From 2c5d396546a083eccfdf330df49ea8c0522ebeec Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Tue, 6 Oct 2020 17:45:08 +0200
Subject: [PATCH] Fix upload file

---
 htdocs/core/class/html.formfile.class.php | 2 +-
 htdocs/main.inc.php                       | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/htdocs/core/class/html.formfile.class.php b/htdocs/core/class/html.formfile.class.php
index 2b98bac30c6..464dbafa375 100644
--- a/htdocs/core/class/html.formfile.class.php
+++ b/htdocs/core/class/html.formfile.class.php
@@ -115,7 +115,7 @@ class FormFile
 			if (empty($usewithoutform))		// Try to avoid this and set instead the form by the caller.
 			{
 				// Add a param as GET parameter to detect when POST were cleaned by PHP because a file larger than post_max_size
-				$url .= (strpos('?', $url) === false ? '?' : '&').'uploadform=1';
+				$url .= (strpos($url, '?') === false ? '?' : '&').'uploadform=1';
 
 				$out .= '<form name="'.$htmlname.'" id="'.$htmlname.'" action="'.$url.'" enctype="multipart/form-data" method="POST">';
 				$out .= '<input type="hidden" name="token" value="'.newToken().'">';
diff --git a/htdocs/main.inc.php b/htdocs/main.inc.php
index ef7b5e33a7d..61856b73f49 100644
--- a/htdocs/main.inc.php
+++ b/htdocs/main.inc.php
@@ -378,7 +378,7 @@ if ((!defined('NOCSRFCHECK') && empty($dolibarr_nocsrfcheck) && !empty($conf->gl
 		in_array(GETPOST('action', 'aZ09'), array('add', 'addtimespent', 'update', 'install', 'delete', 'deleteprof', 'deletepayment')))
 	{
 		if (!GETPOSTISSET('token')) {
-			if (GETPOST('uploadform')) {
+			if (GETPOST('uploadform', 'int')) {
 				dol_syslog("--- Access to ".$_SERVER["PHP_SELF"]." refused. File size too large.");
 				$langs->loadLangs(array("errors", "install"));
 				print $langs->trans("ErrorFileSizeTooLarge").' ';