diff --git a/htdocs/admin/payment.php b/htdocs/admin/payment.php index 4e80fe55e25..c8b57e4d75a 100644 --- a/htdocs/admin/payment.php +++ b/htdocs/admin/payment.php @@ -31,7 +31,7 @@ $langs->loadLangs(array("admin", "other", "errors", "bills")); if (! $user->admin) accessforbidden(); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $value = GETPOST('value', 'alpha'); $label = GETPOST('label', 'alpha'); $scandir = GETPOST('scan_dir', 'alpha'); diff --git a/htdocs/admin/pdf.php b/htdocs/admin/pdf.php index 56c6f977827..bc8c4a8d01c 100644 --- a/htdocs/admin/pdf.php +++ b/htdocs/admin/pdf.php @@ -37,7 +37,7 @@ $langs->loadLangs(array('admin', 'languages', 'other', 'companies', 'products', if (! $user->admin) accessforbidden(); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $cancel = GETPOST('cancel', 'alpha'); diff --git a/htdocs/admin/prelevement.php b/htdocs/admin/prelevement.php index 144ec744d41..196d1101cfe 100644 --- a/htdocs/admin/prelevement.php +++ b/htdocs/admin/prelevement.php @@ -36,7 +36,7 @@ $langs->loadLangs(array("admin","withdrawals")); // Security check if (!$user->admin) accessforbidden(); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $type = 'paymentorder'; diff --git a/htdocs/admin/propal.php b/htdocs/admin/propal.php index 843de325e73..fc48136ab82 100644 --- a/htdocs/admin/propal.php +++ b/htdocs/admin/propal.php @@ -39,7 +39,7 @@ $langs->loadLangs(array("admin", "other", "errors", "propal")); if (! $user->admin) accessforbidden(); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $value = GETPOST('value', 'alpha'); $label = GETPOST('label', 'alpha'); $scandir = GETPOST('scan_dir', 'alpha'); diff --git a/htdocs/admin/receiptprinter.php b/htdocs/admin/receiptprinter.php index f532db76ce4..ded514650db 100644 --- a/htdocs/admin/receiptprinter.php +++ b/htdocs/admin/receiptprinter.php @@ -35,7 +35,7 @@ $langs->loadLangs(array("admin","receiptprinter")); if (! $user->admin) accessforbidden(); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $mode = GETPOST('mode', 'alpha'); $printername = GETPOST('printername', 'alpha'); diff --git a/htdocs/admin/resource.php b/htdocs/admin/resource.php index a5a0b5fbf3f..7d571d2ba7d 100644 --- a/htdocs/admin/resource.php +++ b/htdocs/admin/resource.php @@ -37,7 +37,7 @@ $langs->loadLangs(array("admin","resource")); if (!$user->admin) accessforbidden(); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); /* diff --git a/htdocs/admin/salaries.php b/htdocs/admin/salaries.php index 324ae1b0a17..82db4ce3b1a 100644 --- a/htdocs/admin/salaries.php +++ b/htdocs/admin/salaries.php @@ -35,7 +35,7 @@ $langs->loadLangs(array('admin', 'salaries')); if (!$user->admin) accessforbidden(); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); // Other parameters SALARIES_* $list = array ( diff --git a/htdocs/admin/stock.php b/htdocs/admin/stock.php index 83834aa5861..10f1e23c578 100644 --- a/htdocs/admin/stock.php +++ b/htdocs/admin/stock.php @@ -34,7 +34,7 @@ $langs->loadLangs(array("admin", "stocks")); // Securit check if (!$user->admin) accessforbidden(); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); /* diff --git a/htdocs/admin/supplier_payment.php b/htdocs/admin/supplier_payment.php index 49af65bd786..e5327a5c209 100644 --- a/htdocs/admin/supplier_payment.php +++ b/htdocs/admin/supplier_payment.php @@ -32,7 +32,7 @@ $langs->loadLangs(array("admin", "errors", "other", "bills", "orders")); if (! $user->admin) accessforbidden(); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $value = GETPOST('value', 'alpha'); $label = GETPOST('label', 'alpha'); $scandir = GETPOST('scan_dir', 'alpha'); diff --git a/htdocs/admin/supplier_proposal.php b/htdocs/admin/supplier_proposal.php index e627068b692..c6d476b1a5b 100644 --- a/htdocs/admin/supplier_proposal.php +++ b/htdocs/admin/supplier_proposal.php @@ -34,7 +34,7 @@ $langs->loadLangs(array("admin", "errors", "other", "supplier_proposal")); if (! $user->admin) accessforbidden(); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $value = GETPOST('value', 'alpha'); $label = GETPOST('label', 'alpha'); $scandir = GETPOST('scan_dir', 'alpha'); diff --git a/htdocs/admin/taxes.php b/htdocs/admin/taxes.php index 113b0029fdd..e527aff3dde 100644 --- a/htdocs/admin/taxes.php +++ b/htdocs/admin/taxes.php @@ -34,7 +34,7 @@ $langs->loadLangs(array('admin', 'objects', 'companies', 'products')); if (!$user->admin) accessforbidden(); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); diff --git a/htdocs/admin/ticket.php b/htdocs/admin/ticket.php index 31e2d8f219a..364b8fd1f96 100644 --- a/htdocs/admin/ticket.php +++ b/htdocs/admin/ticket.php @@ -37,7 +37,7 @@ if (!$user->admin) { // Parameters $value = GETPOST('value', 'alpha'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $label = GETPOST('label', 'alpha'); $scandir = GETPOST('scandir', 'alpha'); $type = 'ticket'; diff --git a/htdocs/admin/ticket_extrafields.php b/htdocs/admin/ticket_extrafields.php index 3c65fcf693e..f2c92db872f 100644 --- a/htdocs/admin/ticket_extrafields.php +++ b/htdocs/admin/ticket_extrafields.php @@ -39,7 +39,7 @@ foreach ($tmptype2label as $key => $val) { $type2label[$key] = $langs->trans($val); } -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $attrname = GETPOST('attrname', 'alpha'); $elementtype = 'ticket'; //Must be the $table_element of the class that manage extrafield diff --git a/htdocs/admin/ticket_public.php b/htdocs/admin/ticket_public.php index ec36d3f873d..4409b1fc4a6 100644 --- a/htdocs/admin/ticket_public.php +++ b/htdocs/admin/ticket_public.php @@ -37,7 +37,7 @@ if (!$user->admin) { // Parameters $value = GETPOST('value', 'alpha'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $label = GETPOST('label', 'alpha'); $scandir = GETPOST('scandir', 'alpha'); $type = 'ticket'; diff --git a/htdocs/admin/tools/dolibarr_export.php b/htdocs/admin/tools/dolibarr_export.php index ee8594e6bf8..a7578a10aae 100644 --- a/htdocs/admin/tools/dolibarr_export.php +++ b/htdocs/admin/tools/dolibarr_export.php @@ -32,7 +32,7 @@ $langs->load("admin"); $action=GETPOST('action', 'alpha'); $sortfield = GETPOST('sortfield', 'alpha'); -$sortorder = GETPOST('sortorder', 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOST('page', 'int'); if (! $sortorder) $sortorder="DESC"; if (! $sortfield) $sortfield="date"; diff --git a/htdocs/admin/tools/export.php b/htdocs/admin/tools/export.php index 16f9c38602a..29d86e873cd 100644 --- a/htdocs/admin/tools/export.php +++ b/htdocs/admin/tools/export.php @@ -38,7 +38,7 @@ $file=GETPOST('filename_template', 'alpha'); // Load variable for pagination $limit = GETPOST('limit', 'int')?GETPOST('limit', 'int'):$conf->liste_limit; $sortfield = GETPOST('sortfield', 'alpha'); -$sortorder = GETPOST('sortorder', 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOST("page", 'int'); if (empty($page) || $page == -1 || GETPOST('button_search', 'alpha') || GETPOST('button_removefilter', 'alpha') || (empty($toselect) && $massaction === '0')) { $page = 0; } // If $page is not defined, or '' or -1 or if we click on clear filters or if we select empty mass action $offset = $limit * $page; diff --git a/htdocs/admin/tools/export_files.php b/htdocs/admin/tools/export_files.php index e3be54458c0..371c49ff3d7 100644 --- a/htdocs/admin/tools/export_files.php +++ b/htdocs/admin/tools/export_files.php @@ -39,7 +39,7 @@ $compression = GETPOST('compression'); $file = dol_sanitizeFileName($file); $sortfield = GETPOST('sortfield', 'alpha'); -$sortorder = GETPOST('sortorder', 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOST("page", 'int'); if (! $sortorder) $sortorder="DESC"; if (! $sortfield) $sortfield="date"; diff --git a/htdocs/admin/tools/listevents.php b/htdocs/admin/tools/listevents.php index 39699d4240b..2cbfeb4e52f 100644 --- a/htdocs/admin/tools/listevents.php +++ b/htdocs/admin/tools/listevents.php @@ -47,7 +47,7 @@ $langs->loadLangs(array("companies","admin","users","other")); // Load variable for pagination $limit = GETPOST('limit', 'int')?GETPOST('limit', 'int'):$conf->liste_limit; $sortfield = GETPOST('sortfield', 'alpha'); -$sortorder = GETPOST('sortorder', 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOST('page', 'int'); if (empty($page) || $page == -1) { $page = 0; } // If $page is not defined, or '' or -1 $offset = $limit * $page; diff --git a/htdocs/admin/tools/listsessions.php b/htdocs/admin/tools/listsessions.php index 08890379955..d2ddf6b9fae 100644 --- a/htdocs/admin/tools/listsessions.php +++ b/htdocs/admin/tools/listsessions.php @@ -42,7 +42,7 @@ if ($user->societe_id > 0) } $sortfield = GETPOST("sortfield", 'alpha'); -$sortorder = GETPOST("sortorder", 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOST("page", 'int'); if (empty($page) || $page == -1) { $page = 0; } // If $page is not defined, or '' or -1 $offset = $conf->liste_limit * $page ; diff --git a/htdocs/admin/user.php b/htdocs/admin/user.php index f73c3d4ecf3..1f9e72e1f5d 100644 --- a/htdocs/admin/user.php +++ b/htdocs/admin/user.php @@ -38,7 +38,7 @@ if (! $user->admin) accessforbidden(); $extrafields = new ExtraFields($db); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $backtopage = GETPOST('backtopage', 'alpha'); $value = GETPOST('value', 'alpha'); diff --git a/htdocs/admin/usergroup.php b/htdocs/admin/usergroup.php index db57fa9730a..78d9e739766 100644 --- a/htdocs/admin/usergroup.php +++ b/htdocs/admin/usergroup.php @@ -39,7 +39,7 @@ if (! $user->admin) accessforbidden(); $extrafields = new ExtraFields($db); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $value = GETPOST('value', 'alpha'); $type='group'; diff --git a/htdocs/admin/website.php b/htdocs/admin/website.php index 5096563ad76..0d366d3441a 100644 --- a/htdocs/admin/website.php +++ b/htdocs/admin/website.php @@ -54,7 +54,7 @@ $status = 1; // Load variable for pagination $limit = GETPOST('limit', 'int')?GETPOST('limit', 'int'):$conf->liste_limit; $sortfield = GETPOST('sortfield', 'alpha'); -$sortorder = GETPOST('sortorder', 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOST('page', 'int'); if (empty($page) || $page == -1) { $page = 0; } // If $page is not defined, or '' or -1 $offset = $limit * $page; diff --git a/htdocs/admin/website_options.php b/htdocs/admin/website_options.php index 35b34f1b9da..0274608340a 100644 --- a/htdocs/admin/website_options.php +++ b/htdocs/admin/website_options.php @@ -47,7 +47,7 @@ $status = 1; // Load variable for pagination $limit = GETPOST('limit', 'int')?GETPOST('limit', 'int'):$conf->liste_limit; $sortfield = GETPOST('sortfield', 'alpha'); -$sortorder = GETPOST('sortorder', 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOST('page', 'int'); if (empty($page) || $page == -1) { $page = 0; } // If $page is not defined, or '' or -1 $offset = $limit * $page; diff --git a/htdocs/admin/workflow.php b/htdocs/admin/workflow.php index 806f53c463c..4dcfb81f8bc 100644 --- a/htdocs/admin/workflow.php +++ b/htdocs/admin/workflow.php @@ -32,7 +32,7 @@ $langs->loadLangs(array("admin","workflow","propal","workflow","orders","supplie if (! $user->admin) accessforbidden(); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); /* diff --git a/htdocs/asset/admin/setup.php b/htdocs/asset/admin/setup.php index 83ccadc7e1f..08d0f1ef34a 100644 --- a/htdocs/asset/admin/setup.php +++ b/htdocs/asset/admin/setup.php @@ -35,7 +35,7 @@ $langs->loadLangs(array("admin", "assets")); if (! $user->admin) accessforbidden(); // Parameters -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $backtopage = GETPOST('backtopage', 'alpha'); $arrayofparameters=array('FIXEDASSETS_MYPARAM1'=>array('css'=>'minwidth200'), 'FIXEDASSETS_MYPARAM2'=>array('css'=>'minwidth500')); diff --git a/htdocs/asset/list.php b/htdocs/asset/list.php index 7ca92570aa4..8b671edb8c9 100644 --- a/htdocs/asset/list.php +++ b/htdocs/asset/list.php @@ -48,7 +48,7 @@ $id = GETPOST('id', 'int'); // Load variable for pagination $limit = GETPOST('limit', 'int')?GETPOST('limit', 'int'):$conf->liste_limit; $sortfield = GETPOST('sortfield', 'alpha'); -$sortorder = GETPOST('sortorder', 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOST('page', 'int'); if (empty($page) || $page == -1) { $page = 0; } // If $page is not defined, or '' or -1 $offset = $limit * $page; diff --git a/htdocs/asset/type.php b/htdocs/asset/type.php index 303d05b298b..8e3d2d69af7 100644 --- a/htdocs/asset/type.php +++ b/htdocs/asset/type.php @@ -34,7 +34,7 @@ if (! empty($conf->accounting->enabled)) require_once DOL_DOCUMENT_ROOT.'/accoun $langs->load("assets"); $rowid = GETPOST('rowid', 'int'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $cancel = GETPOST('cancel', 'alpha'); $backtopage = GETPOST('backtopage', 'alpha'); diff --git a/htdocs/blockedlog/admin/blockedlog.php b/htdocs/blockedlog/admin/blockedlog.php index 25e983887df..3a5272e8138 100644 --- a/htdocs/blockedlog/admin/blockedlog.php +++ b/htdocs/blockedlog/admin/blockedlog.php @@ -32,7 +32,7 @@ $langs->loadLangs(array("admin","other","blockedlog")); if (! $user->admin || empty($conf->blockedlog->enabled)) accessforbidden(); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $backtopage = GETPOST('backtopage', 'alpha'); diff --git a/htdocs/blockedlog/admin/blockedlog_list.php b/htdocs/blockedlog/admin/blockedlog_list.php index 2a7bee7335f..ffced0491f6 100644 --- a/htdocs/blockedlog/admin/blockedlog_list.php +++ b/htdocs/blockedlog/admin/blockedlog_list.php @@ -35,7 +35,7 @@ $langs->loadLangs(array("admin", "other", "blockedlog", "bills")); if ((! $user->admin && ! $user->rights->blockedlog->read) || empty($conf->blockedlog->enabled)) accessforbidden(); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $contextpage= GETPOST('contextpage', 'aZ')?GETPOST('contextpage', 'aZ'):'blockedloglist'; // To manage different context of search $backtopage = GETPOST('backtopage', 'alpha'); // Go back to a dedicated page $optioncss = GETPOST('optioncss', 'aZ'); // Option for the css output (always '' except when 'print') @@ -57,7 +57,7 @@ if (($search_start == -1 || empty($search_start)) && ! GETPOSTISSET('search_star // Load variable for pagination $limit = GETPOST('limit', 'int')?GETPOST('limit', 'int'):$conf->liste_limit; $sortfield = GETPOST('sortfield', 'alpha'); -$sortorder = GETPOST('sortorder', 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOST('page', 'int'); if (empty($page) || $page == -1) { $page = 0; } // If $page is not defined, or '' or -1 $offset = $limit * $page; diff --git a/htdocs/blockedlog/ajax/block-add.php b/htdocs/blockedlog/ajax/block-add.php index 91d96def177..94dc2c09a6a 100644 --- a/htdocs/blockedlog/ajax/block-add.php +++ b/htdocs/blockedlog/ajax/block-add.php @@ -34,7 +34,7 @@ $res=require '../../main.inc.php'; $id = GETPOST('id', 'int'); $element = GETPOST('element', 'alpha'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); if ($element === 'facture') { require_once DOL_DOCUMENT_ROOT.'/blockedlog/class/blockedlog.class.php'; diff --git a/htdocs/bom/admin/setup.php b/htdocs/bom/admin/setup.php index a484718ac32..7371f14d742 100644 --- a/htdocs/bom/admin/setup.php +++ b/htdocs/bom/admin/setup.php @@ -37,7 +37,7 @@ $langs->loadLangs(array("admin", "mrp")); if (! $user->admin) accessforbidden(); // Parameters -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $backtopage = GETPOST('backtopage', 'alpha'); $arrayofparameters=array( diff --git a/htdocs/bom/bom_list.php b/htdocs/bom/bom_list.php index bbb51211137..9e7d1957047 100644 --- a/htdocs/bom/bom_list.php +++ b/htdocs/bom/bom_list.php @@ -46,7 +46,7 @@ $id = GETPOST('id', 'int'); // Load variable for pagination $limit = GETPOST('limit', 'int')?GETPOST('limit', 'int'):$conf->liste_limit; $sortfield = GETPOST('sortfield', 'alpha'); -$sortorder = GETPOST('sortorder', 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOST('page', 'int'); if (empty($page) || $page == -1 || GETPOST('button_search', 'alpha') || GETPOST('button_removefilter', 'alpha') || (empty($toselect) && $massaction === '0')) { $page = 0; } // If $page is not defined, or '' or -1 or if we click on clear filters or if we select empty mass action $offset = $limit * $page; diff --git a/htdocs/bookmarks/list.php b/htdocs/bookmarks/list.php index 844443244cd..1fdd6e91ca2 100644 --- a/htdocs/bookmarks/list.php +++ b/htdocs/bookmarks/list.php @@ -41,7 +41,7 @@ $optioncss = GETPOST('optioncss', 'alpha'); $limit = GETPOST('limit', 'int')?GETPOST('limit', 'int'):$conf->liste_limit; $sortfield = GETPOST("sortfield", 'alpha'); -$sortorder = GETPOST("sortorder", 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOST("page", 'int'); if (empty($page) || $page == -1) { $page = 0; } // If $page is not defined, or '' or -1 $offset = $limit * $page; diff --git a/htdocs/cashdesk/facturation_verif.php b/htdocs/cashdesk/facturation_verif.php index 6dbbdd4f900..2a314d21447 100644 --- a/htdocs/cashdesk/facturation_verif.php +++ b/htdocs/cashdesk/facturation_verif.php @@ -29,7 +29,7 @@ require_once DOL_DOCUMENT_ROOT.'/cashdesk/class/Facturation.class.php'; require_once DOL_DOCUMENT_ROOT.'/societe/class/societe.class.php'; require_once DOL_DOCUMENT_ROOT.'/product/class/product.class.php'; -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $obj_facturation = unserialize($_SESSION['serObjFacturation']); unset($_SESSION['serObjFacturation']); diff --git a/htdocs/categories/traduction.php b/htdocs/categories/traduction.php index 202d128182f..1124158819e 100644 --- a/htdocs/categories/traduction.php +++ b/htdocs/categories/traduction.php @@ -37,7 +37,7 @@ $langs->loadLangs(array('categories', 'languages')); $id = GETPOST('id', 'int'); $ref = GETPOST('ref', 'alpha'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $cancel = GETPOST('cancel', 'alpha'); $type = GETPOST('type', 'aZ09'); diff --git a/htdocs/comm/action/document.php b/htdocs/comm/action/document.php index 7eec20c3499..87be73ad47a 100644 --- a/htdocs/comm/action/document.php +++ b/htdocs/comm/action/document.php @@ -63,7 +63,7 @@ if ($id > 0) // Get parameters $sortfield = GETPOST("sortfield", 'alpha'); -$sortorder = GETPOST("sortorder", 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOST("page", 'int'); if (empty($page) || $page == -1) { $page = 0; } // If $page is not defined, or '' or -1 $offset = $conf->liste_limit * $page; diff --git a/htdocs/comm/action/index.php b/htdocs/comm/action/index.php index 4ea61e2db38..98081c4b250 100644 --- a/htdocs/comm/action/index.php +++ b/htdocs/comm/action/index.php @@ -57,7 +57,7 @@ if (empty($filtert) && empty($conf->global->AGENDA_ALL_CALENDARS)) } $sortfield = GETPOST("sortfield", 'alpha'); -$sortorder = GETPOST("sortorder", 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOST("page", "int"); if (empty($page) || $page == -1) { $page = 0; } // If $page is not defined, or '' or -1 $limit = GETPOST('limit', 'int')?GETPOST('limit', 'int'):$conf->liste_limit; diff --git a/htdocs/comm/action/peruser.php b/htdocs/comm/action/peruser.php index d4020f4df92..76fff1cc25b 100644 --- a/htdocs/comm/action/peruser.php +++ b/htdocs/comm/action/peruser.php @@ -55,7 +55,7 @@ if (empty($filtert) && empty($conf->global->AGENDA_ALL_CALENDARS)) } $sortfield = GETPOST("sortfield", 'alpha'); -$sortorder = GETPOST("sortorder", 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOST("page", "int"); if (empty($page) || $page == -1) { $page = 0; } // If $page is not defined, or '' or -1 $limit = GETPOST('limit', 'int')?GETPOST('limit', 'int'):$conf->liste_limit; diff --git a/htdocs/comm/action/rapport/index.php b/htdocs/comm/action/rapport/index.php index 565d12b9c70..c1369666666 100644 --- a/htdocs/comm/action/rapport/index.php +++ b/htdocs/comm/action/rapport/index.php @@ -40,7 +40,7 @@ $year=GETPOST('year'); $limit = GETPOST('limit', 'int')?GETPOST('limit', 'int'):$conf->liste_limit; $sortfield = GETPOST("sortfield", 'alpha'); -$sortorder = GETPOST("sortorder", 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOST("page", 'int'); if ($page == -1 || $page == null) { $page = 0 ; } $offset = $limit * $page ; diff --git a/htdocs/comm/card.php b/htdocs/comm/card.php index 37c19525afa..d685d641bd1 100644 --- a/htdocs/comm/card.php +++ b/htdocs/comm/card.php @@ -66,7 +66,7 @@ $action = GETPOST('action', 'aZ09'); $mode = GETPOST("mode"); $sortfield = GETPOST("sortfield", 'alpha'); -$sortorder = GETPOST("sortorder", 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOST("page", 'int'); if (empty($page) || $page == -1) { $page = 0; } // If $page is not defined, or '' or -1 $offset = $conf->liste_limit * $page; diff --git a/htdocs/comm/contact.php b/htdocs/comm/contact.php index 68730bccef1..c386e7e2b5f 100644 --- a/htdocs/comm/contact.php +++ b/htdocs/comm/contact.php @@ -30,7 +30,7 @@ require '../main.inc.php'; $langs->load("companies"); $sortfield=GETPOST('sortfield', 'alpha'); -$sortorder=GETPOST('sortorder', 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page=GETPOST('page', 'int'); if (! $sortorder) $sortorder="ASC"; if (! $sortfield) $sortfield="p.name"; diff --git a/htdocs/comm/mailing/advtargetemailing.php b/htdocs/comm/mailing/advtargetemailing.php index a4bba8f7adc..0aab6d2479b 100644 --- a/htdocs/comm/mailing/advtargetemailing.php +++ b/htdocs/comm/mailing/advtargetemailing.php @@ -47,7 +47,7 @@ if (! $user->rights->mailing->lire || $user->societe_id > 0) // Load variable for pagination $limit = GETPOST('limit', 'int')?GETPOST('limit', 'int'):$conf->liste_limit; $sortfield = GETPOST('sortfield', 'alpha'); -$sortorder = GETPOST('sortorder', 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOST('page', 'int'); if (empty($page) || $page == -1) { $page = 0; } // If $page is not defined, or '' or -1 $offset = $limit * $page; diff --git a/htdocs/comm/mailing/cibles.php b/htdocs/comm/mailing/cibles.php index 06a6dfccc55..85561716e0e 100644 --- a/htdocs/comm/mailing/cibles.php +++ b/htdocs/comm/mailing/cibles.php @@ -42,7 +42,7 @@ if (! $user->rights->mailing->lire || $user->societe_id > 0) accessforbidden(); // Load variable for pagination $limit = GETPOST('limit', 'int')?GETPOST('limit', 'int'):$conf->liste_limit; $sortfield = GETPOST('sortfield', 'alpha'); -$sortorder = GETPOST('sortorder', 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOST('page', 'int'); if (empty($page) || $page == -1) { $page = 0; } // If $page is not defined, or '' or -1 $offset = $limit * $page; diff --git a/htdocs/comm/mailing/list.php b/htdocs/comm/mailing/list.php index da74efaaf98..b879ae9fa32 100644 --- a/htdocs/comm/mailing/list.php +++ b/htdocs/comm/mailing/list.php @@ -32,7 +32,7 @@ $langs->load("mails"); $result=restrictedArea($user, 'mailing'); $sortfield = GETPOST("sortfield", 'alpha'); -$sortorder = GETPOST("sortorder", 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $limit = GETPOST('limit', 'int')?GETPOST('limit', 'int'):$conf->liste_limit; $page = GETPOST("page", 'int'); if (empty($page) || $page == -1 || GETPOST('button_search', 'alpha') || GETPOST('button_removefilter', 'alpha') || (empty($toselect) && $massaction === '0')) { $page = 0; } // If $page is not defined, or '' or -1 or if we click on clear filters or if we select empty mass action diff --git a/htdocs/comm/propal/card.php b/htdocs/comm/propal/card.php index 1f31ae67d19..ad3af668418 100644 --- a/htdocs/comm/propal/card.php +++ b/htdocs/comm/propal/card.php @@ -68,7 +68,7 @@ $error = 0; $id = GETPOST('id', 'int'); $ref = GETPOST('ref', 'alpha'); $socid = GETPOST('socid', 'int'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $cancel = GETPOST('cancel', 'alpha'); $origin = GETPOST('origin', 'alpha'); $originid = GETPOST('originid', 'int'); diff --git a/htdocs/comm/propal/document.php b/htdocs/comm/propal/document.php index 4c464db4693..8591b24dc9c 100644 --- a/htdocs/comm/propal/document.php +++ b/htdocs/comm/propal/document.php @@ -54,7 +54,7 @@ $result = restrictedArea($user, 'propal', $id); // Get parameters $sortfield = GETPOST("sortfield", 'alpha'); -$sortorder = GETPOST("sortorder", 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOST("page", 'int'); if (empty($page) || $page == -1) { $page = 0; } // If $page is not defined, or '' or -1 $offset = $conf->liste_limit * $page; diff --git a/htdocs/comm/propal/list.php b/htdocs/comm/propal/list.php index 29c87b0ebd2..492cae99165 100644 --- a/htdocs/comm/propal/list.php +++ b/htdocs/comm/propal/list.php @@ -99,7 +99,7 @@ $mesg=(GETPOST("msg") ? GETPOST("msg") : GETPOST("mesg")); $limit = GETPOST('limit', 'int')?GETPOST('limit', 'int'):$conf->liste_limit; $sortfield = GETPOST("sortfield", 'alpha'); -$sortorder = GETPOST("sortorder", 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOST("page", 'int'); if (empty($page) || $page == -1 || !empty($search_btn) || !empty($search_remove_btn) || (empty($toselect) && $massaction === '0')) { $page = 0; } // If $page is not defined, or '' or -1 $offset = $limit * $page; diff --git a/htdocs/commande/card.php b/htdocs/commande/card.php index 24af2adce15..aa9f7a75c7f 100644 --- a/htdocs/commande/card.php +++ b/htdocs/commande/card.php @@ -66,7 +66,7 @@ if (! empty($conf->productbatch->enabled)) $langs->load("productbatch"); $id = (GETPOST('id', 'int') ? GETPOST('id', 'int') : GETPOST('orderid', 'int')); $ref = GETPOST('ref', 'alpha'); $socid = GETPOST('socid', 'int'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $cancel = GETPOST('cancel', 'alpha'); $confirm = GETPOST('confirm', 'alpha'); $lineid = GETPOST('lineid', 'int'); diff --git a/htdocs/compta/accounting-files.php b/htdocs/compta/accounting-files.php index e52f91ba45c..288d34a7d27 100644 --- a/htdocs/compta/accounting-files.php +++ b/htdocs/compta/accounting-files.php @@ -53,7 +53,7 @@ $hookmanager->initHooks(array('comptafileslist','globallist')); // Load variable for pagination $limit = GETPOST('limit', 'int')?GETPOST('limit', 'int'):$conf->liste_limit; $sortfield = GETPOST('sortfield', 'alpha'); -$sortorder = GETPOST('sortorder', 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOST('page', 'int'); if (empty($page) || $page == -1) { $page = 0; } // If $page is not defined, or '' or -1 $offset = $limit * $page; diff --git a/htdocs/compta/bank/document.php b/htdocs/compta/bank/document.php index 5b887f0bd8e..db74933c876 100644 --- a/htdocs/compta/bank/document.php +++ b/htdocs/compta/bank/document.php @@ -36,7 +36,7 @@ $langs->loadLangs(array('banks', 'companies', 'other')); $id = (GETPOST('id', 'int') ? GETPOST('id', 'int') : GETPOST('account', 'int')); $ref = GETPOST('ref', 'alpha'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $confirm = GETPOST('confirm', 'alpha'); $mesg = ''; @@ -57,7 +57,7 @@ $result = restrictedArea($user, 'banque', $fieldvalue, 'bank_account', '', '', // Get parameters $sortfield = GETPOST("sortfield", 'alpha'); -$sortorder = GETPOST("sortorder", 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOST("page", 'int'); if (empty($page) || $page == -1) { $page = 0; } $offset = $conf->liste_limit * $page; diff --git a/htdocs/compta/bank/releve.php b/htdocs/compta/bank/releve.php index 845ba1a2172..7d090cb4f22 100644 --- a/htdocs/compta/bank/releve.php +++ b/htdocs/compta/bank/releve.php @@ -78,7 +78,7 @@ if ($user->rights->banque->consolidate && $action == 'dvprev' && ! empty($dvid)) $limit = GETPOST('limit', 'int')?GETPOST('limit', 'int'):$conf->liste_limit; $sortfield = GETPOST("sortfield", 'alpha'); -$sortorder = GETPOST("sortorder", 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOST("page", 'int'); $pageplusone = GETPOST("pageplusone", 'int'); if ($pageplusone) $page = $pageplusone - 1; diff --git a/htdocs/compta/bank/transfer.php b/htdocs/compta/bank/transfer.php index 199b1f9c08d..276640c3eb5 100644 --- a/htdocs/compta/bank/transfer.php +++ b/htdocs/compta/bank/transfer.php @@ -37,7 +37,7 @@ $langs->loadLangs(array("banks", "categories", "multicurrency")); if (! $user->rights->banque->transfer) accessforbidden(); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $error = 0; diff --git a/htdocs/compta/bank/various_payment/document.php b/htdocs/compta/bank/various_payment/document.php index 3d37b7e7de6..88c26516493 100644 --- a/htdocs/compta/bank/various_payment/document.php +++ b/htdocs/compta/bank/various_payment/document.php @@ -34,7 +34,7 @@ $langs->loadLangs(array("compta", "banks", "bills", "users", "accountancy")); $id = GETPOST('id', 'int'); $ref = GETPOST('ref', 'alpha'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $confirm = GETPOST('confirm', 'alpha'); // Security check @@ -44,7 +44,7 @@ $result = restrictedArea($user, 'banque', '', '', ''); // Get parameters $sortfield = GETPOST('sortfield', 'alpha'); -$sortorder = GETPOST('sortorder', 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOST('page', 'int'); if (empty($page) || $page == -1) { $page = 0; } // If $page is not defined, or '' or -1 $offset = $conf->liste_limit * $page; diff --git a/htdocs/compta/cashcontrol/cashcontrol_list.php b/htdocs/compta/cashcontrol/cashcontrol_list.php index d18a8c38cfe..392d398c0a1 100644 --- a/htdocs/compta/cashcontrol/cashcontrol_list.php +++ b/htdocs/compta/cashcontrol/cashcontrol_list.php @@ -64,7 +64,7 @@ $id = GETPOST('id', 'int'); // Load variable for pagination $limit = GETPOST('limit', 'int')?GETPOST('limit', 'int'):$conf->liste_limit; $sortfield = GETPOST('sortfield', 'alpha'); -$sortorder = GETPOST('sortorder', 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOST('page', 'int'); if (empty($page) || $page == -1 || GETPOST('button_search', 'alpha') || GETPOST('button_removefilter', 'alpha') || (empty($toselect) && $massaction === '0')) { $page = 0; } // If $page is not defined, or '' or -1 or if we click on clear filters or if we select empty mass action $offset = $limit * $page; diff --git a/htdocs/compta/clients.php b/htdocs/compta/clients.php index 36cc40c851c..8d18a840811 100644 --- a/htdocs/compta/clients.php +++ b/htdocs/compta/clients.php @@ -45,7 +45,7 @@ $langs->load("companies"); $mode=GETPOST("mode"); $sortfield = GETPOST("sortfield", 'alpha'); -$sortorder = GETPOST("sortorder", 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOST("page", 'int'); if (empty($page) || $page == -1) { $page = 0; } // If $page is not defined, or '' or -1 $offset = $conf->liste_limit * $page; diff --git a/htdocs/compta/deplacement/card.php b/htdocs/compta/deplacement/card.php index 9602216b955..b1696371339 100644 --- a/htdocs/compta/deplacement/card.php +++ b/htdocs/compta/deplacement/card.php @@ -43,7 +43,7 @@ $id = GETPOST('id', 'int'); if ($user->societe_id) $socid=$user->societe_id; $result = restrictedArea($user, 'deplacement', $id, ''); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $confirm = GETPOST('confirm', 'alpha'); $object = new Deplacement($db); diff --git a/htdocs/compta/deplacement/document.php b/htdocs/compta/deplacement/document.php index 8cba95e283b..55fdf442682 100644 --- a/htdocs/compta/deplacement/document.php +++ b/htdocs/compta/deplacement/document.php @@ -39,7 +39,7 @@ $langs->loadLangs(array('other', 'trips', 'companies', 'interventions')); $id = GETPOST('id', 'int'); $ref = GETPOST('ref', 'alpha'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $confirm = GETPOST('confirm', 'alpha'); // Security check @@ -49,7 +49,7 @@ $result = restrictedArea($user, 'deplacement', $id, ''); // Get parameters $sortfield = GETPOST('sortfield', 'alpha'); -$sortorder = GETPOST('sortorder', 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOST('page', 'int'); if (empty($page) || $page == -1) { $page = 0; } // If $page is not defined, or '' or -1 $offset = $conf->liste_limit * $page; diff --git a/htdocs/compta/deplacement/list.php b/htdocs/compta/deplacement/list.php index 58a8fd32ef5..ee0d152ea4e 100644 --- a/htdocs/compta/deplacement/list.php +++ b/htdocs/compta/deplacement/list.php @@ -44,7 +44,7 @@ $search_name=GETPOST('search_name', 'alpha'); $search_company=GETPOST('search_company', 'alpha'); // $search_amount=GETPOST('search_amount','alpha'); $sortfield = GETPOST("sortfield", 'alpha'); -$sortorder = GETPOST("sortorder", 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOST("page", 'int'); $limit = GETPOST('limit', 'int')?GETPOST('limit', 'int'):$conf->liste_limit; if (empty($page) || $page == -1) { $page = 0; } // If $page is not defined, or '' or -1 diff --git a/htdocs/compta/facture/card.php b/htdocs/compta/facture/card.php index 49f92826259..1375974a483 100644 --- a/htdocs/compta/facture/card.php +++ b/htdocs/compta/facture/card.php @@ -75,7 +75,7 @@ $projectid = (GETPOST('projectid', 'int') ? GETPOST('projectid', 'int') : 0); $id = (GETPOST('id', 'int') ? GETPOST('id', 'int') : GETPOST('facid', 'int')); // For backward compatibility $ref = GETPOST('ref', 'alpha'); $socid = GETPOST('socid', 'int'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $confirm = GETPOST('confirm', 'alpha'); $cancel = GETPOST('cancel', 'alpha'); $lineid = GETPOST('lineid', 'int'); diff --git a/htdocs/compta/facture/contact.php b/htdocs/compta/facture/contact.php index 64145158052..30b09534009 100644 --- a/htdocs/compta/facture/contact.php +++ b/htdocs/compta/facture/contact.php @@ -42,7 +42,7 @@ $id = (GETPOST('id')?GETPOST('id', 'int'):GETPOST('facid', 'int')); // For $ref = GETPOST('ref', 'alpha'); $lineid = GETPOST('lineid', 'int'); $socid = GETPOST('socid', 'int'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); // Security check if ($user->societe_id) $socid=$user->societe_id; diff --git a/htdocs/compta/facture/document.php b/htdocs/compta/facture/document.php index 44f69f512bd..f00595c1264 100644 --- a/htdocs/compta/facture/document.php +++ b/htdocs/compta/facture/document.php @@ -57,7 +57,7 @@ $result=restrictedArea($user, 'facture', $id, ''); // Get parameters $sortfield = GETPOST("sortfield", 'alpha'); -$sortorder = GETPOST("sortorder", 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOST("page", 'int'); if (empty($page) || $page == -1) { $page = 0; } // If $page is not defined, or '' or -1 $offset = $conf->liste_limit * $page; diff --git a/htdocs/compta/paiement/cheque/card.php b/htdocs/compta/paiement/cheque/card.php index 3107cf29742..9fb0deb793c 100644 --- a/htdocs/compta/paiement/cheque/card.php +++ b/htdocs/compta/paiement/cheque/card.php @@ -47,7 +47,7 @@ if ($user->societe_id) $socid=$user->societe_id; $result = restrictedArea($user, 'cheque', $id, 'bordereau_cheque', '', 'fk_user_author', $fieldname); $sortfield=GETPOST('sortfield', 'alpha'); -$sortorder=GETPOST('sortorder', 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page=GETPOST('page', 'int'); if (! $sortorder) $sortorder="ASC"; if (! $sortfield) $sortfield="b.dateo,b.rowid"; diff --git a/htdocs/compta/paiement/tovalidate.php b/htdocs/compta/paiement/tovalidate.php index 0e2889814cc..ad9248d7f75 100644 --- a/htdocs/compta/paiement/tovalidate.php +++ b/htdocs/compta/paiement/tovalidate.php @@ -41,7 +41,7 @@ if ($user->societe_id > 0) $limit = GETPOST('limit', 'int')?GETPOST('limit', 'int'):$conf->liste_limit; $sortfield = GETPOST('sortfield', 'alpha'); -$sortorder = GETPOST('sortorder', 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOST('page', 'int'); if (empty($page) || $page == -1) { $page = 0; } // If $page is not defined, or '' or -1 $offset = $limit * $page; diff --git a/htdocs/compta/prelevement/bons.php b/htdocs/compta/prelevement/bons.php index b5610b81f68..967ea295d9a 100644 --- a/htdocs/compta/prelevement/bons.php +++ b/htdocs/compta/prelevement/bons.php @@ -41,7 +41,7 @@ $limit = GETPOST('limit', 'int')?GETPOST('limit', 'int'):$conf->liste_limit; if ($limit != $conf->liste_limit) $urladd .= '&limit=' . $limit; $sortfield = GETPOST('sortfield', 'alpha'); -$sortorder = GETPOST('sortorder', 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOST('page', 'int'); if (empty($page) || $page == -1) { $page = 0; } // If $page is not defined, or '' or -1 $offset = $limit * $page; diff --git a/htdocs/compta/prelevement/card.php b/htdocs/compta/prelevement/card.php index bf95a35f1fd..d0f7efc5eaa 100644 --- a/htdocs/compta/prelevement/card.php +++ b/htdocs/compta/prelevement/card.php @@ -40,7 +40,7 @@ accessforbidden(); if ($user->societe_id > 0) accessforbidden(); // Get supervariables -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $id = GETPOST('id', 'int'); $ref = GETPOST('ref', 'alpha'); $socid = GETPOST('socid', 'int'); @@ -48,7 +48,7 @@ $socid = GETPOST('socid', 'int'); // Load variable for pagination $limit = GETPOST('limit', 'int')?GETPOST('limit', 'int'):$conf->liste_limit; $sortfield = GETPOST('sortfield', 'alpha'); -$sortorder = GETPOST('sortorder', 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOST('page', 'int'); if (empty($page) || $page == -1) { $page = 0; } // If $page is not defined, or '' or -1 $offset = $limit * $page; diff --git a/htdocs/compta/prelevement/create.php b/htdocs/compta/prelevement/create.php index eec72ee4b1e..e4b5781d74e 100644 --- a/htdocs/compta/prelevement/create.php +++ b/htdocs/compta/prelevement/create.php @@ -44,7 +44,7 @@ if ($user->societe_id) $socid=$user->societe_id; $result = restrictedArea($user, 'prelevement', '', '', 'bons'); // Get supervariables -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $mode = GETPOST('mode', 'alpha')?GETPOST('mode', 'alpha'):'real'; $format = GETPOST('format', 'aZ09'); $limit = GETPOST('limit', 'int')?GETPOST('limit', 'int'):$conf->liste_limit; diff --git a/htdocs/compta/prelevement/demandes.php b/htdocs/compta/prelevement/demandes.php index da1b3663d21..14d9135d94c 100644 --- a/htdocs/compta/prelevement/demandes.php +++ b/htdocs/compta/prelevement/demandes.php @@ -46,7 +46,7 @@ $optioncss = GETPOST('optioncss', 'aZ'); // Option for the css outpu // Load variable for pagination $limit = GETPOST('limit', 'int')?GETPOST('limit', 'int'):$conf->liste_limit; $sortfield = GETPOST("sortfield", 'alpha'); -$sortorder = GETPOST("sortorder", 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOST("page", 'int'); if (empty($page) || $page == -1 || GETPOST('button_search', 'alpha') || GETPOST('button_removefilter', 'alpha') || (empty($toselect) && $massaction === '0')) { $page = 0; } // If $page is not defined, or '' or -1 or if we click on clear filters or if we select empty mass action $offset = $limit * $page; diff --git a/htdocs/compta/prelevement/factures.php b/htdocs/compta/prelevement/factures.php index 6d087ea477e..9f0b83e896d 100644 --- a/htdocs/compta/prelevement/factures.php +++ b/htdocs/compta/prelevement/factures.php @@ -44,7 +44,7 @@ $ref = GETPOST('ref', 'alpha'); $limit = GETPOST('limit', 'int')?GETPOST('limit', 'int'):$conf->liste_limit; $sortfield = GETPOST("sortfield", 'alpha'); -$sortorder = GETPOST("sortorder", 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOST("page", 'int'); if (empty($page) || $page == -1) { $page = 0; } // If $page is not defined, or '' or -1 $offset = $limit * $page; diff --git a/htdocs/compta/prelevement/fiche-rejet.php b/htdocs/compta/prelevement/fiche-rejet.php index c930db99012..8e11c2b03f8 100644 --- a/htdocs/compta/prelevement/fiche-rejet.php +++ b/htdocs/compta/prelevement/fiche-rejet.php @@ -44,7 +44,7 @@ $ref = GETPOST('ref', 'alpha'); // Load variable for pagination $limit = GETPOST('limit', 'int')?GETPOST('limit', 'int'):$conf->liste_limit; $sortfield = GETPOST('sortfield', 'alpha'); -$sortorder = GETPOST('sortorder', 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOST('page', 'int'); if (empty($page) || $page == -1) { $page = 0; } // If $page is not defined, or '' or -1 $offset = $limit * $page; diff --git a/htdocs/compta/prelevement/fiche-stat.php b/htdocs/compta/prelevement/fiche-stat.php index 9cee7938737..f4f529bdaf0 100644 --- a/htdocs/compta/prelevement/fiche-stat.php +++ b/htdocs/compta/prelevement/fiche-stat.php @@ -42,7 +42,7 @@ $ref = GETPOST('ref', 'alpha'); // Load variable for pagination $limit = GETPOST('limit', 'int')?GETPOST('limit', 'int'):$conf->liste_limit; $sortfield = GETPOST('sortfield', 'alpha'); -$sortorder = GETPOST('sortorder', 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOST('page', 'int'); if (empty($page) || $page == -1) { $page = 0; } // If $page is not defined, or '' or -1 $offset = $limit * $page; diff --git a/htdocs/compta/prelevement/ligne.php b/htdocs/compta/prelevement/ligne.php index 8b11716bf6f..de034e76c0f 100644 --- a/htdocs/compta/prelevement/ligne.php +++ b/htdocs/compta/prelevement/ligne.php @@ -39,12 +39,12 @@ $langs->loadlangs(array('banks', 'categories', 'bills', 'withdrawals')); if ($user->societe_id > 0) accessforbidden(); // Get supervariables -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $id = GETPOST('id', 'int'); $socid = GETPOST('socid', 'int'); $page = GETPOST('page', 'int'); -$sortorder = GETPOST('sortorder', 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $sortfield = GETPOST('sortfield', 'alpha'); if ($action == 'confirm_rejet') diff --git a/htdocs/compta/prelevement/list.php b/htdocs/compta/prelevement/list.php index eb741b981d9..6d95786dadf 100644 --- a/htdocs/compta/prelevement/list.php +++ b/htdocs/compta/prelevement/list.php @@ -40,7 +40,7 @@ $result = restrictedArea($user, 'prelevement', '', '', 'bons'); $limit = GETPOST('limit', 'int')?GETPOST('limit', 'int'):$conf->liste_limit; $sortfield = GETPOST('sortfield', 'alpha'); -$sortorder = GETPOST('sortorder', 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOST('page', 'int'); if (empty($page) || $page == -1) { $page = 0; } // If $page is not defined, or '' or -1 $offset = $limit * $page; diff --git a/htdocs/compta/prelevement/rejets.php b/htdocs/compta/prelevement/rejets.php index 7611945a40d..f1c85ba9c63 100644 --- a/htdocs/compta/prelevement/rejets.php +++ b/htdocs/compta/prelevement/rejets.php @@ -41,7 +41,7 @@ $result = restrictedArea($user, 'prelevement', '', '', 'bons'); // Get supervariables $page = GETPOST('page', 'int'); if (empty($page) || $page == -1) { $page = 0; } // If $page is not defined, or '' or -1 -$sortorder = GETPOST('sortorder', 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $sortfield = GETPOST('sortfield', 'alpha'); /* diff --git a/htdocs/compta/recap-compta.php b/htdocs/compta/recap-compta.php index 19ac65cbd4e..70ac412191e 100644 --- a/htdocs/compta/recap-compta.php +++ b/htdocs/compta/recap-compta.php @@ -47,7 +47,7 @@ $hookmanager->initHooks(array('recapcomptacard','globalcard')); // Load variable for pagination $limit = GETPOST('limit', 'int')?GETPOST('limit', 'int'):$conf->liste_limit; $sortfield = GETPOST('sortfield', 'alpha'); -$sortorder = GETPOST('sortorder', 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOST('page', 'int'); if (empty($page) || $page == -1) { $page = 0; } // If $page is not defined, or '' or -1 $offset = $limit * $page; diff --git a/htdocs/compta/salaries/document.php b/htdocs/compta/salaries/document.php index 3ff92d23c1c..f1aaf4227ec 100644 --- a/htdocs/compta/salaries/document.php +++ b/htdocs/compta/salaries/document.php @@ -40,7 +40,7 @@ $langs->loadLangs(array("compta","bills","users","salaries","hrm")); $id = GETPOST('id', 'int'); $ref = GETPOST('ref', 'alpha'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $confirm = GETPOST('confirm', 'alpha'); // Security check @@ -51,7 +51,7 @@ $result = restrictedArea($user, 'salaries', '', '', ''); // Get parameters $sortfield = GETPOST('sortfield', 'alpha'); -$sortorder = GETPOST('sortorder', 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOST('page', 'int'); if (empty($page) || $page == -1) { $page = 0; } // If $page is not defined, or '' or -1 $offset = $conf->liste_limit * $page; diff --git a/htdocs/compta/sociales/payments.php b/htdocs/compta/sociales/payments.php index daecbe581f8..514f42c395f 100644 --- a/htdocs/compta/sociales/payments.php +++ b/htdocs/compta/sociales/payments.php @@ -47,7 +47,7 @@ if (! $year && $mode != 'sconly') { $year=date("Y", time()); } $limit = GETPOST('limit', 'int')?GETPOST('limit', 'int'):$conf->liste_limit; $sortfield = GETPOST("sortfield", 'alpha'); -$sortorder = GETPOST("sortorder", 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOST("page", 'int'); if (empty($page) || $page == -1) { $page = 0; } // If $page is not defined, or '' or -1 $offset = $limit * $page; diff --git a/htdocs/conf/conf.php.example b/htdocs/conf/conf.php.example index 4d26fef7965..def20f3f8b9 100644 --- a/htdocs/conf/conf.php.example +++ b/htdocs/conf/conf.php.example @@ -217,10 +217,10 @@ $dolibarr_main_authentication='dolibarr'; // 1 = Force redirect to https, until SCRIPT_URI start with https into response // 2 = Force redirect to https, until SERVER["HTTPS"] is 'on' into response // 'https://my.domain.com' = Force reditect to https using this domain name. -// Warning: If you enable this parameter, your web server must be configured to -// respond URL with https protocol. -// According to your web server setup, some values may works and other not. Try -// different values (1,2 or 'https://my.domain.com') if you experience problems. +// Warning: If you enable this parameter, your web server must be configured to respond URL with https protocol. +// According to your web server setup, some values may works and other not. Try different values (1,2 or 'https://my.domain.com') if you experience problems. +// Even if a redirect to HTTPS is forced by the webserver, it is recommanded to set this value to another value than 0, so your session cookies will be +// flagged as secured. // Default value: 0 // Possible values: 0, 1, 2 or 'https://my.domain.com' // Examples: @@ -231,12 +231,12 @@ $dolibarr_main_force_https='0'; // dolibarr_main_prod // When this parameter is defined, all errors messages are not reported. // This feature exists for production usage to avoid to give any information to hackers. -// Default value: 0 +// Default value: 1 // Possible values: 0 or 1 // Examples: -// $dolibarr_main_prod='0'; +// $dolibarr_main_prod='1'; // -$dolibarr_main_prod='0'; +$dolibarr_main_prod='1'; // $dolibarr_main_restrict_os_commands // To restrict commands you can execute by the backup feature, enter allowed command here. @@ -258,8 +258,8 @@ $dolibarr_main_restrict_ip=''; // dolibarr_nocsrfcheck // This parameter can be used to disable CSRF protection. -// This might be required if you access Dolibarr behind a proxy that make -// URL rewriting, to avoid false alarms. +// This might be required if you access Dolibarr behind a proxy that make bad URL rewriting, to avoid false alarms. +// In most cases, you should always keep this to 0. // Default value: 0 // Possible values: 0 or 1 // Examples: @@ -267,6 +267,12 @@ $dolibarr_main_restrict_ip=''; // $dolibarr_nocsrfcheck='0'; +// dolibarr_cron_allow_cli +// If set to 1, you will be able to define some command line in the internal Job scheduler (cronjob) module. +// Default value: '0' +// Examples: '1' +$dolibarr_cron_allow_cli='0'; + // dolibarr_mailing_limit_sendbyweb // Can set a limit for mailing send by web. This overwrite database value. Can be used to restrict on OS level. // Default value: '25' diff --git a/htdocs/contact/list.php b/htdocs/contact/list.php index 0e7c814ef7b..5bd952c62b3 100644 --- a/htdocs/contact/list.php +++ b/htdocs/contact/list.php @@ -95,7 +95,7 @@ $view=GETPOST("view", 'alpha'); $limit = GETPOST('limit', 'int')?GETPOST('limit', 'int'):$conf->liste_limit; $sortfield = GETPOST('sortfield', 'alpha'); -$sortorder = GETPOST('sortorder', 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOST('page', 'int'); $userid=GETPOST('userid', 'int'); $begin=GETPOST('begin'); diff --git a/htdocs/contrat/index.php b/htdocs/contrat/index.php index 10c2e2915b9..ca58ffc687d 100644 --- a/htdocs/contrat/index.php +++ b/htdocs/contrat/index.php @@ -32,7 +32,7 @@ require_once DOL_DOCUMENT_ROOT."/product/class/product.class.php"; $langs->loadLangs(array('products', 'companies', 'contracts')); $sortfield=GETPOST('sortfield', 'alpha'); -$sortorder=GETPOST('sortorder', 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page=GETPOST('page', 'int'); $statut=GETPOST('statut')?GETPOST('statut'):1; diff --git a/htdocs/core/class/html.formfile.class.php b/htdocs/core/class/html.formfile.class.php index 53e19a560f0..4bb772865c3 100644 --- a/htdocs/core/class/html.formfile.class.php +++ b/htdocs/core/class/html.formfile.class.php @@ -1259,7 +1259,8 @@ class FormFile } else { - print dol_trunc($file['name'], 200); + $filenametoshow = preg_replace('/\.noexe$/', '', $file['name']); + print dol_escape_htmltag(dol_trunc($filenametoshow, 200)); print ''; } // Preview link diff --git a/htdocs/core/lib/files.lib.php b/htdocs/core/lib/files.lib.php index cb0aef212fc..227b6fe553a 100644 --- a/htdocs/core/lib/files.lib.php +++ b/htdocs/core/lib/files.lib.php @@ -2021,8 +2021,10 @@ function dol_uncompress($inputfile, $outputdir) dol_syslog("Constant ODTPHP_PATHTOPCLZIP for pclzip library is set to ".ODTPHP_PATHTOPCLZIP.", so we use Pclzip to unzip into ".$outputdir); include_once ODTPHP_PATHTOPCLZIP.'/pclzip.lib.php'; $archive = new PclZip($inputfile); - $result=$archive->extract(PCLZIP_OPT_PATH, $outputdir); - //var_dump($result); + + // Extract into outputdir, but only files that match the regex '/^((?!\.\.).)*$/' that means "does not include .." + $result = $archive->extract(PCLZIP_OPT_PATH, $outputdir, PCLZIP_OPT_BY_PREG, '/^((?!\.\.).)*$/'); + if (! is_array($result) && $result <= 0) return array('error'=>$archive->errorInfo(true)); else { @@ -2044,14 +2046,26 @@ function dol_uncompress($inputfile, $outputdir) } } - if (class_exists('ZipArchive')) + if (class_exists('ZipArchive')) // Must install php-zip to have it { dol_syslog("Class ZipArchive is set so we unzip using ZipArchive to unzip into ".$outputdir); $zip = new ZipArchive; $res = $zip->open($inputfile); if ($res === true) { - $zip->extractTo($outputdir.'/'); + //$zip->extractTo($outputdir.'/'); + // We must extract one file at time so we can check that file name does not contains '..' to avoid transversal path of zip built for example using + // python3 path_traversal_archiver.py test.zip -l 10 -p tmp/ + // with -l is the range of dot to go back in path. + // and path_traversal_archiver.py found at https://github.com/Alamot/code-snippets/blob/master/path_traversal/path_traversal_archiver.py + for ($i = 0; $i < $zip->numFiles; $i++) { + if (preg_match('/\.\./', $zip->getNameIndex($i))) { + dol_syslog("Warning: Try to unzip a file with a transversal path ".$zip->getNameIndex($i), LOG_WARNING); + continue; // Discard the file + } + $zip->extractTo($outputdir.'/', array($zip->getNameIndex($i))); + } + $zip->close(); return array(); } diff --git a/htdocs/core/lib/functions.lib.php b/htdocs/core/lib/functions.lib.php index a5ab772b795..d11f6db5683 100644 --- a/htdocs/core/lib/functions.lib.php +++ b/htdocs/core/lib/functions.lib.php @@ -219,12 +219,13 @@ function GETPOSTISSET($paramname) * 'none'=no check (only for param that should have very rich content) * 'int'=check it's numeric (integer or float) * 'intcomma'=check it's integer+comma ('1,2,3,4...') - * 'alpha'=check it's text and sign + * 'alpha'=Same than alphanohtml + * 'alphanohtml'=check there is no html content and no " and no ../ * 'aZ'=check it's a-z only * 'aZ09'=check it's simple alpha string (recommended for keys) * 'array'=check it's array * 'san_alpha'=Use filter_var with FILTER_SANITIZE_STRING (do not use this for free text string) - * 'nohtml', 'alphanohtml'=check there is no html content + * 'nohtml'=check there is no html content and no " and no ../ * 'custom'= custom filter specify $filter and $options) * @param int $method Type of method (0 = get then post, 1 = only get, 2 = only post, 3 = post then get) * @param int $filter Filter to apply when $check is set to 'custom'. (See http://php.net/manual/en/filter.filters.php for détails) @@ -489,16 +490,6 @@ function GETPOST($paramname, $check = 'none', $method = 0, $filter = null, $opti case 'intcomma': if (preg_match('/[^0-9,-]+/i', $out)) $out=''; break; - case 'alpha': - if (! is_array($out)) - { - $out=trim($out); - // '"' is dangerous because param in url can close the href= or src= and add javascript functions. - // '../' is dangerous because it allows dir transversals - if (preg_match('/"/', $out)) $out=''; - elseif (preg_match('/\.\.\//', $out)) $out=''; - } - break; case 'san_alpha': $out=filter_var($out, FILTER_SANITIZE_STRING); break; @@ -529,6 +520,7 @@ function GETPOST($paramname, $check = 'none', $method = 0, $filter = null, $opti case 'nohtml': // Recommended for most scalar parameters $out=dol_string_nohtmltag($out, 0); break; + case 'alpha': // No html and no " and no ../ case 'alphanohtml': // Recommended for search parameters if (! is_array($out)) { diff --git a/htdocs/core/lib/security2.lib.php b/htdocs/core/lib/security2.lib.php index 0e0d4a37946..82110197a40 100644 --- a/htdocs/core/lib/security2.lib.php +++ b/htdocs/core/lib/security2.lib.php @@ -131,8 +131,8 @@ if (! function_exists('dol_loginfunction')) */ function dol_loginfunction($langs, $conf, $mysoc) { - global $dolibarr_main_demo, $db; - global $hookmanager; + global $dolibarr_main_demo, $dolibarr_main_force_https; + global $db, $hookmanager; $langs->loadLangs(array("main","other","help","admin")); @@ -187,7 +187,7 @@ if (! function_exists('dol_loginfunction')) // Set cookie for timeout management $prefix=dol_getprefix(''); $sessiontimeout='DOLSESSTIMEOUT_'.$prefix; - if (! empty($conf->global->MAIN_SESSION_TIMEOUT)) setcookie($sessiontimeout, $conf->global->MAIN_SESSION_TIMEOUT, 0, "/", null, false, true); + if (! empty($conf->global->MAIN_SESSION_TIMEOUT)) setcookie($sessiontimeout, $conf->global->MAIN_SESSION_TIMEOUT, 0, "/", null, (empty($dolibarr_main_force_https) ? false : true), true); if (GETPOST('urlfrom', 'alpha')) $_SESSION["urlfrom"]=GETPOST('urlfrom', 'alpha'); else unset($_SESSION["urlfrom"]); diff --git a/htdocs/core/modules/modProduct.class.php b/htdocs/core/modules/modProduct.class.php index ff0a814f3ec..8ffcfcc6e9b 100644 --- a/htdocs/core/modules/modProduct.class.php +++ b/htdocs/core/modules/modProduct.class.php @@ -159,6 +159,9 @@ class modProduct extends DolibarrModules $r++; */ + $usenpr = 0; + if (is_object($mysoc)) $usenpr = $mysoc->useNPR(); + // Exports //-------- $r=0; @@ -183,7 +186,7 @@ class modProduct extends DolibarrModules 'p.tva_tx'=>'VATRate', 'p.datec'=>'DateCreation','p.tms'=>'DateModification' ); - if (is_object($mysoc) && $mysoc->useNPR()) $this->export_fields_array[$r]['p.recuperableonly']='NPR'; + if (is_object($mysoc) && $usenpr) $this->export_fields_array[$r]['p.recuperableonly']='NPR'; if (! empty($conf->fournisseur->enabled) || !empty($conf->margin->enabled)) $this->export_fields_array[$r]=array_merge($this->export_fields_array[$r], array('p.cost_price'=>'CostPrice')); if (! empty($conf->stock->enabled)) $this->export_fields_array[$r]=array_merge($this->export_fields_array[$r], array('p.stock'=>'Stock','p.seuil_stock_alerte'=>'StockLimit','p.desiredstock'=>'DesiredStock','p.pmp'=>'PMPValue')); if (! empty($conf->barcode->enabled)) $this->export_fields_array[$r]=array_merge($this->export_fields_array[$r], array('p.barcode'=>'BarCode')); @@ -245,7 +248,7 @@ class modProduct extends DolibarrModules 'pr.price_min'=>"MinPriceLevelUnitPriceHT",'pr.price_min_ttc'=>"MinPriceLevelUnitPriceTTC", 'pr.tva_tx'=>'PriceLevelVATRate', 'pr.date_price'=>'DateCreation'); - if (is_object($mysoc) && $mysoc->useNPR()) $this->export_fields_array[$r]['pr.recuperableonly']='NPR'; + if (is_object($mysoc) && $usenpr) $this->export_fields_array[$r]['pr.recuperableonly']='NPR'; //$this->export_TypeFields_array[$r]=array( // 'p.ref'=>"Text",'p.label'=>"Text",'p.description'=>"Text",'p.url'=>"Text",'p.accountancy_code_sell'=>"Text",'p.accountancy_code_buy'=>"Text", // 'p.note'=>"Text",'p.length'=>"Numeric",'p.surface'=>"Numeric",'p.volume'=>"Numeric",'p.weight'=>"Numeric",'p.customcode'=>'Text', @@ -280,7 +283,7 @@ class modProduct extends DolibarrModules 'pr.tva_tx'=>'PriceVATRate', 'pr.default_vat_code'=>'PriceVATCode', 'pr.datec'=>'DateCreation'); - if (is_object($mysoc) && $mysoc->useNPR()) $this->export_fields_array[$r]['pr.recuperableonly']='NPR'; + if (is_object($mysoc) && $usenpr) $this->export_fields_array[$r]['pr.recuperableonly']='NPR'; $this->export_entities_array[$r]=array('p.rowid'=>"product",'p.ref'=>"product", 's.nom'=>'company', 'pr.price_base_type'=>"product",'pr.price'=>"product", @@ -469,7 +472,7 @@ class modProduct extends DolibarrModules ); if (! empty($conf->fournisseur->enabled) || !empty($conf->margin->enabled)) $this->import_fields_array[$r]=array_merge($this->import_fields_array[$r], array('p.cost_price'=>'CostPrice')); - if (is_object($mysoc) && $mysoc->useNPR()) $this->import_fields_array[$r]=array_merge($this->import_fields_array[$r], array('p.recuperableonly'=>'NPR')); + if (is_object($mysoc) && $usenpr) $this->import_fields_array[$r]=array_merge($this->import_fields_array[$r], array('p.recuperableonly'=>'NPR')); if (is_object($mysoc) && $mysoc->useLocalTax(1)) $this->import_fields_array[$r]=array_merge($this->import_fields_array[$r], array('p.localtax1_tx'=>'LT1', 'p.localtax1_type'=>'LT1Type')); if (is_object($mysoc) && $mysoc->useLocalTax(2)) $this->import_fields_array[$r]=array_merge($this->import_fields_array[$r], array('p.localtax2_tx'=>'LT2', 'p.localtax2_type'=>'LT2Type')); if (! empty($conf->barcode->enabled)) $this->import_fields_array[$r]=array_merge($this->import_fields_array[$r], array('p.barcode'=>'BarCode')); @@ -547,7 +550,7 @@ class modProduct extends DolibarrModules 'p.desiredstock' => '' )); if (! empty($conf->fournisseur->enabled) || !empty($conf->margin->enabled)) $import_sample=array_merge($import_sample, array('p.cost_price'=>'90')); - if (is_object($mysoc) && $mysoc->useNPR()) $import_sample=array_merge($import_sample, array('p.recuperableonly'=>'0')); + if (is_object($mysoc) && $usenpr) $import_sample=array_merge($import_sample, array('p.recuperableonly'=>'0')); if (is_object($mysoc) && $mysoc->useLocalTax(1)) $import_sample=array_merge($import_sample, array('p.localtax1_tx'=>'', 'p.localtax1_type'=>'')); if (is_object($mysoc) && $mysoc->useLocalTax(2)) $import_sample=array_merge($import_sample, array('p.localtax2_tx'=>'', 'p.localtax2_type'=>'')); if (! empty($conf->barcode->enabled)) $import_sample=array_merge($import_sample, array('p.barcode'=>'')); @@ -594,7 +597,7 @@ class modProduct extends DolibarrModules 'sp.delivery_time_days' => 'DeliveryDelay', 'sp.supplier_reputation' => 'SupplierReputation' ); - if (is_object($mysoc) && $mysoc->useNPR()) $this->import_fields_array[$r]=array_merge($this->import_fields_array[$r], array('sp.recuperableonly'=>'VATNPR')); + if (is_object($mysoc) && $usenpr) $this->import_fields_array[$r]=array_merge($this->import_fields_array[$r], array('sp.recuperableonly'=>'VATNPR')); if (is_object($mysoc) && $mysoc->useLocalTax(1)) $this->import_fields_array[$r]=array_merge($this->import_fields_array[$r], array('sp.localtax1_tx'=>'LT1', 'sp.localtax1_type'=>'LT1Type')); if (is_object($mysoc) && $mysoc->useLocalTax(2)) $this->import_fields_array[$r]=array_merge($this->import_fields_array[$r], array('sp.localtax2_tx'=>'LT2', 'sp.localtax2_type'=>'LT2Type')); $this->import_fields_array[$r]=array_merge($this->import_fields_array[$r], array( @@ -632,7 +635,7 @@ class modProduct extends DolibarrModules 'sp.delivery_time_days' => '5', 'sp.supplier_reputation' => 'FAVORITE / NOTTHGOOD / DONOTORDER' ); - if (is_object($mysoc) && $mysoc->useNPR()) $this->import_examplevalues_array[$r]=array_merge($this->import_examplevalues_array[$r], array('sp.recuperableonly'=>'')); + if (is_object($mysoc) && $usenpr) $this->import_examplevalues_array[$r]=array_merge($this->import_examplevalues_array[$r], array('sp.recuperableonly'=>'')); if (is_object($mysoc) && $mysoc->useLocalTax(1)) $this->import_examplevalues_array[$r]=array_merge($this->import_examplevalues_array[$r], array('sp.localtax1_tx'=>'LT1', 'sp.localtax1_type'=>'LT1Type')); if (is_object($mysoc) && $mysoc->useLocalTax(2)) $this->import_examplevalues_array[$r]=array_merge($this->import_examplevalues_array[$r], array('sp.localtax2_tx'=>'LT2', 'sp.localtax2_type'=>'LT2Type')); $this->import_examplevalues_array[$r] = array_merge($this->import_examplevalues_array[$r], array( @@ -672,7 +675,7 @@ class modProduct extends DolibarrModules 'pr.price_min'=>"MinPriceLevelUnitPriceHT",'pr.price_min_ttc'=>"MinPriceLevelUnitPriceTTC", 'pr.date_price'=>'DateCreation*'); if (! empty($conf->global->PRODUIT_MULTIPRICES_USE_VAT_PER_LEVEL)) $this->import_fields_array[$r]['pr.tva_tx']='VATRate'; - if (is_object($mysoc) && $mysoc->useNPR()) $this->import_fields_array[$r]=array_merge($this->import_fields_array[$r], array('pr.recuperableonly'=>'NPR')); + if (is_object($mysoc) && $usenpr) $this->import_fields_array[$r]=array_merge($this->import_fields_array[$r], array('pr.recuperableonly'=>'NPR')); $this->import_regex_array[$r]=array('pr.datec'=>'^[0-9][0-9][0-9][0-9]-[0-9][0-9]-[0-9][0-9]$','pr.recuperableonly'=>'^[0|1]$'); $this->import_convertvalue_array[$r]=array( 'pr.fk_product'=>array('rule'=>'fetchidfromref','classfile'=>'/product/class/product.class.php','class'=>'Product','method'=>'fetch','element'=>'Product') diff --git a/htdocs/core/modules/modService.class.php b/htdocs/core/modules/modService.class.php index d4e6313e054..29a74969952 100644 --- a/htdocs/core/modules/modService.class.php +++ b/htdocs/core/modules/modService.class.php @@ -133,6 +133,9 @@ class modService extends DolibarrModules $r++; */ + $usenpr = 0; + if (is_object($mysoc)) $usenpr = $mysoc->useNPR(); + // Exports //-------- $r=0; @@ -156,7 +159,7 @@ class modService extends DolibarrModules 'p.tva_tx'=>'VATRate', 'p.datec'=>'DateCreation','p.tms'=>'DateModification' ); - if (is_object($mysoc) && $mysoc->useNPR()) $this->export_fields_array[$r]['p.recuperableonly']='NPR'; + if (is_object($mysoc) && $usenpr) $this->export_fields_array[$r]['p.recuperableonly']='NPR'; if (! empty($conf->fournisseur->enabled) || !empty($conf->margin->enabled)) $this->export_fields_array[$r]=array_merge($this->export_fields_array[$r], array('p.cost_price'=>'CostPrice')); if (! empty($conf->stock->enabled)) $this->export_fields_array[$r]=array_merge($this->export_fields_array[$r], array('p.stock'=>'Stock','p.seuil_stock_alerte'=>'StockLimit','p.desiredstock'=>'DesiredStock','p.pmp'=>'PMPValue')); if (! empty($conf->barcode->enabled)) $this->export_fields_array[$r]=array_merge($this->export_fields_array[$r], array('p.barcode'=>'BarCode')); @@ -220,7 +223,7 @@ class modService extends DolibarrModules 'pr.price_min'=>"MinPriceLevelUnitPriceHT",'pr.price_min_ttc'=>"MinPriceLevelUnitPriceTTC", 'pr.tva_tx'=>'PriceLevelVATRate', 'pr.date_price'=>'DateCreation'); - if (is_object($mysoc) && $mysoc->useNPR()) $this->export_fields_array[$r]['pr.recuperableonly']='NPR'; + if (is_object($mysoc) && $usenpr) $this->export_fields_array[$r]['pr.recuperableonly']='NPR'; //$this->export_TypeFields_array[$r]=array( // 'p.ref'=>"Text",'p.label'=>"Text",'p.description'=>"Text",'p.url'=>"Text",'p.accountancy_code_sell'=>"Text",'p.accountancy_code_buy'=>"Text", // 'p.note'=>"Text",'p.length'=>"Numeric",'p.surface'=>"Numeric",'p.volume'=>"Numeric",'p.weight'=>"Numeric",'p.customcode'=>'Text', @@ -255,7 +258,7 @@ class modService extends DolibarrModules 'pr.tva_tx'=>'PriceVATRate', 'pr.default_vat_code'=>'PriceVATCode', 'pr.datec'=>'DateCreation'); - if (is_object($mysoc) && $mysoc->useNPR()) $this->export_fields_array[$r]['pr.recuperableonly']='NPR'; + if (is_object($mysoc) && $usenpr) $this->export_fields_array[$r]['pr.recuperableonly']='NPR'; $this->export_entities_array[$r]=array('p.rowid'=>"product",'p.ref'=>"product", 's.nom'=>'company', 'pr.price_base_type'=>"product",'pr.price'=>"product", @@ -444,7 +447,7 @@ class modService extends DolibarrModules ) ); if (! empty($conf->fournisseur->enabled) || !empty($conf->margin->enabled)) $this->import_fields_array[$r]=array_merge($this->import_fields_array[$r], array('p.cost_price'=>'CostPrice')); - if (is_object($mysoc) && $mysoc->useNPR()) $this->import_fields_array[$r]=array_merge($this->import_fields_array[$r], array('p.recuperableonly'=>'NPR')); + if (is_object($mysoc) && $usenpr) $this->import_fields_array[$r]=array_merge($this->import_fields_array[$r], array('p.recuperableonly'=>'NPR')); if (is_object($mysoc) && $mysoc->useLocalTax(1)) $this->import_fields_array[$r]=array_merge($this->import_fields_array[$r], array('p.localtax1_tx'=>'LT1', 'p.localtax1_type'=>'LT1Type')); if (is_object($mysoc) && $mysoc->useLocalTax(2)) $this->import_fields_array[$r]=array_merge($this->import_fields_array[$r], array('p.localtax2_tx'=>'LT2', 'p.localtax2_type'=>'LT2Type')); if (! empty($conf->barcode->enabled)) $this->import_fields_array[$r]=array_merge($this->import_fields_array[$r], array('p.barcode'=>'BarCode')); @@ -521,7 +524,7 @@ class modService extends DolibarrModules 'p.desiredstock' => '' )); if (! empty($conf->fournisseur->enabled) || !empty($conf->margin->enabled)) $import_sample=array_merge($import_sample, array('p.cost_price'=>'90')); - if (is_object($mysoc) && $mysoc->useNPR()) $import_sample=array_merge($import_sample, array('p.recuperableonly'=>'0')); + if (is_object($mysoc) && $usenpr) $import_sample=array_merge($import_sample, array('p.recuperableonly'=>'0')); if (is_object($mysoc) && $mysoc->useLocalTax(1)) $import_sample=array_merge($import_sample, array('p.localtax1_tx'=>'', 'p.localtax1_type'=>'')); if (is_object($mysoc) && $mysoc->useLocalTax(2)) $import_sample=array_merge($import_sample, array('p.localtax2_tx'=>'', 'p.localtax2_type'=>'')); if (! empty($conf->barcode->enabled)) $import_sample=array_merge($import_sample, array('p.barcode'=>'')); @@ -570,7 +573,7 @@ class modService extends DolibarrModules 'sp.delivery_time_days' => 'DeliveryDelay', 'sp.supplier_reputation' => 'SupplierReputation' ); - if (is_object($mysoc) && $mysoc->useNPR()) $this->import_fields_array[$r]=array_merge($this->import_fields_array[$r], array('sp.recuperableonly'=>'VATNPR')); + if (is_object($mysoc) && $usenpr) $this->import_fields_array[$r]=array_merge($this->import_fields_array[$r], array('sp.recuperableonly'=>'VATNPR')); if (is_object($mysoc) && $mysoc->useLocalTax(1)) $this->import_fields_array[$r]=array_merge($this->import_fields_array[$r], array('sp.localtax1_tx'=>'LT1', 'sp.localtax1_type'=>'LT1Type')); if (is_object($mysoc) && $mysoc->useLocalTax(2)) $this->import_fields_array[$r]=array_merge($this->import_fields_array[$r], array('sp.localtax2_tx'=>'LT2', 'sp.localtax2_type'=>'LT2Type')); $this->import_fields_array[$r]=array_merge($this->import_fields_array[$r], array( @@ -607,7 +610,7 @@ class modService extends DolibarrModules 'sp.delivery_time_days' => '5', 'sp.supplier_reputation' => 'FAVORITE / NOTTHGOOD / DONOTORDER' ); - if (is_object($mysoc) && $mysoc->useNPR()) $this->import_examplevalues_array[$r]=array_merge($this->import_examplevalues_array[$r], array('sp.recuperableonly'=>'')); + if (is_object($mysoc) && $usenpr) $this->import_examplevalues_array[$r]=array_merge($this->import_examplevalues_array[$r], array('sp.recuperableonly'=>'')); if (is_object($mysoc) && $mysoc->useLocalTax(1)) $this->import_examplevalues_array[$r]=array_merge($this->import_examplevalues_array[$r], array('sp.localtax1_tx'=>'LT1', 'sp.localtax1_type'=>'LT1Type')); if (is_object($mysoc) && $mysoc->useLocalTax(2)) $this->import_examplevalues_array[$r]=array_merge($this->import_examplevalues_array[$r], array('sp.localtax2_tx'=>'LT2', 'sp.localtax2_type'=>'LT2Type')); $this->import_examplevalues_array[$r] = array_merge($this->import_examplevalues_array[$r], array( @@ -647,7 +650,7 @@ class modService extends DolibarrModules 'pr.price_min'=>"MinPriceLevelUnitPriceHT",'pr.price_min_ttc'=>"MinPriceLevelUnitPriceTTC", 'pr.date_price'=>'DateCreation*'); if (! empty($conf->global->PRODUIT_MULTIPRICES_USE_VAT_PER_LEVEL)) $this->import_fields_array[$r]['pr.tva_tx']='VATRate'; - if (is_object($mysoc) && $mysoc->useNPR()) $this->import_fields_array[$r]=array_merge($this->import_fields_array[$r], array('pr.recuperableonly'=>'NPR')); + if (is_object($mysoc) && $usenpr) $this->import_fields_array[$r]=array_merge($this->import_fields_array[$r], array('pr.recuperableonly'=>'NPR')); $this->import_regex_array[$r]=array('pr.datec'=>'^[0-9][0-9][0-9][0-9]-[0-9][0-9]-[0-9][0-9]$','pr.recuperableonly'=>'^[0|1]$'); $this->import_convertvalue_array[$r]=array( 'pr.fk_product'=>array('rule'=>'fetchidfromref','classfile'=>'/product/class/product.class.php','class'=>'Product','method'=>'fetch','element'=>'Product') diff --git a/htdocs/core/modules/oauth/github_oauthcallback.php b/htdocs/core/modules/oauth/github_oauthcallback.php index e968a348fd7..3365bd859b4 100644 --- a/htdocs/core/modules/oauth/github_oauthcallback.php +++ b/htdocs/core/modules/oauth/github_oauthcallback.php @@ -35,7 +35,7 @@ $urlwithroot=$urlwithouturlroot.DOL_URL_ROOT; // This is to use external domain -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $backtourl = GETPOST('backtourl', 'alpha'); diff --git a/htdocs/core/modules/oauth/google_oauthcallback.php b/htdocs/core/modules/oauth/google_oauthcallback.php index 4462b6d263d..54f3db66a48 100644 --- a/htdocs/core/modules/oauth/google_oauthcallback.php +++ b/htdocs/core/modules/oauth/google_oauthcallback.php @@ -35,7 +35,7 @@ $urlwithroot=$urlwithouturlroot.DOL_URL_ROOT; // This is to use external domain -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $backtourl = GETPOST('backtourl', 'alpha'); diff --git a/htdocs/core/modules/oauth/stripelive_oauthcallback.php b/htdocs/core/modules/oauth/stripelive_oauthcallback.php index a32223105b9..affdab522dd 100644 --- a/htdocs/core/modules/oauth/stripelive_oauthcallback.php +++ b/htdocs/core/modules/oauth/stripelive_oauthcallback.php @@ -35,7 +35,7 @@ $urlwithroot=$urlwithouturlroot.DOL_URL_ROOT; // This is to use external domain -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $backtourl = GETPOST('backtourl', 'alpha'); diff --git a/htdocs/core/modules/oauth/stripetest_oauthcallback.php b/htdocs/core/modules/oauth/stripetest_oauthcallback.php index 55b532f231c..a53ce2cd393 100644 --- a/htdocs/core/modules/oauth/stripetest_oauthcallback.php +++ b/htdocs/core/modules/oauth/stripetest_oauthcallback.php @@ -35,7 +35,7 @@ $urlwithroot=$urlwithouturlroot.DOL_URL_ROOT; // This is to use external domain -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $backtourl = GETPOST('backtourl', 'alpha'); diff --git a/htdocs/cron/class/cronjob.class.php b/htdocs/cron/class/cronjob.class.php index 7934a628880..930b9b0e5a2 100644 --- a/htdocs/cron/class/cronjob.class.php +++ b/htdocs/cron/class/cronjob.class.php @@ -1168,23 +1168,32 @@ class Cronjob extends CommonObject // Run a command line if ($this->jobtype=='command') { - $outputdir = $conf->cron->dir_temp; - if (empty($outputdir)) $outputdir = $conf->cronjob->dir_temp; + global $dolibarr_cron_allow_cli; - if (! empty($outputdir)) - { - dol_mkdir($outputdir); - $outputfile=$outputdir.'/cronjob.'.$userlogin.'.out'; // File used with popen method + if (empty($dolibarr_cron_allow_cli)) { + $langs->load("errors"); + $this->error = $langs->trans("FailedToExecutCommandJob"); + $this->lastoutput = ''; + $this->lastresult = $langs->trans("ErrorParameterMustBeEnabledToAllwoThisFeature", 'dolibarr_cron_allow_cli'); + } else { + $outputdir = $conf->cron->dir_temp; + if (empty($outputdir)) $outputdir = $conf->cronjob->dir_temp; - // Execute a CLI - include_once DOL_DOCUMENT_ROOT.'/core/class/utils.class.php'; - $utils = new Utils($this->db); - $arrayresult = $utils->executeCLI($this->command, $outputfile); + if (!empty($outputdir)) + { + dol_mkdir($outputdir); + $outputfile = $outputdir.'/cronjob.'.$userlogin.'.out'; // File used with popen method - $retval = $arrayresult['result']; - $this->error = $arrayresult['error']; - $this->lastoutput = $arrayresult['output']; - $this->lastresult = $arrayresult['result']; + // Execute a CLI + include_once DOL_DOCUMENT_ROOT.'/core/class/utils.class.php'; + $utils = new Utils($this->db); + $arrayresult = $utils->executeCLI($this->command, $outputfile); + + $retval = $arrayresult['result']; + $this->error = $arrayresult['error']; + $this->lastoutput = $arrayresult['output']; + $this->lastresult = $arrayresult['result']; + } } } diff --git a/htdocs/cron/list.php b/htdocs/cron/list.php index 7273640e77e..9bc98d9e8ea 100644 --- a/htdocs/cron/list.php +++ b/htdocs/cron/list.php @@ -46,7 +46,7 @@ $id=GETPOST('id', 'int'); $limit = GETPOST('limit', 'int')?GETPOST('limit', 'int'):$conf->liste_limit; $sortfield = GETPOST("sortfield", 'alpha'); -$sortorder = GETPOST("sortorder", 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOST("page", 'int'); if (empty($page) || $page == -1) { $page = 0; } // If $page is not defined, or '' or -1 $offset = $limit * $page; diff --git a/htdocs/datapolicy/admin/setup.php b/htdocs/datapolicy/admin/setup.php index ab737f679ca..468d612c67d 100644 --- a/htdocs/datapolicy/admin/setup.php +++ b/htdocs/datapolicy/admin/setup.php @@ -36,7 +36,7 @@ $langs->load('datapolicy@datapolicy'); if (! $user->admin) accessforbidden(); // Parameters -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $backtopage = GETPOST('backtopage', 'alpha'); $arrayofparameters=array( diff --git a/htdocs/datapolicy/admin/setupmail.php b/htdocs/datapolicy/admin/setupmail.php index f50fa08d31c..f3dd6eacb6f 100644 --- a/htdocs/datapolicy/admin/setupmail.php +++ b/htdocs/datapolicy/admin/setupmail.php @@ -29,7 +29,7 @@ $langs->loadLangs(array('admin', 'companies', 'members', 'datapolicy')); // Parameters -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $backtopage = GETPOST('backtopage', 'alpha'); $formadmin = new FormAdmin($db); diff --git a/htdocs/datapolicy/public/index.php b/htdocs/datapolicy/public/index.php index 6c78f380b93..4c7f0307c16 100644 --- a/htdocs/datapolicy/public/index.php +++ b/htdocs/datapolicy/public/index.php @@ -39,7 +39,7 @@ require_once DOL_DOCUMENT_ROOT.'/datapolicy/class/datapolicy.class.php'; $idc = GETPOST('c', 'int'); $ids = GETPOST('s', 'int'); $ida = GETPOST('a', 'int'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $lang = GETPOST('l', 'alpha'); $code = GETPOST('key', 'alpha'); diff --git a/htdocs/document.php b/htdocs/document.php index a55ca1fd895..8bdba41b83c 100644 --- a/htdocs/document.php +++ b/htdocs/document.php @@ -222,7 +222,7 @@ if (! $accessallowed) if (preg_match('/\.\./', $fullpath_original_file) || preg_match('/[<>|]/', $fullpath_original_file)) { dol_syslog("Refused to deliver file ".$fullpath_original_file); - print "ErrorFileNameInvalid: ".$original_file; + print "ErrorFileNameInvalid: ".dol_escape_htmltag($original_file); exit; } diff --git a/htdocs/don/admin/donation.php b/htdocs/don/admin/donation.php index 0662c367a40..d0e10200b7c 100644 --- a/htdocs/don/admin/donation.php +++ b/htdocs/don/admin/donation.php @@ -37,7 +37,7 @@ $langs->loadLangs(array('admin', 'donations', 'accountancy', 'other')); if (!$user->admin) accessforbidden(); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $value = GETPOST('value'); $label = GETPOST('label', 'alpha'); $scandir = GETPOST('scan_dir', 'alpha'); diff --git a/htdocs/don/document.php b/htdocs/don/document.php index fcb3c87ad9d..c7aa8e35fc3 100644 --- a/htdocs/don/document.php +++ b/htdocs/don/document.php @@ -45,7 +45,7 @@ $langs->loadLangs(array("companies","other","donations")); $id = GETPOST('id', 'int'); $ref = GETPOST('ref', 'alpha'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $confirm = GETPOST('confirm', 'alpha'); $projectid = (GETPOST('projectid') ? GETPOST('projectid', 'int') : 0); @@ -56,7 +56,7 @@ $result = restrictedArea($user, 'don', $id, ''); // Get parameters $sortfield = GETPOST('sortfield', 'alpha'); -$sortorder = GETPOST('sortorder', 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOST('page', 'int'); if (empty($page) || $page == -1) { $page = 0; } // If $page is not defined, or '' or -1 $offset = $conf->liste_limit * $page; diff --git a/htdocs/don/list.php b/htdocs/don/list.php index 1af11afca24..69430e5e805 100644 --- a/htdocs/don/list.php +++ b/htdocs/don/list.php @@ -33,7 +33,7 @@ if (! empty($conf->projet->enabled)) require_once DOL_DOCUMENT_ROOT.'/projet/cla $langs->loadLangs(array("companies","donations")); $sortfield = GETPOST("sortfield", 'alpha'); -$sortorder = GETPOST("sortorder", 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOST("page", 'int'); $limit = GETPOST('limit', 'int')?GETPOST('limit', 'int'):$conf->liste_limit; if (empty($page) || $page == -1) { $page = 0; } // If $page is not defined, or '' or -1 diff --git a/htdocs/ecm/file_card.php b/htdocs/ecm/file_card.php index 4eebb2d36b3..65049c48723 100644 --- a/htdocs/ecm/file_card.php +++ b/htdocs/ecm/file_card.php @@ -1,5 +1,5 @@ +/* Copyright (C) 2008-2020 Laurent Destailleur * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -127,7 +127,7 @@ if ($action == 'update') $oldlabel=GETPOST('urlfile', 'alpha'); $newlabel=GETPOST('label', 'alpha'); - $shareenabled = GETPOST('shareenabled', 'alpha'); + $shareenabled = dol_sanitizeFileName(GETPOST('shareenabled', 'alpha')); //$db->begin(); diff --git a/htdocs/ecm/index.php b/htdocs/ecm/index.php index 8a059ea53a3..483e22a0d17 100644 --- a/htdocs/ecm/index.php +++ b/htdocs/ecm/index.php @@ -46,7 +46,7 @@ if (! $section) $section=0; $section_dir=GETPOST('section_dir', 'alpha'); $sortfield = GETPOST("sortfield", 'alpha'); -$sortorder = GETPOST("sortorder", 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOST("page", 'int'); if (empty($page) || $page == -1) { $page = 0; } // If $page is not defined, or '' or -1 $offset = $conf->liste_limit * $page; diff --git a/htdocs/ecm/index_auto.php b/htdocs/ecm/index_auto.php index f068eed1319..755f83cdab8 100644 --- a/htdocs/ecm/index_auto.php +++ b/htdocs/ecm/index_auto.php @@ -48,7 +48,7 @@ $section_dir=GETPOST('section_dir', 'alpha'); $search_doc_ref=GETPOST('search_doc_ref', 'alpha'); $sortfield = GETPOST("sortfield", 'alpha'); -$sortorder = GETPOST("sortorder", 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOST("page", 'int'); if (empty($page) || $page == -1) { $page = 0; } // If $page is not defined, or '' or -1 $offset = $conf->liste_limit * $page; diff --git a/htdocs/ecm/search.php b/htdocs/ecm/search.php index a5e296ae1e6..afb66a68ad5 100644 --- a/htdocs/ecm/search.php +++ b/htdocs/ecm/search.php @@ -41,8 +41,8 @@ $user->getrights('ecm'); // Get parameters $socid = GETPOST('socid', 'int'); -$action = GETPOST('action', 'alpha'); -$section=GETPOST('section'); +$action = GETPOST('action', 'aZ09'); +$section = GETPOST('section'); if (! $section) $section=0; $module = GETPOST('module', 'alpha'); @@ -53,7 +53,7 @@ if (empty($module)) $module='ecm'; $upload_dir = $conf->ecm->dir_output.'/'.$section; $sortfield = GETPOST("sortfield", 'alpha'); -$sortorder = GETPOST("sortorder", 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOST("page", 'int'); if (empty($page) || $page == -1) { $page = 0; } // If $page is not defined, or '' or -1 $offset = $conf->liste_limit * $page; diff --git a/htdocs/expedition/list.php b/htdocs/expedition/list.php index f5c111f2268..ddd13f8e740 100644 --- a/htdocs/expedition/list.php +++ b/htdocs/expedition/list.php @@ -59,7 +59,7 @@ $optioncss = GETPOST('optioncss', 'alpha'); $limit = GETPOST('limit', 'int')?GETPOST('limit', 'int'):$conf->liste_limit; $sortfield = GETPOST('sortfield', 'alpha'); -$sortorder = GETPOST('sortorder', 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOST('page', 'int'); if (! $sortfield) $sortfield="e.ref"; if (! $sortorder) $sortorder="DESC"; diff --git a/htdocs/expedition/shipment.php b/htdocs/expedition/shipment.php index 4c1e1b3adbf..a244bebc82f 100644 --- a/htdocs/expedition/shipment.php +++ b/htdocs/expedition/shipment.php @@ -46,7 +46,7 @@ $langs->loadLangs(array('orders',"companies","bills",'propal','deliveries','stoc $id = GETPOST('id', 'int'); // id of order $ref = GETPOST('ref', 'alpha'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $hookmanager->initHooks(array('ordershipmentcard')); diff --git a/htdocs/expensereport/document.php b/htdocs/expensereport/document.php index f5295118bda..f3da329ac5e 100644 --- a/htdocs/expensereport/document.php +++ b/htdocs/expensereport/document.php @@ -39,7 +39,7 @@ $langs->loadLangs(array("other","trips","companies","interventions")); $id = GETPOST('id', 'int'); $ref = GETPOST('ref', 'alpha'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $confirm = GETPOST('confirm', 'alpha'); // Security check @@ -49,7 +49,7 @@ $result = restrictedArea($user, 'expensereport', $id, 'expensereport'); // Get parameters $sortfield = GETPOST('sortfield', 'alpha'); -$sortorder = GETPOST('sortorder', 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOST('page', 'int'); if (empty($page) || $page == -1) { $page = 0; } // If $page is not defined, or '' or -1 $offset = $conf->liste_limit * $page; diff --git a/htdocs/expensereport/list.php b/htdocs/expensereport/list.php index 03cafb6b60d..ab60da279c9 100644 --- a/htdocs/expensereport/list.php +++ b/htdocs/expensereport/list.php @@ -73,7 +73,7 @@ $diroutputmassaction=$conf->expensereport->dir_output . '/temp/massgeneration/'. // Load variable for pagination $limit = GETPOST('limit', 'int')?GETPOST('limit', 'int'):$conf->liste_limit; $sortfield = GETPOST('sortfield', 'alpha'); -$sortorder = GETPOST('sortorder', 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOST('page', 'int'); if (empty($page) || $page == -1) { $page = 0; } // If $page is not defined, or '' or -1 $offset = $limit * $page; diff --git a/htdocs/externalsite/admin/externalsite.php b/htdocs/externalsite/admin/externalsite.php index d1fcb7ebe6c..e596cc9423a 100644 --- a/htdocs/externalsite/admin/externalsite.php +++ b/htdocs/externalsite/admin/externalsite.php @@ -40,7 +40,7 @@ $langs->loadLangs(array('admin', 'other', 'externalsite')); $def = array(); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); // Sauvegardes parametres if ($action == 'update') diff --git a/htdocs/fichinter/contact.php b/htdocs/fichinter/contact.php index d38bb7673b5..267bc849b67 100644 --- a/htdocs/fichinter/contact.php +++ b/htdocs/fichinter/contact.php @@ -36,7 +36,7 @@ $langs->loadLangs(array('interventions', 'sendings', 'companies')); $id = GETPOST('id', 'int'); $ref = GETPOST('ref', 'alpha'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); // Security check if ($user->societe_id) $socid=$user->societe_id; diff --git a/htdocs/fichinter/document.php b/htdocs/fichinter/document.php index d5aed88079a..c18355e849b 100644 --- a/htdocs/fichinter/document.php +++ b/htdocs/fichinter/document.php @@ -43,7 +43,7 @@ $langs->loadLangs(array('other', 'fichinter', 'companies', 'interventions')); $id = GETPOST('id', 'int'); $ref = GETPOST('ref', 'alpha'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $confirm = GETPOST('confirm', 'alpha'); // Security check @@ -53,7 +53,7 @@ $result = restrictedArea($user, 'ficheinter', $id, 'fichinter'); // Get parameters $sortfield = GETPOST('sortfield', 'alpha'); -$sortorder = GETPOST('sortorder', 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOST('page', 'int'); if (empty($page) || $page == -1) { $page = 0; } // If $page is not defined, or '' or -1 $offset = $conf->liste_limit * $page; diff --git a/htdocs/fichinter/list.php b/htdocs/fichinter/list.php index e54aa7940d3..59283ac9d8e 100644 --- a/htdocs/fichinter/list.php +++ b/htdocs/fichinter/list.php @@ -66,7 +66,7 @@ $diroutputmassaction=$conf->ficheinter->dir_output . '/temp/massgeneration/'.$us $limit = GETPOST('limit', 'int')?GETPOST('limit', 'int'):$conf->liste_limit; $sortfield = GETPOST('sortfield', 'alpha'); -$sortorder = GETPOST('sortorder', 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOST('page', 'int'); if (empty($page) || $page == -1) { $page = 0; } // If $page is not defined, or '' or -1 $offset = $limit * $page; diff --git a/htdocs/fourn/commande/document.php b/htdocs/fourn/commande/document.php index f933ecfdb5f..b9143677ffe 100644 --- a/htdocs/fourn/commande/document.php +++ b/htdocs/fourn/commande/document.php @@ -43,7 +43,7 @@ $langs->loadLangs(array("bills", "orders", "sendings", "companies", "deliveries" $id = GETPOST('id', 'int'); $ref = GETPOST('ref', 'alpha'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $confirm = GETPOST('confirm', 'alpha'); // Security check @@ -52,7 +52,7 @@ $result = restrictedArea($user, 'fournisseur', $id, 'commande_fournisseur', 'com // Get parameters $sortfield = GETPOST("sortfield", 'alpha'); -$sortorder = GETPOST("sortorder", 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOST("page", 'int'); if (empty($page) || $page == -1) { $page = 0; } // If $page is not defined, or '' or -1 $offset = $conf->liste_limit * $page; diff --git a/htdocs/fourn/commande/info.php b/htdocs/fourn/commande/info.php index 171449bc653..0a7ad8fc24c 100644 --- a/htdocs/fourn/commande/info.php +++ b/htdocs/fourn/commande/info.php @@ -38,7 +38,7 @@ $langs->loadLangs(array("suppliers", "orders", "companies", "stocks")); $id=GETPOST('id', 'int'); $ref=GETPOST('ref', 'alpha'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); if (GETPOST('actioncode', 'array')) { diff --git a/htdocs/fourn/commande/list.php b/htdocs/fourn/commande/list.php index db427c24c43..65210d1d252 100644 --- a/htdocs/fourn/commande/list.php +++ b/htdocs/fourn/commande/list.php @@ -98,7 +98,7 @@ $diroutputmassaction=$conf->fournisseur->commande->dir_output . '/temp/massgener $limit = GETPOST('limit', 'int')?GETPOST('limit', 'int'):$conf->liste_limit; $sortfield = GETPOST("sortfield", 'alpha'); -$sortorder = GETPOST("sortorder", 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOST("page", 'int'); if (empty($page) || $page == -1 || !empty($search_btn) || !empty($search_remove_btn) || (empty($toselect) && $massaction === '0')) { $page = 0; } // If $page is not defined, or '' or -1 $offset = $limit * $page; diff --git a/htdocs/fourn/commande/orderstoinvoice.php b/htdocs/fourn/commande/orderstoinvoice.php index 39f33bebb73..ba15e54fdbb 100644 --- a/htdocs/fourn/commande/orderstoinvoice.php +++ b/htdocs/fourn/commande/orderstoinvoice.php @@ -49,7 +49,7 @@ if (! $user->rights->fournisseur->facture->creer) $id = (GETPOST('id') ? GETPOST('id', 'int') : GETPOST("facid")); // For backward compatibility $ref = GETPOST('ref', 'alpha'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $confirm = GETPOST('confirm', 'alpha'); $sref = GETPOST('sref'); $sref_client = GETPOST('sref_client'); @@ -57,7 +57,7 @@ $sall = trim((GETPOST('search_all', 'alphanohtml')!='')?GETPOST('search_all', 'a $socid = GETPOST('socid', 'int'); $selected = GETPOST('orders_to_invoice'); $sortfield = GETPOST("sortfield", 'alpha'); -$sortorder = GETPOST("sortorder", 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $viewstatut = GETPOST('viewstatut'); if (! $sortfield) diff --git a/htdocs/fourn/contact.php b/htdocs/fourn/contact.php index f476758396e..5f1864c2518 100644 --- a/htdocs/fourn/contact.php +++ b/htdocs/fourn/contact.php @@ -42,7 +42,7 @@ if ($user->societe_id > 0) } $sortfield = GETPOST("sortfield", 'alpha'); -$sortorder = GETPOST("sortorder", 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOST("page", 'int'); if (empty($page) || $page == -1) { $page = 0; } // If $page is not defined, or '' or -1 $offset = $conf->liste_limit * $page; diff --git a/htdocs/fourn/facture/note.php b/htdocs/fourn/facture/note.php index 808b2e28b4f..b8fe23271a3 100644 --- a/htdocs/fourn/facture/note.php +++ b/htdocs/fourn/facture/note.php @@ -37,7 +37,7 @@ $langs->loadLangs(array("bills", "companies")); $id = (GETPOST('id', 'int') ? GETPOST('id', 'int') : GETPOST('facid', 'int')); $ref = GETPOST('ref', 'alpha'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); // Security check if ($user->societe_id) $socid=$user->societe_id; diff --git a/htdocs/fourn/facture/rapport.php b/htdocs/fourn/facture/rapport.php index ccc92ad2cba..56b5a451d05 100644 --- a/htdocs/fourn/facture/rapport.php +++ b/htdocs/fourn/facture/rapport.php @@ -45,7 +45,7 @@ if ($user->societe_id > 0) $dir = $conf->fournisseur->facture->dir_output.'/payments'; if (! $user->rights->societe->client->voir || $socid) $dir.='/private/'.$user->id; // If user has no permission to see all, output dir is specific to user -$year = $_GET["year"]; +$year = GETPOST("year", 'int'); if (! $year) { $year=date("Y"); } @@ -67,7 +67,7 @@ if ($action == 'builddoc') // We save charset_output to restore it because write_file can change it if needed for // output format that does not support UTF8. $sav_charset_output=$outputlangs->charset_output; - if ($rap->write_file($dir, $_POST["remonth"], $_POST["reyear"], $outputlangs) > 0) + if ($rap->write_file($dir, GETPOST("remonth", 'int'), GETPOST("reyear", 'int'), $outputlangs) > 0) { $outputlangs->charset_output=$sav_charset_output; } @@ -77,7 +77,7 @@ if ($action == 'builddoc') dol_print_error($db, $obj->error); } - $year = $_POST["reyear"]; + $year = GETPOST("reyear", 'int'); } diff --git a/htdocs/fourn/product/list.php b/htdocs/fourn/product/list.php index 7311f0d20ff..55258489c92 100644 --- a/htdocs/fourn/product/list.php +++ b/htdocs/fourn/product/list.php @@ -44,7 +44,7 @@ $optioncss = GETPOST('optioncss', 'alpha'); // Load variable for pagination $limit = GETPOST('limit', 'int')?GETPOST('limit', 'int'):$conf->liste_limit; $sortfield = GETPOST('sortfield', 'alpha'); -$sortorder = GETPOST('sortorder', 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOST('page', 'int'); if (empty($page) || $page == -1) { $page = 0; } // If $page is not defined, or '' or -1 $offset = $limit * $page; diff --git a/htdocs/ftp/admin/ftpclient.php b/htdocs/ftp/admin/ftpclient.php index ff344c45809..c642daceaff 100644 --- a/htdocs/ftp/admin/ftpclient.php +++ b/htdocs/ftp/admin/ftpclient.php @@ -33,7 +33,7 @@ if (!$user->admin) accessforbidden(); $def = array(); $lastftpentry=0; -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $entry = GETPOST('numero_entry', 'alpha'); diff --git a/htdocs/ftp/index.php b/htdocs/ftp/index.php index 07af448aedd..527e3f64f0c 100644 --- a/htdocs/ftp/index.php +++ b/htdocs/ftp/index.php @@ -48,7 +48,7 @@ $upload_dir = $conf->ftp->dir_temp; $download_dir = $conf->ftp->dir_temp; $sortfield = GETPOST("sortfield", 'alpha'); -$sortorder = GETPOST("sortorder", 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOST("page", 'int'); if (empty($page) || $page == -1) { $page = 0; } // If $page is not defined, or '' or -1 $offset = $conf->liste_limit * $page; diff --git a/htdocs/holiday/define_holiday.php b/htdocs/holiday/define_holiday.php index c0b25e57769..8539f1b359b 100644 --- a/htdocs/holiday/define_holiday.php +++ b/htdocs/holiday/define_holiday.php @@ -42,7 +42,7 @@ $search_supervisor=GETPOST('search_supervisor', 'int'); // Load variable for pagination $limit = GETPOST('limit', 'int')?GETPOST('limit', 'int'):$conf->liste_limit; $sortfield = GETPOST('sortfield', 'alpha'); -$sortorder = GETPOST('sortorder', 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOST('page', 'int'); if (empty($page) || $page == -1) { $page = 0; } // If $page is not defined, or '' or -1 $offset = $limit * $page; diff --git a/htdocs/holiday/document.php b/htdocs/holiday/document.php index 30803a9ecbc..334a9da9ada 100644 --- a/htdocs/holiday/document.php +++ b/htdocs/holiday/document.php @@ -41,7 +41,7 @@ $langs->loadLangs(array('other', 'holiday', 'companies')); $id = GETPOST('id', 'int'); $ref = GETPOST('ref', 'alpha'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $confirm = GETPOST('confirm', 'alpha'); // Security check @@ -50,7 +50,7 @@ $result = restrictedArea($user, 'holiday', $id, 'holiday'); // Get parameters $sortfield = GETPOST('sortfield', 'alpha'); -$sortorder = GETPOST('sortorder', 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOST('page', 'int'); if (empty($page) || $page == -1) { $page = 0; } // If $page is not defined, or '' or -1 $offset = $conf->liste_limit * $page; diff --git a/htdocs/holiday/list.php b/htdocs/holiday/list.php index 1ead5872f78..69969a771a3 100644 --- a/htdocs/holiday/list.php +++ b/htdocs/holiday/list.php @@ -77,7 +77,7 @@ if ($id > 0) // Load variable for pagination $limit = GETPOST('limit', 'int')?GETPOST('limit', 'int'):$conf->liste_limit; $sortfield = GETPOST('sortfield', 'alpha'); -$sortorder = GETPOST('sortorder', 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOST('page', 'int'); if (empty($page) || $page == -1) { $page = 0; } // If $page is not defined, or '' or -1 $offset = $limit * $page; diff --git a/htdocs/holiday/view_log.php b/htdocs/holiday/view_log.php index a37d3490c97..24ecdc6c7be 100644 --- a/htdocs/holiday/view_log.php +++ b/htdocs/holiday/view_log.php @@ -49,7 +49,7 @@ if (empty($year)) // Load variable for pagination $limit = GETPOST('limit', 'int')?GETPOST('limit', 'int'):$conf->liste_limit; $sortfield = GETPOST('sortfield', 'alpha'); -$sortorder = GETPOST('sortorder', 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOST('page', 'int'); if (empty($page) || $page == -1 || GETPOST('button_search', 'alpha') || GETPOST('button_removefilter', 'alpha') || (empty($toselect) && $massaction === '0')) { $page = 0; } // If $page is not defined, or '' or -1 or if we click on clear filters or if we select empty mass action $offset = $limit * $page; diff --git a/htdocs/hrm/admin/admin_hrm.php b/htdocs/hrm/admin/admin_hrm.php index 8c231287892..ba3000b686a 100644 --- a/htdocs/hrm/admin/admin_hrm.php +++ b/htdocs/hrm/admin/admin_hrm.php @@ -30,7 +30,7 @@ $langs->loadLangs(array('admin', 'hrm')); if (! $user->admin) accessforbidden(); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); // Other parameters HRM_* $list = array ( @@ -42,15 +42,15 @@ $list = array ( */ if ($action == 'update') { $error = 0; - + foreach ($list as $constname) { $constvalue = GETPOST($constname, 'alpha'); - + if (! dolibarr_set_const($db, $constname, $constvalue, 'chaine', 0, '', $conf->entity)) { $error ++; } } - + if (! $error) { setEventMessages($langs->trans("SetupSaved"), null, 'mesgs'); } else { @@ -87,13 +87,13 @@ print "\n"; foreach ($list as $key) { $var = ! $var; - + print ''; - + // Param $label = $langs->trans($key); print ''; - + // Value print ''; print ''; diff --git a/htdocs/hrm/establishment/card.php b/htdocs/hrm/establishment/card.php index 071277bd501..d0506863b55 100644 --- a/htdocs/hrm/establishment/card.php +++ b/htdocs/hrm/establishment/card.php @@ -33,7 +33,7 @@ if (! $user->admin) accessforbidden(); $error=0; -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $cancel = GETPOST('cancel', 'alpha'); $confirm = GETPOST('confirm', 'alpha'); $id = GETPOST('id', 'int'); diff --git a/htdocs/langs/en_US/errors.lang b/htdocs/langs/en_US/errors.lang index 4c8e761da9a..e5415125e81 100644 --- a/htdocs/langs/en_US/errors.lang +++ b/htdocs/langs/en_US/errors.lang @@ -218,6 +218,7 @@ ErrorVariableKeyForContentMustBeSet=Error, the constant with name %s (with text ErrorURLMustStartWithHttp=URL %s must start with http:// or https:// ErrorNewRefIsAlreadyUsed=Error, the new reference is already used ErrorDeletePaymentLinkedToAClosedInvoiceNotPossible=Error, delete payment linked to a closed invoice is not possible. +ErrorParameterMustBeEnabledToAllwoThisFeature=Error, parameter %s must be enabled into conf/conf.php to allow use of Command Line Interface by the internal job scheduler # Warnings WarningParamUploadMaxFileSizeHigherThanPostMaxSize=Your PHP parameter upload_max_filesize (%s) is higher than PHP parameter post_max_size (%s). This is not a consistent setup. WarningPasswordSetWithNoAccount=A password was set for this member. However, no user account was created. So this password is stored but can't be used to login to Dolibarr. It may be used by an external module/interface but if you don't need to define any login nor password for a member, you can disable option "Manage a login for each member" from Member module setup. If you need to manage a login but don't need any password, you can keep this field empty to avoid this warning. Note: Email can also be used as a login if the member is linked to a user. @@ -242,4 +243,4 @@ WarningYourLoginWasModifiedPleaseLogin=Your login was modified. For security pur WarningAnEntryAlreadyExistForTransKey=An entry already exists for the translation key for this language WarningNumberOfRecipientIsRestrictedInMassAction=Warning, number of different recipient is limited to %s when using the mass actions on lists WarningDateOfLineMustBeInExpenseReportRange=Warning, the date of line is not in the range of the expense report -WarningProjectClosed=Project is closed. You must re-open it first. \ No newline at end of file +WarningProjectClosed=Project is closed. You must re-open it first. diff --git a/htdocs/margin/agentMargins.php b/htdocs/margin/agentMargins.php index 96787b1231b..24caff35af0 100644 --- a/htdocs/margin/agentMargins.php +++ b/htdocs/margin/agentMargins.php @@ -37,7 +37,7 @@ $mesg = ''; // Load variable for pagination $limit = GETPOST('limit', 'int')?GETPOST('limit', 'int'):$conf->liste_limit; $sortfield = GETPOST('sortfield', 'alpha'); -$sortorder = GETPOST('sortorder', 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOST('page', 'int'); if (empty($page) || $page == -1) { $page = 0; } // If $page is not defined, or '' or -1 $offset = $limit * $page; diff --git a/htdocs/margin/checkMargins.php b/htdocs/margin/checkMargins.php index a3b932e565c..952cc9c3f4c 100644 --- a/htdocs/margin/checkMargins.php +++ b/htdocs/margin/checkMargins.php @@ -42,7 +42,7 @@ $optioncss = GETPOST('optioncss', 'alpha'); // Load variable for pagination $limit = GETPOST('limit', 'int')?GETPOST('limit', 'int'):$conf->liste_limit; $sortfield = GETPOST('sortfield', 'alpha'); -$sortorder = GETPOST('sortorder', 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOST('page', 'int'); if (empty($page) || $page == -1) { $page = 0; } // If $page is not defined, or '' or -1 $offset = $limit * $page; diff --git a/htdocs/margin/customerMargins.php b/htdocs/margin/customerMargins.php index 36e033a5e50..e4030657e53 100644 --- a/htdocs/margin/customerMargins.php +++ b/htdocs/margin/customerMargins.php @@ -46,7 +46,7 @@ $mesg = ''; // Load variable for pagination $limit = GETPOST('limit', 'int')?GETPOST('limit', 'int'):$conf->liste_limit; $sortfield = GETPOST('sortfield', 'alpha'); -$sortorder = GETPOST('sortorder', 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOST('page', 'int'); if (empty($page) || $page == -1) { $page = 0; } // If $page is not defined, or '' or -1 $offset = $limit * $page; @@ -115,7 +115,7 @@ else { } $sortfield = GETPOST("sortfield", 'alpha'); -$sortorder = GETPOST("sortorder", 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); if (! $sortorder) $sortorder="ASC"; if (! $sortfield) { diff --git a/htdocs/margin/productMargins.php b/htdocs/margin/productMargins.php index 8ec46c3e8ed..0b90fc95b9e 100644 --- a/htdocs/margin/productMargins.php +++ b/htdocs/margin/productMargins.php @@ -49,7 +49,7 @@ $mesg = ''; // Load variable for pagination $limit = GETPOST('limit', 'int')?GETPOST('limit', 'int'):$conf->liste_limit; $sortfield = GETPOST('sortfield', 'alpha'); -$sortorder = GETPOST('sortorder', 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOST('page', 'int'); if (empty($page) || $page == -1) { $page = 0; } // If $page is not defined, or '' or -1 $offset = $limit * $page; diff --git a/htdocs/margin/tabs/productMargins.php b/htdocs/margin/tabs/productMargins.php index 9b62c1b1bca..8bf3d798503 100644 --- a/htdocs/margin/tabs/productMargins.php +++ b/htdocs/margin/tabs/productMargins.php @@ -45,7 +45,7 @@ $object = new Product($db); $mesg = ''; $sortfield = GETPOST("sortfield", 'alpha'); -$sortorder = GETPOST("sortorder", 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOST("page", 'int'); if (empty($page) || $page == -1) { $page = 0; } // If $page is not defined, or '' or -1 $offset = $conf->liste_limit * $page; diff --git a/htdocs/margin/tabs/thirdpartyMargins.php b/htdocs/margin/tabs/thirdpartyMargins.php index 337190b6c15..6f526c945e1 100644 --- a/htdocs/margin/tabs/thirdpartyMargins.php +++ b/htdocs/margin/tabs/thirdpartyMargins.php @@ -37,7 +37,7 @@ $result = restrictedArea($user, 'societe', '', ''); $mesg = ''; $sortfield = GETPOST("sortfield", 'alpha'); -$sortorder = GETPOST("sortorder", 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOST("page", 'int'); if (empty($page) || $page == -1) { $page = 0; } // If $page is not defined, or '' or -1 $offset = $conf->liste_limit * $page; diff --git a/htdocs/modulebuilder/admin/setup.php b/htdocs/modulebuilder/admin/setup.php index c409d18b2f1..51c2ffb41b7 100644 --- a/htdocs/modulebuilder/admin/setup.php +++ b/htdocs/modulebuilder/admin/setup.php @@ -29,7 +29,7 @@ $langs->loadLangs(array("admin", "other", "modulebuilder")); if (!$user->admin || empty($conf->modulebuilder->enabled)) accessforbidden(); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $backtopage = GETPOST('backtopage', 'alpha'); /* diff --git a/htdocs/modulebuilder/template/admin/about.php b/htdocs/modulebuilder/template/admin/about.php index e580c6c7457..1ddcd3126d8 100644 --- a/htdocs/modulebuilder/template/admin/about.php +++ b/htdocs/modulebuilder/template/admin/about.php @@ -48,7 +48,7 @@ $langs->loadLangs(array("errors","admin","mymodule@mymodule")); if (! $user->admin) accessforbidden(); // Parameters -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $backtopage = GETPOST('backtopage', 'alpha'); diff --git a/htdocs/modulebuilder/template/admin/setup.php b/htdocs/modulebuilder/template/admin/setup.php index fd3ff41c799..a18d89a83bc 100644 --- a/htdocs/modulebuilder/template/admin/setup.php +++ b/htdocs/modulebuilder/template/admin/setup.php @@ -50,7 +50,7 @@ $langs->loadLangs(array("admin", "mymodule@mymodule")); if (! $user->admin) accessforbidden(); // Parameters -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $backtopage = GETPOST('backtopage', 'alpha'); $arrayofparameters=array( diff --git a/htdocs/modulebuilder/template/myobject_list.php b/htdocs/modulebuilder/template/myobject_list.php index a2bd9d39fe7..29fa1f50ce3 100644 --- a/htdocs/modulebuilder/template/myobject_list.php +++ b/htdocs/modulebuilder/template/myobject_list.php @@ -84,7 +84,7 @@ $id = GETPOST('id', 'int'); // Load variable for pagination $limit = GETPOST('limit', 'int')?GETPOST('limit', 'int'):$conf->liste_limit; $sortfield = GETPOST('sortfield', 'alpha'); -$sortorder = GETPOST('sortorder', 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOST('page', 'int'); if (empty($page) || $page == -1 || GETPOST('button_search', 'alpha') || GETPOST('button_removefilter', 'alpha') || (empty($toselect) && $massaction === '0')) { $page = 0; } // If $page is not defined, or '' or -1 or if we click on clear filters or if we select empty mass action $offset = $limit * $page; diff --git a/htdocs/opensurvey/list.php b/htdocs/opensurvey/list.php index 025f7099577..df56284dc00 100644 --- a/htdocs/opensurvey/list.php +++ b/htdocs/opensurvey/list.php @@ -48,7 +48,7 @@ $search_status = GETPOST('search_status', 'alpha'); // Load variable for pagination $limit = GETPOST('limit', 'int')?GETPOST('limit', 'int'):$conf->liste_limit; $sortfield = GETPOST('sortfield', 'alpha'); -$sortorder = GETPOST('sortorder', 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOST('page', 'int'); if (empty($page) || $page == -1 || GETPOST('button_search', 'alpha') || GETPOST('button_removefilter', 'alpha') || (empty($toselect) && $massaction === '0')) { $page = 0; } // If $page is not defined, or '' or -1 or if we click on clear filters or if we select empty mass action $offset = $limit * $page; diff --git a/htdocs/paybox/admin/paybox.php b/htdocs/paybox/admin/paybox.php index 8f946a30001..ea309e32e3e 100644 --- a/htdocs/paybox/admin/paybox.php +++ b/htdocs/paybox/admin/paybox.php @@ -35,7 +35,7 @@ $langs->loadLangs(array('admin', 'other', 'paybox', 'paypal')); if (!$user->admin) accessforbidden(); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); if ($action == 'setvalue' && $user->admin) diff --git a/htdocs/paypal/admin/paypal.php b/htdocs/paypal/admin/paypal.php index 545fe9c368c..4ef5e2041dc 100644 --- a/htdocs/paypal/admin/paypal.php +++ b/htdocs/paypal/admin/paypal.php @@ -37,7 +37,7 @@ $langs->loadLangs(array('admin', 'other', 'paypal', 'paybox')); if (! $user->admin) accessforbidden(); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); if ($action == 'setvalue' && $user->admin) { diff --git a/htdocs/printing/admin/printing.php b/htdocs/printing/admin/printing.php index 289c999f6d0..780bd59f09d 100644 --- a/htdocs/printing/admin/printing.php +++ b/htdocs/printing/admin/printing.php @@ -35,7 +35,7 @@ $langs->loadLangs(array('admin', 'printing', 'oauth')); if (! $user->admin) accessforbidden(); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $mode = GETPOST('mode', 'alpha'); $value = GETPOST('value', 'alpha', 0, null, null, 1); // The value may be __google__docs so we force disable of replace $varname = GETPOST('varname', 'alpha'); diff --git a/htdocs/product/admin/dynamic_prices.php b/htdocs/product/admin/dynamic_prices.php index 2c65a02a716..7748f3c0c93 100644 --- a/htdocs/product/admin/dynamic_prices.php +++ b/htdocs/product/admin/dynamic_prices.php @@ -31,7 +31,7 @@ require_once DOL_DOCUMENT_ROOT.'/product/dynamic_price/class/price_global_variab $langs->load("products"); $id = GETPOST('id', 'int'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $save = GETPOST('save', 'alpha'); $cancel = GETPOST('cancel', 'alpha'); $selection = GETPOST('selection', 'int'); diff --git a/htdocs/product/admin/product.php b/htdocs/product/admin/product.php index fff393ffc2a..87b883e34a8 100644 --- a/htdocs/product/admin/product.php +++ b/htdocs/product/admin/product.php @@ -43,7 +43,7 @@ $langs->loadLangs(array("admin","products")); if (! $user->admin || (empty($conf->product->enabled) && empty($conf->service->enabled))) accessforbidden(); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $value = GETPOST('value', 'alpha'); $label = GETPOST('label', 'alpha'); $scandir = GETPOST('scan_dir', 'alpha'); diff --git a/htdocs/product/admin/product_tools.php b/htdocs/product/admin/product_tools.php index d68b395d5ad..77661a2d175 100644 --- a/htdocs/product/admin/product_tools.php +++ b/htdocs/product/admin/product_tools.php @@ -37,7 +37,7 @@ $langs->loadLangs(array('admin', 'products')); // Security check if (! $user->admin) accessforbidden(); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $oldvatrate=GETPOST('oldvatrate', 'alpha'); $newvatrate=GETPOST('newvatrate', 'alpha'); //$price_base_type=GETPOST('price_base_type'); diff --git a/htdocs/product/ajax/products.php b/htdocs/product/ajax/products.php index ca2ce7baeb8..a863a1ecdaa 100644 --- a/htdocs/product/ajax/products.php +++ b/htdocs/product/ajax/products.php @@ -39,7 +39,7 @@ $mode = GETPOST('mode', 'int'); $status = ((GETPOST('status', 'int') >= 0) ? GETPOST('status', 'int') : - 1); $outjson = (GETPOST('outjson', 'int') ? GETPOST('outjson', 'int') : 0); $price_level = GETPOST('price_level', 'int'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $id = GETPOST('id', 'int'); $price_by_qty_rowid = GETPOST('pbq', 'int'); $finished = GETPOST('finished', 'int'); diff --git a/htdocs/product/document.php b/htdocs/product/document.php index 94db650a519..869754e1d4e 100644 --- a/htdocs/product/document.php +++ b/htdocs/product/document.php @@ -42,7 +42,7 @@ $langs->loadLangs(array('other', 'products')); $id = GETPOST('id', 'int'); $ref = GETPOST('ref', 'alpha'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $confirm= GETPOST('confirm', 'alpha'); // Security check diff --git a/htdocs/product/dynamic_price/editor.php b/htdocs/product/dynamic_price/editor.php index 05c6491ae6e..e667c469670 100644 --- a/htdocs/product/dynamic_price/editor.php +++ b/htdocs/product/dynamic_price/editor.php @@ -33,7 +33,7 @@ $langs->loadLangs(array('products', 'accountancy')); //"Back" translation is on $id = GETPOST('id', 'int'); $eid = GETPOST('eid', 'int'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $title = GETPOST('expression_title', 'alpha'); $expression = GETPOST('expression'); $tab = GETPOST('tab', 'alpha'); diff --git a/htdocs/product/inventory/list.php b/htdocs/product/inventory/list.php index 7d097b6ecac..4a8b6946437 100644 --- a/htdocs/product/inventory/list.php +++ b/htdocs/product/inventory/list.php @@ -45,7 +45,7 @@ $id = GETPOST('id', 'int'); // Load variable for pagination $limit = GETPOST('limit', 'int')?GETPOST('limit', 'int'):$conf->liste_limit; $sortfield = GETPOST('sortfield', 'alpha'); -$sortorder = GETPOST('sortorder', 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOST('page', 'int'); if (empty($page) || $page == -1) { $page = 0; } // If $page is not defined, or '' or -1 $offset = $limit * $page; diff --git a/htdocs/product/price.php b/htdocs/product/price.php index 6bc7033ec23..9e4fb9190ef 100644 --- a/htdocs/product/price.php +++ b/htdocs/product/price.php @@ -53,7 +53,7 @@ $mesg=''; $error=0; $errors=array(); $id = GETPOST('id', 'int'); $ref = GETPOST('ref', 'alpha'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $cancel = GETPOST('cancel', 'alpha'); $eid = GETPOST('eid', 'int'); @@ -1722,7 +1722,7 @@ if (! empty($conf->global->PRODUIT_CUSTOMER_PRICES)) print ' '; print $langs->trans('ForceUpdateChildPriceSoc'); print ''; - + print ''; print '     '; print ''; @@ -1816,7 +1816,7 @@ if (! empty($conf->global->PRODUIT_CUSTOMER_PRICES)) print ' '; print $langs->trans('ForceUpdateChildPriceSoc'); print ""; - + print ''; print '     '; print ''; diff --git a/htdocs/product/stats/commande_fournisseur.php b/htdocs/product/stats/commande_fournisseur.php index 207eab9d9fb..1e2600eccbb 100644 --- a/htdocs/product/stats/commande_fournisseur.php +++ b/htdocs/product/stats/commande_fournisseur.php @@ -53,7 +53,7 @@ $mesg = ''; // Load variable for pagination $limit = GETPOST('limit', 'int')?GETPOST('limit', 'int'):$conf->liste_limit; $sortfield = GETPOST('sortfield', 'alpha'); -$sortorder = GETPOST('sortorder', 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOST('page', 'int'); if (empty($page) || $page == -1) { $page = 0; } // If $page is not defined, or '' or -1 $offset = $limit * $page; diff --git a/htdocs/product/stats/propal.php b/htdocs/product/stats/propal.php index 52f0510cb80..ca9128eefdf 100644 --- a/htdocs/product/stats/propal.php +++ b/htdocs/product/stats/propal.php @@ -51,7 +51,7 @@ $mesg = ''; // Load variable for pagination $limit = GETPOST('limit', 'int')?GETPOST('limit', 'int'):$conf->liste_limit; $sortfield = GETPOST('sortfield', 'alpha'); -$sortorder = GETPOST('sortorder', 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOST('page', 'int'); if (empty($page) || $page == -1) { $page = 0; } // If $page is not defined, or '' or -1 $offset = $limit * $page; diff --git a/htdocs/product/stats/supplier_proposal.php b/htdocs/product/stats/supplier_proposal.php index 037eb06d646..aa0cb92cdb8 100644 --- a/htdocs/product/stats/supplier_proposal.php +++ b/htdocs/product/stats/supplier_proposal.php @@ -51,7 +51,7 @@ $mesg = ''; // Load variable for pagination $limit = GETPOST('limit', 'int')?GETPOST('limit', 'int'):$conf->liste_limit; $sortfield = GETPOST('sortfield', 'alpha'); -$sortorder = GETPOST('sortorder', 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOST('page', 'int'); if (empty($page) || $page == -1) { $page = 0; } // If $page is not defined, or '' or -1 $offset = $limit * $page; diff --git a/htdocs/product/stock/massstockmove.php b/htdocs/product/stock/massstockmove.php index bae6ff55ef7..5ed353be780 100644 --- a/htdocs/product/stock/massstockmove.php +++ b/htdocs/product/stock/massstockmove.php @@ -42,7 +42,7 @@ $result=restrictedArea($user, 'produit|service'); //checks if a product has been ordered -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $id_product = GETPOST('productid', 'int'); $id_sw = GETPOST('id_sw', 'int'); $id_tw = GETPOST('id_tw', 'int'); @@ -51,7 +51,7 @@ $qty = GETPOST('qty'); $idline = GETPOST('idline'); $sortfield = GETPOST('sortfield', 'alpha'); -$sortorder = GETPOST('sortorder', 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOST('page', 'int'); if (empty($page) || $page == -1) { $page = 0; } // If $page is not defined, or '' or -1 diff --git a/htdocs/product/stock/productlot_document.php b/htdocs/product/stock/productlot_document.php index 720b28f5d39..ac8729103d2 100644 --- a/htdocs/product/stock/productlot_document.php +++ b/htdocs/product/stock/productlot_document.php @@ -42,7 +42,7 @@ $langs->loadLangs(array('other', 'products')); $id = GETPOST('id', 'int'); $ref = GETPOST('ref', 'alpha'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $confirm= GETPOST('confirm', 'alpha'); // Security check diff --git a/htdocs/product/stock/productlot_list.php b/htdocs/product/stock/productlot_list.php index d0d7b5da8e6..e2e501ee8bb 100644 --- a/htdocs/product/stock/productlot_list.php +++ b/htdocs/product/stock/productlot_list.php @@ -36,7 +36,7 @@ $langs->loadLangs(array('stocks', 'productbatch', 'other', 'users')); // Get parameters $id = GETPOST('id', 'int'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $backtopage = GETPOST('backtopage', 'alpha'); $myparam = GETPOST('myparam', 'alpha'); $toselect = GETPOST('toselect', 'array'); @@ -56,7 +56,7 @@ $optioncss = GETPOST('optioncss', 'alpha'); // Load variable for pagination $limit = GETPOST('limit', 'int')?GETPOST('limit', 'int'):$conf->liste_limit; $sortfield = GETPOST('sortfield', 'alpha'); -$sortorder = GETPOST('sortorder', 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOST('page', 'int'); if (empty($page) || $page == -1) { $page = 0; } // If $page is not defined, or '' or -1 $offset = $limit * $page; diff --git a/htdocs/product/stock/replenish.php b/htdocs/product/stock/replenish.php index 770904fb4a0..c522933f1c8 100644 --- a/htdocs/product/stock/replenish.php +++ b/htdocs/product/stock/replenish.php @@ -48,7 +48,7 @@ $hookmanager->initHooks(array('stockreplenishlist')); //checks if a product has been ordered -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $sref = GETPOST('sref', 'alpha'); $snom = GETPOST('snom', 'alpha'); $sall = trim((GETPOST('search_all', 'alphanohtml')!='')?GETPOST('search_all', 'alphanohtml'):GETPOST('sall', 'alphanohtml')); @@ -65,7 +65,7 @@ $fk_entrepot = GETPOST('fk_entrepot', 'int'); $texte = ''; $sortfield = GETPOST('sortfield', 'alpha'); -$sortorder = GETPOST('sortorder', 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOST('page', 'int'); if (empty($page) || $page == -1) { $page = 0; } // If $page is not defined, or '' or -1 $limit = GETPOST('limit', 'int')?GETPOST('limit', 'int'):$conf->liste_limit; diff --git a/htdocs/projet/admin/project.php b/htdocs/projet/admin/project.php index 4e76f954717..f678483192a 100644 --- a/htdocs/projet/admin/project.php +++ b/htdocs/projet/admin/project.php @@ -39,7 +39,7 @@ $langs->loadLangs(array('admin', 'errors', 'other', 'projects')); if (!$user->admin) accessforbidden(); $value = GETPOST('value', 'alpha'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $label = GETPOST('label', 'alpha'); $scandir = GETPOST('scan_dir', 'alpha'); $type='project'; diff --git a/htdocs/projet/card.php b/htdocs/projet/card.php index 6a84da4dd23..ad20f4ea80e 100644 --- a/htdocs/projet/card.php +++ b/htdocs/projet/card.php @@ -120,12 +120,12 @@ if (empty($reshook)) if ($action == 'add' && $user->rights->projet->creer) { $error=0; - if (empty($_POST["ref"])) + if (! GETPOST('ref')) { setEventMessages($langs->trans("ErrorFieldRequired", $langs->transnoentities("Ref")), null, 'errors'); $error++; } - if (empty($_POST["title"])) + if (! GETPOST('title')) { setEventMessages($langs->trans("ErrorFieldRequired", $langs->transnoentities("Label")), null, 'errors'); $error++; @@ -149,13 +149,14 @@ if (empty($reshook)) $db->begin(); - $object->ref = GETPOST('ref', 'alpha'); - $object->title = GETPOST('title', 'none'); // Do not use 'alpha' here, we want field as it is + $object->ref = GETPOST('ref', 'alphanohtml'); + $object->title = GETPOST('title', 'alphanohtml'); $object->socid = GETPOST('socid', 'int'); + $object->description = GETPOST('description', 'restricthtml'); // Do not use 'alpha' here, we want field as it is - $object->public = GETPOST('public', 'alpha'); - $object->opp_amount = price2num(GETPOST('opp_amount', 'alpha')); - $object->budget_amount = price2num(GETPOST('budget_amount', 'alpha')); + $object->public = GETPOST('public', 'alphanohtml'); + $object->opp_amount = price2num(GETPOST('opp_amount', 'alphanohtml')); + $object->budget_amount = price2num(GETPOST('budget_amount', 'alphanohtml')); $object->datec = dol_now(); $object->date_start = $date_start; $object->date_end = $date_end; diff --git a/htdocs/projet/contact.php b/htdocs/projet/contact.php index 8bed0a87adc..72074024073 100644 --- a/htdocs/projet/contact.php +++ b/htdocs/projet/contact.php @@ -35,7 +35,7 @@ $id = GETPOST('id', 'int'); $ref = GETPOST('ref', 'alpha'); $lineid = GETPOST('lineid', 'int'); $socid = GETPOST('socid', 'int'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $mine = GETPOST('mode')=='mine' ? 1 : 0; //if (! $user->rights->projet->all->lire) $mine=1; // Special for projects diff --git a/htdocs/projet/list.php b/htdocs/projet/list.php index c95b9b001b0..eb076df411e 100644 --- a/htdocs/projet/list.php +++ b/htdocs/projet/list.php @@ -61,7 +61,7 @@ $diroutputmassaction=$conf->projet->dir_output . '/temp/massgeneration/'.$user-> $limit = GETPOST('limit', 'int')?GETPOST('limit', 'int'):$conf->liste_limit; $sortfield = GETPOST("sortfield", "alpha"); -$sortorder = GETPOST("sortorder"); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOST("page"); $page = is_numeric($page) ? $page : 0; $page = $page == -1 ? 0 : $page; diff --git a/htdocs/projet/tasks.php b/htdocs/projet/tasks.php index c6a037ec111..02547c588a1 100644 --- a/htdocs/projet/tasks.php +++ b/htdocs/projet/tasks.php @@ -35,7 +35,7 @@ require_once DOL_DOCUMENT_ROOT.'/contact/class/contact.class.php'; // Load translation files required by the page $langs->loadLangs(array('projects', 'users', 'companies')); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $massaction=GETPOST('massaction', 'alpha'); $show_files=GETPOST('show_files', 'int'); $confirm=GETPOST('confirm', 'alpha'); diff --git a/htdocs/public/ticket/create_ticket.php b/htdocs/public/ticket/create_ticket.php index a6d18937da4..3321ee4d65a 100644 --- a/htdocs/public/ticket/create_ticket.php +++ b/htdocs/public/ticket/create_ticket.php @@ -46,7 +46,7 @@ $langs->loadLangs(array('companies', 'other', 'mails', 'ticket')); $id = GETPOST('id', 'int'); $msg_id = GETPOST('msg_id', 'int'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $object = new Ticket($db); diff --git a/htdocs/public/ticket/index.php b/htdocs/public/ticket/index.php index b7f7bd71088..5221fa05001 100644 --- a/htdocs/public/ticket/index.php +++ b/htdocs/public/ticket/index.php @@ -45,7 +45,7 @@ $langs->loadLangs(array('companies', 'other', 'ticket', 'errors')); // Get parameters $track_id = GETPOST('track_id', 'alpha'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); /* diff --git a/htdocs/reception/list.php b/htdocs/reception/list.php index e40be9f0d10..51d02172ff9 100644 --- a/htdocs/reception/list.php +++ b/htdocs/reception/list.php @@ -65,7 +65,7 @@ $optioncss = GETPOST('optioncss', 'alpha'); $limit = GETPOST('limit', 'int')?GETPOST('limit', 'int'):$conf->liste_limit; $sortfield = GETPOST('sortfield', 'alpha'); -$sortorder = GETPOST('sortorder', 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOST('page', 'int'); if (! $sortfield) $sortfield="e.ref"; if (! $sortorder) $sortorder="DESC"; diff --git a/htdocs/reception/stats/month.php b/htdocs/reception/stats/month.php index 84eb9126464..f151a57041d 100644 --- a/htdocs/reception/stats/month.php +++ b/htdocs/reception/stats/month.php @@ -27,6 +27,7 @@ require_once DOL_DOCUMENT_ROOT.'/reception/class/reception.class.php'; require_once DOL_DOCUMENT_ROOT.'/reception/class/receptionstats.class.php'; require_once DOL_DOCUMENT_ROOT.'/core/class/dolgraph.class.php'; +$year = GETPOST("year", 'int'); /* * View @@ -42,7 +43,7 @@ $mesg = ''; print load_fiche_titre($langs->trans("StatisticsOfReceptions").' '.$_GET["year"], $mesg); $stats = new ReceptionStats($db); -$data = $stats->getNbReceptionByMonth($_GET["year"]); +$data = $stats->getNbReceptionByMonth(GETPOST("year", 'int')); dol_mkdir($conf->reception->dir_temp); diff --git a/htdocs/resource/contact.php b/htdocs/resource/contact.php index 3d2d1fef60b..761a8014abf 100644 --- a/htdocs/resource/contact.php +++ b/htdocs/resource/contact.php @@ -36,7 +36,7 @@ $langs->loadLangs(array('resource', 'sendings', 'companies')); $id = GETPOST('id', 'int'); $ref = GETPOST('ref', 'alpha'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); // Security check if ($user->societe_id) $socid=$user->societe_id; diff --git a/htdocs/resource/document.php b/htdocs/resource/document.php index 5e6227a9e1d..75c7192408f 100644 --- a/htdocs/resource/document.php +++ b/htdocs/resource/document.php @@ -40,7 +40,7 @@ $langs->loadLangs(array('other', 'resource', 'companies')); $id = GETPOST('id', 'int'); $ref = GETPOST('ref', 'alpha'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $confirm = GETPOST('confirm', 'alpha'); // Security check @@ -50,7 +50,7 @@ $result = restrictedArea($user, 'resource', $id, 'resource'); // Get parameters $sortfield = GETPOST('sortfield', 'alpha'); -$sortorder = GETPOST('sortorder', 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOST('page', 'int'); if (empty($page) || $page == -1) { $page = 0; } // If $page is not defined, or '' or -1 $offset = $conf->liste_limit * $page; diff --git a/htdocs/societe/price.php b/htdocs/societe/price.php index 039c1fe1bd5..2387ce45e42 100644 --- a/htdocs/societe/price.php +++ b/htdocs/societe/price.php @@ -40,7 +40,7 @@ if (! empty($conf->global->PRODUIT_CUSTOMER_PRICES)) { $langs->loadLangs(array("products", "companies", "bills")); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $search_prod = GETPOST('search_prod', 'alpha'); $cancel = GETPOST('cancel', 'alpha'); diff --git a/htdocs/societe/website.php b/htdocs/societe/website.php index fa868de6e42..46144f5088e 100644 --- a/htdocs/societe/website.php +++ b/htdocs/societe/website.php @@ -52,7 +52,7 @@ $result = restrictedArea($user, 'societe', $socid, '&societe'); $limit = GETPOST('limit', 'int')?GETPOST('limit', 'int'):$conf->liste_limit; $sortfield = GETPOST("sortfield", 'alpha'); -$sortorder = GETPOST("sortorder", 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOST("page", 'int'); if (empty($page) || $page == -1) { $page = 0; } // If $page is not defined, or '' or -1 $offset = $limit * $page; diff --git a/htdocs/stripe/admin/stripe.php b/htdocs/stripe/admin/stripe.php index c3c008a5874..7ddab6858d5 100644 --- a/htdocs/stripe/admin/stripe.php +++ b/htdocs/stripe/admin/stripe.php @@ -39,7 +39,7 @@ $langs->loadLangs(array('admin', 'other', 'paypal', 'paybox', 'stripe')); if (! $user->admin) accessforbidden(); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); /* diff --git a/htdocs/supplier_proposal/card.php b/htdocs/supplier_proposal/card.php index 551a5f0616e..d8d47841f3d 100644 --- a/htdocs/supplier_proposal/card.php +++ b/htdocs/supplier_proposal/card.php @@ -57,7 +57,7 @@ $error = 0; $id = GETPOST('id', 'int'); $ref = GETPOST('ref', 'alpha'); $socid = GETPOST('socid', 'int'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $origin = GETPOST('origin', 'alpha'); $originid = GETPOST('originid', 'int'); $confirm = GETPOST('confirm', 'alpha'); diff --git a/htdocs/supplier_proposal/document.php b/htdocs/supplier_proposal/document.php index 458ade41309..95a297c844d 100644 --- a/htdocs/supplier_proposal/document.php +++ b/htdocs/supplier_proposal/document.php @@ -53,7 +53,7 @@ $result = restrictedArea($user, 'supplier_proposal', $id); // Get parameters $sortfield = GETPOST("sortfield", 'alpha'); -$sortorder = GETPOST("sortorder", 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOST("page", 'int'); if (empty($page) || $page == -1) { $page = 0; } // If $page is not defined, or '' or -1 $offset = $conf->liste_limit * $page; diff --git a/htdocs/supplier_proposal/list.php b/htdocs/supplier_proposal/list.php index 5d6d2d2e0c3..92a9cb56833 100644 --- a/htdocs/supplier_proposal/list.php +++ b/htdocs/supplier_proposal/list.php @@ -85,7 +85,7 @@ $dayvalid=GETPOST("dayvalid"); $limit = GETPOST('limit', 'int')?GETPOST('limit', 'int'):$conf->liste_limit; $sortfield = GETPOST("sortfield", 'alpha'); -$sortorder = GETPOST("sortorder", 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOST("page", 'int'); if (empty($page) || $page == -1 || !empty($search_btn) || !empty($search_remove_btn) || (empty($toselect) && $massaction === '0')) { $page = 0; } // If $page is not defined, or '' or -1 $offset = $limit * $page; diff --git a/htdocs/takepos/admin/about.php b/htdocs/takepos/admin/about.php index 27b5e51b03b..0f01b89c2b7 100644 --- a/htdocs/takepos/admin/about.php +++ b/htdocs/takepos/admin/about.php @@ -36,7 +36,7 @@ if (! $user->admin) { } // Parameters -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $backtopage = GETPOST('backtopage', 'alpha'); diff --git a/htdocs/takepos/ajax.php b/htdocs/takepos/ajax.php index 74f69618a0f..0ab88e15fd6 100644 --- a/htdocs/takepos/ajax.php +++ b/htdocs/takepos/ajax.php @@ -34,7 +34,7 @@ require '../main.inc.php'; // Load $user and permissions require_once DOL_DOCUMENT_ROOT.'/categories/class/categorie.class.php'; $category = GETPOST('category', 'alpha'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $term = GETPOST('term', 'alpha'); diff --git a/htdocs/takepos/floors.php b/htdocs/takepos/floors.php index a2a0f0bc4c0..8c754b1a6d4 100644 --- a/htdocs/takepos/floors.php +++ b/htdocs/takepos/floors.php @@ -38,7 +38,7 @@ $langs->loadLangs(array("bills","orders","commercial","cashdesk")); $floor=GETPOST('floor', 'int'); if ($floor=="") $floor=1; $id = GETPOST('id', 'int'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $left = GETPOST('left', 'alpha'); $top = GETPOST('top', 'alpha'); diff --git a/htdocs/takepos/freezone.php b/htdocs/takepos/freezone.php index b47d7114528..986cf2f5557 100644 --- a/htdocs/takepos/freezone.php +++ b/htdocs/takepos/freezone.php @@ -38,7 +38,7 @@ $langs->loadLangs(array("bills", "cashdesk")); $place = (GETPOST('place', 'int') > 0 ? GETPOST('place', 'int') : 0); // $place is id of table for Ba or Restaurant $idline = GETPOST('idline', 'int'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); /* @@ -72,4 +72,4 @@ if ($action=="addnote") echo ' - \ No newline at end of file + diff --git a/htdocs/takepos/invoice.php b/htdocs/takepos/invoice.php index 2b8b0f21921..f69811e16f8 100644 --- a/htdocs/takepos/invoice.php +++ b/htdocs/takepos/invoice.php @@ -40,7 +40,7 @@ require_once DOL_DOCUMENT_ROOT . '/core/class/html.form.class.php'; $langs->loadLangs(array("companies", "commercial", "bills", "cashdesk", "stocks")); $id = GETPOST('id', 'int'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $idproduct = GETPOST('idproduct', 'int'); $place = (GETPOST('place', 'int') > 0 ? GETPOST('place', 'int') : 0); // $place is id of table for Bar or Restaurant @@ -62,8 +62,8 @@ $placeid = 0; // $placeid is id of invoice $number = GETPOST('number', 'alpha'); $idline = GETPOST('idline', 'int'); -$desc = GETPOST('desc', 'alpha'); -$pay = GETPOST('pay', 'alpha'); +$desc = GETPOST('desc', 'alphanohtml'); +$pay = GETPOST('pay', 'aZ09'); $amountofpayment = price2num(GETPOST('amount', 'alpha')); $invoiceid = GETPOST('invoiceid', 'int'); diff --git a/htdocs/takepos/takepos.php b/htdocs/takepos/takepos.php index 5af931c8fac..6e514e414ae 100644 --- a/htdocs/takepos/takepos.php +++ b/htdocs/takepos/takepos.php @@ -39,7 +39,7 @@ require_once DOL_DOCUMENT_ROOT.'/compta/facture/class/facture.class.php'; require_once DOL_DOCUMENT_ROOT.'/core/class/hookmanager.class.php'; $place = (GETPOST('place', 'int') > 0 ? GETPOST('place', 'int') : 0); // $place is id of table for Ba or Restaurant -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $setterminal = GETPOST('setterminal', 'int'); if ($setterminal>0) diff --git a/htdocs/ticket/class/actions_ticket.class.php b/htdocs/ticket/class/actions_ticket.class.php index 3e9daabec75..d17da5e5ee3 100644 --- a/htdocs/ticket/class/actions_ticket.class.php +++ b/htdocs/ticket/class/actions_ticket.class.php @@ -253,7 +253,7 @@ class ActionsTicket $ret = $this->dao->loadCacheMsgsTicket(); if ($ret < 0) dol_print_error($this->dao->db); - $action = GETPOST('action', 'alpha'); + $action = GETPOST('action', 'aZ09'); $this->viewTicketOriginalMessage($user, $action, $object); diff --git a/htdocs/ticket/list.php b/htdocs/ticket/list.php index a62120f6e55..701f5901b63 100644 --- a/htdocs/ticket/list.php +++ b/htdocs/ticket/list.php @@ -62,7 +62,7 @@ $mode = GETPOST('mode', 'alpha'); // Load variable for pagination $limit = GETPOST('limit', 'int')?GETPOST('limit', 'int'):$conf->liste_limit; $sortfield = GETPOST('sortfield', 'alpha'); -$sortorder = GETPOST('sortorder', 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOST('page', 'int'); if (empty($page) || $page == -1 || GETPOST('button_search', 'alpha') || GETPOST('button_removefilter', 'alpha') || (empty($toselect) && $massaction === '0')) { $page = 0; } // If $page is not defined, or '' or -1 or if we click on clear filters or if we select empty mass action $offset = $limit * $page; diff --git a/htdocs/user/document.php b/htdocs/user/document.php index 3b0282179d2..1b4a107d508 100644 --- a/htdocs/user/document.php +++ b/htdocs/user/document.php @@ -73,7 +73,7 @@ if ($user->id <> $id && ! $canreaduser) accessforbidden(); // Get parameters $sortfield = GETPOST("sortfield", 'alpha'); -$sortorder = GETPOST("sortorder", 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOST("page", 'int'); if (empty($page) || $page == -1) { $page = 0; } $offset = $conf->liste_limit * $page; diff --git a/htdocs/user/group/card.php b/htdocs/user/group/card.php index 20b0aee410f..8668d516662 100644 --- a/htdocs/user/group/card.php +++ b/htdocs/user/group/card.php @@ -50,7 +50,7 @@ if (! empty($conf->global->MAIN_USE_ADVANCED_PERMS)) $langs->loadLangs(array('users', 'other')); $id = GETPOST('id', 'int'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $cancel = GETPOST('cancel', 'aZ09'); $confirm = GETPOST('confirm', 'alpha'); $contextpage = GETPOST('contextpage', 'aZ')?GETPOST('contextpage', 'aZ'):'groupcard'; // To manage different context of search diff --git a/htdocs/user/group/ldap.php b/htdocs/user/group/ldap.php index 2fd4ef7e14c..009112cc008 100644 --- a/htdocs/user/group/ldap.php +++ b/htdocs/user/group/ldap.php @@ -46,7 +46,7 @@ if (! empty($conf->global->MAIN_USE_ADVANCED_PERMS)) } $id = GETPOST('id', 'int'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $socid=0; if ($user->societe_id > 0) $socid = $user->societe_id; diff --git a/htdocs/user/group/list.php b/htdocs/user/group/list.php index 630ea3c6b14..c0e7dd72f11 100644 --- a/htdocs/user/group/list.php +++ b/htdocs/user/group/list.php @@ -58,7 +58,7 @@ if (! empty($conf->global->MAIN_USE_ADVANCED_PERMS)) // Load variable for pagination $limit = GETPOST('limit', 'int')?GETPOST('limit', 'int'):$conf->liste_limit; $sortfield = GETPOST('sortfield', 'alpha'); -$sortorder = GETPOST('sortorder', 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOST('page', 'int'); if (empty($page) || $page == -1) { $page = 0; } $offset = $limit * $page; diff --git a/htdocs/user/list.php b/htdocs/user/list.php index 9002b1eba82..56bdcee94c5 100644 --- a/htdocs/user/list.php +++ b/htdocs/user/list.php @@ -49,7 +49,7 @@ $mode = GETPOST("mode", 'alpha'); // Load variable for pagination $limit = GETPOST('limit', 'int')?GETPOST('limit', 'int'):$conf->liste_limit; $sortfield = GETPOST('sortfield', 'alpha'); -$sortorder = GETPOST('sortorder', 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOST('page', 'int'); if (empty($page) || $page == -1) { $page = 0; } $offset = $limit * $page; diff --git a/htdocs/user/notify/card.php b/htdocs/user/notify/card.php index 5bdb2de2472..3c50334c575 100644 --- a/htdocs/user/notify/card.php +++ b/htdocs/user/notify/card.php @@ -43,8 +43,8 @@ if ($user->societe_id) $id=$user->societe_id; $result = restrictedArea($user, 'societe', '', ''); $limit = GETPOST('limit', 'int')?GETPOST('limit', 'int'):$conf->liste_limit; -$sortfield=GETPOST("sortfield", 'alpha'); -$sortorder=GETPOST("sortorder", 'alpha'); +$sortfield = GETPOST("sortfield", 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page=GETPOST("page", 'int'); if (! $sortorder) $sortorder="DESC"; if (! $sortfield) $sortfield="n.daten"; diff --git a/htdocs/user/param_ihm.php b/htdocs/user/param_ihm.php index de2a84518ff..b16dab877e1 100644 --- a/htdocs/user/param_ihm.php +++ b/htdocs/user/param_ihm.php @@ -35,7 +35,7 @@ $langs->loadLangs(array('companies', 'products', 'admin', 'users', 'languages', $canreaduser=($user->admin || $user->rights->user->user->lire); $id = GETPOST('id', 'int'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $contextpage=GETPOST('contextpage', 'aZ')?GETPOST('contextpage', 'aZ'):'userihm'; // To manage different context of search if ($id) diff --git a/htdocs/variants/card.php b/htdocs/variants/card.php index e7444ed5fb8..3d1bcfd4fd8 100644 --- a/htdocs/variants/card.php +++ b/htdocs/variants/card.php @@ -22,7 +22,7 @@ require 'class/ProductAttributeValue.class.php'; $id = GETPOST('id', 'int'); $valueid = GETPOST('valueid', 'alpha'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $label = GETPOST('label', 'alpha'); $ref = GETPOST('ref', 'alpha'); $confirm = GETPOST('confirm', 'alpha'); diff --git a/htdocs/viewimage.php b/htdocs/viewimage.php index 07b69fff2e9..dd367857979 100644 --- a/htdocs/viewimage.php +++ b/htdocs/viewimage.php @@ -232,7 +232,7 @@ if (! $accessallowed) if (preg_match('/\.\./', $fullpath_original_file) || preg_match('/[<>|]/', $fullpath_original_file)) { dol_syslog("Refused to deliver file ".$fullpath_original_file); - print "ErrorFileNameInvalid: ".$original_file; + print "ErrorFileNameInvalid: ".dol_escape_htmltag($original_file); exit; }