From 2ff633a89f5f9bcd1daf413f77b1ea69a1682719 Mon Sep 17 00:00:00 2001 From: Alexandre SPANGARO Date: Wed, 16 Sep 2020 21:12:35 +0200 Subject: [PATCH 01/15] Revert "FIX Yogosha report 4425 (backport)" This reverts commit 23c4cfe913429a38b3e4f9edec33bdfb0166d274. --- htdocs/core/lib/functions.lib.php | 37 +++++++------------------------ htdocs/document.php | 9 ++++---- 2 files changed, 12 insertions(+), 34 deletions(-) diff --git a/htdocs/core/lib/functions.lib.php b/htdocs/core/lib/functions.lib.php index 3f4229589dd..97ad5d58969 100644 --- a/htdocs/core/lib/functions.lib.php +++ b/htdocs/core/lib/functions.lib.php @@ -7705,16 +7705,19 @@ function getAdvancedPreviewUrl($modulepart, $relativepath, $alldata = 0, $param if (empty($conf->use_javascript_ajax)) return ''; - $isAllowedForPreview = dolIsAllowedForPreview($relativepath); + $mime_preview = array('bmp', 'jpeg', 'png', 'gif', 'tiff', 'pdf', 'plain', 'css', 'svg+xml'); + //$mime_preview[]='vnd.oasis.opendocument.presentation'; + //$mime_preview[]='archive'; + $num_mime = array_search(dol_mimetype($relativepath, '', 1), $mime_preview); if ($alldata == 1) { - if (isAllowedForPreview) return array('target'=>'_blank', 'css'=>'documentpreview', 'url'=>DOL_URL_ROOT.'/document.php?modulepart='.$modulepart.'&attachment=0&file='.urlencode($relativepath).($param?'&'.$param:''), 'mime'=>dol_mimetype($relativepath), ); + if ($num_mime !== false) return array('target'=>'_blank', 'css'=>'documentpreview', 'url'=>DOL_URL_ROOT.'/document.php?modulepart='.$modulepart.'&attachment=0&file='.urlencode($relativepath).($param?'&'.$param:''), 'mime'=>dol_mimetype($relativepath), ); else return array(); } - // old behavior, return a string - if ($isAllowedForPreview) return 'javascript:document_preview(\''.dol_escape_js(DOL_URL_ROOT.'/document.php?modulepart='.$modulepart.'&attachment=0&file='.urlencode($relativepath).($param?'&'.$param:'')).'\', \''.dol_mimetype($relativepath).'\', \''.dol_escape_js($langs->trans('Preview')).'\')'; + // old behavior + if ($num_mime !== false) return 'javascript:document_preview(\''.dol_escape_js(DOL_URL_ROOT.'/document.php?modulepart='.$modulepart.'&attachment=0&file='.urlencode($relativepath).($param?'&'.$param:'')).'\', \''.dol_mimetype($relativepath).'\', \''.dol_escape_js($langs->trans('Preview')).'\')'; else return ''; } @@ -7738,30 +7741,6 @@ function ajax_autoselect($htmlname, $addlink = '') return $out; } -/** - * Return if a file is qualified for preview - * - * @param string $file Filename we looking for information - * @return int 1 If allowed, 0 otherwise - * @see dol_mimetype(), image_format_supported() from images.lib.php - */ -function dolIsAllowedForPreview($file) { - global $conf; - - // Check .noexe extension in filename - if (preg_match('/\.noexe$/i', $file)) return 0; - - // Check mime types - $mime_preview = array('bmp', 'jpeg', 'png', 'gif', 'tiff', 'pdf', 'plain', 'css', 'webp'); - if (!empty($conf->global->MAIN_ALLOW_SVG_FILES_AS_IMAGES)) $mime_preview[] = 'svg+xml'; - //$mime_preview[]='vnd.oasis.opendocument.presentation'; - //$mime_preview[]='archive'; - $num_mime = array_search(dol_mimetype($file, '', 1), $mime_preview); - if ($num_mime !== false) return 1; - - // By default, not allowed for preview - return 0; -} /** * Return mime type of a file @@ -7770,7 +7749,7 @@ function dolIsAllowedForPreview($file) { * @param string $default Default mime type if extension not found in known list * @param int $mode 0=Return full mime, 1=otherwise short mime string, 2=image for mime type, 3=source language, 4=css of font fa * @return string Return a mime type family (text/xxx, application/xxx, image/xxx, audio, video, archive) - * @see dolIsAllowedForPreview(), image_format_supported() from images.lib.php + * @see image_format_supported() from images.lib.php */ function dol_mimetype($file, $default = 'application/octet-stream', $mode = 0) { diff --git a/htdocs/document.php b/htdocs/document.php index ccd404f7315..2b37792d69a 100644 --- a/htdocs/document.php +++ b/htdocs/document.php @@ -156,13 +156,12 @@ if (isset($_GET["attachment"])) $attachment = GETPOST("attachment", 'alpha')?tru if (! empty($conf->global->MAIN_DISABLE_FORCE_SAVEAS)) $attachment=false; // Define mime type -$type = 'application/octet-stream'; // By default +$type = 'application/octet-stream'; if (GETPOST('type', 'alpha')) $type=GETPOST('type', 'alpha'); else $type=dol_mimetype($original_file); -// Security: Force to octet-stream if file is a dangerous file. For example when it is a .noexe file -if (!dolIsAllowedForPreview($original_file)) { - $type = 'application/octet-stream'; -} +// Security: Force to octet-stream if file is a dangerous file +if (preg_match('/\.noexe$/i', $original_file)) $type = 'application/octet-stream'; + // Security: Delete string ../ into $original_file $original_file = str_replace("../", "/", $original_file); From be318f679b00a4783037950d325baed28fce76ff Mon Sep 17 00:00:00 2001 From: Alexandre SPANGARO Date: Wed, 16 Sep 2020 21:19:31 +0200 Subject: [PATCH 02/15] FIX Yogosha report 4426 (backport) --- htdocs/core/class/html.formfile.class.php | 3 ++- htdocs/ecm/file_card.php | 4 ++-- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/htdocs/core/class/html.formfile.class.php b/htdocs/core/class/html.formfile.class.php index 53e19a560f0..4bb772865c3 100644 --- a/htdocs/core/class/html.formfile.class.php +++ b/htdocs/core/class/html.formfile.class.php @@ -1259,7 +1259,8 @@ class FormFile } else { - print dol_trunc($file['name'], 200); + $filenametoshow = preg_replace('/\.noexe$/', '', $file['name']); + print dol_escape_htmltag(dol_trunc($filenametoshow, 200)); print ''; } // Preview link diff --git a/htdocs/ecm/file_card.php b/htdocs/ecm/file_card.php index 4eebb2d36b3..d6e7b51912f 100644 --- a/htdocs/ecm/file_card.php +++ b/htdocs/ecm/file_card.php @@ -1,5 +1,5 @@ +/* Copyright (C) 2008-2020 Laurent Destailleur * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -127,7 +127,7 @@ if ($action == 'update') $oldlabel=GETPOST('urlfile', 'alpha'); $newlabel=GETPOST('label', 'alpha'); - $shareenabled = GETPOST('shareenabled', 'alpha'); + $shareenabled = dol_sanitizeFileName(GETPOST('label', 'alpha')); //$db->begin(); From 7697a8610dad96251da817370e23672ad2fbc545 Mon Sep 17 00:00:00 2001 From: Alexandre SPANGARO Date: Wed, 16 Sep 2020 21:27:56 +0200 Subject: [PATCH 03/15] FIX Yogosha report 4430 (backport) --- htdocs/fourn/facture/rapport.php | 6 +++--- htdocs/reception/stats/month.php | 3 ++- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/htdocs/fourn/facture/rapport.php b/htdocs/fourn/facture/rapport.php index ccc92ad2cba..56b5a451d05 100644 --- a/htdocs/fourn/facture/rapport.php +++ b/htdocs/fourn/facture/rapport.php @@ -45,7 +45,7 @@ if ($user->societe_id > 0) $dir = $conf->fournisseur->facture->dir_output.'/payments'; if (! $user->rights->societe->client->voir || $socid) $dir.='/private/'.$user->id; // If user has no permission to see all, output dir is specific to user -$year = $_GET["year"]; +$year = GETPOST("year", 'int'); if (! $year) { $year=date("Y"); } @@ -67,7 +67,7 @@ if ($action == 'builddoc') // We save charset_output to restore it because write_file can change it if needed for // output format that does not support UTF8. $sav_charset_output=$outputlangs->charset_output; - if ($rap->write_file($dir, $_POST["remonth"], $_POST["reyear"], $outputlangs) > 0) + if ($rap->write_file($dir, GETPOST("remonth", 'int'), GETPOST("reyear", 'int'), $outputlangs) > 0) { $outputlangs->charset_output=$sav_charset_output; } @@ -77,7 +77,7 @@ if ($action == 'builddoc') dol_print_error($db, $obj->error); } - $year = $_POST["reyear"]; + $year = GETPOST("reyear", 'int'); } diff --git a/htdocs/reception/stats/month.php b/htdocs/reception/stats/month.php index 84eb9126464..f151a57041d 100644 --- a/htdocs/reception/stats/month.php +++ b/htdocs/reception/stats/month.php @@ -27,6 +27,7 @@ require_once DOL_DOCUMENT_ROOT.'/reception/class/reception.class.php'; require_once DOL_DOCUMENT_ROOT.'/reception/class/receptionstats.class.php'; require_once DOL_DOCUMENT_ROOT.'/core/class/dolgraph.class.php'; +$year = GETPOST("year", 'int'); /* * View @@ -42,7 +43,7 @@ $mesg = ''; print load_fiche_titre($langs->trans("StatisticsOfReceptions").' '.$_GET["year"], $mesg); $stats = new ReceptionStats($db); -$data = $stats->getNbReceptionByMonth($_GET["year"]); +$data = $stats->getNbReceptionByMonth(GETPOST("year", 'int')); dol_mkdir($conf->reception->dir_temp); From 254c391ddfb1be68a5b9e210b18e723e75b5d053 Mon Sep 17 00:00:00 2001 From: Alexandre SPANGARO Date: Wed, 16 Sep 2020 21:31:46 +0200 Subject: [PATCH 04/15] FIX Yogosha report 4433 (backport) --- htdocs/document.php | 2 +- htdocs/viewimage.php | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/htdocs/document.php b/htdocs/document.php index 2b37792d69a..42795ad0909 100644 --- a/htdocs/document.php +++ b/htdocs/document.php @@ -221,7 +221,7 @@ if (! $accessallowed) if (preg_match('/\.\./', $fullpath_original_file) || preg_match('/[<>|]/', $fullpath_original_file)) { dol_syslog("Refused to deliver file ".$fullpath_original_file); - print "ErrorFileNameInvalid: ".$original_file; + print "ErrorFileNameInvalid: ".dol_escape_htmltag($original_file); exit; } diff --git a/htdocs/viewimage.php b/htdocs/viewimage.php index 07b69fff2e9..dd367857979 100644 --- a/htdocs/viewimage.php +++ b/htdocs/viewimage.php @@ -232,7 +232,7 @@ if (! $accessallowed) if (preg_match('/\.\./', $fullpath_original_file) || preg_match('/[<>|]/', $fullpath_original_file)) { dol_syslog("Refused to deliver file ".$fullpath_original_file); - print "ErrorFileNameInvalid: ".$original_file; + print "ErrorFileNameInvalid: ".dol_escape_htmltag($original_file); exit; } From 48f2a1d1103ac763e4277c76a817871b36821fb1 Mon Sep 17 00:00:00 2001 From: Alexandre SPANGARO Date: Wed, 16 Sep 2020 21:41:44 +0200 Subject: [PATCH 05/15] FIX Yogosha report 4435 (backport) --- htdocs/takepos/invoice.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/htdocs/takepos/invoice.php b/htdocs/takepos/invoice.php index 2b8b0f21921..92cc26a6259 100644 --- a/htdocs/takepos/invoice.php +++ b/htdocs/takepos/invoice.php @@ -62,8 +62,8 @@ $placeid = 0; // $placeid is id of invoice $number = GETPOST('number', 'alpha'); $idline = GETPOST('idline', 'int'); -$desc = GETPOST('desc', 'alpha'); -$pay = GETPOST('pay', 'alpha'); +$desc = GETPOST('desc', 'alphanohtml'); +$pay = GETPOST('pay', 'aZ09'); $amountofpayment = price2num(GETPOST('amount', 'alpha')); $invoiceid = GETPOST('invoiceid', 'int'); From 8a84b245ca22a8e1730f93f80548bdccc9f79bed Mon Sep 17 00:00:00 2001 From: Alexandre SPANGARO Date: Wed, 16 Sep 2020 21:50:30 +0200 Subject: [PATCH 06/15] FIX GETPOST on 'action' (backport) --- htdocs/accountancy/bookkeeping/listbyaccount.php | 2 +- htdocs/accountancy/customer/card.php | 2 +- htdocs/accountancy/expensereport/card.php | 2 +- htdocs/accountancy/supplier/card.php | 2 +- htdocs/adherents/admin/adherent.php | 2 +- htdocs/adherents/admin/adherent_emails.php | 2 +- htdocs/adherents/type.php | 2 +- htdocs/adherents/type_ldap.php | 2 +- htdocs/admin/agenda.php | 2 +- htdocs/admin/agenda_other.php | 2 +- htdocs/admin/agenda_reminder.php | 2 +- htdocs/admin/bank.php | 2 +- htdocs/admin/barcode.php | 2 +- htdocs/admin/bom.php | 2 +- htdocs/admin/boxes.php | 2 +- htdocs/admin/chequereceipts.php | 2 +- htdocs/admin/commande.php | 2 +- htdocs/admin/compta.php | 2 +- htdocs/admin/contract.php | 2 +- htdocs/admin/dav.php | 2 +- htdocs/admin/expensereport.php | 2 +- htdocs/admin/expensereport_ik.php | 2 +- htdocs/admin/expensereport_rules.php | 2 +- htdocs/admin/facture.php | 2 +- htdocs/admin/fckeditor.php | 2 +- htdocs/admin/fichinter.php | 2 +- htdocs/admin/holiday.php | 2 +- htdocs/admin/limits.php | 2 +- htdocs/admin/loan.php | 2 +- htdocs/admin/mailing.php | 2 +- htdocs/admin/multicurrency.php | 2 +- htdocs/admin/oauth.php | 2 +- htdocs/admin/oauthlogintokens.php | 2 +- htdocs/admin/payment.php | 2 +- htdocs/admin/pdf.php | 2 +- htdocs/admin/prelevement.php | 2 +- htdocs/admin/propal.php | 2 +- htdocs/admin/receiptprinter.php | 2 +- htdocs/admin/resource.php | 2 +- htdocs/admin/salaries.php | 2 +- htdocs/admin/stock.php | 2 +- htdocs/admin/supplier_payment.php | 2 +- htdocs/admin/supplier_proposal.php | 2 +- htdocs/admin/taxes.php | 2 +- htdocs/admin/ticket.php | 2 +- htdocs/admin/ticket_extrafields.php | 2 +- htdocs/admin/ticket_public.php | 2 +- htdocs/admin/user.php | 2 +- htdocs/admin/usergroup.php | 2 +- htdocs/admin/workflow.php | 2 +- htdocs/asset/admin/setup.php | 2 +- htdocs/asset/type.php | 2 +- htdocs/blockedlog/admin/blockedlog.php | 2 +- htdocs/blockedlog/admin/blockedlog_list.php | 2 +- htdocs/blockedlog/ajax/block-add.php | 2 +- htdocs/bom/admin/setup.php | 2 +- htdocs/cashdesk/facturation_verif.php | 2 +- htdocs/categories/traduction.php | 2 +- htdocs/comm/propal/card.php | 2 +- htdocs/commande/card.php | 2 +- htdocs/compta/bank/document.php | 2 +- htdocs/compta/bank/transfer.php | 2 +- htdocs/compta/bank/various_payment/document.php | 2 +- htdocs/compta/deplacement/card.php | 2 +- htdocs/compta/deplacement/document.php | 2 +- htdocs/compta/facture/card.php | 2 +- htdocs/compta/facture/contact.php | 2 +- htdocs/compta/prelevement/card.php | 2 +- htdocs/compta/prelevement/create.php | 2 +- htdocs/compta/prelevement/ligne.php | 2 +- htdocs/compta/salaries/document.php | 2 +- htdocs/core/modules/oauth/github_oauthcallback.php | 2 +- htdocs/core/modules/oauth/google_oauthcallback.php | 2 +- .../modules/oauth/stripelive_oauthcallback.php | 2 +- .../modules/oauth/stripetest_oauthcallback.php | 2 +- htdocs/datapolicy/admin/setup.php | 2 +- htdocs/datapolicy/admin/setupmail.php | 2 +- htdocs/datapolicy/public/index.php | 2 +- htdocs/don/admin/donation.php | 2 +- htdocs/don/document.php | 2 +- htdocs/ecm/search.php | 4 ++-- htdocs/expedition/shipment.php | 2 +- htdocs/expensereport/document.php | 2 +- htdocs/externalsite/admin/externalsite.php | 2 +- htdocs/fichinter/contact.php | 2 +- htdocs/fichinter/document.php | 2 +- htdocs/fourn/commande/document.php | 2 +- htdocs/fourn/commande/info.php | 2 +- htdocs/fourn/commande/orderstoinvoice.php | 2 +- htdocs/fourn/facture/note.php | 2 +- htdocs/ftp/admin/ftpclient.php | 2 +- htdocs/holiday/document.php | 2 +- htdocs/hrm/admin/admin_hrm.php | 14 +++++++------- htdocs/hrm/establishment/card.php | 2 +- htdocs/modulebuilder/admin/setup.php | 2 +- htdocs/modulebuilder/template/admin/about.php | 2 +- htdocs/modulebuilder/template/admin/setup.php | 2 +- htdocs/paybox/admin/paybox.php | 2 +- htdocs/paypal/admin/paypal.php | 2 +- htdocs/printing/admin/printing.php | 2 +- htdocs/product/admin/dynamic_prices.php | 2 +- htdocs/product/admin/product.php | 2 +- htdocs/product/admin/product_tools.php | 2 +- htdocs/product/ajax/products.php | 2 +- htdocs/product/document.php | 2 +- htdocs/product/dynamic_price/editor.php | 2 +- htdocs/product/price.php | 6 +++--- htdocs/product/stock/massstockmove.php | 2 +- htdocs/product/stock/productlot_document.php | 2 +- htdocs/product/stock/productlot_list.php | 2 +- htdocs/product/stock/replenish.php | 2 +- htdocs/projet/admin/project.php | 2 +- htdocs/projet/contact.php | 2 +- htdocs/projet/tasks.php | 2 +- htdocs/public/ticket/create_ticket.php | 2 +- htdocs/public/ticket/index.php | 2 +- htdocs/resource/contact.php | 2 +- htdocs/resource/document.php | 2 +- htdocs/societe/price.php | 2 +- htdocs/stripe/admin/stripe.php | 2 +- htdocs/supplier_proposal/card.php | 2 +- htdocs/takepos/admin/about.php | 2 +- htdocs/takepos/ajax.php | 2 +- htdocs/takepos/floors.php | 2 +- htdocs/takepos/freezone.php | 4 ++-- htdocs/takepos/invoice.php | 2 +- htdocs/takepos/takepos.php | 2 +- htdocs/ticket/class/actions_ticket.class.php | 2 +- htdocs/user/group/card.php | 2 +- htdocs/user/group/ldap.php | 2 +- htdocs/user/param_ihm.php | 2 +- htdocs/variants/card.php | 2 +- 132 files changed, 142 insertions(+), 142 deletions(-) diff --git a/htdocs/accountancy/bookkeeping/listbyaccount.php b/htdocs/accountancy/bookkeeping/listbyaccount.php index bacfdcb714a..51fa8007fbe 100644 --- a/htdocs/accountancy/bookkeeping/listbyaccount.php +++ b/htdocs/accountancy/bookkeeping/listbyaccount.php @@ -40,7 +40,7 @@ $langs->loadLangs(array("accountancy")); $page = GETPOST("page"); $sortorder = GETPOST("sortorder"); $sortfield = GETPOST("sortfield"); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $search_date_start = dol_mktime(0, 0, 0, GETPOST('search_date_startmonth', 'int'), GETPOST('search_date_startday', 'int'), GETPOST('search_date_startyear', 'int')); $search_date_end = dol_mktime(0, 0, 0, GETPOST('search_date_endmonth', 'int'), GETPOST('search_date_endday', 'int'), GETPOST('search_date_endyear', 'int')); $search_doc_date = dol_mktime(0, 0, 0, GETPOST('doc_datemonth', 'int'), GETPOST('doc_dateday', 'int'), GETPOST('doc_dateyear', 'int')); diff --git a/htdocs/accountancy/customer/card.php b/htdocs/accountancy/customer/card.php index eb66b235d0b..c4610395f3c 100644 --- a/htdocs/accountancy/customer/card.php +++ b/htdocs/accountancy/customer/card.php @@ -30,7 +30,7 @@ require_once DOL_DOCUMENT_ROOT . '/core/class/html.formaccounting.class.php'; // Load translation files required by the page $langs->loadLangs(array("bills","accountancy")); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $cancel = GETPOST('cancel', 'alpha'); $backtopage = GETPOST('backtopage', 'alpha'); diff --git a/htdocs/accountancy/expensereport/card.php b/htdocs/accountancy/expensereport/card.php index 1052a1d485d..b6399167871 100644 --- a/htdocs/accountancy/expensereport/card.php +++ b/htdocs/accountancy/expensereport/card.php @@ -34,7 +34,7 @@ require_once DOL_DOCUMENT_ROOT . '/core/class/html.formaccounting.class.php'; // Load translation files required by the page $langs->loadLangs(array("bills","accountancy","trips")); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $cancel = GETPOST('cancel', 'alpha'); $backtopage = GETPOST('backtopage', 'alpha'); diff --git a/htdocs/accountancy/supplier/card.php b/htdocs/accountancy/supplier/card.php index 97f7d618ce8..06309a7f3e4 100644 --- a/htdocs/accountancy/supplier/card.php +++ b/htdocs/accountancy/supplier/card.php @@ -34,7 +34,7 @@ require_once DOL_DOCUMENT_ROOT . '/core/class/html.formaccounting.class.php'; // Load translation files required by the page $langs->loadLangs(array("bills","accountancy")); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $cancel = GETPOST('cancel', 'alpha'); $backtopage = GETPOST('backtopage', 'alpha'); diff --git a/htdocs/adherents/admin/adherent.php b/htdocs/adherents/admin/adherent.php index b62820054b7..8af24c54b6a 100644 --- a/htdocs/adherents/admin/adherent.php +++ b/htdocs/adherents/admin/adherent.php @@ -41,7 +41,7 @@ if (! $user->admin) accessforbidden(); $type=array('yesno','texte','chaine'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); /* diff --git a/htdocs/adherents/admin/adherent_emails.php b/htdocs/adherents/admin/adherent_emails.php index 3f901539380..54b283bda9a 100644 --- a/htdocs/adherents/admin/adherent_emails.php +++ b/htdocs/adherents/admin/adherent_emails.php @@ -41,7 +41,7 @@ if (! $user->admin) accessforbidden(); $oldtypetonewone=array('texte'=>'text','chaine'=>'string'); // old type to new ones -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $error = 0; diff --git a/htdocs/adherents/type.php b/htdocs/adherents/type.php index f41275a4c71..83fa99ff932 100644 --- a/htdocs/adherents/type.php +++ b/htdocs/adherents/type.php @@ -36,7 +36,7 @@ require_once DOL_DOCUMENT_ROOT.'/core/class/extrafields.class.php'; $langs->load("members"); $rowid = GETPOST('rowid', 'int'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $cancel = GETPOST('cancel', 'alpha'); $backtopage = GETPOST('backtopage', 'alpha'); diff --git a/htdocs/adherents/type_ldap.php b/htdocs/adherents/type_ldap.php index 6fe29379b58..413a797ebf5 100644 --- a/htdocs/adherents/type_ldap.php +++ b/htdocs/adherents/type_ldap.php @@ -33,7 +33,7 @@ require_once DOL_DOCUMENT_ROOT.'/core/lib/ldap.lib.php'; $langs->loadLangs(array("admin","members","ldap")); $id = GETPOST('rowid', 'int'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); // Security check $result=restrictedArea($user, 'adherent', $id, 'adherent_type'); diff --git a/htdocs/admin/agenda.php b/htdocs/admin/agenda.php index 4c5c02d0b3d..654bee4a889 100644 --- a/htdocs/admin/agenda.php +++ b/htdocs/admin/agenda.php @@ -34,7 +34,7 @@ if (!$user->admin) // Load translation files required by the page $langs->loadLangs(array('admin', 'other', 'agenda')); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $cancel = GETPOST('cancel', 'alpha'); $search_event = GETPOST('search_event', 'alpha'); diff --git a/htdocs/admin/agenda_other.php b/htdocs/admin/agenda_other.php index ce9db532f21..c7d1d03f877 100644 --- a/htdocs/admin/agenda_other.php +++ b/htdocs/admin/agenda_other.php @@ -37,7 +37,7 @@ if (!$user->admin) // Load translation files required by the page $langs->loadLangs(array('admin', 'other', 'agenda', 'users')); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $value = GETPOST('value', 'alpha'); $param = GETPOST('param', 'alpha'); $cancel = GETPOST('cancel', 'alpha'); diff --git a/htdocs/admin/agenda_reminder.php b/htdocs/admin/agenda_reminder.php index 3af179ba2e7..25d7d8dc4fe 100644 --- a/htdocs/admin/agenda_reminder.php +++ b/htdocs/admin/agenda_reminder.php @@ -32,7 +32,7 @@ if (!$user->admin) // Load translation files required by the page $langs->loadLangs(array("admin","other","agenda")); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $value = GETPOST('value', 'alpha'); $param = GETPOST('param', 'alpha'); $cancel = GETPOST('cancel', 'alpha'); diff --git a/htdocs/admin/bank.php b/htdocs/admin/bank.php index 2a0a66fe269..fad285934f9 100644 --- a/htdocs/admin/bank.php +++ b/htdocs/admin/bank.php @@ -37,7 +37,7 @@ $langs->loadLangs(array("admin","companies","bills","other","banks")); if (!$user->admin) accessforbidden(); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $value = GETPOST('value', 'alpha'); $label = GETPOST('label', 'alpha'); $scandir = GETPOST('scan_dir', 'alpha'); diff --git a/htdocs/admin/barcode.php b/htdocs/admin/barcode.php index 993af489989..9968d173b25 100644 --- a/htdocs/admin/barcode.php +++ b/htdocs/admin/barcode.php @@ -33,7 +33,7 @@ $langs->load("admin"); if (!$user->admin) accessforbidden(); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); /* diff --git a/htdocs/admin/bom.php b/htdocs/admin/bom.php index b6e62973cf7..2e84e67a867 100644 --- a/htdocs/admin/bom.php +++ b/htdocs/admin/bom.php @@ -32,7 +32,7 @@ $langs->loadLangs(array('admin', 'errors', 'mrp', 'other')); if (! $user->admin) accessforbidden(); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $value = GETPOST('value', 'alpha'); $label = GETPOST('label', 'alpha'); $scandir = GETPOST('scan_dir', 'alpha'); diff --git a/htdocs/admin/boxes.php b/htdocs/admin/boxes.php index 70672f9b6fb..f3f8ef85746 100644 --- a/htdocs/admin/boxes.php +++ b/htdocs/admin/boxes.php @@ -34,7 +34,7 @@ $langs->loadLangs(array('admin', 'boxes')); if (! $user->admin) accessforbidden(); $rowid = GETPOST('rowid', 'int'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); // Define possible position of boxes diff --git a/htdocs/admin/chequereceipts.php b/htdocs/admin/chequereceipts.php index efc192e6de1..53212de35c4 100644 --- a/htdocs/admin/chequereceipts.php +++ b/htdocs/admin/chequereceipts.php @@ -37,7 +37,7 @@ $langs->loadLangs(array("admin","companies","bills","other","banks")); if (!$user->admin) accessforbidden(); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $value = GETPOST('value', 'alpha'); diff --git a/htdocs/admin/commande.php b/htdocs/admin/commande.php index 455175220a8..447967d42da 100644 --- a/htdocs/admin/commande.php +++ b/htdocs/admin/commande.php @@ -41,7 +41,7 @@ $langs->loadLangs(array('admin', 'errors', 'orders', 'other')); if (! $user->admin) accessforbidden(); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $value = GETPOST('value', 'alpha'); $label = GETPOST('label', 'alpha'); $scandir = GETPOST('scan_dir', 'alpha'); diff --git a/htdocs/admin/compta.php b/htdocs/admin/compta.php index 5bbfd15a0c4..02621d82b91 100644 --- a/htdocs/admin/compta.php +++ b/htdocs/admin/compta.php @@ -35,7 +35,7 @@ $langs->loadLangs(array('admin', 'compta', 'accountancy')); if (!$user->admin) accessforbidden(); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); // Other parameters ACCOUNTING_* $list = array( diff --git a/htdocs/admin/contract.php b/htdocs/admin/contract.php index 63597eaa22b..f24fc54339e 100644 --- a/htdocs/admin/contract.php +++ b/htdocs/admin/contract.php @@ -33,7 +33,7 @@ $langs->loadLangs(array("admin","errors","contracts")); if (!$user->admin) accessforbidden(); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $value = GETPOST('value', 'alpha'); $label = GETPOST('label', 'alpha'); $scandir = GETPOST('scan_dir', 'alpha'); diff --git a/htdocs/admin/dav.php b/htdocs/admin/dav.php index 6ac210c1ddb..0c6b8132e8d 100644 --- a/htdocs/admin/dav.php +++ b/htdocs/admin/dav.php @@ -32,7 +32,7 @@ if (!$user->admin) accessforbidden(); // Parameters -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $backtopage = GETPOST('backtopage', 'alpha'); $arrayofparameters=array( diff --git a/htdocs/admin/expensereport.php b/htdocs/admin/expensereport.php index da77c0e78d3..2746b3d4969 100644 --- a/htdocs/admin/expensereport.php +++ b/htdocs/admin/expensereport.php @@ -39,7 +39,7 @@ $langs->loadLangs(array('admin', 'errors', 'trips', 'other')); if (! $user->admin) accessforbidden(); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $value = GETPOST('value', 'alpha'); $label = GETPOST('label', 'alpha'); $scandir = GETPOST('scan_dir', 'alpha'); diff --git a/htdocs/admin/expensereport_ik.php b/htdocs/admin/expensereport_ik.php index e79e7888f69..63df71df21c 100644 --- a/htdocs/admin/expensereport_ik.php +++ b/htdocs/admin/expensereport_ik.php @@ -39,7 +39,7 @@ if (!$user->admin) accessforbidden(); $error = false; $message = false; -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $id = GETPOST('id', 'int'); $offset = GETPOST('offset', 'int'); $coef = GETPOST('coef', 'int'); diff --git a/htdocs/admin/expensereport_rules.php b/htdocs/admin/expensereport_rules.php index 835a4b2b824..c6b4da2b678 100644 --- a/htdocs/admin/expensereport_rules.php +++ b/htdocs/admin/expensereport_rules.php @@ -40,7 +40,7 @@ if (!$user->admin) accessforbidden(); $error = false; $message = false; -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $id = GETPOST('id', 'int'); $apply_to = GETPOST('apply_to'); diff --git a/htdocs/admin/facture.php b/htdocs/admin/facture.php index e21dc942284..7520ab45ebc 100644 --- a/htdocs/admin/facture.php +++ b/htdocs/admin/facture.php @@ -38,7 +38,7 @@ $langs->loadLangs(array('admin', 'errors', 'other', 'bills')); if (! $user->admin) accessforbidden(); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $value = GETPOST('value', 'alpha'); $label = GETPOST('label', 'alpha'); $scandir = GETPOST('scan_dir', 'alpha'); diff --git a/htdocs/admin/fckeditor.php b/htdocs/admin/fckeditor.php index 6c7cc5a7f66..b18ac702d70 100644 --- a/htdocs/admin/fckeditor.php +++ b/htdocs/admin/fckeditor.php @@ -31,7 +31,7 @@ require_once DOL_DOCUMENT_ROOT.'/core/class/doleditor.class.php'; // Load translation files required by the page $langs->loadLangs(array('admin', 'fckeditor')); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); // Possible modes are: // dolibarr_details // dolibarr_notes diff --git a/htdocs/admin/fichinter.php b/htdocs/admin/fichinter.php index 27f105435d5..c52c16e4c28 100644 --- a/htdocs/admin/fichinter.php +++ b/htdocs/admin/fichinter.php @@ -39,7 +39,7 @@ $langs->loadLangs(array('admin', 'errors', 'interventions', 'other')); if (! $user->admin) accessforbidden(); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $value = GETPOST('value', 'alpha'); $label = GETPOST('label', 'alpha'); $scandir = GETPOST('scan_dir', 'alpha'); diff --git a/htdocs/admin/holiday.php b/htdocs/admin/holiday.php index 27dddf8668a..40010b3b420 100644 --- a/htdocs/admin/holiday.php +++ b/htdocs/admin/holiday.php @@ -35,7 +35,7 @@ $langs->loadLangs(array("admin", "errors", "holiday")); if (!$user->admin) accessforbidden(); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $value = GETPOST('value', 'alpha'); $label = GETPOST('label', 'alpha'); $scandir = GETPOST('scan_dir', 'alpha'); diff --git a/htdocs/admin/limits.php b/htdocs/admin/limits.php index a43f86d0e28..fe86728e237 100644 --- a/htdocs/admin/limits.php +++ b/htdocs/admin/limits.php @@ -31,7 +31,7 @@ $langs->loadLangs(array('companies', 'products', 'admin')); if (! $user->admin) accessforbidden(); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); if ($action == 'update') { diff --git a/htdocs/admin/loan.php b/htdocs/admin/loan.php index 56d80c2e7d7..28643c497af 100644 --- a/htdocs/admin/loan.php +++ b/htdocs/admin/loan.php @@ -35,7 +35,7 @@ $langs->loadLangs(array('admin', 'loan')); if (!$user->admin) accessforbidden(); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); // Other parameters LOAN_* $list = array ( diff --git a/htdocs/admin/mailing.php b/htdocs/admin/mailing.php index d10e0e9a497..b83aef64b78 100644 --- a/htdocs/admin/mailing.php +++ b/htdocs/admin/mailing.php @@ -32,7 +32,7 @@ $langs->loadLangs(array("admin", "mails")); if (!$user->admin) accessforbidden(); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); diff --git a/htdocs/admin/multicurrency.php b/htdocs/admin/multicurrency.php index 206c251309e..83880392e0a 100644 --- a/htdocs/admin/multicurrency.php +++ b/htdocs/admin/multicurrency.php @@ -38,7 +38,7 @@ if (! $user->admin) { } // Parameters -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); /* diff --git a/htdocs/admin/oauth.php b/htdocs/admin/oauth.php index 0f7206a5d73..9652af8e72f 100644 --- a/htdocs/admin/oauth.php +++ b/htdocs/admin/oauth.php @@ -40,7 +40,7 @@ $langs->loadLangs(array('admin', 'oauth')); if (!$user->admin) accessforbidden(); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); /* diff --git a/htdocs/admin/oauthlogintokens.php b/htdocs/admin/oauthlogintokens.php index e284d4b4834..d603d28a927 100644 --- a/htdocs/admin/oauthlogintokens.php +++ b/htdocs/admin/oauthlogintokens.php @@ -33,7 +33,7 @@ $langs->loadLangs(array('admin', 'printing', 'oauth')); if (! $user->admin) accessforbidden(); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $mode = GETPOST('mode', 'alpha'); $value = GETPOST('value', 'alpha'); $varname = GETPOST('varname', 'alpha'); diff --git a/htdocs/admin/payment.php b/htdocs/admin/payment.php index 4e80fe55e25..c8b57e4d75a 100644 --- a/htdocs/admin/payment.php +++ b/htdocs/admin/payment.php @@ -31,7 +31,7 @@ $langs->loadLangs(array("admin", "other", "errors", "bills")); if (! $user->admin) accessforbidden(); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $value = GETPOST('value', 'alpha'); $label = GETPOST('label', 'alpha'); $scandir = GETPOST('scan_dir', 'alpha'); diff --git a/htdocs/admin/pdf.php b/htdocs/admin/pdf.php index 56c6f977827..bc8c4a8d01c 100644 --- a/htdocs/admin/pdf.php +++ b/htdocs/admin/pdf.php @@ -37,7 +37,7 @@ $langs->loadLangs(array('admin', 'languages', 'other', 'companies', 'products', if (! $user->admin) accessforbidden(); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $cancel = GETPOST('cancel', 'alpha'); diff --git a/htdocs/admin/prelevement.php b/htdocs/admin/prelevement.php index 144ec744d41..196d1101cfe 100644 --- a/htdocs/admin/prelevement.php +++ b/htdocs/admin/prelevement.php @@ -36,7 +36,7 @@ $langs->loadLangs(array("admin","withdrawals")); // Security check if (!$user->admin) accessforbidden(); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $type = 'paymentorder'; diff --git a/htdocs/admin/propal.php b/htdocs/admin/propal.php index 843de325e73..fc48136ab82 100644 --- a/htdocs/admin/propal.php +++ b/htdocs/admin/propal.php @@ -39,7 +39,7 @@ $langs->loadLangs(array("admin", "other", "errors", "propal")); if (! $user->admin) accessforbidden(); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $value = GETPOST('value', 'alpha'); $label = GETPOST('label', 'alpha'); $scandir = GETPOST('scan_dir', 'alpha'); diff --git a/htdocs/admin/receiptprinter.php b/htdocs/admin/receiptprinter.php index f532db76ce4..ded514650db 100644 --- a/htdocs/admin/receiptprinter.php +++ b/htdocs/admin/receiptprinter.php @@ -35,7 +35,7 @@ $langs->loadLangs(array("admin","receiptprinter")); if (! $user->admin) accessforbidden(); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $mode = GETPOST('mode', 'alpha'); $printername = GETPOST('printername', 'alpha'); diff --git a/htdocs/admin/resource.php b/htdocs/admin/resource.php index a5a0b5fbf3f..7d571d2ba7d 100644 --- a/htdocs/admin/resource.php +++ b/htdocs/admin/resource.php @@ -37,7 +37,7 @@ $langs->loadLangs(array("admin","resource")); if (!$user->admin) accessforbidden(); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); /* diff --git a/htdocs/admin/salaries.php b/htdocs/admin/salaries.php index 324ae1b0a17..82db4ce3b1a 100644 --- a/htdocs/admin/salaries.php +++ b/htdocs/admin/salaries.php @@ -35,7 +35,7 @@ $langs->loadLangs(array('admin', 'salaries')); if (!$user->admin) accessforbidden(); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); // Other parameters SALARIES_* $list = array ( diff --git a/htdocs/admin/stock.php b/htdocs/admin/stock.php index 83834aa5861..10f1e23c578 100644 --- a/htdocs/admin/stock.php +++ b/htdocs/admin/stock.php @@ -34,7 +34,7 @@ $langs->loadLangs(array("admin", "stocks")); // Securit check if (!$user->admin) accessforbidden(); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); /* diff --git a/htdocs/admin/supplier_payment.php b/htdocs/admin/supplier_payment.php index 49af65bd786..e5327a5c209 100644 --- a/htdocs/admin/supplier_payment.php +++ b/htdocs/admin/supplier_payment.php @@ -32,7 +32,7 @@ $langs->loadLangs(array("admin", "errors", "other", "bills", "orders")); if (! $user->admin) accessforbidden(); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $value = GETPOST('value', 'alpha'); $label = GETPOST('label', 'alpha'); $scandir = GETPOST('scan_dir', 'alpha'); diff --git a/htdocs/admin/supplier_proposal.php b/htdocs/admin/supplier_proposal.php index e627068b692..c6d476b1a5b 100644 --- a/htdocs/admin/supplier_proposal.php +++ b/htdocs/admin/supplier_proposal.php @@ -34,7 +34,7 @@ $langs->loadLangs(array("admin", "errors", "other", "supplier_proposal")); if (! $user->admin) accessforbidden(); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $value = GETPOST('value', 'alpha'); $label = GETPOST('label', 'alpha'); $scandir = GETPOST('scan_dir', 'alpha'); diff --git a/htdocs/admin/taxes.php b/htdocs/admin/taxes.php index 113b0029fdd..e527aff3dde 100644 --- a/htdocs/admin/taxes.php +++ b/htdocs/admin/taxes.php @@ -34,7 +34,7 @@ $langs->loadLangs(array('admin', 'objects', 'companies', 'products')); if (!$user->admin) accessforbidden(); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); diff --git a/htdocs/admin/ticket.php b/htdocs/admin/ticket.php index 31e2d8f219a..364b8fd1f96 100644 --- a/htdocs/admin/ticket.php +++ b/htdocs/admin/ticket.php @@ -37,7 +37,7 @@ if (!$user->admin) { // Parameters $value = GETPOST('value', 'alpha'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $label = GETPOST('label', 'alpha'); $scandir = GETPOST('scandir', 'alpha'); $type = 'ticket'; diff --git a/htdocs/admin/ticket_extrafields.php b/htdocs/admin/ticket_extrafields.php index 3c65fcf693e..f2c92db872f 100644 --- a/htdocs/admin/ticket_extrafields.php +++ b/htdocs/admin/ticket_extrafields.php @@ -39,7 +39,7 @@ foreach ($tmptype2label as $key => $val) { $type2label[$key] = $langs->trans($val); } -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $attrname = GETPOST('attrname', 'alpha'); $elementtype = 'ticket'; //Must be the $table_element of the class that manage extrafield diff --git a/htdocs/admin/ticket_public.php b/htdocs/admin/ticket_public.php index ec36d3f873d..4409b1fc4a6 100644 --- a/htdocs/admin/ticket_public.php +++ b/htdocs/admin/ticket_public.php @@ -37,7 +37,7 @@ if (!$user->admin) { // Parameters $value = GETPOST('value', 'alpha'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $label = GETPOST('label', 'alpha'); $scandir = GETPOST('scandir', 'alpha'); $type = 'ticket'; diff --git a/htdocs/admin/user.php b/htdocs/admin/user.php index f73c3d4ecf3..1f9e72e1f5d 100644 --- a/htdocs/admin/user.php +++ b/htdocs/admin/user.php @@ -38,7 +38,7 @@ if (! $user->admin) accessforbidden(); $extrafields = new ExtraFields($db); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $backtopage = GETPOST('backtopage', 'alpha'); $value = GETPOST('value', 'alpha'); diff --git a/htdocs/admin/usergroup.php b/htdocs/admin/usergroup.php index db57fa9730a..78d9e739766 100644 --- a/htdocs/admin/usergroup.php +++ b/htdocs/admin/usergroup.php @@ -39,7 +39,7 @@ if (! $user->admin) accessforbidden(); $extrafields = new ExtraFields($db); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $value = GETPOST('value', 'alpha'); $type='group'; diff --git a/htdocs/admin/workflow.php b/htdocs/admin/workflow.php index 806f53c463c..4dcfb81f8bc 100644 --- a/htdocs/admin/workflow.php +++ b/htdocs/admin/workflow.php @@ -32,7 +32,7 @@ $langs->loadLangs(array("admin","workflow","propal","workflow","orders","supplie if (! $user->admin) accessforbidden(); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); /* diff --git a/htdocs/asset/admin/setup.php b/htdocs/asset/admin/setup.php index 83ccadc7e1f..08d0f1ef34a 100644 --- a/htdocs/asset/admin/setup.php +++ b/htdocs/asset/admin/setup.php @@ -35,7 +35,7 @@ $langs->loadLangs(array("admin", "assets")); if (! $user->admin) accessforbidden(); // Parameters -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $backtopage = GETPOST('backtopage', 'alpha'); $arrayofparameters=array('FIXEDASSETS_MYPARAM1'=>array('css'=>'minwidth200'), 'FIXEDASSETS_MYPARAM2'=>array('css'=>'minwidth500')); diff --git a/htdocs/asset/type.php b/htdocs/asset/type.php index 303d05b298b..8e3d2d69af7 100644 --- a/htdocs/asset/type.php +++ b/htdocs/asset/type.php @@ -34,7 +34,7 @@ if (! empty($conf->accounting->enabled)) require_once DOL_DOCUMENT_ROOT.'/accoun $langs->load("assets"); $rowid = GETPOST('rowid', 'int'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $cancel = GETPOST('cancel', 'alpha'); $backtopage = GETPOST('backtopage', 'alpha'); diff --git a/htdocs/blockedlog/admin/blockedlog.php b/htdocs/blockedlog/admin/blockedlog.php index 25e983887df..3a5272e8138 100644 --- a/htdocs/blockedlog/admin/blockedlog.php +++ b/htdocs/blockedlog/admin/blockedlog.php @@ -32,7 +32,7 @@ $langs->loadLangs(array("admin","other","blockedlog")); if (! $user->admin || empty($conf->blockedlog->enabled)) accessforbidden(); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $backtopage = GETPOST('backtopage', 'alpha'); diff --git a/htdocs/blockedlog/admin/blockedlog_list.php b/htdocs/blockedlog/admin/blockedlog_list.php index 2a7bee7335f..77c15ec149e 100644 --- a/htdocs/blockedlog/admin/blockedlog_list.php +++ b/htdocs/blockedlog/admin/blockedlog_list.php @@ -35,7 +35,7 @@ $langs->loadLangs(array("admin", "other", "blockedlog", "bills")); if ((! $user->admin && ! $user->rights->blockedlog->read) || empty($conf->blockedlog->enabled)) accessforbidden(); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $contextpage= GETPOST('contextpage', 'aZ')?GETPOST('contextpage', 'aZ'):'blockedloglist'; // To manage different context of search $backtopage = GETPOST('backtopage', 'alpha'); // Go back to a dedicated page $optioncss = GETPOST('optioncss', 'aZ'); // Option for the css output (always '' except when 'print') diff --git a/htdocs/blockedlog/ajax/block-add.php b/htdocs/blockedlog/ajax/block-add.php index 91d96def177..94dc2c09a6a 100644 --- a/htdocs/blockedlog/ajax/block-add.php +++ b/htdocs/blockedlog/ajax/block-add.php @@ -34,7 +34,7 @@ $res=require '../../main.inc.php'; $id = GETPOST('id', 'int'); $element = GETPOST('element', 'alpha'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); if ($element === 'facture') { require_once DOL_DOCUMENT_ROOT.'/blockedlog/class/blockedlog.class.php'; diff --git a/htdocs/bom/admin/setup.php b/htdocs/bom/admin/setup.php index a484718ac32..7371f14d742 100644 --- a/htdocs/bom/admin/setup.php +++ b/htdocs/bom/admin/setup.php @@ -37,7 +37,7 @@ $langs->loadLangs(array("admin", "mrp")); if (! $user->admin) accessforbidden(); // Parameters -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $backtopage = GETPOST('backtopage', 'alpha'); $arrayofparameters=array( diff --git a/htdocs/cashdesk/facturation_verif.php b/htdocs/cashdesk/facturation_verif.php index 6dbbdd4f900..2a314d21447 100644 --- a/htdocs/cashdesk/facturation_verif.php +++ b/htdocs/cashdesk/facturation_verif.php @@ -29,7 +29,7 @@ require_once DOL_DOCUMENT_ROOT.'/cashdesk/class/Facturation.class.php'; require_once DOL_DOCUMENT_ROOT.'/societe/class/societe.class.php'; require_once DOL_DOCUMENT_ROOT.'/product/class/product.class.php'; -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $obj_facturation = unserialize($_SESSION['serObjFacturation']); unset($_SESSION['serObjFacturation']); diff --git a/htdocs/categories/traduction.php b/htdocs/categories/traduction.php index 202d128182f..1124158819e 100644 --- a/htdocs/categories/traduction.php +++ b/htdocs/categories/traduction.php @@ -37,7 +37,7 @@ $langs->loadLangs(array('categories', 'languages')); $id = GETPOST('id', 'int'); $ref = GETPOST('ref', 'alpha'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $cancel = GETPOST('cancel', 'alpha'); $type = GETPOST('type', 'aZ09'); diff --git a/htdocs/comm/propal/card.php b/htdocs/comm/propal/card.php index 1f31ae67d19..ad3af668418 100644 --- a/htdocs/comm/propal/card.php +++ b/htdocs/comm/propal/card.php @@ -68,7 +68,7 @@ $error = 0; $id = GETPOST('id', 'int'); $ref = GETPOST('ref', 'alpha'); $socid = GETPOST('socid', 'int'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $cancel = GETPOST('cancel', 'alpha'); $origin = GETPOST('origin', 'alpha'); $originid = GETPOST('originid', 'int'); diff --git a/htdocs/commande/card.php b/htdocs/commande/card.php index 24af2adce15..aa9f7a75c7f 100644 --- a/htdocs/commande/card.php +++ b/htdocs/commande/card.php @@ -66,7 +66,7 @@ if (! empty($conf->productbatch->enabled)) $langs->load("productbatch"); $id = (GETPOST('id', 'int') ? GETPOST('id', 'int') : GETPOST('orderid', 'int')); $ref = GETPOST('ref', 'alpha'); $socid = GETPOST('socid', 'int'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $cancel = GETPOST('cancel', 'alpha'); $confirm = GETPOST('confirm', 'alpha'); $lineid = GETPOST('lineid', 'int'); diff --git a/htdocs/compta/bank/document.php b/htdocs/compta/bank/document.php index 5b887f0bd8e..a0ea3220f0c 100644 --- a/htdocs/compta/bank/document.php +++ b/htdocs/compta/bank/document.php @@ -36,7 +36,7 @@ $langs->loadLangs(array('banks', 'companies', 'other')); $id = (GETPOST('id', 'int') ? GETPOST('id', 'int') : GETPOST('account', 'int')); $ref = GETPOST('ref', 'alpha'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $confirm = GETPOST('confirm', 'alpha'); $mesg = ''; diff --git a/htdocs/compta/bank/transfer.php b/htdocs/compta/bank/transfer.php index 199b1f9c08d..276640c3eb5 100644 --- a/htdocs/compta/bank/transfer.php +++ b/htdocs/compta/bank/transfer.php @@ -37,7 +37,7 @@ $langs->loadLangs(array("banks", "categories", "multicurrency")); if (! $user->rights->banque->transfer) accessforbidden(); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $error = 0; diff --git a/htdocs/compta/bank/various_payment/document.php b/htdocs/compta/bank/various_payment/document.php index 3d37b7e7de6..ec1f5d7bdcb 100644 --- a/htdocs/compta/bank/various_payment/document.php +++ b/htdocs/compta/bank/various_payment/document.php @@ -34,7 +34,7 @@ $langs->loadLangs(array("compta", "banks", "bills", "users", "accountancy")); $id = GETPOST('id', 'int'); $ref = GETPOST('ref', 'alpha'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $confirm = GETPOST('confirm', 'alpha'); // Security check diff --git a/htdocs/compta/deplacement/card.php b/htdocs/compta/deplacement/card.php index 9602216b955..b1696371339 100644 --- a/htdocs/compta/deplacement/card.php +++ b/htdocs/compta/deplacement/card.php @@ -43,7 +43,7 @@ $id = GETPOST('id', 'int'); if ($user->societe_id) $socid=$user->societe_id; $result = restrictedArea($user, 'deplacement', $id, ''); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $confirm = GETPOST('confirm', 'alpha'); $object = new Deplacement($db); diff --git a/htdocs/compta/deplacement/document.php b/htdocs/compta/deplacement/document.php index 8cba95e283b..92ae68da191 100644 --- a/htdocs/compta/deplacement/document.php +++ b/htdocs/compta/deplacement/document.php @@ -39,7 +39,7 @@ $langs->loadLangs(array('other', 'trips', 'companies', 'interventions')); $id = GETPOST('id', 'int'); $ref = GETPOST('ref', 'alpha'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $confirm = GETPOST('confirm', 'alpha'); // Security check diff --git a/htdocs/compta/facture/card.php b/htdocs/compta/facture/card.php index 49f92826259..1375974a483 100644 --- a/htdocs/compta/facture/card.php +++ b/htdocs/compta/facture/card.php @@ -75,7 +75,7 @@ $projectid = (GETPOST('projectid', 'int') ? GETPOST('projectid', 'int') : 0); $id = (GETPOST('id', 'int') ? GETPOST('id', 'int') : GETPOST('facid', 'int')); // For backward compatibility $ref = GETPOST('ref', 'alpha'); $socid = GETPOST('socid', 'int'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $confirm = GETPOST('confirm', 'alpha'); $cancel = GETPOST('cancel', 'alpha'); $lineid = GETPOST('lineid', 'int'); diff --git a/htdocs/compta/facture/contact.php b/htdocs/compta/facture/contact.php index 64145158052..30b09534009 100644 --- a/htdocs/compta/facture/contact.php +++ b/htdocs/compta/facture/contact.php @@ -42,7 +42,7 @@ $id = (GETPOST('id')?GETPOST('id', 'int'):GETPOST('facid', 'int')); // For $ref = GETPOST('ref', 'alpha'); $lineid = GETPOST('lineid', 'int'); $socid = GETPOST('socid', 'int'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); // Security check if ($user->societe_id) $socid=$user->societe_id; diff --git a/htdocs/compta/prelevement/card.php b/htdocs/compta/prelevement/card.php index bf95a35f1fd..265057f502e 100644 --- a/htdocs/compta/prelevement/card.php +++ b/htdocs/compta/prelevement/card.php @@ -40,7 +40,7 @@ accessforbidden(); if ($user->societe_id > 0) accessforbidden(); // Get supervariables -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $id = GETPOST('id', 'int'); $ref = GETPOST('ref', 'alpha'); $socid = GETPOST('socid', 'int'); diff --git a/htdocs/compta/prelevement/create.php b/htdocs/compta/prelevement/create.php index eec72ee4b1e..e4b5781d74e 100644 --- a/htdocs/compta/prelevement/create.php +++ b/htdocs/compta/prelevement/create.php @@ -44,7 +44,7 @@ if ($user->societe_id) $socid=$user->societe_id; $result = restrictedArea($user, 'prelevement', '', '', 'bons'); // Get supervariables -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $mode = GETPOST('mode', 'alpha')?GETPOST('mode', 'alpha'):'real'; $format = GETPOST('format', 'aZ09'); $limit = GETPOST('limit', 'int')?GETPOST('limit', 'int'):$conf->liste_limit; diff --git a/htdocs/compta/prelevement/ligne.php b/htdocs/compta/prelevement/ligne.php index 8b11716bf6f..98aaa4eb1af 100644 --- a/htdocs/compta/prelevement/ligne.php +++ b/htdocs/compta/prelevement/ligne.php @@ -39,7 +39,7 @@ $langs->loadlangs(array('banks', 'categories', 'bills', 'withdrawals')); if ($user->societe_id > 0) accessforbidden(); // Get supervariables -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $id = GETPOST('id', 'int'); $socid = GETPOST('socid', 'int'); diff --git a/htdocs/compta/salaries/document.php b/htdocs/compta/salaries/document.php index 3ff92d23c1c..7987d31300e 100644 --- a/htdocs/compta/salaries/document.php +++ b/htdocs/compta/salaries/document.php @@ -40,7 +40,7 @@ $langs->loadLangs(array("compta","bills","users","salaries","hrm")); $id = GETPOST('id', 'int'); $ref = GETPOST('ref', 'alpha'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $confirm = GETPOST('confirm', 'alpha'); // Security check diff --git a/htdocs/core/modules/oauth/github_oauthcallback.php b/htdocs/core/modules/oauth/github_oauthcallback.php index e968a348fd7..3365bd859b4 100644 --- a/htdocs/core/modules/oauth/github_oauthcallback.php +++ b/htdocs/core/modules/oauth/github_oauthcallback.php @@ -35,7 +35,7 @@ $urlwithroot=$urlwithouturlroot.DOL_URL_ROOT; // This is to use external domain -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $backtourl = GETPOST('backtourl', 'alpha'); diff --git a/htdocs/core/modules/oauth/google_oauthcallback.php b/htdocs/core/modules/oauth/google_oauthcallback.php index 4462b6d263d..54f3db66a48 100644 --- a/htdocs/core/modules/oauth/google_oauthcallback.php +++ b/htdocs/core/modules/oauth/google_oauthcallback.php @@ -35,7 +35,7 @@ $urlwithroot=$urlwithouturlroot.DOL_URL_ROOT; // This is to use external domain -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $backtourl = GETPOST('backtourl', 'alpha'); diff --git a/htdocs/core/modules/oauth/stripelive_oauthcallback.php b/htdocs/core/modules/oauth/stripelive_oauthcallback.php index a32223105b9..affdab522dd 100644 --- a/htdocs/core/modules/oauth/stripelive_oauthcallback.php +++ b/htdocs/core/modules/oauth/stripelive_oauthcallback.php @@ -35,7 +35,7 @@ $urlwithroot=$urlwithouturlroot.DOL_URL_ROOT; // This is to use external domain -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $backtourl = GETPOST('backtourl', 'alpha'); diff --git a/htdocs/core/modules/oauth/stripetest_oauthcallback.php b/htdocs/core/modules/oauth/stripetest_oauthcallback.php index 55b532f231c..a53ce2cd393 100644 --- a/htdocs/core/modules/oauth/stripetest_oauthcallback.php +++ b/htdocs/core/modules/oauth/stripetest_oauthcallback.php @@ -35,7 +35,7 @@ $urlwithroot=$urlwithouturlroot.DOL_URL_ROOT; // This is to use external domain -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $backtourl = GETPOST('backtourl', 'alpha'); diff --git a/htdocs/datapolicy/admin/setup.php b/htdocs/datapolicy/admin/setup.php index ab737f679ca..468d612c67d 100644 --- a/htdocs/datapolicy/admin/setup.php +++ b/htdocs/datapolicy/admin/setup.php @@ -36,7 +36,7 @@ $langs->load('datapolicy@datapolicy'); if (! $user->admin) accessforbidden(); // Parameters -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $backtopage = GETPOST('backtopage', 'alpha'); $arrayofparameters=array( diff --git a/htdocs/datapolicy/admin/setupmail.php b/htdocs/datapolicy/admin/setupmail.php index f50fa08d31c..f3dd6eacb6f 100644 --- a/htdocs/datapolicy/admin/setupmail.php +++ b/htdocs/datapolicy/admin/setupmail.php @@ -29,7 +29,7 @@ $langs->loadLangs(array('admin', 'companies', 'members', 'datapolicy')); // Parameters -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $backtopage = GETPOST('backtopage', 'alpha'); $formadmin = new FormAdmin($db); diff --git a/htdocs/datapolicy/public/index.php b/htdocs/datapolicy/public/index.php index 6c78f380b93..4c7f0307c16 100644 --- a/htdocs/datapolicy/public/index.php +++ b/htdocs/datapolicy/public/index.php @@ -39,7 +39,7 @@ require_once DOL_DOCUMENT_ROOT.'/datapolicy/class/datapolicy.class.php'; $idc = GETPOST('c', 'int'); $ids = GETPOST('s', 'int'); $ida = GETPOST('a', 'int'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $lang = GETPOST('l', 'alpha'); $code = GETPOST('key', 'alpha'); diff --git a/htdocs/don/admin/donation.php b/htdocs/don/admin/donation.php index 0662c367a40..d0e10200b7c 100644 --- a/htdocs/don/admin/donation.php +++ b/htdocs/don/admin/donation.php @@ -37,7 +37,7 @@ $langs->loadLangs(array('admin', 'donations', 'accountancy', 'other')); if (!$user->admin) accessforbidden(); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $value = GETPOST('value'); $label = GETPOST('label', 'alpha'); $scandir = GETPOST('scan_dir', 'alpha'); diff --git a/htdocs/don/document.php b/htdocs/don/document.php index fcb3c87ad9d..b11a4bb9b6a 100644 --- a/htdocs/don/document.php +++ b/htdocs/don/document.php @@ -45,7 +45,7 @@ $langs->loadLangs(array("companies","other","donations")); $id = GETPOST('id', 'int'); $ref = GETPOST('ref', 'alpha'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $confirm = GETPOST('confirm', 'alpha'); $projectid = (GETPOST('projectid') ? GETPOST('projectid', 'int') : 0); diff --git a/htdocs/ecm/search.php b/htdocs/ecm/search.php index a5e296ae1e6..fb751120163 100644 --- a/htdocs/ecm/search.php +++ b/htdocs/ecm/search.php @@ -41,8 +41,8 @@ $user->getrights('ecm'); // Get parameters $socid = GETPOST('socid', 'int'); -$action = GETPOST('action', 'alpha'); -$section=GETPOST('section'); +$action = GETPOST('action', 'aZ09'); +$section = GETPOST('section'); if (! $section) $section=0; $module = GETPOST('module', 'alpha'); diff --git a/htdocs/expedition/shipment.php b/htdocs/expedition/shipment.php index 4c1e1b3adbf..a244bebc82f 100644 --- a/htdocs/expedition/shipment.php +++ b/htdocs/expedition/shipment.php @@ -46,7 +46,7 @@ $langs->loadLangs(array('orders',"companies","bills",'propal','deliveries','stoc $id = GETPOST('id', 'int'); // id of order $ref = GETPOST('ref', 'alpha'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $hookmanager->initHooks(array('ordershipmentcard')); diff --git a/htdocs/expensereport/document.php b/htdocs/expensereport/document.php index f5295118bda..ffc6d9e6585 100644 --- a/htdocs/expensereport/document.php +++ b/htdocs/expensereport/document.php @@ -39,7 +39,7 @@ $langs->loadLangs(array("other","trips","companies","interventions")); $id = GETPOST('id', 'int'); $ref = GETPOST('ref', 'alpha'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $confirm = GETPOST('confirm', 'alpha'); // Security check diff --git a/htdocs/externalsite/admin/externalsite.php b/htdocs/externalsite/admin/externalsite.php index d1fcb7ebe6c..e596cc9423a 100644 --- a/htdocs/externalsite/admin/externalsite.php +++ b/htdocs/externalsite/admin/externalsite.php @@ -40,7 +40,7 @@ $langs->loadLangs(array('admin', 'other', 'externalsite')); $def = array(); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); // Sauvegardes parametres if ($action == 'update') diff --git a/htdocs/fichinter/contact.php b/htdocs/fichinter/contact.php index d38bb7673b5..267bc849b67 100644 --- a/htdocs/fichinter/contact.php +++ b/htdocs/fichinter/contact.php @@ -36,7 +36,7 @@ $langs->loadLangs(array('interventions', 'sendings', 'companies')); $id = GETPOST('id', 'int'); $ref = GETPOST('ref', 'alpha'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); // Security check if ($user->societe_id) $socid=$user->societe_id; diff --git a/htdocs/fichinter/document.php b/htdocs/fichinter/document.php index d5aed88079a..cd548bc09d9 100644 --- a/htdocs/fichinter/document.php +++ b/htdocs/fichinter/document.php @@ -43,7 +43,7 @@ $langs->loadLangs(array('other', 'fichinter', 'companies', 'interventions')); $id = GETPOST('id', 'int'); $ref = GETPOST('ref', 'alpha'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $confirm = GETPOST('confirm', 'alpha'); // Security check diff --git a/htdocs/fourn/commande/document.php b/htdocs/fourn/commande/document.php index f933ecfdb5f..df1241d39fa 100644 --- a/htdocs/fourn/commande/document.php +++ b/htdocs/fourn/commande/document.php @@ -43,7 +43,7 @@ $langs->loadLangs(array("bills", "orders", "sendings", "companies", "deliveries" $id = GETPOST('id', 'int'); $ref = GETPOST('ref', 'alpha'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $confirm = GETPOST('confirm', 'alpha'); // Security check diff --git a/htdocs/fourn/commande/info.php b/htdocs/fourn/commande/info.php index 171449bc653..0a7ad8fc24c 100644 --- a/htdocs/fourn/commande/info.php +++ b/htdocs/fourn/commande/info.php @@ -38,7 +38,7 @@ $langs->loadLangs(array("suppliers", "orders", "companies", "stocks")); $id=GETPOST('id', 'int'); $ref=GETPOST('ref', 'alpha'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); if (GETPOST('actioncode', 'array')) { diff --git a/htdocs/fourn/commande/orderstoinvoice.php b/htdocs/fourn/commande/orderstoinvoice.php index 39f33bebb73..09aa966a1ef 100644 --- a/htdocs/fourn/commande/orderstoinvoice.php +++ b/htdocs/fourn/commande/orderstoinvoice.php @@ -49,7 +49,7 @@ if (! $user->rights->fournisseur->facture->creer) $id = (GETPOST('id') ? GETPOST('id', 'int') : GETPOST("facid")); // For backward compatibility $ref = GETPOST('ref', 'alpha'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $confirm = GETPOST('confirm', 'alpha'); $sref = GETPOST('sref'); $sref_client = GETPOST('sref_client'); diff --git a/htdocs/fourn/facture/note.php b/htdocs/fourn/facture/note.php index 808b2e28b4f..b8fe23271a3 100644 --- a/htdocs/fourn/facture/note.php +++ b/htdocs/fourn/facture/note.php @@ -37,7 +37,7 @@ $langs->loadLangs(array("bills", "companies")); $id = (GETPOST('id', 'int') ? GETPOST('id', 'int') : GETPOST('facid', 'int')); $ref = GETPOST('ref', 'alpha'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); // Security check if ($user->societe_id) $socid=$user->societe_id; diff --git a/htdocs/ftp/admin/ftpclient.php b/htdocs/ftp/admin/ftpclient.php index ff344c45809..c642daceaff 100644 --- a/htdocs/ftp/admin/ftpclient.php +++ b/htdocs/ftp/admin/ftpclient.php @@ -33,7 +33,7 @@ if (!$user->admin) accessforbidden(); $def = array(); $lastftpentry=0; -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $entry = GETPOST('numero_entry', 'alpha'); diff --git a/htdocs/holiday/document.php b/htdocs/holiday/document.php index 30803a9ecbc..9d1fc463f9c 100644 --- a/htdocs/holiday/document.php +++ b/htdocs/holiday/document.php @@ -41,7 +41,7 @@ $langs->loadLangs(array('other', 'holiday', 'companies')); $id = GETPOST('id', 'int'); $ref = GETPOST('ref', 'alpha'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $confirm = GETPOST('confirm', 'alpha'); // Security check diff --git a/htdocs/hrm/admin/admin_hrm.php b/htdocs/hrm/admin/admin_hrm.php index 8c231287892..ba3000b686a 100644 --- a/htdocs/hrm/admin/admin_hrm.php +++ b/htdocs/hrm/admin/admin_hrm.php @@ -30,7 +30,7 @@ $langs->loadLangs(array('admin', 'hrm')); if (! $user->admin) accessforbidden(); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); // Other parameters HRM_* $list = array ( @@ -42,15 +42,15 @@ $list = array ( */ if ($action == 'update') { $error = 0; - + foreach ($list as $constname) { $constvalue = GETPOST($constname, 'alpha'); - + if (! dolibarr_set_const($db, $constname, $constvalue, 'chaine', 0, '', $conf->entity)) { $error ++; } } - + if (! $error) { setEventMessages($langs->trans("SetupSaved"), null, 'mesgs'); } else { @@ -87,13 +87,13 @@ print "\n"; foreach ($list as $key) { $var = ! $var; - + print ''; - + // Param $label = $langs->trans($key); print ''; - + // Value print ''; print ''; diff --git a/htdocs/hrm/establishment/card.php b/htdocs/hrm/establishment/card.php index 071277bd501..d0506863b55 100644 --- a/htdocs/hrm/establishment/card.php +++ b/htdocs/hrm/establishment/card.php @@ -33,7 +33,7 @@ if (! $user->admin) accessforbidden(); $error=0; -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $cancel = GETPOST('cancel', 'alpha'); $confirm = GETPOST('confirm', 'alpha'); $id = GETPOST('id', 'int'); diff --git a/htdocs/modulebuilder/admin/setup.php b/htdocs/modulebuilder/admin/setup.php index c409d18b2f1..51c2ffb41b7 100644 --- a/htdocs/modulebuilder/admin/setup.php +++ b/htdocs/modulebuilder/admin/setup.php @@ -29,7 +29,7 @@ $langs->loadLangs(array("admin", "other", "modulebuilder")); if (!$user->admin || empty($conf->modulebuilder->enabled)) accessforbidden(); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $backtopage = GETPOST('backtopage', 'alpha'); /* diff --git a/htdocs/modulebuilder/template/admin/about.php b/htdocs/modulebuilder/template/admin/about.php index e580c6c7457..1ddcd3126d8 100644 --- a/htdocs/modulebuilder/template/admin/about.php +++ b/htdocs/modulebuilder/template/admin/about.php @@ -48,7 +48,7 @@ $langs->loadLangs(array("errors","admin","mymodule@mymodule")); if (! $user->admin) accessforbidden(); // Parameters -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $backtopage = GETPOST('backtopage', 'alpha'); diff --git a/htdocs/modulebuilder/template/admin/setup.php b/htdocs/modulebuilder/template/admin/setup.php index fd3ff41c799..a18d89a83bc 100644 --- a/htdocs/modulebuilder/template/admin/setup.php +++ b/htdocs/modulebuilder/template/admin/setup.php @@ -50,7 +50,7 @@ $langs->loadLangs(array("admin", "mymodule@mymodule")); if (! $user->admin) accessforbidden(); // Parameters -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $backtopage = GETPOST('backtopage', 'alpha'); $arrayofparameters=array( diff --git a/htdocs/paybox/admin/paybox.php b/htdocs/paybox/admin/paybox.php index 8f946a30001..ea309e32e3e 100644 --- a/htdocs/paybox/admin/paybox.php +++ b/htdocs/paybox/admin/paybox.php @@ -35,7 +35,7 @@ $langs->loadLangs(array('admin', 'other', 'paybox', 'paypal')); if (!$user->admin) accessforbidden(); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); if ($action == 'setvalue' && $user->admin) diff --git a/htdocs/paypal/admin/paypal.php b/htdocs/paypal/admin/paypal.php index 545fe9c368c..4ef5e2041dc 100644 --- a/htdocs/paypal/admin/paypal.php +++ b/htdocs/paypal/admin/paypal.php @@ -37,7 +37,7 @@ $langs->loadLangs(array('admin', 'other', 'paypal', 'paybox')); if (! $user->admin) accessforbidden(); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); if ($action == 'setvalue' && $user->admin) { diff --git a/htdocs/printing/admin/printing.php b/htdocs/printing/admin/printing.php index 289c999f6d0..780bd59f09d 100644 --- a/htdocs/printing/admin/printing.php +++ b/htdocs/printing/admin/printing.php @@ -35,7 +35,7 @@ $langs->loadLangs(array('admin', 'printing', 'oauth')); if (! $user->admin) accessforbidden(); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $mode = GETPOST('mode', 'alpha'); $value = GETPOST('value', 'alpha', 0, null, null, 1); // The value may be __google__docs so we force disable of replace $varname = GETPOST('varname', 'alpha'); diff --git a/htdocs/product/admin/dynamic_prices.php b/htdocs/product/admin/dynamic_prices.php index 91ef33694c5..05e6a8adf4b 100644 --- a/htdocs/product/admin/dynamic_prices.php +++ b/htdocs/product/admin/dynamic_prices.php @@ -31,7 +31,7 @@ require_once DOL_DOCUMENT_ROOT.'/product/dynamic_price/class/price_global_variab $langs->load("products"); $id = GETPOST('id', 'int'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $save = GETPOST('save', 'alpha'); $cancel = GETPOST('cancel', 'alpha'); $selection = GETPOST('selection', 'int'); diff --git a/htdocs/product/admin/product.php b/htdocs/product/admin/product.php index fff393ffc2a..87b883e34a8 100644 --- a/htdocs/product/admin/product.php +++ b/htdocs/product/admin/product.php @@ -43,7 +43,7 @@ $langs->loadLangs(array("admin","products")); if (! $user->admin || (empty($conf->product->enabled) && empty($conf->service->enabled))) accessforbidden(); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $value = GETPOST('value', 'alpha'); $label = GETPOST('label', 'alpha'); $scandir = GETPOST('scan_dir', 'alpha'); diff --git a/htdocs/product/admin/product_tools.php b/htdocs/product/admin/product_tools.php index d68b395d5ad..77661a2d175 100644 --- a/htdocs/product/admin/product_tools.php +++ b/htdocs/product/admin/product_tools.php @@ -37,7 +37,7 @@ $langs->loadLangs(array('admin', 'products')); // Security check if (! $user->admin) accessforbidden(); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $oldvatrate=GETPOST('oldvatrate', 'alpha'); $newvatrate=GETPOST('newvatrate', 'alpha'); //$price_base_type=GETPOST('price_base_type'); diff --git a/htdocs/product/ajax/products.php b/htdocs/product/ajax/products.php index ca2ce7baeb8..a863a1ecdaa 100644 --- a/htdocs/product/ajax/products.php +++ b/htdocs/product/ajax/products.php @@ -39,7 +39,7 @@ $mode = GETPOST('mode', 'int'); $status = ((GETPOST('status', 'int') >= 0) ? GETPOST('status', 'int') : - 1); $outjson = (GETPOST('outjson', 'int') ? GETPOST('outjson', 'int') : 0); $price_level = GETPOST('price_level', 'int'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $id = GETPOST('id', 'int'); $price_by_qty_rowid = GETPOST('pbq', 'int'); $finished = GETPOST('finished', 'int'); diff --git a/htdocs/product/document.php b/htdocs/product/document.php index 94db650a519..869754e1d4e 100644 --- a/htdocs/product/document.php +++ b/htdocs/product/document.php @@ -42,7 +42,7 @@ $langs->loadLangs(array('other', 'products')); $id = GETPOST('id', 'int'); $ref = GETPOST('ref', 'alpha'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $confirm= GETPOST('confirm', 'alpha'); // Security check diff --git a/htdocs/product/dynamic_price/editor.php b/htdocs/product/dynamic_price/editor.php index 05c6491ae6e..e667c469670 100644 --- a/htdocs/product/dynamic_price/editor.php +++ b/htdocs/product/dynamic_price/editor.php @@ -33,7 +33,7 @@ $langs->loadLangs(array('products', 'accountancy')); //"Back" translation is on $id = GETPOST('id', 'int'); $eid = GETPOST('eid', 'int'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $title = GETPOST('expression_title', 'alpha'); $expression = GETPOST('expression'); $tab = GETPOST('tab', 'alpha'); diff --git a/htdocs/product/price.php b/htdocs/product/price.php index 6bc7033ec23..9e4fb9190ef 100644 --- a/htdocs/product/price.php +++ b/htdocs/product/price.php @@ -53,7 +53,7 @@ $mesg=''; $error=0; $errors=array(); $id = GETPOST('id', 'int'); $ref = GETPOST('ref', 'alpha'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $cancel = GETPOST('cancel', 'alpha'); $eid = GETPOST('eid', 'int'); @@ -1722,7 +1722,7 @@ if (! empty($conf->global->PRODUIT_CUSTOMER_PRICES)) print ' '; print $langs->trans('ForceUpdateChildPriceSoc'); print ''; - + print ''; print '     '; print ''; @@ -1816,7 +1816,7 @@ if (! empty($conf->global->PRODUIT_CUSTOMER_PRICES)) print ' '; print $langs->trans('ForceUpdateChildPriceSoc'); print ""; - + print ''; print '     '; print ''; diff --git a/htdocs/product/stock/massstockmove.php b/htdocs/product/stock/massstockmove.php index bae6ff55ef7..121fa738bc6 100644 --- a/htdocs/product/stock/massstockmove.php +++ b/htdocs/product/stock/massstockmove.php @@ -42,7 +42,7 @@ $result=restrictedArea($user, 'produit|service'); //checks if a product has been ordered -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $id_product = GETPOST('productid', 'int'); $id_sw = GETPOST('id_sw', 'int'); $id_tw = GETPOST('id_tw', 'int'); diff --git a/htdocs/product/stock/productlot_document.php b/htdocs/product/stock/productlot_document.php index 720b28f5d39..ac8729103d2 100644 --- a/htdocs/product/stock/productlot_document.php +++ b/htdocs/product/stock/productlot_document.php @@ -42,7 +42,7 @@ $langs->loadLangs(array('other', 'products')); $id = GETPOST('id', 'int'); $ref = GETPOST('ref', 'alpha'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $confirm= GETPOST('confirm', 'alpha'); // Security check diff --git a/htdocs/product/stock/productlot_list.php b/htdocs/product/stock/productlot_list.php index d0d7b5da8e6..f38b8776cdd 100644 --- a/htdocs/product/stock/productlot_list.php +++ b/htdocs/product/stock/productlot_list.php @@ -36,7 +36,7 @@ $langs->loadLangs(array('stocks', 'productbatch', 'other', 'users')); // Get parameters $id = GETPOST('id', 'int'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $backtopage = GETPOST('backtopage', 'alpha'); $myparam = GETPOST('myparam', 'alpha'); $toselect = GETPOST('toselect', 'array'); diff --git a/htdocs/product/stock/replenish.php b/htdocs/product/stock/replenish.php index 770904fb4a0..045cea21892 100644 --- a/htdocs/product/stock/replenish.php +++ b/htdocs/product/stock/replenish.php @@ -48,7 +48,7 @@ $hookmanager->initHooks(array('stockreplenishlist')); //checks if a product has been ordered -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $sref = GETPOST('sref', 'alpha'); $snom = GETPOST('snom', 'alpha'); $sall = trim((GETPOST('search_all', 'alphanohtml')!='')?GETPOST('search_all', 'alphanohtml'):GETPOST('sall', 'alphanohtml')); diff --git a/htdocs/projet/admin/project.php b/htdocs/projet/admin/project.php index 4e76f954717..f678483192a 100644 --- a/htdocs/projet/admin/project.php +++ b/htdocs/projet/admin/project.php @@ -39,7 +39,7 @@ $langs->loadLangs(array('admin', 'errors', 'other', 'projects')); if (!$user->admin) accessforbidden(); $value = GETPOST('value', 'alpha'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $label = GETPOST('label', 'alpha'); $scandir = GETPOST('scan_dir', 'alpha'); $type='project'; diff --git a/htdocs/projet/contact.php b/htdocs/projet/contact.php index 8bed0a87adc..72074024073 100644 --- a/htdocs/projet/contact.php +++ b/htdocs/projet/contact.php @@ -35,7 +35,7 @@ $id = GETPOST('id', 'int'); $ref = GETPOST('ref', 'alpha'); $lineid = GETPOST('lineid', 'int'); $socid = GETPOST('socid', 'int'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $mine = GETPOST('mode')=='mine' ? 1 : 0; //if (! $user->rights->projet->all->lire) $mine=1; // Special for projects diff --git a/htdocs/projet/tasks.php b/htdocs/projet/tasks.php index 6fd6e8ac8ec..349468bc3d0 100644 --- a/htdocs/projet/tasks.php +++ b/htdocs/projet/tasks.php @@ -35,7 +35,7 @@ require_once DOL_DOCUMENT_ROOT.'/contact/class/contact.class.php'; // Load translation files required by the page $langs->loadLangs(array('projects', 'users', 'companies')); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $massaction=GETPOST('massaction', 'alpha'); $show_files=GETPOST('show_files', 'int'); $confirm=GETPOST('confirm', 'alpha'); diff --git a/htdocs/public/ticket/create_ticket.php b/htdocs/public/ticket/create_ticket.php index a6d18937da4..3321ee4d65a 100644 --- a/htdocs/public/ticket/create_ticket.php +++ b/htdocs/public/ticket/create_ticket.php @@ -46,7 +46,7 @@ $langs->loadLangs(array('companies', 'other', 'mails', 'ticket')); $id = GETPOST('id', 'int'); $msg_id = GETPOST('msg_id', 'int'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $object = new Ticket($db); diff --git a/htdocs/public/ticket/index.php b/htdocs/public/ticket/index.php index b7f7bd71088..5221fa05001 100644 --- a/htdocs/public/ticket/index.php +++ b/htdocs/public/ticket/index.php @@ -45,7 +45,7 @@ $langs->loadLangs(array('companies', 'other', 'ticket', 'errors')); // Get parameters $track_id = GETPOST('track_id', 'alpha'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); /* diff --git a/htdocs/resource/contact.php b/htdocs/resource/contact.php index 3d2d1fef60b..761a8014abf 100644 --- a/htdocs/resource/contact.php +++ b/htdocs/resource/contact.php @@ -36,7 +36,7 @@ $langs->loadLangs(array('resource', 'sendings', 'companies')); $id = GETPOST('id', 'int'); $ref = GETPOST('ref', 'alpha'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); // Security check if ($user->societe_id) $socid=$user->societe_id; diff --git a/htdocs/resource/document.php b/htdocs/resource/document.php index 5e6227a9e1d..bc94597c60c 100644 --- a/htdocs/resource/document.php +++ b/htdocs/resource/document.php @@ -40,7 +40,7 @@ $langs->loadLangs(array('other', 'resource', 'companies')); $id = GETPOST('id', 'int'); $ref = GETPOST('ref', 'alpha'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $confirm = GETPOST('confirm', 'alpha'); // Security check diff --git a/htdocs/societe/price.php b/htdocs/societe/price.php index 039c1fe1bd5..2387ce45e42 100644 --- a/htdocs/societe/price.php +++ b/htdocs/societe/price.php @@ -40,7 +40,7 @@ if (! empty($conf->global->PRODUIT_CUSTOMER_PRICES)) { $langs->loadLangs(array("products", "companies", "bills")); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $search_prod = GETPOST('search_prod', 'alpha'); $cancel = GETPOST('cancel', 'alpha'); diff --git a/htdocs/stripe/admin/stripe.php b/htdocs/stripe/admin/stripe.php index c3c008a5874..7ddab6858d5 100644 --- a/htdocs/stripe/admin/stripe.php +++ b/htdocs/stripe/admin/stripe.php @@ -39,7 +39,7 @@ $langs->loadLangs(array('admin', 'other', 'paypal', 'paybox', 'stripe')); if (! $user->admin) accessforbidden(); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); /* diff --git a/htdocs/supplier_proposal/card.php b/htdocs/supplier_proposal/card.php index 551a5f0616e..d8d47841f3d 100644 --- a/htdocs/supplier_proposal/card.php +++ b/htdocs/supplier_proposal/card.php @@ -57,7 +57,7 @@ $error = 0; $id = GETPOST('id', 'int'); $ref = GETPOST('ref', 'alpha'); $socid = GETPOST('socid', 'int'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $origin = GETPOST('origin', 'alpha'); $originid = GETPOST('originid', 'int'); $confirm = GETPOST('confirm', 'alpha'); diff --git a/htdocs/takepos/admin/about.php b/htdocs/takepos/admin/about.php index 27b5e51b03b..0f01b89c2b7 100644 --- a/htdocs/takepos/admin/about.php +++ b/htdocs/takepos/admin/about.php @@ -36,7 +36,7 @@ if (! $user->admin) { } // Parameters -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $backtopage = GETPOST('backtopage', 'alpha'); diff --git a/htdocs/takepos/ajax.php b/htdocs/takepos/ajax.php index 74f69618a0f..0ab88e15fd6 100644 --- a/htdocs/takepos/ajax.php +++ b/htdocs/takepos/ajax.php @@ -34,7 +34,7 @@ require '../main.inc.php'; // Load $user and permissions require_once DOL_DOCUMENT_ROOT.'/categories/class/categorie.class.php'; $category = GETPOST('category', 'alpha'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $term = GETPOST('term', 'alpha'); diff --git a/htdocs/takepos/floors.php b/htdocs/takepos/floors.php index a2a0f0bc4c0..8c754b1a6d4 100644 --- a/htdocs/takepos/floors.php +++ b/htdocs/takepos/floors.php @@ -38,7 +38,7 @@ $langs->loadLangs(array("bills","orders","commercial","cashdesk")); $floor=GETPOST('floor', 'int'); if ($floor=="") $floor=1; $id = GETPOST('id', 'int'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $left = GETPOST('left', 'alpha'); $top = GETPOST('top', 'alpha'); diff --git a/htdocs/takepos/freezone.php b/htdocs/takepos/freezone.php index b47d7114528..986cf2f5557 100644 --- a/htdocs/takepos/freezone.php +++ b/htdocs/takepos/freezone.php @@ -38,7 +38,7 @@ $langs->loadLangs(array("bills", "cashdesk")); $place = (GETPOST('place', 'int') > 0 ? GETPOST('place', 'int') : 0); // $place is id of table for Ba or Restaurant $idline = GETPOST('idline', 'int'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); /* @@ -72,4 +72,4 @@ if ($action=="addnote") echo ' - \ No newline at end of file + diff --git a/htdocs/takepos/invoice.php b/htdocs/takepos/invoice.php index 2b8b0f21921..822a033e888 100644 --- a/htdocs/takepos/invoice.php +++ b/htdocs/takepos/invoice.php @@ -40,7 +40,7 @@ require_once DOL_DOCUMENT_ROOT . '/core/class/html.form.class.php'; $langs->loadLangs(array("companies", "commercial", "bills", "cashdesk", "stocks")); $id = GETPOST('id', 'int'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $idproduct = GETPOST('idproduct', 'int'); $place = (GETPOST('place', 'int') > 0 ? GETPOST('place', 'int') : 0); // $place is id of table for Bar or Restaurant diff --git a/htdocs/takepos/takepos.php b/htdocs/takepos/takepos.php index 5af931c8fac..6e514e414ae 100644 --- a/htdocs/takepos/takepos.php +++ b/htdocs/takepos/takepos.php @@ -39,7 +39,7 @@ require_once DOL_DOCUMENT_ROOT.'/compta/facture/class/facture.class.php'; require_once DOL_DOCUMENT_ROOT.'/core/class/hookmanager.class.php'; $place = (GETPOST('place', 'int') > 0 ? GETPOST('place', 'int') : 0); // $place is id of table for Ba or Restaurant -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $setterminal = GETPOST('setterminal', 'int'); if ($setterminal>0) diff --git a/htdocs/ticket/class/actions_ticket.class.php b/htdocs/ticket/class/actions_ticket.class.php index 3e9daabec75..d17da5e5ee3 100644 --- a/htdocs/ticket/class/actions_ticket.class.php +++ b/htdocs/ticket/class/actions_ticket.class.php @@ -253,7 +253,7 @@ class ActionsTicket $ret = $this->dao->loadCacheMsgsTicket(); if ($ret < 0) dol_print_error($this->dao->db); - $action = GETPOST('action', 'alpha'); + $action = GETPOST('action', 'aZ09'); $this->viewTicketOriginalMessage($user, $action, $object); diff --git a/htdocs/user/group/card.php b/htdocs/user/group/card.php index 20b0aee410f..8668d516662 100644 --- a/htdocs/user/group/card.php +++ b/htdocs/user/group/card.php @@ -50,7 +50,7 @@ if (! empty($conf->global->MAIN_USE_ADVANCED_PERMS)) $langs->loadLangs(array('users', 'other')); $id = GETPOST('id', 'int'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $cancel = GETPOST('cancel', 'aZ09'); $confirm = GETPOST('confirm', 'alpha'); $contextpage = GETPOST('contextpage', 'aZ')?GETPOST('contextpage', 'aZ'):'groupcard'; // To manage different context of search diff --git a/htdocs/user/group/ldap.php b/htdocs/user/group/ldap.php index 2fd4ef7e14c..009112cc008 100644 --- a/htdocs/user/group/ldap.php +++ b/htdocs/user/group/ldap.php @@ -46,7 +46,7 @@ if (! empty($conf->global->MAIN_USE_ADVANCED_PERMS)) } $id = GETPOST('id', 'int'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $socid=0; if ($user->societe_id > 0) $socid = $user->societe_id; diff --git a/htdocs/user/param_ihm.php b/htdocs/user/param_ihm.php index de2a84518ff..b16dab877e1 100644 --- a/htdocs/user/param_ihm.php +++ b/htdocs/user/param_ihm.php @@ -35,7 +35,7 @@ $langs->loadLangs(array('companies', 'products', 'admin', 'users', 'languages', $canreaduser=($user->admin || $user->rights->user->user->lire); $id = GETPOST('id', 'int'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $contextpage=GETPOST('contextpage', 'aZ')?GETPOST('contextpage', 'aZ'):'userihm'; // To manage different context of search if ($id) diff --git a/htdocs/variants/card.php b/htdocs/variants/card.php index e7444ed5fb8..3d1bcfd4fd8 100644 --- a/htdocs/variants/card.php +++ b/htdocs/variants/card.php @@ -22,7 +22,7 @@ require 'class/ProductAttributeValue.class.php'; $id = GETPOST('id', 'int'); $valueid = GETPOST('valueid', 'alpha'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $label = GETPOST('label', 'alpha'); $ref = GETPOST('ref', 'alpha'); $confirm = GETPOST('confirm', 'alpha'); From 949a16b8924ccc42e833f8559ffa31e462ed2ae3 Mon Sep 17 00:00:00 2001 From: Alexandre SPANGARO Date: Fri, 18 Sep 2020 01:29:18 +0200 Subject: [PATCH 07/15] Fix error --- htdocs/document.php | 9 +++++---- htdocs/ecm/file_card.php | 2 +- 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/htdocs/document.php b/htdocs/document.php index 2b37792d69a..ccd404f7315 100644 --- a/htdocs/document.php +++ b/htdocs/document.php @@ -156,12 +156,13 @@ if (isset($_GET["attachment"])) $attachment = GETPOST("attachment", 'alpha')?tru if (! empty($conf->global->MAIN_DISABLE_FORCE_SAVEAS)) $attachment=false; // Define mime type -$type = 'application/octet-stream'; +$type = 'application/octet-stream'; // By default if (GETPOST('type', 'alpha')) $type=GETPOST('type', 'alpha'); else $type=dol_mimetype($original_file); -// Security: Force to octet-stream if file is a dangerous file -if (preg_match('/\.noexe$/i', $original_file)) $type = 'application/octet-stream'; - +// Security: Force to octet-stream if file is a dangerous file. For example when it is a .noexe file +if (!dolIsAllowedForPreview($original_file)) { + $type = 'application/octet-stream'; +} // Security: Delete string ../ into $original_file $original_file = str_replace("../", "/", $original_file); diff --git a/htdocs/ecm/file_card.php b/htdocs/ecm/file_card.php index d6e7b51912f..65049c48723 100644 --- a/htdocs/ecm/file_card.php +++ b/htdocs/ecm/file_card.php @@ -127,7 +127,7 @@ if ($action == 'update') $oldlabel=GETPOST('urlfile', 'alpha'); $newlabel=GETPOST('label', 'alpha'); - $shareenabled = dol_sanitizeFileName(GETPOST('label', 'alpha')); + $shareenabled = dol_sanitizeFileName(GETPOST('shareenabled', 'alpha')); //$db->begin(); From b861f67e5ab97a041943444a19696bd988dc00ab Mon Sep 17 00:00:00 2001 From: Alexandre SPANGARO Date: Fri, 18 Sep 2020 01:58:31 +0200 Subject: [PATCH 08/15] FIX #yogosha transversal path when unzipping file (backport) --- htdocs/core/lib/files.lib.php | 22 ++++++++++++++++++---- 1 file changed, 18 insertions(+), 4 deletions(-) diff --git a/htdocs/core/lib/files.lib.php b/htdocs/core/lib/files.lib.php index cb0aef212fc..227b6fe553a 100644 --- a/htdocs/core/lib/files.lib.php +++ b/htdocs/core/lib/files.lib.php @@ -2021,8 +2021,10 @@ function dol_uncompress($inputfile, $outputdir) dol_syslog("Constant ODTPHP_PATHTOPCLZIP for pclzip library is set to ".ODTPHP_PATHTOPCLZIP.", so we use Pclzip to unzip into ".$outputdir); include_once ODTPHP_PATHTOPCLZIP.'/pclzip.lib.php'; $archive = new PclZip($inputfile); - $result=$archive->extract(PCLZIP_OPT_PATH, $outputdir); - //var_dump($result); + + // Extract into outputdir, but only files that match the regex '/^((?!\.\.).)*$/' that means "does not include .." + $result = $archive->extract(PCLZIP_OPT_PATH, $outputdir, PCLZIP_OPT_BY_PREG, '/^((?!\.\.).)*$/'); + if (! is_array($result) && $result <= 0) return array('error'=>$archive->errorInfo(true)); else { @@ -2044,14 +2046,26 @@ function dol_uncompress($inputfile, $outputdir) } } - if (class_exists('ZipArchive')) + if (class_exists('ZipArchive')) // Must install php-zip to have it { dol_syslog("Class ZipArchive is set so we unzip using ZipArchive to unzip into ".$outputdir); $zip = new ZipArchive; $res = $zip->open($inputfile); if ($res === true) { - $zip->extractTo($outputdir.'/'); + //$zip->extractTo($outputdir.'/'); + // We must extract one file at time so we can check that file name does not contains '..' to avoid transversal path of zip built for example using + // python3 path_traversal_archiver.py test.zip -l 10 -p tmp/ + // with -l is the range of dot to go back in path. + // and path_traversal_archiver.py found at https://github.com/Alamot/code-snippets/blob/master/path_traversal/path_traversal_archiver.py + for ($i = 0; $i < $zip->numFiles; $i++) { + if (preg_match('/\.\./', $zip->getNameIndex($i))) { + dol_syslog("Warning: Try to unzip a file with a transversal path ".$zip->getNameIndex($i), LOG_WARNING); + continue; // Discard the file + } + $zip->extractTo($outputdir.'/', array($zip->getNameIndex($i))); + } + $zip->close(); return array(); } From 8a0702074adb2ca2fac3ea814926a833b8041ea0 Mon Sep 17 00:00:00 2001 From: Alexandre SPANGARO Date: Fri, 18 Sep 2020 02:02:45 +0200 Subject: [PATCH 09/15] FIX Yogosha report 4465 (backport) --- htdocs/core/lib/security2.lib.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/core/lib/security2.lib.php b/htdocs/core/lib/security2.lib.php index 0e0d4a37946..475b6b4c083 100644 --- a/htdocs/core/lib/security2.lib.php +++ b/htdocs/core/lib/security2.lib.php @@ -187,7 +187,7 @@ if (! function_exists('dol_loginfunction')) // Set cookie for timeout management $prefix=dol_getprefix(''); $sessiontimeout='DOLSESSTIMEOUT_'.$prefix; - if (! empty($conf->global->MAIN_SESSION_TIMEOUT)) setcookie($sessiontimeout, $conf->global->MAIN_SESSION_TIMEOUT, 0, "/", null, false, true); + if (! empty($conf->global->MAIN_SESSION_TIMEOUT)) setcookie($sessiontimeout, $conf->global->MAIN_SESSION_TIMEOUT, 0, "/", null, (empty($dolibarr_main_force_https) ? false : true), true); if (GETPOST('urlfrom', 'alpha')) $_SESSION["urlfrom"]=GETPOST('urlfrom', 'alpha'); else unset($_SESSION["urlfrom"]); From df28a2844fcc6c6299b7532584eb3174b9793420 Mon Sep 17 00:00:00 2001 From: Alexandre SPANGARO Date: Fri, 18 Sep 2020 02:07:44 +0200 Subject: [PATCH 10/15] Fix missing global --- htdocs/core/lib/security2.lib.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/htdocs/core/lib/security2.lib.php b/htdocs/core/lib/security2.lib.php index 475b6b4c083..82110197a40 100644 --- a/htdocs/core/lib/security2.lib.php +++ b/htdocs/core/lib/security2.lib.php @@ -131,8 +131,8 @@ if (! function_exists('dol_loginfunction')) */ function dol_loginfunction($langs, $conf, $mysoc) { - global $dolibarr_main_demo, $db; - global $hookmanager; + global $dolibarr_main_demo, $dolibarr_main_force_https; + global $db, $hookmanager; $langs->loadLangs(array("main","other","help","admin")); From 640dc4a64cf5a339d2e54e1bca46d68d325ce600 Mon Sep 17 00:00:00 2001 From: Alexandre SPANGARO Date: Sat, 19 Sep 2020 03:32:52 +0200 Subject: [PATCH 11/15] Fix alpha into alphanohtml --- htdocs/admin/menus/edit.php | 104 +++++++++++++++--------------- htdocs/core/lib/functions.lib.php | 16 ++--- 2 files changed, 57 insertions(+), 63 deletions(-) diff --git a/htdocs/admin/menus/edit.php b/htdocs/admin/menus/edit.php index cf42f294d03..6fbc3e4144a 100644 --- a/htdocs/admin/menus/edit.php +++ b/htdocs/admin/menus/edit.php @@ -31,6 +31,8 @@ require_once DOL_DOCUMENT_ROOT.'/core/class/menubase.class.php'; // Load translation files required by the page $langs->loadLangs(array("other","admin")); +$cancel = GETPOST('cancel', 'alphanohtml'); // We click on a Cancel button + if (! $user->admin) accessforbidden(); $dirstandard = array(); @@ -64,46 +66,46 @@ if (GETPOST("menu_handler")) $menu_handler=GETPOST("menu_handler"); if ($action == 'update') { - if (! $_POST['cancel']) - { - $leftmenu=''; $mainmenu=''; - if (! empty($_POST['menuIdParent']) && ! is_numeric($_POST['menuIdParent'])) - { - $tmp=explode('&', $_POST['menuIdParent']); - foreach($tmp as $s) - { - if (preg_match('/fk_mainmenu=/', $s)) - { - $mainmenu=preg_replace('/fk_mainmenu=/', '', $s); - } - if (preg_match('/fk_leftmenu=/', $s)) - { - $leftmenu=preg_replace('/fk_leftmenu=/', '', $s); - } - } - } + if (!$cancel) + { + $leftmenu=''; $mainmenu=''; + if (GETPOST('menuIdParent', 'alphanohtml') && !is_numeric(GETPOST('menuIdParent', 'alphanohtml'))) + { + $tmp=explode('&', GETPOST('menuIdParent', 'alphanohtml')); + foreach ($tmp as $s) + { + if (preg_match('/fk_mainmenu=/', $s)) + { + $mainmenu=preg_replace('/fk_mainmenu=/', '', $s); + } + if (preg_match('/fk_leftmenu=/', $s)) + { + $leftmenu=preg_replace('/fk_leftmenu=/', '', $s); + } + } + } $menu = new Menubase($db); $result=$menu->fetch(GETPOST('menuId', 'int')); if ($result > 0) { - $menu->titre=GETPOST('titre', 'alpha'); + $menu->titre=GETPOST('titre', 'alphanohtml'); $menu->leftmenu=GETPOST('leftmenu', 'aZ09'); - $menu->url=GETPOST('url', 'alpha'); - $menu->langs=GETPOST('langs', 'alpha'); + $menu->url=GETPOST('url', 'alphanohtml'); + $menu->langs=GETPOST('langs', 'alphanohtml'); $menu->position=GETPOST('position', 'int'); - $menu->enabled=GETPOST('enabled', 'alpha'); - $menu->perms=GETPOST('perms', 'alpha'); - $menu->target=GETPOST('target', 'alpha'); - $menu->user=GETPOST('user', 'alpha'); - $menu->mainmenu=GETPOST('propertymainmenu', 'alpha'); - if (is_numeric(GETPOST('menuIdParent', 'alpha'))) + $menu->enabled=GETPOST('enabled', 'alphanohtml'); + $menu->perms=GETPOST('perms', 'alphanohtml'); + $menu->target=GETPOST('target', 'alphanohtml'); + $menu->user=GETPOST('user', 'alphanohtml'); + $menu->mainmenu=GETPOST('propertymainmenu', 'alphanohtml'); + if (is_numeric(GETPOST('menuIdParent', 'alphanohtml'))) { - $menu->fk_menu=GETPOST('menuIdParent', 'alpha'); + $menu->fk_menu=GETPOST('menuIdParent', 'alphanohtml'); } else { - if (GETPOST('type', 'alpha') == 'top') $menu->fk_menu=0; + if (GETPOST('type', 'alphanohtml') == 'top') $menu->fk_menu=0; else $menu->fk_menu=-1; $menu->fk_mainmenu=$mainmenu; $menu->fk_leftmenu=$leftmenu; @@ -144,9 +146,9 @@ if ($action == 'add') } $leftmenu=''; $mainmenu=''; - if (GETPOST('menuId', 'alpha', 3) && ! is_numeric(GETPOST('menuId', 'alpha', 3))) + if (GETPOST('menuId', 'alphanohtml', 3) && ! is_numeric(GETPOST('menuId', 'alphanohtml', 3))) { - $tmp=explode('&', GETPOST('menuId', 'alpha', 3)); + $tmp=explode('&', GETPOST('menuId', 'alphanohtml', 3)); foreach($tmp as $s) { if (preg_match('/fk_mainmenu=/', $s)) @@ -204,23 +206,23 @@ if ($action == 'add') { $menu = new Menubase($db); $menu->menu_handler=preg_replace('/_menu$/', '', GETPOST('menu_handler', 'aZ09')); - $menu->type=GETPOST('type', 'alpha'); - $menu->titre=GETPOST('titre', 'alpha'); - $menu->url=GETPOST('url', 'alpha'); - $menu->langs=GETPOST('langs', 'alpha'); + $menu->type=GETPOST('type', 'alphanohtml'); + $menu->titre=GETPOST('titre', 'alphanohtml'); + $menu->url=GETPOST('url', 'alphanohtml'); + $menu->langs=GETPOST('langs', 'alphanohtml'); $menu->position=GETPOST('position', 'int'); - $menu->enabled=GETPOST('enabled', 'alpha'); - $menu->perms=GETPOST('perms', 'alpha'); - $menu->target=GETPOST('target', 'alpha'); - $menu->user=GETPOST('user', 'alpha'); - $menu->mainmenu=GETPOST('propertymainmenu', 'alpha'); - if (is_numeric(GETPOST('menuId', 'alpha', 3))) + $menu->enabled=GETPOST('enabled', 'alphanohtml'); + $menu->perms=GETPOST('perms', 'alphanohtml'); + $menu->target=GETPOST('target', 'alphanohtml'); + $menu->user=GETPOST('user', 'alphanohtml'); + $menu->mainmenu=GETPOST('propertymainmenu', 'alphanohtml'); + if (is_numeric(GETPOST('menuId', 'alphanohtml', 3))) { - $menu->fk_menu=GETPOST('menuId', 'alpha', 3); + $menu->fk_menu=GETPOST('menuId', 'alphanohtml', 3); } else { - if (GETPOST('type', 'alpha') == 'top') $menu->fk_menu=0; + if (GETPOST('type', 'alphanohtml') == 'top') $menu->fk_menu=0; else $menu->fk_menu=-1; $menu->fk_mainmenu=$mainmenu; $menu->fk_leftmenu=$leftmenu; @@ -368,7 +370,7 @@ if ($action == 'create') // Mainmenu code print ''.$langs->trans('MainMenuCode').''; - print ''; + print ''; print ''; print $langs->trans("Example").': mytopmenukey'; print ''; @@ -381,23 +383,23 @@ if ($action == 'create') } else { - print ''; + print ''; } print ''.$langs->trans('DetailMenuIdParent'); print ', '.$langs->trans("Example").': fk_mainmenu=abc&fk_leftmenu=def'; print ''; // Title - print ''.$langs->trans('Title').''.$langs->trans('DetailTitre').''; + print ''.$langs->trans('Title').''.$langs->trans('DetailTitre').''; // URL - print ''.$langs->trans('URL').''.$langs->trans('DetailUrl').''; + print ''.$langs->trans('URL').''.$langs->trans('DetailUrl').''; // Langs print ''.$langs->trans('LangFile').''.$langs->trans('DetailLangs').''; // Position - print ''.$langs->trans('Position').''.$langs->trans('DetailPosition').''; + print ''.$langs->trans('Position').''.$langs->trans('DetailPosition').''; // Target print ''.$langs->trans('Target').''.$langs->trans('DetailTarget').''; // Enabled - print ''.$langs->trans('Enabled').''.$langs->trans('DetailEnabled').''; + print ''.$langs->trans('Enabled').''.$langs->trans('DetailEnabled').''; // Perms - print ''.$langs->trans('Rights').''.$langs->trans('DetailRight').''; + print ''.$langs->trans('Rights').''.$langs->trans('DetailRight').''; print ''; @@ -472,7 +474,7 @@ elseif ($action == 'edit') } else {*/ - print 'mainmenu).'">'; + print 'mainmenu).'">'; //} print ''; print $langs->trans("Example").': mytopmenukey'; diff --git a/htdocs/core/lib/functions.lib.php b/htdocs/core/lib/functions.lib.php index c279b3fb4e5..c2590c33190 100644 --- a/htdocs/core/lib/functions.lib.php +++ b/htdocs/core/lib/functions.lib.php @@ -219,12 +219,13 @@ function GETPOSTISSET($paramname) * 'none'=no check (only for param that should have very rich content) * 'int'=check it's numeric (integer or float) * 'intcomma'=check it's integer+comma ('1,2,3,4...') - * 'alpha'=check it's text and sign + * 'alpha'=Same than alphanohtml + * 'alphanohtml'=check there is no html content and no " and no ../ * 'aZ'=check it's a-z only * 'aZ09'=check it's simple alpha string (recommended for keys) * 'array'=check it's array * 'san_alpha'=Use filter_var with FILTER_SANITIZE_STRING (do not use this for free text string) - * 'nohtml', 'alphanohtml'=check there is no html content + * 'nohtml'=check there is no html content and no " and no ../ * 'custom'= custom filter specify $filter and $options) * @param int $method Type of method (0 = get then post, 1 = only get, 2 = only post, 3 = post then get) * @param int $filter Filter to apply when $check is set to 'custom'. (See http://php.net/manual/en/filter.filters.php for détails) @@ -489,16 +490,6 @@ function GETPOST($paramname, $check = 'none', $method = 0, $filter = null, $opti case 'intcomma': if (preg_match('/[^0-9,-]+/i', $out)) $out=''; break; - case 'alpha': - if (! is_array($out)) - { - $out=trim($out); - // '"' is dangerous because param in url can close the href= or src= and add javascript functions. - // '../' is dangerous because it allows dir transversals - if (preg_match('/"/', $out)) $out=''; - elseif (preg_match('/\.\.\//', $out)) $out=''; - } - break; case 'san_alpha': $out=filter_var($out, FILTER_SANITIZE_STRING); break; @@ -529,6 +520,7 @@ function GETPOST($paramname, $check = 'none', $method = 0, $filter = null, $opti case 'nohtml': // Recommended for most scalar parameters $out=dol_string_nohtmltag($out, 0); break; + case 'alpha': // No html and no " and no ../ case 'alphanohtml': // Recommended for search parameters if (! is_array($out)) { From 6c96d7f240cc9c47bd9d2618dbfc011094d5e3fc Mon Sep 17 00:00:00 2001 From: Alexandre SPANGARO Date: Sat, 19 Sep 2020 03:33:01 +0200 Subject: [PATCH 12/15] Fix install hangs --- htdocs/core/modules/modProduct.class.php | 19 +++++++++++-------- htdocs/core/modules/modService.class.php | 19 +++++++++++-------- 2 files changed, 22 insertions(+), 16 deletions(-) diff --git a/htdocs/core/modules/modProduct.class.php b/htdocs/core/modules/modProduct.class.php index ff0a814f3ec..8ffcfcc6e9b 100644 --- a/htdocs/core/modules/modProduct.class.php +++ b/htdocs/core/modules/modProduct.class.php @@ -159,6 +159,9 @@ class modProduct extends DolibarrModules $r++; */ + $usenpr = 0; + if (is_object($mysoc)) $usenpr = $mysoc->useNPR(); + // Exports //-------- $r=0; @@ -183,7 +186,7 @@ class modProduct extends DolibarrModules 'p.tva_tx'=>'VATRate', 'p.datec'=>'DateCreation','p.tms'=>'DateModification' ); - if (is_object($mysoc) && $mysoc->useNPR()) $this->export_fields_array[$r]['p.recuperableonly']='NPR'; + if (is_object($mysoc) && $usenpr) $this->export_fields_array[$r]['p.recuperableonly']='NPR'; if (! empty($conf->fournisseur->enabled) || !empty($conf->margin->enabled)) $this->export_fields_array[$r]=array_merge($this->export_fields_array[$r], array('p.cost_price'=>'CostPrice')); if (! empty($conf->stock->enabled)) $this->export_fields_array[$r]=array_merge($this->export_fields_array[$r], array('p.stock'=>'Stock','p.seuil_stock_alerte'=>'StockLimit','p.desiredstock'=>'DesiredStock','p.pmp'=>'PMPValue')); if (! empty($conf->barcode->enabled)) $this->export_fields_array[$r]=array_merge($this->export_fields_array[$r], array('p.barcode'=>'BarCode')); @@ -245,7 +248,7 @@ class modProduct extends DolibarrModules 'pr.price_min'=>"MinPriceLevelUnitPriceHT",'pr.price_min_ttc'=>"MinPriceLevelUnitPriceTTC", 'pr.tva_tx'=>'PriceLevelVATRate', 'pr.date_price'=>'DateCreation'); - if (is_object($mysoc) && $mysoc->useNPR()) $this->export_fields_array[$r]['pr.recuperableonly']='NPR'; + if (is_object($mysoc) && $usenpr) $this->export_fields_array[$r]['pr.recuperableonly']='NPR'; //$this->export_TypeFields_array[$r]=array( // 'p.ref'=>"Text",'p.label'=>"Text",'p.description'=>"Text",'p.url'=>"Text",'p.accountancy_code_sell'=>"Text",'p.accountancy_code_buy'=>"Text", // 'p.note'=>"Text",'p.length'=>"Numeric",'p.surface'=>"Numeric",'p.volume'=>"Numeric",'p.weight'=>"Numeric",'p.customcode'=>'Text', @@ -280,7 +283,7 @@ class modProduct extends DolibarrModules 'pr.tva_tx'=>'PriceVATRate', 'pr.default_vat_code'=>'PriceVATCode', 'pr.datec'=>'DateCreation'); - if (is_object($mysoc) && $mysoc->useNPR()) $this->export_fields_array[$r]['pr.recuperableonly']='NPR'; + if (is_object($mysoc) && $usenpr) $this->export_fields_array[$r]['pr.recuperableonly']='NPR'; $this->export_entities_array[$r]=array('p.rowid'=>"product",'p.ref'=>"product", 's.nom'=>'company', 'pr.price_base_type'=>"product",'pr.price'=>"product", @@ -469,7 +472,7 @@ class modProduct extends DolibarrModules ); if (! empty($conf->fournisseur->enabled) || !empty($conf->margin->enabled)) $this->import_fields_array[$r]=array_merge($this->import_fields_array[$r], array('p.cost_price'=>'CostPrice')); - if (is_object($mysoc) && $mysoc->useNPR()) $this->import_fields_array[$r]=array_merge($this->import_fields_array[$r], array('p.recuperableonly'=>'NPR')); + if (is_object($mysoc) && $usenpr) $this->import_fields_array[$r]=array_merge($this->import_fields_array[$r], array('p.recuperableonly'=>'NPR')); if (is_object($mysoc) && $mysoc->useLocalTax(1)) $this->import_fields_array[$r]=array_merge($this->import_fields_array[$r], array('p.localtax1_tx'=>'LT1', 'p.localtax1_type'=>'LT1Type')); if (is_object($mysoc) && $mysoc->useLocalTax(2)) $this->import_fields_array[$r]=array_merge($this->import_fields_array[$r], array('p.localtax2_tx'=>'LT2', 'p.localtax2_type'=>'LT2Type')); if (! empty($conf->barcode->enabled)) $this->import_fields_array[$r]=array_merge($this->import_fields_array[$r], array('p.barcode'=>'BarCode')); @@ -547,7 +550,7 @@ class modProduct extends DolibarrModules 'p.desiredstock' => '' )); if (! empty($conf->fournisseur->enabled) || !empty($conf->margin->enabled)) $import_sample=array_merge($import_sample, array('p.cost_price'=>'90')); - if (is_object($mysoc) && $mysoc->useNPR()) $import_sample=array_merge($import_sample, array('p.recuperableonly'=>'0')); + if (is_object($mysoc) && $usenpr) $import_sample=array_merge($import_sample, array('p.recuperableonly'=>'0')); if (is_object($mysoc) && $mysoc->useLocalTax(1)) $import_sample=array_merge($import_sample, array('p.localtax1_tx'=>'', 'p.localtax1_type'=>'')); if (is_object($mysoc) && $mysoc->useLocalTax(2)) $import_sample=array_merge($import_sample, array('p.localtax2_tx'=>'', 'p.localtax2_type'=>'')); if (! empty($conf->barcode->enabled)) $import_sample=array_merge($import_sample, array('p.barcode'=>'')); @@ -594,7 +597,7 @@ class modProduct extends DolibarrModules 'sp.delivery_time_days' => 'DeliveryDelay', 'sp.supplier_reputation' => 'SupplierReputation' ); - if (is_object($mysoc) && $mysoc->useNPR()) $this->import_fields_array[$r]=array_merge($this->import_fields_array[$r], array('sp.recuperableonly'=>'VATNPR')); + if (is_object($mysoc) && $usenpr) $this->import_fields_array[$r]=array_merge($this->import_fields_array[$r], array('sp.recuperableonly'=>'VATNPR')); if (is_object($mysoc) && $mysoc->useLocalTax(1)) $this->import_fields_array[$r]=array_merge($this->import_fields_array[$r], array('sp.localtax1_tx'=>'LT1', 'sp.localtax1_type'=>'LT1Type')); if (is_object($mysoc) && $mysoc->useLocalTax(2)) $this->import_fields_array[$r]=array_merge($this->import_fields_array[$r], array('sp.localtax2_tx'=>'LT2', 'sp.localtax2_type'=>'LT2Type')); $this->import_fields_array[$r]=array_merge($this->import_fields_array[$r], array( @@ -632,7 +635,7 @@ class modProduct extends DolibarrModules 'sp.delivery_time_days' => '5', 'sp.supplier_reputation' => 'FAVORITE / NOTTHGOOD / DONOTORDER' ); - if (is_object($mysoc) && $mysoc->useNPR()) $this->import_examplevalues_array[$r]=array_merge($this->import_examplevalues_array[$r], array('sp.recuperableonly'=>'')); + if (is_object($mysoc) && $usenpr) $this->import_examplevalues_array[$r]=array_merge($this->import_examplevalues_array[$r], array('sp.recuperableonly'=>'')); if (is_object($mysoc) && $mysoc->useLocalTax(1)) $this->import_examplevalues_array[$r]=array_merge($this->import_examplevalues_array[$r], array('sp.localtax1_tx'=>'LT1', 'sp.localtax1_type'=>'LT1Type')); if (is_object($mysoc) && $mysoc->useLocalTax(2)) $this->import_examplevalues_array[$r]=array_merge($this->import_examplevalues_array[$r], array('sp.localtax2_tx'=>'LT2', 'sp.localtax2_type'=>'LT2Type')); $this->import_examplevalues_array[$r] = array_merge($this->import_examplevalues_array[$r], array( @@ -672,7 +675,7 @@ class modProduct extends DolibarrModules 'pr.price_min'=>"MinPriceLevelUnitPriceHT",'pr.price_min_ttc'=>"MinPriceLevelUnitPriceTTC", 'pr.date_price'=>'DateCreation*'); if (! empty($conf->global->PRODUIT_MULTIPRICES_USE_VAT_PER_LEVEL)) $this->import_fields_array[$r]['pr.tva_tx']='VATRate'; - if (is_object($mysoc) && $mysoc->useNPR()) $this->import_fields_array[$r]=array_merge($this->import_fields_array[$r], array('pr.recuperableonly'=>'NPR')); + if (is_object($mysoc) && $usenpr) $this->import_fields_array[$r]=array_merge($this->import_fields_array[$r], array('pr.recuperableonly'=>'NPR')); $this->import_regex_array[$r]=array('pr.datec'=>'^[0-9][0-9][0-9][0-9]-[0-9][0-9]-[0-9][0-9]$','pr.recuperableonly'=>'^[0|1]$'); $this->import_convertvalue_array[$r]=array( 'pr.fk_product'=>array('rule'=>'fetchidfromref','classfile'=>'/product/class/product.class.php','class'=>'Product','method'=>'fetch','element'=>'Product') diff --git a/htdocs/core/modules/modService.class.php b/htdocs/core/modules/modService.class.php index d4e6313e054..29a74969952 100644 --- a/htdocs/core/modules/modService.class.php +++ b/htdocs/core/modules/modService.class.php @@ -133,6 +133,9 @@ class modService extends DolibarrModules $r++; */ + $usenpr = 0; + if (is_object($mysoc)) $usenpr = $mysoc->useNPR(); + // Exports //-------- $r=0; @@ -156,7 +159,7 @@ class modService extends DolibarrModules 'p.tva_tx'=>'VATRate', 'p.datec'=>'DateCreation','p.tms'=>'DateModification' ); - if (is_object($mysoc) && $mysoc->useNPR()) $this->export_fields_array[$r]['p.recuperableonly']='NPR'; + if (is_object($mysoc) && $usenpr) $this->export_fields_array[$r]['p.recuperableonly']='NPR'; if (! empty($conf->fournisseur->enabled) || !empty($conf->margin->enabled)) $this->export_fields_array[$r]=array_merge($this->export_fields_array[$r], array('p.cost_price'=>'CostPrice')); if (! empty($conf->stock->enabled)) $this->export_fields_array[$r]=array_merge($this->export_fields_array[$r], array('p.stock'=>'Stock','p.seuil_stock_alerte'=>'StockLimit','p.desiredstock'=>'DesiredStock','p.pmp'=>'PMPValue')); if (! empty($conf->barcode->enabled)) $this->export_fields_array[$r]=array_merge($this->export_fields_array[$r], array('p.barcode'=>'BarCode')); @@ -220,7 +223,7 @@ class modService extends DolibarrModules 'pr.price_min'=>"MinPriceLevelUnitPriceHT",'pr.price_min_ttc'=>"MinPriceLevelUnitPriceTTC", 'pr.tva_tx'=>'PriceLevelVATRate', 'pr.date_price'=>'DateCreation'); - if (is_object($mysoc) && $mysoc->useNPR()) $this->export_fields_array[$r]['pr.recuperableonly']='NPR'; + if (is_object($mysoc) && $usenpr) $this->export_fields_array[$r]['pr.recuperableonly']='NPR'; //$this->export_TypeFields_array[$r]=array( // 'p.ref'=>"Text",'p.label'=>"Text",'p.description'=>"Text",'p.url'=>"Text",'p.accountancy_code_sell'=>"Text",'p.accountancy_code_buy'=>"Text", // 'p.note'=>"Text",'p.length'=>"Numeric",'p.surface'=>"Numeric",'p.volume'=>"Numeric",'p.weight'=>"Numeric",'p.customcode'=>'Text', @@ -255,7 +258,7 @@ class modService extends DolibarrModules 'pr.tva_tx'=>'PriceVATRate', 'pr.default_vat_code'=>'PriceVATCode', 'pr.datec'=>'DateCreation'); - if (is_object($mysoc) && $mysoc->useNPR()) $this->export_fields_array[$r]['pr.recuperableonly']='NPR'; + if (is_object($mysoc) && $usenpr) $this->export_fields_array[$r]['pr.recuperableonly']='NPR'; $this->export_entities_array[$r]=array('p.rowid'=>"product",'p.ref'=>"product", 's.nom'=>'company', 'pr.price_base_type'=>"product",'pr.price'=>"product", @@ -444,7 +447,7 @@ class modService extends DolibarrModules ) ); if (! empty($conf->fournisseur->enabled) || !empty($conf->margin->enabled)) $this->import_fields_array[$r]=array_merge($this->import_fields_array[$r], array('p.cost_price'=>'CostPrice')); - if (is_object($mysoc) && $mysoc->useNPR()) $this->import_fields_array[$r]=array_merge($this->import_fields_array[$r], array('p.recuperableonly'=>'NPR')); + if (is_object($mysoc) && $usenpr) $this->import_fields_array[$r]=array_merge($this->import_fields_array[$r], array('p.recuperableonly'=>'NPR')); if (is_object($mysoc) && $mysoc->useLocalTax(1)) $this->import_fields_array[$r]=array_merge($this->import_fields_array[$r], array('p.localtax1_tx'=>'LT1', 'p.localtax1_type'=>'LT1Type')); if (is_object($mysoc) && $mysoc->useLocalTax(2)) $this->import_fields_array[$r]=array_merge($this->import_fields_array[$r], array('p.localtax2_tx'=>'LT2', 'p.localtax2_type'=>'LT2Type')); if (! empty($conf->barcode->enabled)) $this->import_fields_array[$r]=array_merge($this->import_fields_array[$r], array('p.barcode'=>'BarCode')); @@ -521,7 +524,7 @@ class modService extends DolibarrModules 'p.desiredstock' => '' )); if (! empty($conf->fournisseur->enabled) || !empty($conf->margin->enabled)) $import_sample=array_merge($import_sample, array('p.cost_price'=>'90')); - if (is_object($mysoc) && $mysoc->useNPR()) $import_sample=array_merge($import_sample, array('p.recuperableonly'=>'0')); + if (is_object($mysoc) && $usenpr) $import_sample=array_merge($import_sample, array('p.recuperableonly'=>'0')); if (is_object($mysoc) && $mysoc->useLocalTax(1)) $import_sample=array_merge($import_sample, array('p.localtax1_tx'=>'', 'p.localtax1_type'=>'')); if (is_object($mysoc) && $mysoc->useLocalTax(2)) $import_sample=array_merge($import_sample, array('p.localtax2_tx'=>'', 'p.localtax2_type'=>'')); if (! empty($conf->barcode->enabled)) $import_sample=array_merge($import_sample, array('p.barcode'=>'')); @@ -570,7 +573,7 @@ class modService extends DolibarrModules 'sp.delivery_time_days' => 'DeliveryDelay', 'sp.supplier_reputation' => 'SupplierReputation' ); - if (is_object($mysoc) && $mysoc->useNPR()) $this->import_fields_array[$r]=array_merge($this->import_fields_array[$r], array('sp.recuperableonly'=>'VATNPR')); + if (is_object($mysoc) && $usenpr) $this->import_fields_array[$r]=array_merge($this->import_fields_array[$r], array('sp.recuperableonly'=>'VATNPR')); if (is_object($mysoc) && $mysoc->useLocalTax(1)) $this->import_fields_array[$r]=array_merge($this->import_fields_array[$r], array('sp.localtax1_tx'=>'LT1', 'sp.localtax1_type'=>'LT1Type')); if (is_object($mysoc) && $mysoc->useLocalTax(2)) $this->import_fields_array[$r]=array_merge($this->import_fields_array[$r], array('sp.localtax2_tx'=>'LT2', 'sp.localtax2_type'=>'LT2Type')); $this->import_fields_array[$r]=array_merge($this->import_fields_array[$r], array( @@ -607,7 +610,7 @@ class modService extends DolibarrModules 'sp.delivery_time_days' => '5', 'sp.supplier_reputation' => 'FAVORITE / NOTTHGOOD / DONOTORDER' ); - if (is_object($mysoc) && $mysoc->useNPR()) $this->import_examplevalues_array[$r]=array_merge($this->import_examplevalues_array[$r], array('sp.recuperableonly'=>'')); + if (is_object($mysoc) && $usenpr) $this->import_examplevalues_array[$r]=array_merge($this->import_examplevalues_array[$r], array('sp.recuperableonly'=>'')); if (is_object($mysoc) && $mysoc->useLocalTax(1)) $this->import_examplevalues_array[$r]=array_merge($this->import_examplevalues_array[$r], array('sp.localtax1_tx'=>'LT1', 'sp.localtax1_type'=>'LT1Type')); if (is_object($mysoc) && $mysoc->useLocalTax(2)) $this->import_examplevalues_array[$r]=array_merge($this->import_examplevalues_array[$r], array('sp.localtax2_tx'=>'LT2', 'sp.localtax2_type'=>'LT2Type')); $this->import_examplevalues_array[$r] = array_merge($this->import_examplevalues_array[$r], array( @@ -647,7 +650,7 @@ class modService extends DolibarrModules 'pr.price_min'=>"MinPriceLevelUnitPriceHT",'pr.price_min_ttc'=>"MinPriceLevelUnitPriceTTC", 'pr.date_price'=>'DateCreation*'); if (! empty($conf->global->PRODUIT_MULTIPRICES_USE_VAT_PER_LEVEL)) $this->import_fields_array[$r]['pr.tva_tx']='VATRate'; - if (is_object($mysoc) && $mysoc->useNPR()) $this->import_fields_array[$r]=array_merge($this->import_fields_array[$r], array('pr.recuperableonly'=>'NPR')); + if (is_object($mysoc) && $usenpr) $this->import_fields_array[$r]=array_merge($this->import_fields_array[$r], array('pr.recuperableonly'=>'NPR')); $this->import_regex_array[$r]=array('pr.datec'=>'^[0-9][0-9][0-9][0-9]-[0-9][0-9]-[0-9][0-9]$','pr.recuperableonly'=>'^[0|1]$'); $this->import_convertvalue_array[$r]=array( 'pr.fk_product'=>array('rule'=>'fetchidfromref','classfile'=>'/product/class/product.class.php','class'=>'Product','method'=>'fetch','element'=>'Product') From d51d169c8a78a92aaf61dac4a2f3805a891ac90d Mon Sep 17 00:00:00 2001 From: Alexandre SPANGARO Date: Sat, 19 Sep 2020 04:03:32 +0200 Subject: [PATCH 13/15] FIX Yogosha report 4456 (backport) --- htdocs/conf/conf.php.example | 24 ++++++++++++------- htdocs/cron/class/cronjob.class.php | 37 ++++++++++++++++++----------- htdocs/langs/en_US/errors.lang | 3 ++- 3 files changed, 40 insertions(+), 24 deletions(-) diff --git a/htdocs/conf/conf.php.example b/htdocs/conf/conf.php.example index 4d26fef7965..def20f3f8b9 100644 --- a/htdocs/conf/conf.php.example +++ b/htdocs/conf/conf.php.example @@ -217,10 +217,10 @@ $dolibarr_main_authentication='dolibarr'; // 1 = Force redirect to https, until SCRIPT_URI start with https into response // 2 = Force redirect to https, until SERVER["HTTPS"] is 'on' into response // 'https://my.domain.com' = Force reditect to https using this domain name. -// Warning: If you enable this parameter, your web server must be configured to -// respond URL with https protocol. -// According to your web server setup, some values may works and other not. Try -// different values (1,2 or 'https://my.domain.com') if you experience problems. +// Warning: If you enable this parameter, your web server must be configured to respond URL with https protocol. +// According to your web server setup, some values may works and other not. Try different values (1,2 or 'https://my.domain.com') if you experience problems. +// Even if a redirect to HTTPS is forced by the webserver, it is recommanded to set this value to another value than 0, so your session cookies will be +// flagged as secured. // Default value: 0 // Possible values: 0, 1, 2 or 'https://my.domain.com' // Examples: @@ -231,12 +231,12 @@ $dolibarr_main_force_https='0'; // dolibarr_main_prod // When this parameter is defined, all errors messages are not reported. // This feature exists for production usage to avoid to give any information to hackers. -// Default value: 0 +// Default value: 1 // Possible values: 0 or 1 // Examples: -// $dolibarr_main_prod='0'; +// $dolibarr_main_prod='1'; // -$dolibarr_main_prod='0'; +$dolibarr_main_prod='1'; // $dolibarr_main_restrict_os_commands // To restrict commands you can execute by the backup feature, enter allowed command here. @@ -258,8 +258,8 @@ $dolibarr_main_restrict_ip=''; // dolibarr_nocsrfcheck // This parameter can be used to disable CSRF protection. -// This might be required if you access Dolibarr behind a proxy that make -// URL rewriting, to avoid false alarms. +// This might be required if you access Dolibarr behind a proxy that make bad URL rewriting, to avoid false alarms. +// In most cases, you should always keep this to 0. // Default value: 0 // Possible values: 0 or 1 // Examples: @@ -267,6 +267,12 @@ $dolibarr_main_restrict_ip=''; // $dolibarr_nocsrfcheck='0'; +// dolibarr_cron_allow_cli +// If set to 1, you will be able to define some command line in the internal Job scheduler (cronjob) module. +// Default value: '0' +// Examples: '1' +$dolibarr_cron_allow_cli='0'; + // dolibarr_mailing_limit_sendbyweb // Can set a limit for mailing send by web. This overwrite database value. Can be used to restrict on OS level. // Default value: '25' diff --git a/htdocs/cron/class/cronjob.class.php b/htdocs/cron/class/cronjob.class.php index 7934a628880..930b9b0e5a2 100644 --- a/htdocs/cron/class/cronjob.class.php +++ b/htdocs/cron/class/cronjob.class.php @@ -1168,23 +1168,32 @@ class Cronjob extends CommonObject // Run a command line if ($this->jobtype=='command') { - $outputdir = $conf->cron->dir_temp; - if (empty($outputdir)) $outputdir = $conf->cronjob->dir_temp; + global $dolibarr_cron_allow_cli; - if (! empty($outputdir)) - { - dol_mkdir($outputdir); - $outputfile=$outputdir.'/cronjob.'.$userlogin.'.out'; // File used with popen method + if (empty($dolibarr_cron_allow_cli)) { + $langs->load("errors"); + $this->error = $langs->trans("FailedToExecutCommandJob"); + $this->lastoutput = ''; + $this->lastresult = $langs->trans("ErrorParameterMustBeEnabledToAllwoThisFeature", 'dolibarr_cron_allow_cli'); + } else { + $outputdir = $conf->cron->dir_temp; + if (empty($outputdir)) $outputdir = $conf->cronjob->dir_temp; - // Execute a CLI - include_once DOL_DOCUMENT_ROOT.'/core/class/utils.class.php'; - $utils = new Utils($this->db); - $arrayresult = $utils->executeCLI($this->command, $outputfile); + if (!empty($outputdir)) + { + dol_mkdir($outputdir); + $outputfile = $outputdir.'/cronjob.'.$userlogin.'.out'; // File used with popen method - $retval = $arrayresult['result']; - $this->error = $arrayresult['error']; - $this->lastoutput = $arrayresult['output']; - $this->lastresult = $arrayresult['result']; + // Execute a CLI + include_once DOL_DOCUMENT_ROOT.'/core/class/utils.class.php'; + $utils = new Utils($this->db); + $arrayresult = $utils->executeCLI($this->command, $outputfile); + + $retval = $arrayresult['result']; + $this->error = $arrayresult['error']; + $this->lastoutput = $arrayresult['output']; + $this->lastresult = $arrayresult['result']; + } } } diff --git a/htdocs/langs/en_US/errors.lang b/htdocs/langs/en_US/errors.lang index 4c8e761da9a..e5415125e81 100644 --- a/htdocs/langs/en_US/errors.lang +++ b/htdocs/langs/en_US/errors.lang @@ -218,6 +218,7 @@ ErrorVariableKeyForContentMustBeSet=Error, the constant with name %s (with text ErrorURLMustStartWithHttp=URL %s must start with http:// or https:// ErrorNewRefIsAlreadyUsed=Error, the new reference is already used ErrorDeletePaymentLinkedToAClosedInvoiceNotPossible=Error, delete payment linked to a closed invoice is not possible. +ErrorParameterMustBeEnabledToAllwoThisFeature=Error, parameter %s must be enabled into conf/conf.php to allow use of Command Line Interface by the internal job scheduler # Warnings WarningParamUploadMaxFileSizeHigherThanPostMaxSize=Your PHP parameter upload_max_filesize (%s) is higher than PHP parameter post_max_size (%s). This is not a consistent setup. WarningPasswordSetWithNoAccount=A password was set for this member. However, no user account was created. So this password is stored but can't be used to login to Dolibarr. It may be used by an external module/interface but if you don't need to define any login nor password for a member, you can disable option "Manage a login for each member" from Member module setup. If you need to manage a login but don't need any password, you can keep this field empty to avoid this warning. Note: Email can also be used as a login if the member is linked to a user. @@ -242,4 +243,4 @@ WarningYourLoginWasModifiedPleaseLogin=Your login was modified. For security pur WarningAnEntryAlreadyExistForTransKey=An entry already exists for the translation key for this language WarningNumberOfRecipientIsRestrictedInMassAction=Warning, number of different recipient is limited to %s when using the mass actions on lists WarningDateOfLineMustBeInExpenseReportRange=Warning, the date of line is not in the range of the expense report -WarningProjectClosed=Project is closed. You must re-open it first. \ No newline at end of file +WarningProjectClosed=Project is closed. You must re-open it first. From bacbe0b35288dd0907849503951519cb5021c21e Mon Sep 17 00:00:00 2001 From: Alexandre SPANGARO Date: Sat, 19 Sep 2020 04:15:33 +0200 Subject: [PATCH 14/15] FIX Yogosha report 4483 (backport) --- htdocs/accountancy/admin/account.php | 2 +- htdocs/accountancy/admin/fiscalyear.php | 2 +- htdocs/accountancy/admin/productaccount.php | 2 +- htdocs/accountancy/bookkeeping/balance.php | 2 +- htdocs/accountancy/bookkeeping/list.php | 2 +- htdocs/accountancy/bookkeeping/listbyaccount.php | 2 +- htdocs/accountancy/customer/lines.php | 2 +- htdocs/accountancy/customer/list.php | 2 +- htdocs/accountancy/expensereport/lines.php | 2 +- htdocs/accountancy/expensereport/list.php | 2 +- htdocs/accountancy/supplier/lines.php | 2 +- htdocs/accountancy/supplier/list.php | 2 +- htdocs/adherents/subscription.php | 2 +- htdocs/adherents/subscription/list.php | 2 +- htdocs/admin/emailcollector_list.php | 2 +- htdocs/admin/mails_senderprofile_list.php | 2 +- htdocs/admin/tools/dolibarr_export.php | 2 +- htdocs/admin/tools/export.php | 2 +- htdocs/admin/tools/export_files.php | 2 +- htdocs/admin/tools/listevents.php | 2 +- htdocs/admin/tools/listsessions.php | 2 +- htdocs/admin/website.php | 2 +- htdocs/admin/website_options.php | 2 +- htdocs/asset/list.php | 2 +- htdocs/blockedlog/admin/blockedlog_list.php | 2 +- htdocs/bom/bom_list.php | 2 +- htdocs/bookmarks/list.php | 2 +- htdocs/comm/action/document.php | 2 +- htdocs/comm/action/index.php | 2 +- htdocs/comm/action/peruser.php | 2 +- htdocs/comm/action/rapport/index.php | 2 +- htdocs/comm/card.php | 2 +- htdocs/comm/contact.php | 2 +- htdocs/comm/mailing/advtargetemailing.php | 2 +- htdocs/comm/mailing/cibles.php | 2 +- htdocs/comm/mailing/list.php | 2 +- htdocs/comm/propal/document.php | 2 +- htdocs/comm/propal/list.php | 2 +- htdocs/compta/accounting-files.php | 2 +- htdocs/compta/bank/document.php | 2 +- htdocs/compta/bank/releve.php | 2 +- htdocs/compta/bank/various_payment/document.php | 2 +- htdocs/compta/cashcontrol/cashcontrol_list.php | 2 +- htdocs/compta/clients.php | 2 +- htdocs/compta/deplacement/document.php | 2 +- htdocs/compta/deplacement/list.php | 2 +- htdocs/compta/facture/document.php | 2 +- htdocs/compta/paiement/cheque/card.php | 2 +- htdocs/compta/paiement/tovalidate.php | 2 +- htdocs/compta/prelevement/bons.php | 2 +- htdocs/compta/prelevement/card.php | 2 +- htdocs/compta/prelevement/demandes.php | 2 +- htdocs/compta/prelevement/factures.php | 2 +- htdocs/compta/prelevement/fiche-rejet.php | 2 +- htdocs/compta/prelevement/fiche-stat.php | 2 +- htdocs/compta/prelevement/ligne.php | 2 +- htdocs/compta/prelevement/list.php | 2 +- htdocs/compta/prelevement/rejets.php | 2 +- htdocs/compta/recap-compta.php | 2 +- htdocs/compta/salaries/document.php | 2 +- htdocs/compta/sociales/payments.php | 2 +- htdocs/contact/list.php | 2 +- htdocs/contrat/index.php | 2 +- htdocs/cron/list.php | 2 +- htdocs/don/document.php | 2 +- htdocs/don/list.php | 2 +- htdocs/ecm/index.php | 2 +- htdocs/ecm/index_auto.php | 2 +- htdocs/ecm/search.php | 2 +- htdocs/expedition/list.php | 2 +- htdocs/expensereport/document.php | 2 +- htdocs/expensereport/list.php | 2 +- htdocs/fichinter/document.php | 2 +- htdocs/fichinter/list.php | 2 +- htdocs/fourn/commande/document.php | 2 +- htdocs/fourn/commande/list.php | 2 +- htdocs/fourn/commande/orderstoinvoice.php | 2 +- htdocs/fourn/contact.php | 2 +- htdocs/fourn/product/list.php | 2 +- htdocs/ftp/index.php | 2 +- htdocs/holiday/define_holiday.php | 2 +- htdocs/holiday/document.php | 2 +- htdocs/holiday/list.php | 2 +- htdocs/holiday/view_log.php | 2 +- htdocs/margin/agentMargins.php | 2 +- htdocs/margin/checkMargins.php | 2 +- htdocs/margin/customerMargins.php | 4 ++-- htdocs/margin/productMargins.php | 2 +- htdocs/margin/tabs/productMargins.php | 2 +- htdocs/margin/tabs/thirdpartyMargins.php | 2 +- htdocs/modulebuilder/template/myobject_list.php | 2 +- htdocs/opensurvey/list.php | 2 +- htdocs/product/inventory/list.php | 2 +- htdocs/product/stats/commande_fournisseur.php | 2 +- htdocs/product/stats/propal.php | 2 +- htdocs/product/stats/supplier_proposal.php | 2 +- htdocs/product/stock/massstockmove.php | 2 +- htdocs/product/stock/productlot_list.php | 2 +- htdocs/product/stock/replenish.php | 2 +- htdocs/projet/list.php | 2 +- htdocs/reception/list.php | 2 +- htdocs/resource/document.php | 2 +- htdocs/societe/website.php | 2 +- htdocs/supplier_proposal/document.php | 2 +- htdocs/supplier_proposal/list.php | 2 +- htdocs/ticket/list.php | 2 +- htdocs/user/document.php | 2 +- htdocs/user/group/list.php | 2 +- htdocs/user/list.php | 2 +- htdocs/user/notify/card.php | 4 ++-- 110 files changed, 112 insertions(+), 112 deletions(-) diff --git a/htdocs/accountancy/admin/account.php b/htdocs/accountancy/admin/account.php index b3ddbc43feb..2ab72322db3 100644 --- a/htdocs/accountancy/admin/account.php +++ b/htdocs/accountancy/admin/account.php @@ -51,7 +51,7 @@ if (! $user->rights->accounting->chartofaccount) accessforbidden(); // Load variable for pagination $limit = GETPOST('limit', 'int')?GETPOST('limit', 'int'):$conf->liste_limit; $sortfield = GETPOST('sortfield', 'alpha'); -$sortorder = GETPOST('sortorder', 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOST('page', 'int'); if (empty($page) || $page == -1) { $page = 0; } // If $page is not defined, or '' or -1 $offset = $limit * $page; diff --git a/htdocs/accountancy/admin/fiscalyear.php b/htdocs/accountancy/admin/fiscalyear.php index fff0118c224..f6f5dbe0c76 100644 --- a/htdocs/accountancy/admin/fiscalyear.php +++ b/htdocs/accountancy/admin/fiscalyear.php @@ -30,7 +30,7 @@ $action = GETPOST('action', 'aZ09'); // Load variable for pagination $limit = GETPOST('limit', 'int')?GETPOST('limit', 'int'):$conf->liste_limit; $sortfield = GETPOST('sortfield', 'alpha'); -$sortorder = GETPOST('sortorder', 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOST('page', 'int'); if (empty($page) || $page == -1) { $page = 0; } // If $page is not defined, or '' or -1 $offset = $limit * $page; diff --git a/htdocs/accountancy/admin/productaccount.php b/htdocs/accountancy/admin/productaccount.php index 52ec326e502..e1ec4bbbda2 100644 --- a/htdocs/accountancy/admin/productaccount.php +++ b/htdocs/accountancy/admin/productaccount.php @@ -69,7 +69,7 @@ if (empty($accounting_product_mode)) $accounting_product_mode='ACCOUNTANCY_SELL' $limit = GETPOST('limit', 'int')?GETPOST('limit', 'int'):(empty($conf->global->ACCOUNTING_LIMIT_LIST_VENTILATION)?$conf->liste_limit:$conf->global->ACCOUNTING_LIMIT_LIST_VENTILATION); $sortfield = GETPOST("sortfield", 'alpha'); -$sortorder = GETPOST("sortorder", 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOST("page", 'int'); if (empty($page) || $page == -1) { $page = 0; } // If $page is not defined, or '' or -1 $offset = $limit * $page; diff --git a/htdocs/accountancy/bookkeeping/balance.php b/htdocs/accountancy/bookkeeping/balance.php index 52cb1370cfc..2ad4001eeee 100644 --- a/htdocs/accountancy/bookkeeping/balance.php +++ b/htdocs/accountancy/bookkeeping/balance.php @@ -47,7 +47,7 @@ if (GETPOST("exportcsv", 'alpha')) $action = 'export_csv'; // Load variable for pagination $limit = GETPOST('limit', 'int')?GETPOST('limit', 'int'):$conf->liste_limit; $sortfield = GETPOST('sortfield', 'alpha'); -$sortorder = GETPOST('sortorder', 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOST('page', 'int'); if (empty($page) || $page == -1 || GETPOST('button_search', 'alpha') || GETPOST('button_removefilter', 'alpha') || (empty($toselect) && $massaction === '0')) { $page = 0; } // If $page is not defined, or '' or -1 or if we click on clear filters or if we select empty mass action $offset = $limit * $page; diff --git a/htdocs/accountancy/bookkeeping/list.php b/htdocs/accountancy/bookkeeping/list.php index 7ada77d0bd6..a25f74addf1 100644 --- a/htdocs/accountancy/bookkeeping/list.php +++ b/htdocs/accountancy/bookkeeping/list.php @@ -88,7 +88,7 @@ $search_lettering_code = GETPOST('search_lettering_code', 'alpha'); // Load variable for pagination $limit = GETPOST('limit', 'int')?GETPOST('limit', 'int'):(empty($conf->global->ACCOUNTING_LIMIT_LIST_VENTILATION)?$conf->liste_limit:$conf->global->ACCOUNTING_LIMIT_LIST_VENTILATION); $sortfield = GETPOST('sortfield', 'alpha'); -$sortorder = GETPOST('sortorder', 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOST('page', 'int'); if (empty($page) || $page < 0) { $page = 0; } $offset = $limit * $page; diff --git a/htdocs/accountancy/bookkeeping/listbyaccount.php b/htdocs/accountancy/bookkeeping/listbyaccount.php index bacfdcb714a..a38d668c563 100644 --- a/htdocs/accountancy/bookkeeping/listbyaccount.php +++ b/htdocs/accountancy/bookkeeping/listbyaccount.php @@ -64,7 +64,7 @@ $search_credit = GETPOST('search_credit', 'alpha'); // Load variable for pagination $limit = GETPOST('limit', 'int')?GETPOST('limit', 'int'):(empty($conf->global->ACCOUNTING_LIMIT_LIST_VENTILATION)?$conf->liste_limit:$conf->global->ACCOUNTING_LIMIT_LIST_VENTILATION); $sortfield = GETPOST('sortfield', 'alpha'); -$sortorder = GETPOST('sortorder', 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOST('page', 'int'); if (empty($page) || $page < 0) { $page = 0; } $offset = $limit * $page; diff --git a/htdocs/accountancy/customer/lines.php b/htdocs/accountancy/customer/lines.php index 3da2c129e30..ae1e5751331 100644 --- a/htdocs/accountancy/customer/lines.php +++ b/htdocs/accountancy/customer/lines.php @@ -57,7 +57,7 @@ $search_tvaintra = GETPOST('search_tvaintra', 'alpha'); // Load variable for pagination $limit = GETPOST('limit', 'int')?GETPOST('limit', 'int'):(empty($conf->global->ACCOUNTING_LIMIT_LIST_VENTILATION)?$conf->liste_limit:$conf->global->ACCOUNTING_LIMIT_LIST_VENTILATION); $sortfield = GETPOST('sortfield', 'alpha'); -$sortorder = GETPOST('sortorder', 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOST('page', 'int'); if (empty($page) || $page < 0) $page = 0; $pageprev = $page - 1; diff --git a/htdocs/accountancy/customer/list.php b/htdocs/accountancy/customer/list.php index cd1c285217c..033ba8d7903 100644 --- a/htdocs/accountancy/customer/list.php +++ b/htdocs/accountancy/customer/list.php @@ -68,7 +68,7 @@ $btn_ventil = GETPOST('ventil', 'alpha'); // Load variable for pagination $limit = GETPOST('limit', 'int')?GETPOST('limit', 'int'):(empty($conf->global->ACCOUNTING_LIMIT_LIST_VENTILATION)?$conf->liste_limit:$conf->global->ACCOUNTING_LIMIT_LIST_VENTILATION); $sortfield = GETPOST('sortfield', 'alpha'); -$sortorder = GETPOST('sortorder', 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOST('page', 'int'); if (empty($page) || $page < 0) { $page = 0; } $offset = $limit * $page; diff --git a/htdocs/accountancy/expensereport/lines.php b/htdocs/accountancy/expensereport/lines.php index d15ef52ad39..a236da06646 100644 --- a/htdocs/accountancy/expensereport/lines.php +++ b/htdocs/accountancy/expensereport/lines.php @@ -52,7 +52,7 @@ $search_year=GETPOST("search_year", "int"); // Load variable for pagination $limit = GETPOST('limit', 'int')?GETPOST('limit', 'int'):(empty($conf->global->ACCOUNTING_LIMIT_LIST_VENTILATION)?$conf->liste_limit:$conf->global->ACCOUNTING_LIMIT_LIST_VENTILATION); $sortfield = GETPOST('sortfield', 'alpha'); -$sortorder = GETPOST('sortorder', 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOST('page', 'int'); if (empty($page) || $page < 0) $page = 0; $pageprev = $page - 1; diff --git a/htdocs/accountancy/expensereport/list.php b/htdocs/accountancy/expensereport/list.php index 60b24638775..e7cad536057 100644 --- a/htdocs/accountancy/expensereport/list.php +++ b/htdocs/accountancy/expensereport/list.php @@ -62,7 +62,7 @@ $btn_ventil = GETPOST('ventil', 'alpha'); // Load variable for pagination $limit = GETPOST('limit', 'int')?GETPOST('limit', 'int'):(empty($conf->global->ACCOUNTING_LIMIT_LIST_VENTILATION)?$conf->liste_limit:$conf->global->ACCOUNTING_LIMIT_LIST_VENTILATION); $sortfield = GETPOST('sortfield', 'alpha'); -$sortorder = GETPOST('sortorder', 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOST('page', 'int'); if (empty($page) || $page < 0) { $page = 0; } $offset = $limit * $page; diff --git a/htdocs/accountancy/supplier/lines.php b/htdocs/accountancy/supplier/lines.php index 659d428b93b..4f3c89b2db3 100644 --- a/htdocs/accountancy/supplier/lines.php +++ b/htdocs/accountancy/supplier/lines.php @@ -59,7 +59,7 @@ $search_tvaintra = GETPOST('search_tvaintra', 'alpha'); // Load variable for pagination $limit = GETPOST('limit', 'int')?GETPOST('limit', 'int'):(empty($conf->global->ACCOUNTING_LIMIT_LIST_VENTILATION)?$conf->liste_limit:$conf->global->ACCOUNTING_LIMIT_LIST_VENTILATION); $sortfield = GETPOST('sortfield', 'alpha'); -$sortorder = GETPOST('sortorder', 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOST('page', 'int'); if (empty($page) || $page < 0) $page = 0; $offset = $limit * $page; diff --git a/htdocs/accountancy/supplier/list.php b/htdocs/accountancy/supplier/list.php index 879b708d32e..dac359338da 100644 --- a/htdocs/accountancy/supplier/list.php +++ b/htdocs/accountancy/supplier/list.php @@ -68,7 +68,7 @@ $btn_ventil = GETPOST('ventil', 'alpha'); // Load variable for pagination $limit = GETPOST('limit', 'int')?GETPOST('limit', 'int'):(empty($conf->global->ACCOUNTING_LIMIT_LIST_VENTILATION)?$conf->liste_limit:$conf->global->ACCOUNTING_LIMIT_LIST_VENTILATION); $sortfield = GETPOST('sortfield', 'alpha'); -$sortorder = GETPOST('sortorder', 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOST('page', 'int'); if (empty($page) || $page < 0) { $page = 0; } $offset = $limit * $page; diff --git a/htdocs/adherents/subscription.php b/htdocs/adherents/subscription.php index 006edce6319..ad63c4a05b7 100644 --- a/htdocs/adherents/subscription.php +++ b/htdocs/adherents/subscription.php @@ -48,7 +48,7 @@ $typeid=GETPOST('typeid', 'int'); // Load variable for pagination $limit = GETPOST('limit', 'int')?GETPOST('limit', 'int'):$conf->liste_limit; $sortfield = GETPOST('sortfield', 'alpha'); -$sortorder = GETPOST('sortorder', 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOST('page', 'int'); if (empty($page) || $page == -1) { $page = 0; } // If $page is not defined, or '' or -1 $offset = $limit * $page; diff --git a/htdocs/adherents/subscription/list.php b/htdocs/adherents/subscription/list.php index 512f3935177..c02f9c62054 100644 --- a/htdocs/adherents/subscription/list.php +++ b/htdocs/adherents/subscription/list.php @@ -52,7 +52,7 @@ $date_select=GETPOST("date_select", 'alpha'); $limit = GETPOST('limit', 'int')?GETPOST('limit', 'int'):$conf->liste_limit; $sortfield = GETPOST("sortfield", 'alpha'); -$sortorder = GETPOST("sortorder", 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOST("page", 'int'); if (empty($page) || $page == -1) { $page = 0; } // If $page is not defined, or '' or -1 $offset = $limit * $page ; diff --git a/htdocs/admin/emailcollector_list.php b/htdocs/admin/emailcollector_list.php index 14cb63cd923..cec326b799a 100644 --- a/htdocs/admin/emailcollector_list.php +++ b/htdocs/admin/emailcollector_list.php @@ -52,7 +52,7 @@ $id = GETPOST('id', 'int'); // Load variable for pagination $limit = GETPOST('limit', 'int')?GETPOST('limit', 'int'):$conf->liste_limit; $sortfield = GETPOST('sortfield', 'alpha'); -$sortorder = GETPOST('sortorder', 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOST('page', 'int'); if (empty($page) || $page == -1 || GETPOST('button_search', 'alpha') || GETPOST('button_removefilter', 'alpha') || (empty($toselect) && $massaction === '0')) { $page = 0; } // If $page is not defined, or '' or -1 or if we click on clear filters or if we select empty mass action $offset = $limit * $page; diff --git a/htdocs/admin/mails_senderprofile_list.php b/htdocs/admin/mails_senderprofile_list.php index 931d1168238..85e1ac63434 100644 --- a/htdocs/admin/mails_senderprofile_list.php +++ b/htdocs/admin/mails_senderprofile_list.php @@ -47,7 +47,7 @@ $id = GETPOST('id', 'int'); // Load variable for pagination $limit = GETPOST('limit', 'int')?GETPOST('limit', 'int'):$conf->liste_limit; $sortfield = GETPOST('sortfield', 'alpha'); -$sortorder = GETPOST('sortorder', 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOST('page', 'int'); if (empty($page) || $page == -1) { $page = 0; } // If $page is not defined, or '' or -1 $offset = $limit * $page; diff --git a/htdocs/admin/tools/dolibarr_export.php b/htdocs/admin/tools/dolibarr_export.php index ee8594e6bf8..a7578a10aae 100644 --- a/htdocs/admin/tools/dolibarr_export.php +++ b/htdocs/admin/tools/dolibarr_export.php @@ -32,7 +32,7 @@ $langs->load("admin"); $action=GETPOST('action', 'alpha'); $sortfield = GETPOST('sortfield', 'alpha'); -$sortorder = GETPOST('sortorder', 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOST('page', 'int'); if (! $sortorder) $sortorder="DESC"; if (! $sortfield) $sortfield="date"; diff --git a/htdocs/admin/tools/export.php b/htdocs/admin/tools/export.php index 16f9c38602a..29d86e873cd 100644 --- a/htdocs/admin/tools/export.php +++ b/htdocs/admin/tools/export.php @@ -38,7 +38,7 @@ $file=GETPOST('filename_template', 'alpha'); // Load variable for pagination $limit = GETPOST('limit', 'int')?GETPOST('limit', 'int'):$conf->liste_limit; $sortfield = GETPOST('sortfield', 'alpha'); -$sortorder = GETPOST('sortorder', 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOST("page", 'int'); if (empty($page) || $page == -1 || GETPOST('button_search', 'alpha') || GETPOST('button_removefilter', 'alpha') || (empty($toselect) && $massaction === '0')) { $page = 0; } // If $page is not defined, or '' or -1 or if we click on clear filters or if we select empty mass action $offset = $limit * $page; diff --git a/htdocs/admin/tools/export_files.php b/htdocs/admin/tools/export_files.php index e3be54458c0..371c49ff3d7 100644 --- a/htdocs/admin/tools/export_files.php +++ b/htdocs/admin/tools/export_files.php @@ -39,7 +39,7 @@ $compression = GETPOST('compression'); $file = dol_sanitizeFileName($file); $sortfield = GETPOST('sortfield', 'alpha'); -$sortorder = GETPOST('sortorder', 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOST("page", 'int'); if (! $sortorder) $sortorder="DESC"; if (! $sortfield) $sortfield="date"; diff --git a/htdocs/admin/tools/listevents.php b/htdocs/admin/tools/listevents.php index 39699d4240b..2cbfeb4e52f 100644 --- a/htdocs/admin/tools/listevents.php +++ b/htdocs/admin/tools/listevents.php @@ -47,7 +47,7 @@ $langs->loadLangs(array("companies","admin","users","other")); // Load variable for pagination $limit = GETPOST('limit', 'int')?GETPOST('limit', 'int'):$conf->liste_limit; $sortfield = GETPOST('sortfield', 'alpha'); -$sortorder = GETPOST('sortorder', 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOST('page', 'int'); if (empty($page) || $page == -1) { $page = 0; } // If $page is not defined, or '' or -1 $offset = $limit * $page; diff --git a/htdocs/admin/tools/listsessions.php b/htdocs/admin/tools/listsessions.php index 08890379955..d2ddf6b9fae 100644 --- a/htdocs/admin/tools/listsessions.php +++ b/htdocs/admin/tools/listsessions.php @@ -42,7 +42,7 @@ if ($user->societe_id > 0) } $sortfield = GETPOST("sortfield", 'alpha'); -$sortorder = GETPOST("sortorder", 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOST("page", 'int'); if (empty($page) || $page == -1) { $page = 0; } // If $page is not defined, or '' or -1 $offset = $conf->liste_limit * $page ; diff --git a/htdocs/admin/website.php b/htdocs/admin/website.php index 5096563ad76..0d366d3441a 100644 --- a/htdocs/admin/website.php +++ b/htdocs/admin/website.php @@ -54,7 +54,7 @@ $status = 1; // Load variable for pagination $limit = GETPOST('limit', 'int')?GETPOST('limit', 'int'):$conf->liste_limit; $sortfield = GETPOST('sortfield', 'alpha'); -$sortorder = GETPOST('sortorder', 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOST('page', 'int'); if (empty($page) || $page == -1) { $page = 0; } // If $page is not defined, or '' or -1 $offset = $limit * $page; diff --git a/htdocs/admin/website_options.php b/htdocs/admin/website_options.php index 35b34f1b9da..0274608340a 100644 --- a/htdocs/admin/website_options.php +++ b/htdocs/admin/website_options.php @@ -47,7 +47,7 @@ $status = 1; // Load variable for pagination $limit = GETPOST('limit', 'int')?GETPOST('limit', 'int'):$conf->liste_limit; $sortfield = GETPOST('sortfield', 'alpha'); -$sortorder = GETPOST('sortorder', 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOST('page', 'int'); if (empty($page) || $page == -1) { $page = 0; } // If $page is not defined, or '' or -1 $offset = $limit * $page; diff --git a/htdocs/asset/list.php b/htdocs/asset/list.php index 7ca92570aa4..8b671edb8c9 100644 --- a/htdocs/asset/list.php +++ b/htdocs/asset/list.php @@ -48,7 +48,7 @@ $id = GETPOST('id', 'int'); // Load variable for pagination $limit = GETPOST('limit', 'int')?GETPOST('limit', 'int'):$conf->liste_limit; $sortfield = GETPOST('sortfield', 'alpha'); -$sortorder = GETPOST('sortorder', 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOST('page', 'int'); if (empty($page) || $page == -1) { $page = 0; } // If $page is not defined, or '' or -1 $offset = $limit * $page; diff --git a/htdocs/blockedlog/admin/blockedlog_list.php b/htdocs/blockedlog/admin/blockedlog_list.php index 2a7bee7335f..86e5f7c67ae 100644 --- a/htdocs/blockedlog/admin/blockedlog_list.php +++ b/htdocs/blockedlog/admin/blockedlog_list.php @@ -57,7 +57,7 @@ if (($search_start == -1 || empty($search_start)) && ! GETPOSTISSET('search_star // Load variable for pagination $limit = GETPOST('limit', 'int')?GETPOST('limit', 'int'):$conf->liste_limit; $sortfield = GETPOST('sortfield', 'alpha'); -$sortorder = GETPOST('sortorder', 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOST('page', 'int'); if (empty($page) || $page == -1) { $page = 0; } // If $page is not defined, or '' or -1 $offset = $limit * $page; diff --git a/htdocs/bom/bom_list.php b/htdocs/bom/bom_list.php index bbb51211137..9e7d1957047 100644 --- a/htdocs/bom/bom_list.php +++ b/htdocs/bom/bom_list.php @@ -46,7 +46,7 @@ $id = GETPOST('id', 'int'); // Load variable for pagination $limit = GETPOST('limit', 'int')?GETPOST('limit', 'int'):$conf->liste_limit; $sortfield = GETPOST('sortfield', 'alpha'); -$sortorder = GETPOST('sortorder', 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOST('page', 'int'); if (empty($page) || $page == -1 || GETPOST('button_search', 'alpha') || GETPOST('button_removefilter', 'alpha') || (empty($toselect) && $massaction === '0')) { $page = 0; } // If $page is not defined, or '' or -1 or if we click on clear filters or if we select empty mass action $offset = $limit * $page; diff --git a/htdocs/bookmarks/list.php b/htdocs/bookmarks/list.php index 844443244cd..1fdd6e91ca2 100644 --- a/htdocs/bookmarks/list.php +++ b/htdocs/bookmarks/list.php @@ -41,7 +41,7 @@ $optioncss = GETPOST('optioncss', 'alpha'); $limit = GETPOST('limit', 'int')?GETPOST('limit', 'int'):$conf->liste_limit; $sortfield = GETPOST("sortfield", 'alpha'); -$sortorder = GETPOST("sortorder", 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOST("page", 'int'); if (empty($page) || $page == -1) { $page = 0; } // If $page is not defined, or '' or -1 $offset = $limit * $page; diff --git a/htdocs/comm/action/document.php b/htdocs/comm/action/document.php index 7eec20c3499..87be73ad47a 100644 --- a/htdocs/comm/action/document.php +++ b/htdocs/comm/action/document.php @@ -63,7 +63,7 @@ if ($id > 0) // Get parameters $sortfield = GETPOST("sortfield", 'alpha'); -$sortorder = GETPOST("sortorder", 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOST("page", 'int'); if (empty($page) || $page == -1) { $page = 0; } // If $page is not defined, or '' or -1 $offset = $conf->liste_limit * $page; diff --git a/htdocs/comm/action/index.php b/htdocs/comm/action/index.php index 4ea61e2db38..98081c4b250 100644 --- a/htdocs/comm/action/index.php +++ b/htdocs/comm/action/index.php @@ -57,7 +57,7 @@ if (empty($filtert) && empty($conf->global->AGENDA_ALL_CALENDARS)) } $sortfield = GETPOST("sortfield", 'alpha'); -$sortorder = GETPOST("sortorder", 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOST("page", "int"); if (empty($page) || $page == -1) { $page = 0; } // If $page is not defined, or '' or -1 $limit = GETPOST('limit', 'int')?GETPOST('limit', 'int'):$conf->liste_limit; diff --git a/htdocs/comm/action/peruser.php b/htdocs/comm/action/peruser.php index d4020f4df92..76fff1cc25b 100644 --- a/htdocs/comm/action/peruser.php +++ b/htdocs/comm/action/peruser.php @@ -55,7 +55,7 @@ if (empty($filtert) && empty($conf->global->AGENDA_ALL_CALENDARS)) } $sortfield = GETPOST("sortfield", 'alpha'); -$sortorder = GETPOST("sortorder", 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOST("page", "int"); if (empty($page) || $page == -1) { $page = 0; } // If $page is not defined, or '' or -1 $limit = GETPOST('limit', 'int')?GETPOST('limit', 'int'):$conf->liste_limit; diff --git a/htdocs/comm/action/rapport/index.php b/htdocs/comm/action/rapport/index.php index 565d12b9c70..c1369666666 100644 --- a/htdocs/comm/action/rapport/index.php +++ b/htdocs/comm/action/rapport/index.php @@ -40,7 +40,7 @@ $year=GETPOST('year'); $limit = GETPOST('limit', 'int')?GETPOST('limit', 'int'):$conf->liste_limit; $sortfield = GETPOST("sortfield", 'alpha'); -$sortorder = GETPOST("sortorder", 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOST("page", 'int'); if ($page == -1 || $page == null) { $page = 0 ; } $offset = $limit * $page ; diff --git a/htdocs/comm/card.php b/htdocs/comm/card.php index 37c19525afa..d685d641bd1 100644 --- a/htdocs/comm/card.php +++ b/htdocs/comm/card.php @@ -66,7 +66,7 @@ $action = GETPOST('action', 'aZ09'); $mode = GETPOST("mode"); $sortfield = GETPOST("sortfield", 'alpha'); -$sortorder = GETPOST("sortorder", 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOST("page", 'int'); if (empty($page) || $page == -1) { $page = 0; } // If $page is not defined, or '' or -1 $offset = $conf->liste_limit * $page; diff --git a/htdocs/comm/contact.php b/htdocs/comm/contact.php index 68730bccef1..c386e7e2b5f 100644 --- a/htdocs/comm/contact.php +++ b/htdocs/comm/contact.php @@ -30,7 +30,7 @@ require '../main.inc.php'; $langs->load("companies"); $sortfield=GETPOST('sortfield', 'alpha'); -$sortorder=GETPOST('sortorder', 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page=GETPOST('page', 'int'); if (! $sortorder) $sortorder="ASC"; if (! $sortfield) $sortfield="p.name"; diff --git a/htdocs/comm/mailing/advtargetemailing.php b/htdocs/comm/mailing/advtargetemailing.php index a4bba8f7adc..0aab6d2479b 100644 --- a/htdocs/comm/mailing/advtargetemailing.php +++ b/htdocs/comm/mailing/advtargetemailing.php @@ -47,7 +47,7 @@ if (! $user->rights->mailing->lire || $user->societe_id > 0) // Load variable for pagination $limit = GETPOST('limit', 'int')?GETPOST('limit', 'int'):$conf->liste_limit; $sortfield = GETPOST('sortfield', 'alpha'); -$sortorder = GETPOST('sortorder', 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOST('page', 'int'); if (empty($page) || $page == -1) { $page = 0; } // If $page is not defined, or '' or -1 $offset = $limit * $page; diff --git a/htdocs/comm/mailing/cibles.php b/htdocs/comm/mailing/cibles.php index 06a6dfccc55..85561716e0e 100644 --- a/htdocs/comm/mailing/cibles.php +++ b/htdocs/comm/mailing/cibles.php @@ -42,7 +42,7 @@ if (! $user->rights->mailing->lire || $user->societe_id > 0) accessforbidden(); // Load variable for pagination $limit = GETPOST('limit', 'int')?GETPOST('limit', 'int'):$conf->liste_limit; $sortfield = GETPOST('sortfield', 'alpha'); -$sortorder = GETPOST('sortorder', 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOST('page', 'int'); if (empty($page) || $page == -1) { $page = 0; } // If $page is not defined, or '' or -1 $offset = $limit * $page; diff --git a/htdocs/comm/mailing/list.php b/htdocs/comm/mailing/list.php index da74efaaf98..b879ae9fa32 100644 --- a/htdocs/comm/mailing/list.php +++ b/htdocs/comm/mailing/list.php @@ -32,7 +32,7 @@ $langs->load("mails"); $result=restrictedArea($user, 'mailing'); $sortfield = GETPOST("sortfield", 'alpha'); -$sortorder = GETPOST("sortorder", 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $limit = GETPOST('limit', 'int')?GETPOST('limit', 'int'):$conf->liste_limit; $page = GETPOST("page", 'int'); if (empty($page) || $page == -1 || GETPOST('button_search', 'alpha') || GETPOST('button_removefilter', 'alpha') || (empty($toselect) && $massaction === '0')) { $page = 0; } // If $page is not defined, or '' or -1 or if we click on clear filters or if we select empty mass action diff --git a/htdocs/comm/propal/document.php b/htdocs/comm/propal/document.php index 4c464db4693..8591b24dc9c 100644 --- a/htdocs/comm/propal/document.php +++ b/htdocs/comm/propal/document.php @@ -54,7 +54,7 @@ $result = restrictedArea($user, 'propal', $id); // Get parameters $sortfield = GETPOST("sortfield", 'alpha'); -$sortorder = GETPOST("sortorder", 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOST("page", 'int'); if (empty($page) || $page == -1) { $page = 0; } // If $page is not defined, or '' or -1 $offset = $conf->liste_limit * $page; diff --git a/htdocs/comm/propal/list.php b/htdocs/comm/propal/list.php index 29c87b0ebd2..492cae99165 100644 --- a/htdocs/comm/propal/list.php +++ b/htdocs/comm/propal/list.php @@ -99,7 +99,7 @@ $mesg=(GETPOST("msg") ? GETPOST("msg") : GETPOST("mesg")); $limit = GETPOST('limit', 'int')?GETPOST('limit', 'int'):$conf->liste_limit; $sortfield = GETPOST("sortfield", 'alpha'); -$sortorder = GETPOST("sortorder", 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOST("page", 'int'); if (empty($page) || $page == -1 || !empty($search_btn) || !empty($search_remove_btn) || (empty($toselect) && $massaction === '0')) { $page = 0; } // If $page is not defined, or '' or -1 $offset = $limit * $page; diff --git a/htdocs/compta/accounting-files.php b/htdocs/compta/accounting-files.php index e52f91ba45c..288d34a7d27 100644 --- a/htdocs/compta/accounting-files.php +++ b/htdocs/compta/accounting-files.php @@ -53,7 +53,7 @@ $hookmanager->initHooks(array('comptafileslist','globallist')); // Load variable for pagination $limit = GETPOST('limit', 'int')?GETPOST('limit', 'int'):$conf->liste_limit; $sortfield = GETPOST('sortfield', 'alpha'); -$sortorder = GETPOST('sortorder', 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOST('page', 'int'); if (empty($page) || $page == -1) { $page = 0; } // If $page is not defined, or '' or -1 $offset = $limit * $page; diff --git a/htdocs/compta/bank/document.php b/htdocs/compta/bank/document.php index 5b887f0bd8e..92af3eacb8f 100644 --- a/htdocs/compta/bank/document.php +++ b/htdocs/compta/bank/document.php @@ -57,7 +57,7 @@ $result = restrictedArea($user, 'banque', $fieldvalue, 'bank_account', '', '', // Get parameters $sortfield = GETPOST("sortfield", 'alpha'); -$sortorder = GETPOST("sortorder", 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOST("page", 'int'); if (empty($page) || $page == -1) { $page = 0; } $offset = $conf->liste_limit * $page; diff --git a/htdocs/compta/bank/releve.php b/htdocs/compta/bank/releve.php index 845ba1a2172..7d090cb4f22 100644 --- a/htdocs/compta/bank/releve.php +++ b/htdocs/compta/bank/releve.php @@ -78,7 +78,7 @@ if ($user->rights->banque->consolidate && $action == 'dvprev' && ! empty($dvid)) $limit = GETPOST('limit', 'int')?GETPOST('limit', 'int'):$conf->liste_limit; $sortfield = GETPOST("sortfield", 'alpha'); -$sortorder = GETPOST("sortorder", 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOST("page", 'int'); $pageplusone = GETPOST("pageplusone", 'int'); if ($pageplusone) $page = $pageplusone - 1; diff --git a/htdocs/compta/bank/various_payment/document.php b/htdocs/compta/bank/various_payment/document.php index 3d37b7e7de6..d665325e2f2 100644 --- a/htdocs/compta/bank/various_payment/document.php +++ b/htdocs/compta/bank/various_payment/document.php @@ -44,7 +44,7 @@ $result = restrictedArea($user, 'banque', '', '', ''); // Get parameters $sortfield = GETPOST('sortfield', 'alpha'); -$sortorder = GETPOST('sortorder', 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOST('page', 'int'); if (empty($page) || $page == -1) { $page = 0; } // If $page is not defined, or '' or -1 $offset = $conf->liste_limit * $page; diff --git a/htdocs/compta/cashcontrol/cashcontrol_list.php b/htdocs/compta/cashcontrol/cashcontrol_list.php index d18a8c38cfe..392d398c0a1 100644 --- a/htdocs/compta/cashcontrol/cashcontrol_list.php +++ b/htdocs/compta/cashcontrol/cashcontrol_list.php @@ -64,7 +64,7 @@ $id = GETPOST('id', 'int'); // Load variable for pagination $limit = GETPOST('limit', 'int')?GETPOST('limit', 'int'):$conf->liste_limit; $sortfield = GETPOST('sortfield', 'alpha'); -$sortorder = GETPOST('sortorder', 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOST('page', 'int'); if (empty($page) || $page == -1 || GETPOST('button_search', 'alpha') || GETPOST('button_removefilter', 'alpha') || (empty($toselect) && $massaction === '0')) { $page = 0; } // If $page is not defined, or '' or -1 or if we click on clear filters or if we select empty mass action $offset = $limit * $page; diff --git a/htdocs/compta/clients.php b/htdocs/compta/clients.php index 36cc40c851c..8d18a840811 100644 --- a/htdocs/compta/clients.php +++ b/htdocs/compta/clients.php @@ -45,7 +45,7 @@ $langs->load("companies"); $mode=GETPOST("mode"); $sortfield = GETPOST("sortfield", 'alpha'); -$sortorder = GETPOST("sortorder", 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOST("page", 'int'); if (empty($page) || $page == -1) { $page = 0; } // If $page is not defined, or '' or -1 $offset = $conf->liste_limit * $page; diff --git a/htdocs/compta/deplacement/document.php b/htdocs/compta/deplacement/document.php index 8cba95e283b..039a4d14be4 100644 --- a/htdocs/compta/deplacement/document.php +++ b/htdocs/compta/deplacement/document.php @@ -49,7 +49,7 @@ $result = restrictedArea($user, 'deplacement', $id, ''); // Get parameters $sortfield = GETPOST('sortfield', 'alpha'); -$sortorder = GETPOST('sortorder', 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOST('page', 'int'); if (empty($page) || $page == -1) { $page = 0; } // If $page is not defined, or '' or -1 $offset = $conf->liste_limit * $page; diff --git a/htdocs/compta/deplacement/list.php b/htdocs/compta/deplacement/list.php index 58a8fd32ef5..ee0d152ea4e 100644 --- a/htdocs/compta/deplacement/list.php +++ b/htdocs/compta/deplacement/list.php @@ -44,7 +44,7 @@ $search_name=GETPOST('search_name', 'alpha'); $search_company=GETPOST('search_company', 'alpha'); // $search_amount=GETPOST('search_amount','alpha'); $sortfield = GETPOST("sortfield", 'alpha'); -$sortorder = GETPOST("sortorder", 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOST("page", 'int'); $limit = GETPOST('limit', 'int')?GETPOST('limit', 'int'):$conf->liste_limit; if (empty($page) || $page == -1) { $page = 0; } // If $page is not defined, or '' or -1 diff --git a/htdocs/compta/facture/document.php b/htdocs/compta/facture/document.php index 44f69f512bd..f00595c1264 100644 --- a/htdocs/compta/facture/document.php +++ b/htdocs/compta/facture/document.php @@ -57,7 +57,7 @@ $result=restrictedArea($user, 'facture', $id, ''); // Get parameters $sortfield = GETPOST("sortfield", 'alpha'); -$sortorder = GETPOST("sortorder", 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOST("page", 'int'); if (empty($page) || $page == -1) { $page = 0; } // If $page is not defined, or '' or -1 $offset = $conf->liste_limit * $page; diff --git a/htdocs/compta/paiement/cheque/card.php b/htdocs/compta/paiement/cheque/card.php index 3107cf29742..9fb0deb793c 100644 --- a/htdocs/compta/paiement/cheque/card.php +++ b/htdocs/compta/paiement/cheque/card.php @@ -47,7 +47,7 @@ if ($user->societe_id) $socid=$user->societe_id; $result = restrictedArea($user, 'cheque', $id, 'bordereau_cheque', '', 'fk_user_author', $fieldname); $sortfield=GETPOST('sortfield', 'alpha'); -$sortorder=GETPOST('sortorder', 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page=GETPOST('page', 'int'); if (! $sortorder) $sortorder="ASC"; if (! $sortfield) $sortfield="b.dateo,b.rowid"; diff --git a/htdocs/compta/paiement/tovalidate.php b/htdocs/compta/paiement/tovalidate.php index 0e2889814cc..ad9248d7f75 100644 --- a/htdocs/compta/paiement/tovalidate.php +++ b/htdocs/compta/paiement/tovalidate.php @@ -41,7 +41,7 @@ if ($user->societe_id > 0) $limit = GETPOST('limit', 'int')?GETPOST('limit', 'int'):$conf->liste_limit; $sortfield = GETPOST('sortfield', 'alpha'); -$sortorder = GETPOST('sortorder', 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOST('page', 'int'); if (empty($page) || $page == -1) { $page = 0; } // If $page is not defined, or '' or -1 $offset = $limit * $page; diff --git a/htdocs/compta/prelevement/bons.php b/htdocs/compta/prelevement/bons.php index b5610b81f68..967ea295d9a 100644 --- a/htdocs/compta/prelevement/bons.php +++ b/htdocs/compta/prelevement/bons.php @@ -41,7 +41,7 @@ $limit = GETPOST('limit', 'int')?GETPOST('limit', 'int'):$conf->liste_limit; if ($limit != $conf->liste_limit) $urladd .= '&limit=' . $limit; $sortfield = GETPOST('sortfield', 'alpha'); -$sortorder = GETPOST('sortorder', 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOST('page', 'int'); if (empty($page) || $page == -1) { $page = 0; } // If $page is not defined, or '' or -1 $offset = $limit * $page; diff --git a/htdocs/compta/prelevement/card.php b/htdocs/compta/prelevement/card.php index bf95a35f1fd..e9cc0f21046 100644 --- a/htdocs/compta/prelevement/card.php +++ b/htdocs/compta/prelevement/card.php @@ -48,7 +48,7 @@ $socid = GETPOST('socid', 'int'); // Load variable for pagination $limit = GETPOST('limit', 'int')?GETPOST('limit', 'int'):$conf->liste_limit; $sortfield = GETPOST('sortfield', 'alpha'); -$sortorder = GETPOST('sortorder', 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOST('page', 'int'); if (empty($page) || $page == -1) { $page = 0; } // If $page is not defined, or '' or -1 $offset = $limit * $page; diff --git a/htdocs/compta/prelevement/demandes.php b/htdocs/compta/prelevement/demandes.php index da1b3663d21..14d9135d94c 100644 --- a/htdocs/compta/prelevement/demandes.php +++ b/htdocs/compta/prelevement/demandes.php @@ -46,7 +46,7 @@ $optioncss = GETPOST('optioncss', 'aZ'); // Option for the css outpu // Load variable for pagination $limit = GETPOST('limit', 'int')?GETPOST('limit', 'int'):$conf->liste_limit; $sortfield = GETPOST("sortfield", 'alpha'); -$sortorder = GETPOST("sortorder", 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOST("page", 'int'); if (empty($page) || $page == -1 || GETPOST('button_search', 'alpha') || GETPOST('button_removefilter', 'alpha') || (empty($toselect) && $massaction === '0')) { $page = 0; } // If $page is not defined, or '' or -1 or if we click on clear filters or if we select empty mass action $offset = $limit * $page; diff --git a/htdocs/compta/prelevement/factures.php b/htdocs/compta/prelevement/factures.php index 6d087ea477e..9f0b83e896d 100644 --- a/htdocs/compta/prelevement/factures.php +++ b/htdocs/compta/prelevement/factures.php @@ -44,7 +44,7 @@ $ref = GETPOST('ref', 'alpha'); $limit = GETPOST('limit', 'int')?GETPOST('limit', 'int'):$conf->liste_limit; $sortfield = GETPOST("sortfield", 'alpha'); -$sortorder = GETPOST("sortorder", 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOST("page", 'int'); if (empty($page) || $page == -1) { $page = 0; } // If $page is not defined, or '' or -1 $offset = $limit * $page; diff --git a/htdocs/compta/prelevement/fiche-rejet.php b/htdocs/compta/prelevement/fiche-rejet.php index c930db99012..8e11c2b03f8 100644 --- a/htdocs/compta/prelevement/fiche-rejet.php +++ b/htdocs/compta/prelevement/fiche-rejet.php @@ -44,7 +44,7 @@ $ref = GETPOST('ref', 'alpha'); // Load variable for pagination $limit = GETPOST('limit', 'int')?GETPOST('limit', 'int'):$conf->liste_limit; $sortfield = GETPOST('sortfield', 'alpha'); -$sortorder = GETPOST('sortorder', 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOST('page', 'int'); if (empty($page) || $page == -1) { $page = 0; } // If $page is not defined, or '' or -1 $offset = $limit * $page; diff --git a/htdocs/compta/prelevement/fiche-stat.php b/htdocs/compta/prelevement/fiche-stat.php index 9cee7938737..f4f529bdaf0 100644 --- a/htdocs/compta/prelevement/fiche-stat.php +++ b/htdocs/compta/prelevement/fiche-stat.php @@ -42,7 +42,7 @@ $ref = GETPOST('ref', 'alpha'); // Load variable for pagination $limit = GETPOST('limit', 'int')?GETPOST('limit', 'int'):$conf->liste_limit; $sortfield = GETPOST('sortfield', 'alpha'); -$sortorder = GETPOST('sortorder', 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOST('page', 'int'); if (empty($page) || $page == -1) { $page = 0; } // If $page is not defined, or '' or -1 $offset = $limit * $page; diff --git a/htdocs/compta/prelevement/ligne.php b/htdocs/compta/prelevement/ligne.php index 8b11716bf6f..19f033546de 100644 --- a/htdocs/compta/prelevement/ligne.php +++ b/htdocs/compta/prelevement/ligne.php @@ -44,7 +44,7 @@ $id = GETPOST('id', 'int'); $socid = GETPOST('socid', 'int'); $page = GETPOST('page', 'int'); -$sortorder = GETPOST('sortorder', 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $sortfield = GETPOST('sortfield', 'alpha'); if ($action == 'confirm_rejet') diff --git a/htdocs/compta/prelevement/list.php b/htdocs/compta/prelevement/list.php index eb741b981d9..6d95786dadf 100644 --- a/htdocs/compta/prelevement/list.php +++ b/htdocs/compta/prelevement/list.php @@ -40,7 +40,7 @@ $result = restrictedArea($user, 'prelevement', '', '', 'bons'); $limit = GETPOST('limit', 'int')?GETPOST('limit', 'int'):$conf->liste_limit; $sortfield = GETPOST('sortfield', 'alpha'); -$sortorder = GETPOST('sortorder', 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOST('page', 'int'); if (empty($page) || $page == -1) { $page = 0; } // If $page is not defined, or '' or -1 $offset = $limit * $page; diff --git a/htdocs/compta/prelevement/rejets.php b/htdocs/compta/prelevement/rejets.php index 7611945a40d..f1c85ba9c63 100644 --- a/htdocs/compta/prelevement/rejets.php +++ b/htdocs/compta/prelevement/rejets.php @@ -41,7 +41,7 @@ $result = restrictedArea($user, 'prelevement', '', '', 'bons'); // Get supervariables $page = GETPOST('page', 'int'); if (empty($page) || $page == -1) { $page = 0; } // If $page is not defined, or '' or -1 -$sortorder = GETPOST('sortorder', 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $sortfield = GETPOST('sortfield', 'alpha'); /* diff --git a/htdocs/compta/recap-compta.php b/htdocs/compta/recap-compta.php index 19ac65cbd4e..70ac412191e 100644 --- a/htdocs/compta/recap-compta.php +++ b/htdocs/compta/recap-compta.php @@ -47,7 +47,7 @@ $hookmanager->initHooks(array('recapcomptacard','globalcard')); // Load variable for pagination $limit = GETPOST('limit', 'int')?GETPOST('limit', 'int'):$conf->liste_limit; $sortfield = GETPOST('sortfield', 'alpha'); -$sortorder = GETPOST('sortorder', 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOST('page', 'int'); if (empty($page) || $page == -1) { $page = 0; } // If $page is not defined, or '' or -1 $offset = $limit * $page; diff --git a/htdocs/compta/salaries/document.php b/htdocs/compta/salaries/document.php index 3ff92d23c1c..a14977b6962 100644 --- a/htdocs/compta/salaries/document.php +++ b/htdocs/compta/salaries/document.php @@ -51,7 +51,7 @@ $result = restrictedArea($user, 'salaries', '', '', ''); // Get parameters $sortfield = GETPOST('sortfield', 'alpha'); -$sortorder = GETPOST('sortorder', 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOST('page', 'int'); if (empty($page) || $page == -1) { $page = 0; } // If $page is not defined, or '' or -1 $offset = $conf->liste_limit * $page; diff --git a/htdocs/compta/sociales/payments.php b/htdocs/compta/sociales/payments.php index daecbe581f8..514f42c395f 100644 --- a/htdocs/compta/sociales/payments.php +++ b/htdocs/compta/sociales/payments.php @@ -47,7 +47,7 @@ if (! $year && $mode != 'sconly') { $year=date("Y", time()); } $limit = GETPOST('limit', 'int')?GETPOST('limit', 'int'):$conf->liste_limit; $sortfield = GETPOST("sortfield", 'alpha'); -$sortorder = GETPOST("sortorder", 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOST("page", 'int'); if (empty($page) || $page == -1) { $page = 0; } // If $page is not defined, or '' or -1 $offset = $limit * $page; diff --git a/htdocs/contact/list.php b/htdocs/contact/list.php index 0e7c814ef7b..5bd952c62b3 100644 --- a/htdocs/contact/list.php +++ b/htdocs/contact/list.php @@ -95,7 +95,7 @@ $view=GETPOST("view", 'alpha'); $limit = GETPOST('limit', 'int')?GETPOST('limit', 'int'):$conf->liste_limit; $sortfield = GETPOST('sortfield', 'alpha'); -$sortorder = GETPOST('sortorder', 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOST('page', 'int'); $userid=GETPOST('userid', 'int'); $begin=GETPOST('begin'); diff --git a/htdocs/contrat/index.php b/htdocs/contrat/index.php index 10c2e2915b9..ca58ffc687d 100644 --- a/htdocs/contrat/index.php +++ b/htdocs/contrat/index.php @@ -32,7 +32,7 @@ require_once DOL_DOCUMENT_ROOT."/product/class/product.class.php"; $langs->loadLangs(array('products', 'companies', 'contracts')); $sortfield=GETPOST('sortfield', 'alpha'); -$sortorder=GETPOST('sortorder', 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page=GETPOST('page', 'int'); $statut=GETPOST('statut')?GETPOST('statut'):1; diff --git a/htdocs/cron/list.php b/htdocs/cron/list.php index 7273640e77e..9bc98d9e8ea 100644 --- a/htdocs/cron/list.php +++ b/htdocs/cron/list.php @@ -46,7 +46,7 @@ $id=GETPOST('id', 'int'); $limit = GETPOST('limit', 'int')?GETPOST('limit', 'int'):$conf->liste_limit; $sortfield = GETPOST("sortfield", 'alpha'); -$sortorder = GETPOST("sortorder", 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOST("page", 'int'); if (empty($page) || $page == -1) { $page = 0; } // If $page is not defined, or '' or -1 $offset = $limit * $page; diff --git a/htdocs/don/document.php b/htdocs/don/document.php index fcb3c87ad9d..8620dcf1f7c 100644 --- a/htdocs/don/document.php +++ b/htdocs/don/document.php @@ -56,7 +56,7 @@ $result = restrictedArea($user, 'don', $id, ''); // Get parameters $sortfield = GETPOST('sortfield', 'alpha'); -$sortorder = GETPOST('sortorder', 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOST('page', 'int'); if (empty($page) || $page == -1) { $page = 0; } // If $page is not defined, or '' or -1 $offset = $conf->liste_limit * $page; diff --git a/htdocs/don/list.php b/htdocs/don/list.php index 1af11afca24..69430e5e805 100644 --- a/htdocs/don/list.php +++ b/htdocs/don/list.php @@ -33,7 +33,7 @@ if (! empty($conf->projet->enabled)) require_once DOL_DOCUMENT_ROOT.'/projet/cla $langs->loadLangs(array("companies","donations")); $sortfield = GETPOST("sortfield", 'alpha'); -$sortorder = GETPOST("sortorder", 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOST("page", 'int'); $limit = GETPOST('limit', 'int')?GETPOST('limit', 'int'):$conf->liste_limit; if (empty($page) || $page == -1) { $page = 0; } // If $page is not defined, or '' or -1 diff --git a/htdocs/ecm/index.php b/htdocs/ecm/index.php index 8a059ea53a3..483e22a0d17 100644 --- a/htdocs/ecm/index.php +++ b/htdocs/ecm/index.php @@ -46,7 +46,7 @@ if (! $section) $section=0; $section_dir=GETPOST('section_dir', 'alpha'); $sortfield = GETPOST("sortfield", 'alpha'); -$sortorder = GETPOST("sortorder", 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOST("page", 'int'); if (empty($page) || $page == -1) { $page = 0; } // If $page is not defined, or '' or -1 $offset = $conf->liste_limit * $page; diff --git a/htdocs/ecm/index_auto.php b/htdocs/ecm/index_auto.php index f068eed1319..755f83cdab8 100644 --- a/htdocs/ecm/index_auto.php +++ b/htdocs/ecm/index_auto.php @@ -48,7 +48,7 @@ $section_dir=GETPOST('section_dir', 'alpha'); $search_doc_ref=GETPOST('search_doc_ref', 'alpha'); $sortfield = GETPOST("sortfield", 'alpha'); -$sortorder = GETPOST("sortorder", 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOST("page", 'int'); if (empty($page) || $page == -1) { $page = 0; } // If $page is not defined, or '' or -1 $offset = $conf->liste_limit * $page; diff --git a/htdocs/ecm/search.php b/htdocs/ecm/search.php index a5e296ae1e6..7180f4f1a90 100644 --- a/htdocs/ecm/search.php +++ b/htdocs/ecm/search.php @@ -53,7 +53,7 @@ if (empty($module)) $module='ecm'; $upload_dir = $conf->ecm->dir_output.'/'.$section; $sortfield = GETPOST("sortfield", 'alpha'); -$sortorder = GETPOST("sortorder", 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOST("page", 'int'); if (empty($page) || $page == -1) { $page = 0; } // If $page is not defined, or '' or -1 $offset = $conf->liste_limit * $page; diff --git a/htdocs/expedition/list.php b/htdocs/expedition/list.php index f5c111f2268..ddd13f8e740 100644 --- a/htdocs/expedition/list.php +++ b/htdocs/expedition/list.php @@ -59,7 +59,7 @@ $optioncss = GETPOST('optioncss', 'alpha'); $limit = GETPOST('limit', 'int')?GETPOST('limit', 'int'):$conf->liste_limit; $sortfield = GETPOST('sortfield', 'alpha'); -$sortorder = GETPOST('sortorder', 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOST('page', 'int'); if (! $sortfield) $sortfield="e.ref"; if (! $sortorder) $sortorder="DESC"; diff --git a/htdocs/expensereport/document.php b/htdocs/expensereport/document.php index f5295118bda..64e280f2707 100644 --- a/htdocs/expensereport/document.php +++ b/htdocs/expensereport/document.php @@ -49,7 +49,7 @@ $result = restrictedArea($user, 'expensereport', $id, 'expensereport'); // Get parameters $sortfield = GETPOST('sortfield', 'alpha'); -$sortorder = GETPOST('sortorder', 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOST('page', 'int'); if (empty($page) || $page == -1) { $page = 0; } // If $page is not defined, or '' or -1 $offset = $conf->liste_limit * $page; diff --git a/htdocs/expensereport/list.php b/htdocs/expensereport/list.php index 03cafb6b60d..ab60da279c9 100644 --- a/htdocs/expensereport/list.php +++ b/htdocs/expensereport/list.php @@ -73,7 +73,7 @@ $diroutputmassaction=$conf->expensereport->dir_output . '/temp/massgeneration/'. // Load variable for pagination $limit = GETPOST('limit', 'int')?GETPOST('limit', 'int'):$conf->liste_limit; $sortfield = GETPOST('sortfield', 'alpha'); -$sortorder = GETPOST('sortorder', 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOST('page', 'int'); if (empty($page) || $page == -1) { $page = 0; } // If $page is not defined, or '' or -1 $offset = $limit * $page; diff --git a/htdocs/fichinter/document.php b/htdocs/fichinter/document.php index d5aed88079a..282a501a997 100644 --- a/htdocs/fichinter/document.php +++ b/htdocs/fichinter/document.php @@ -53,7 +53,7 @@ $result = restrictedArea($user, 'ficheinter', $id, 'fichinter'); // Get parameters $sortfield = GETPOST('sortfield', 'alpha'); -$sortorder = GETPOST('sortorder', 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOST('page', 'int'); if (empty($page) || $page == -1) { $page = 0; } // If $page is not defined, or '' or -1 $offset = $conf->liste_limit * $page; diff --git a/htdocs/fichinter/list.php b/htdocs/fichinter/list.php index e54aa7940d3..59283ac9d8e 100644 --- a/htdocs/fichinter/list.php +++ b/htdocs/fichinter/list.php @@ -66,7 +66,7 @@ $diroutputmassaction=$conf->ficheinter->dir_output . '/temp/massgeneration/'.$us $limit = GETPOST('limit', 'int')?GETPOST('limit', 'int'):$conf->liste_limit; $sortfield = GETPOST('sortfield', 'alpha'); -$sortorder = GETPOST('sortorder', 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOST('page', 'int'); if (empty($page) || $page == -1) { $page = 0; } // If $page is not defined, or '' or -1 $offset = $limit * $page; diff --git a/htdocs/fourn/commande/document.php b/htdocs/fourn/commande/document.php index f933ecfdb5f..9b2dba101c2 100644 --- a/htdocs/fourn/commande/document.php +++ b/htdocs/fourn/commande/document.php @@ -52,7 +52,7 @@ $result = restrictedArea($user, 'fournisseur', $id, 'commande_fournisseur', 'com // Get parameters $sortfield = GETPOST("sortfield", 'alpha'); -$sortorder = GETPOST("sortorder", 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOST("page", 'int'); if (empty($page) || $page == -1) { $page = 0; } // If $page is not defined, or '' or -1 $offset = $conf->liste_limit * $page; diff --git a/htdocs/fourn/commande/list.php b/htdocs/fourn/commande/list.php index db427c24c43..65210d1d252 100644 --- a/htdocs/fourn/commande/list.php +++ b/htdocs/fourn/commande/list.php @@ -98,7 +98,7 @@ $diroutputmassaction=$conf->fournisseur->commande->dir_output . '/temp/massgener $limit = GETPOST('limit', 'int')?GETPOST('limit', 'int'):$conf->liste_limit; $sortfield = GETPOST("sortfield", 'alpha'); -$sortorder = GETPOST("sortorder", 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOST("page", 'int'); if (empty($page) || $page == -1 || !empty($search_btn) || !empty($search_remove_btn) || (empty($toselect) && $massaction === '0')) { $page = 0; } // If $page is not defined, or '' or -1 $offset = $limit * $page; diff --git a/htdocs/fourn/commande/orderstoinvoice.php b/htdocs/fourn/commande/orderstoinvoice.php index 39f33bebb73..9a877dd6278 100644 --- a/htdocs/fourn/commande/orderstoinvoice.php +++ b/htdocs/fourn/commande/orderstoinvoice.php @@ -57,7 +57,7 @@ $sall = trim((GETPOST('search_all', 'alphanohtml')!='')?GETPOST('search_all', 'a $socid = GETPOST('socid', 'int'); $selected = GETPOST('orders_to_invoice'); $sortfield = GETPOST("sortfield", 'alpha'); -$sortorder = GETPOST("sortorder", 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $viewstatut = GETPOST('viewstatut'); if (! $sortfield) diff --git a/htdocs/fourn/contact.php b/htdocs/fourn/contact.php index f476758396e..5f1864c2518 100644 --- a/htdocs/fourn/contact.php +++ b/htdocs/fourn/contact.php @@ -42,7 +42,7 @@ if ($user->societe_id > 0) } $sortfield = GETPOST("sortfield", 'alpha'); -$sortorder = GETPOST("sortorder", 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOST("page", 'int'); if (empty($page) || $page == -1) { $page = 0; } // If $page is not defined, or '' or -1 $offset = $conf->liste_limit * $page; diff --git a/htdocs/fourn/product/list.php b/htdocs/fourn/product/list.php index 7311f0d20ff..55258489c92 100644 --- a/htdocs/fourn/product/list.php +++ b/htdocs/fourn/product/list.php @@ -44,7 +44,7 @@ $optioncss = GETPOST('optioncss', 'alpha'); // Load variable for pagination $limit = GETPOST('limit', 'int')?GETPOST('limit', 'int'):$conf->liste_limit; $sortfield = GETPOST('sortfield', 'alpha'); -$sortorder = GETPOST('sortorder', 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOST('page', 'int'); if (empty($page) || $page == -1) { $page = 0; } // If $page is not defined, or '' or -1 $offset = $limit * $page; diff --git a/htdocs/ftp/index.php b/htdocs/ftp/index.php index 07af448aedd..527e3f64f0c 100644 --- a/htdocs/ftp/index.php +++ b/htdocs/ftp/index.php @@ -48,7 +48,7 @@ $upload_dir = $conf->ftp->dir_temp; $download_dir = $conf->ftp->dir_temp; $sortfield = GETPOST("sortfield", 'alpha'); -$sortorder = GETPOST("sortorder", 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOST("page", 'int'); if (empty($page) || $page == -1) { $page = 0; } // If $page is not defined, or '' or -1 $offset = $conf->liste_limit * $page; diff --git a/htdocs/holiday/define_holiday.php b/htdocs/holiday/define_holiday.php index c0b25e57769..8539f1b359b 100644 --- a/htdocs/holiday/define_holiday.php +++ b/htdocs/holiday/define_holiday.php @@ -42,7 +42,7 @@ $search_supervisor=GETPOST('search_supervisor', 'int'); // Load variable for pagination $limit = GETPOST('limit', 'int')?GETPOST('limit', 'int'):$conf->liste_limit; $sortfield = GETPOST('sortfield', 'alpha'); -$sortorder = GETPOST('sortorder', 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOST('page', 'int'); if (empty($page) || $page == -1) { $page = 0; } // If $page is not defined, or '' or -1 $offset = $limit * $page; diff --git a/htdocs/holiday/document.php b/htdocs/holiday/document.php index 30803a9ecbc..363b5d37ead 100644 --- a/htdocs/holiday/document.php +++ b/htdocs/holiday/document.php @@ -50,7 +50,7 @@ $result = restrictedArea($user, 'holiday', $id, 'holiday'); // Get parameters $sortfield = GETPOST('sortfield', 'alpha'); -$sortorder = GETPOST('sortorder', 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOST('page', 'int'); if (empty($page) || $page == -1) { $page = 0; } // If $page is not defined, or '' or -1 $offset = $conf->liste_limit * $page; diff --git a/htdocs/holiday/list.php b/htdocs/holiday/list.php index 1ead5872f78..69969a771a3 100644 --- a/htdocs/holiday/list.php +++ b/htdocs/holiday/list.php @@ -77,7 +77,7 @@ if ($id > 0) // Load variable for pagination $limit = GETPOST('limit', 'int')?GETPOST('limit', 'int'):$conf->liste_limit; $sortfield = GETPOST('sortfield', 'alpha'); -$sortorder = GETPOST('sortorder', 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOST('page', 'int'); if (empty($page) || $page == -1) { $page = 0; } // If $page is not defined, or '' or -1 $offset = $limit * $page; diff --git a/htdocs/holiday/view_log.php b/htdocs/holiday/view_log.php index a37d3490c97..24ecdc6c7be 100644 --- a/htdocs/holiday/view_log.php +++ b/htdocs/holiday/view_log.php @@ -49,7 +49,7 @@ if (empty($year)) // Load variable for pagination $limit = GETPOST('limit', 'int')?GETPOST('limit', 'int'):$conf->liste_limit; $sortfield = GETPOST('sortfield', 'alpha'); -$sortorder = GETPOST('sortorder', 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOST('page', 'int'); if (empty($page) || $page == -1 || GETPOST('button_search', 'alpha') || GETPOST('button_removefilter', 'alpha') || (empty($toselect) && $massaction === '0')) { $page = 0; } // If $page is not defined, or '' or -1 or if we click on clear filters or if we select empty mass action $offset = $limit * $page; diff --git a/htdocs/margin/agentMargins.php b/htdocs/margin/agentMargins.php index 96787b1231b..24caff35af0 100644 --- a/htdocs/margin/agentMargins.php +++ b/htdocs/margin/agentMargins.php @@ -37,7 +37,7 @@ $mesg = ''; // Load variable for pagination $limit = GETPOST('limit', 'int')?GETPOST('limit', 'int'):$conf->liste_limit; $sortfield = GETPOST('sortfield', 'alpha'); -$sortorder = GETPOST('sortorder', 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOST('page', 'int'); if (empty($page) || $page == -1) { $page = 0; } // If $page is not defined, or '' or -1 $offset = $limit * $page; diff --git a/htdocs/margin/checkMargins.php b/htdocs/margin/checkMargins.php index a3b932e565c..952cc9c3f4c 100644 --- a/htdocs/margin/checkMargins.php +++ b/htdocs/margin/checkMargins.php @@ -42,7 +42,7 @@ $optioncss = GETPOST('optioncss', 'alpha'); // Load variable for pagination $limit = GETPOST('limit', 'int')?GETPOST('limit', 'int'):$conf->liste_limit; $sortfield = GETPOST('sortfield', 'alpha'); -$sortorder = GETPOST('sortorder', 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOST('page', 'int'); if (empty($page) || $page == -1) { $page = 0; } // If $page is not defined, or '' or -1 $offset = $limit * $page; diff --git a/htdocs/margin/customerMargins.php b/htdocs/margin/customerMargins.php index 36e033a5e50..e4030657e53 100644 --- a/htdocs/margin/customerMargins.php +++ b/htdocs/margin/customerMargins.php @@ -46,7 +46,7 @@ $mesg = ''; // Load variable for pagination $limit = GETPOST('limit', 'int')?GETPOST('limit', 'int'):$conf->liste_limit; $sortfield = GETPOST('sortfield', 'alpha'); -$sortorder = GETPOST('sortorder', 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOST('page', 'int'); if (empty($page) || $page == -1) { $page = 0; } // If $page is not defined, or '' or -1 $offset = $limit * $page; @@ -115,7 +115,7 @@ else { } $sortfield = GETPOST("sortfield", 'alpha'); -$sortorder = GETPOST("sortorder", 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); if (! $sortorder) $sortorder="ASC"; if (! $sortfield) { diff --git a/htdocs/margin/productMargins.php b/htdocs/margin/productMargins.php index 8ec46c3e8ed..0b90fc95b9e 100644 --- a/htdocs/margin/productMargins.php +++ b/htdocs/margin/productMargins.php @@ -49,7 +49,7 @@ $mesg = ''; // Load variable for pagination $limit = GETPOST('limit', 'int')?GETPOST('limit', 'int'):$conf->liste_limit; $sortfield = GETPOST('sortfield', 'alpha'); -$sortorder = GETPOST('sortorder', 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOST('page', 'int'); if (empty($page) || $page == -1) { $page = 0; } // If $page is not defined, or '' or -1 $offset = $limit * $page; diff --git a/htdocs/margin/tabs/productMargins.php b/htdocs/margin/tabs/productMargins.php index 9b62c1b1bca..8bf3d798503 100644 --- a/htdocs/margin/tabs/productMargins.php +++ b/htdocs/margin/tabs/productMargins.php @@ -45,7 +45,7 @@ $object = new Product($db); $mesg = ''; $sortfield = GETPOST("sortfield", 'alpha'); -$sortorder = GETPOST("sortorder", 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOST("page", 'int'); if (empty($page) || $page == -1) { $page = 0; } // If $page is not defined, or '' or -1 $offset = $conf->liste_limit * $page; diff --git a/htdocs/margin/tabs/thirdpartyMargins.php b/htdocs/margin/tabs/thirdpartyMargins.php index 337190b6c15..6f526c945e1 100644 --- a/htdocs/margin/tabs/thirdpartyMargins.php +++ b/htdocs/margin/tabs/thirdpartyMargins.php @@ -37,7 +37,7 @@ $result = restrictedArea($user, 'societe', '', ''); $mesg = ''; $sortfield = GETPOST("sortfield", 'alpha'); -$sortorder = GETPOST("sortorder", 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOST("page", 'int'); if (empty($page) || $page == -1) { $page = 0; } // If $page is not defined, or '' or -1 $offset = $conf->liste_limit * $page; diff --git a/htdocs/modulebuilder/template/myobject_list.php b/htdocs/modulebuilder/template/myobject_list.php index a2bd9d39fe7..29fa1f50ce3 100644 --- a/htdocs/modulebuilder/template/myobject_list.php +++ b/htdocs/modulebuilder/template/myobject_list.php @@ -84,7 +84,7 @@ $id = GETPOST('id', 'int'); // Load variable for pagination $limit = GETPOST('limit', 'int')?GETPOST('limit', 'int'):$conf->liste_limit; $sortfield = GETPOST('sortfield', 'alpha'); -$sortorder = GETPOST('sortorder', 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOST('page', 'int'); if (empty($page) || $page == -1 || GETPOST('button_search', 'alpha') || GETPOST('button_removefilter', 'alpha') || (empty($toselect) && $massaction === '0')) { $page = 0; } // If $page is not defined, or '' or -1 or if we click on clear filters or if we select empty mass action $offset = $limit * $page; diff --git a/htdocs/opensurvey/list.php b/htdocs/opensurvey/list.php index 025f7099577..df56284dc00 100644 --- a/htdocs/opensurvey/list.php +++ b/htdocs/opensurvey/list.php @@ -48,7 +48,7 @@ $search_status = GETPOST('search_status', 'alpha'); // Load variable for pagination $limit = GETPOST('limit', 'int')?GETPOST('limit', 'int'):$conf->liste_limit; $sortfield = GETPOST('sortfield', 'alpha'); -$sortorder = GETPOST('sortorder', 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOST('page', 'int'); if (empty($page) || $page == -1 || GETPOST('button_search', 'alpha') || GETPOST('button_removefilter', 'alpha') || (empty($toselect) && $massaction === '0')) { $page = 0; } // If $page is not defined, or '' or -1 or if we click on clear filters or if we select empty mass action $offset = $limit * $page; diff --git a/htdocs/product/inventory/list.php b/htdocs/product/inventory/list.php index 7d097b6ecac..4a8b6946437 100644 --- a/htdocs/product/inventory/list.php +++ b/htdocs/product/inventory/list.php @@ -45,7 +45,7 @@ $id = GETPOST('id', 'int'); // Load variable for pagination $limit = GETPOST('limit', 'int')?GETPOST('limit', 'int'):$conf->liste_limit; $sortfield = GETPOST('sortfield', 'alpha'); -$sortorder = GETPOST('sortorder', 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOST('page', 'int'); if (empty($page) || $page == -1) { $page = 0; } // If $page is not defined, or '' or -1 $offset = $limit * $page; diff --git a/htdocs/product/stats/commande_fournisseur.php b/htdocs/product/stats/commande_fournisseur.php index 207eab9d9fb..1e2600eccbb 100644 --- a/htdocs/product/stats/commande_fournisseur.php +++ b/htdocs/product/stats/commande_fournisseur.php @@ -53,7 +53,7 @@ $mesg = ''; // Load variable for pagination $limit = GETPOST('limit', 'int')?GETPOST('limit', 'int'):$conf->liste_limit; $sortfield = GETPOST('sortfield', 'alpha'); -$sortorder = GETPOST('sortorder', 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOST('page', 'int'); if (empty($page) || $page == -1) { $page = 0; } // If $page is not defined, or '' or -1 $offset = $limit * $page; diff --git a/htdocs/product/stats/propal.php b/htdocs/product/stats/propal.php index 52f0510cb80..ca9128eefdf 100644 --- a/htdocs/product/stats/propal.php +++ b/htdocs/product/stats/propal.php @@ -51,7 +51,7 @@ $mesg = ''; // Load variable for pagination $limit = GETPOST('limit', 'int')?GETPOST('limit', 'int'):$conf->liste_limit; $sortfield = GETPOST('sortfield', 'alpha'); -$sortorder = GETPOST('sortorder', 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOST('page', 'int'); if (empty($page) || $page == -1) { $page = 0; } // If $page is not defined, or '' or -1 $offset = $limit * $page; diff --git a/htdocs/product/stats/supplier_proposal.php b/htdocs/product/stats/supplier_proposal.php index 037eb06d646..aa0cb92cdb8 100644 --- a/htdocs/product/stats/supplier_proposal.php +++ b/htdocs/product/stats/supplier_proposal.php @@ -51,7 +51,7 @@ $mesg = ''; // Load variable for pagination $limit = GETPOST('limit', 'int')?GETPOST('limit', 'int'):$conf->liste_limit; $sortfield = GETPOST('sortfield', 'alpha'); -$sortorder = GETPOST('sortorder', 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOST('page', 'int'); if (empty($page) || $page == -1) { $page = 0; } // If $page is not defined, or '' or -1 $offset = $limit * $page; diff --git a/htdocs/product/stock/massstockmove.php b/htdocs/product/stock/massstockmove.php index bae6ff55ef7..a996272d589 100644 --- a/htdocs/product/stock/massstockmove.php +++ b/htdocs/product/stock/massstockmove.php @@ -51,7 +51,7 @@ $qty = GETPOST('qty'); $idline = GETPOST('idline'); $sortfield = GETPOST('sortfield', 'alpha'); -$sortorder = GETPOST('sortorder', 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOST('page', 'int'); if (empty($page) || $page == -1) { $page = 0; } // If $page is not defined, or '' or -1 diff --git a/htdocs/product/stock/productlot_list.php b/htdocs/product/stock/productlot_list.php index d0d7b5da8e6..87313d54efa 100644 --- a/htdocs/product/stock/productlot_list.php +++ b/htdocs/product/stock/productlot_list.php @@ -56,7 +56,7 @@ $optioncss = GETPOST('optioncss', 'alpha'); // Load variable for pagination $limit = GETPOST('limit', 'int')?GETPOST('limit', 'int'):$conf->liste_limit; $sortfield = GETPOST('sortfield', 'alpha'); -$sortorder = GETPOST('sortorder', 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOST('page', 'int'); if (empty($page) || $page == -1) { $page = 0; } // If $page is not defined, or '' or -1 $offset = $limit * $page; diff --git a/htdocs/product/stock/replenish.php b/htdocs/product/stock/replenish.php index 770904fb4a0..532ab2a51f1 100644 --- a/htdocs/product/stock/replenish.php +++ b/htdocs/product/stock/replenish.php @@ -65,7 +65,7 @@ $fk_entrepot = GETPOST('fk_entrepot', 'int'); $texte = ''; $sortfield = GETPOST('sortfield', 'alpha'); -$sortorder = GETPOST('sortorder', 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOST('page', 'int'); if (empty($page) || $page == -1) { $page = 0; } // If $page is not defined, or '' or -1 $limit = GETPOST('limit', 'int')?GETPOST('limit', 'int'):$conf->liste_limit; diff --git a/htdocs/projet/list.php b/htdocs/projet/list.php index c95b9b001b0..eb076df411e 100644 --- a/htdocs/projet/list.php +++ b/htdocs/projet/list.php @@ -61,7 +61,7 @@ $diroutputmassaction=$conf->projet->dir_output . '/temp/massgeneration/'.$user-> $limit = GETPOST('limit', 'int')?GETPOST('limit', 'int'):$conf->liste_limit; $sortfield = GETPOST("sortfield", "alpha"); -$sortorder = GETPOST("sortorder"); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOST("page"); $page = is_numeric($page) ? $page : 0; $page = $page == -1 ? 0 : $page; diff --git a/htdocs/reception/list.php b/htdocs/reception/list.php index e40be9f0d10..51d02172ff9 100644 --- a/htdocs/reception/list.php +++ b/htdocs/reception/list.php @@ -65,7 +65,7 @@ $optioncss = GETPOST('optioncss', 'alpha'); $limit = GETPOST('limit', 'int')?GETPOST('limit', 'int'):$conf->liste_limit; $sortfield = GETPOST('sortfield', 'alpha'); -$sortorder = GETPOST('sortorder', 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOST('page', 'int'); if (! $sortfield) $sortfield="e.ref"; if (! $sortorder) $sortorder="DESC"; diff --git a/htdocs/resource/document.php b/htdocs/resource/document.php index 5e6227a9e1d..2517212dc17 100644 --- a/htdocs/resource/document.php +++ b/htdocs/resource/document.php @@ -50,7 +50,7 @@ $result = restrictedArea($user, 'resource', $id, 'resource'); // Get parameters $sortfield = GETPOST('sortfield', 'alpha'); -$sortorder = GETPOST('sortorder', 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOST('page', 'int'); if (empty($page) || $page == -1) { $page = 0; } // If $page is not defined, or '' or -1 $offset = $conf->liste_limit * $page; diff --git a/htdocs/societe/website.php b/htdocs/societe/website.php index fa868de6e42..46144f5088e 100644 --- a/htdocs/societe/website.php +++ b/htdocs/societe/website.php @@ -52,7 +52,7 @@ $result = restrictedArea($user, 'societe', $socid, '&societe'); $limit = GETPOST('limit', 'int')?GETPOST('limit', 'int'):$conf->liste_limit; $sortfield = GETPOST("sortfield", 'alpha'); -$sortorder = GETPOST("sortorder", 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOST("page", 'int'); if (empty($page) || $page == -1) { $page = 0; } // If $page is not defined, or '' or -1 $offset = $limit * $page; diff --git a/htdocs/supplier_proposal/document.php b/htdocs/supplier_proposal/document.php index 458ade41309..95a297c844d 100644 --- a/htdocs/supplier_proposal/document.php +++ b/htdocs/supplier_proposal/document.php @@ -53,7 +53,7 @@ $result = restrictedArea($user, 'supplier_proposal', $id); // Get parameters $sortfield = GETPOST("sortfield", 'alpha'); -$sortorder = GETPOST("sortorder", 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOST("page", 'int'); if (empty($page) || $page == -1) { $page = 0; } // If $page is not defined, or '' or -1 $offset = $conf->liste_limit * $page; diff --git a/htdocs/supplier_proposal/list.php b/htdocs/supplier_proposal/list.php index 5d6d2d2e0c3..92a9cb56833 100644 --- a/htdocs/supplier_proposal/list.php +++ b/htdocs/supplier_proposal/list.php @@ -85,7 +85,7 @@ $dayvalid=GETPOST("dayvalid"); $limit = GETPOST('limit', 'int')?GETPOST('limit', 'int'):$conf->liste_limit; $sortfield = GETPOST("sortfield", 'alpha'); -$sortorder = GETPOST("sortorder", 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOST("page", 'int'); if (empty($page) || $page == -1 || !empty($search_btn) || !empty($search_remove_btn) || (empty($toselect) && $massaction === '0')) { $page = 0; } // If $page is not defined, or '' or -1 $offset = $limit * $page; diff --git a/htdocs/ticket/list.php b/htdocs/ticket/list.php index a62120f6e55..701f5901b63 100644 --- a/htdocs/ticket/list.php +++ b/htdocs/ticket/list.php @@ -62,7 +62,7 @@ $mode = GETPOST('mode', 'alpha'); // Load variable for pagination $limit = GETPOST('limit', 'int')?GETPOST('limit', 'int'):$conf->liste_limit; $sortfield = GETPOST('sortfield', 'alpha'); -$sortorder = GETPOST('sortorder', 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOST('page', 'int'); if (empty($page) || $page == -1 || GETPOST('button_search', 'alpha') || GETPOST('button_removefilter', 'alpha') || (empty($toselect) && $massaction === '0')) { $page = 0; } // If $page is not defined, or '' or -1 or if we click on clear filters or if we select empty mass action $offset = $limit * $page; diff --git a/htdocs/user/document.php b/htdocs/user/document.php index 3b0282179d2..1b4a107d508 100644 --- a/htdocs/user/document.php +++ b/htdocs/user/document.php @@ -73,7 +73,7 @@ if ($user->id <> $id && ! $canreaduser) accessforbidden(); // Get parameters $sortfield = GETPOST("sortfield", 'alpha'); -$sortorder = GETPOST("sortorder", 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOST("page", 'int'); if (empty($page) || $page == -1) { $page = 0; } $offset = $conf->liste_limit * $page; diff --git a/htdocs/user/group/list.php b/htdocs/user/group/list.php index 630ea3c6b14..c0e7dd72f11 100644 --- a/htdocs/user/group/list.php +++ b/htdocs/user/group/list.php @@ -58,7 +58,7 @@ if (! empty($conf->global->MAIN_USE_ADVANCED_PERMS)) // Load variable for pagination $limit = GETPOST('limit', 'int')?GETPOST('limit', 'int'):$conf->liste_limit; $sortfield = GETPOST('sortfield', 'alpha'); -$sortorder = GETPOST('sortorder', 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOST('page', 'int'); if (empty($page) || $page == -1) { $page = 0; } $offset = $limit * $page; diff --git a/htdocs/user/list.php b/htdocs/user/list.php index 9002b1eba82..56bdcee94c5 100644 --- a/htdocs/user/list.php +++ b/htdocs/user/list.php @@ -49,7 +49,7 @@ $mode = GETPOST("mode", 'alpha'); // Load variable for pagination $limit = GETPOST('limit', 'int')?GETPOST('limit', 'int'):$conf->liste_limit; $sortfield = GETPOST('sortfield', 'alpha'); -$sortorder = GETPOST('sortorder', 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page = GETPOST('page', 'int'); if (empty($page) || $page == -1) { $page = 0; } $offset = $limit * $page; diff --git a/htdocs/user/notify/card.php b/htdocs/user/notify/card.php index 5bdb2de2472..3c50334c575 100644 --- a/htdocs/user/notify/card.php +++ b/htdocs/user/notify/card.php @@ -43,8 +43,8 @@ if ($user->societe_id) $id=$user->societe_id; $result = restrictedArea($user, 'societe', '', ''); $limit = GETPOST('limit', 'int')?GETPOST('limit', 'int'):$conf->liste_limit; -$sortfield=GETPOST("sortfield", 'alpha'); -$sortorder=GETPOST("sortorder", 'alpha'); +$sortfield = GETPOST("sortfield", 'alpha'); +$sortorder = GETPOST('sortorder', 'aZ09comma'); $page=GETPOST("page", 'int'); if (! $sortorder) $sortorder="DESC"; if (! $sortfield) $sortfield="n.daten"; From 03ee1a08806122c42124b581e73b67e7928cc82b Mon Sep 17 00:00:00 2001 From: Alexandre SPANGARO Date: Sat, 19 Sep 2020 04:30:58 +0200 Subject: [PATCH 15/15] FIX Yogosha report 4474 (backport) --- htdocs/projet/card.php | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/htdocs/projet/card.php b/htdocs/projet/card.php index 88bda602721..c966787f7f3 100644 --- a/htdocs/projet/card.php +++ b/htdocs/projet/card.php @@ -120,12 +120,12 @@ if (empty($reshook)) if ($action == 'add' && $user->rights->projet->creer) { $error=0; - if (empty($_POST["ref"])) + if (! GETPOST('ref')) { setEventMessages($langs->trans("ErrorFieldRequired", $langs->transnoentities("Ref")), null, 'errors'); $error++; } - if (empty($_POST["title"])) + if (! GETPOST('title')) { setEventMessages($langs->trans("ErrorFieldRequired", $langs->transnoentities("Label")), null, 'errors'); $error++; @@ -149,13 +149,13 @@ if (empty($reshook)) $db->begin(); - $object->ref = GETPOST('ref', 'alpha'); - $object->title = GETPOST('title', 'none'); // Do not use 'alpha' here, we want field as it is + $object->ref = GETPOST('ref', 'alphanohtml'); + $object->title = GETPOST('title', 'alphanohtml'); $object->socid = GETPOST('socid', 'int'); $object->description = GETPOST('description', 'none'); // Do not use 'alpha' here, we want field as it is - $object->public = GETPOST('public', 'alpha'); - $object->opp_amount = price2num(GETPOST('opp_amount', 'alpha')); - $object->budget_amount = price2num(GETPOST('budget_amount', 'alpha')); + $object->public = GETPOST('public', 'alphanohtml'); + $object->opp_amount = price2num(GETPOST('opp_amount', 'alphanohtml')); + $object->budget_amount = price2num(GETPOST('budget_amount', 'alphanohtml')); $object->datec = dol_now(); $object->date_start = $date_start; $object->date_end = $date_end;