Fix: Sanizite data
This commit is contained in:
simnandez
parent
b204ad5b84
commit
2e7ce7647b
@ -2,7 +2,7 @@
|
||||
/* Copyright (C) 2004 Rodolphe Quiedeville <rodolphe@quiedeville.org>
|
||||
* Copyright (C) 2004-2008 Laurent Destailleur <eldy@users.sourceforge.net>
|
||||
* Copyright (C) 2005-2009 Regis Houssin <regis@dolibarr.fr>
|
||||
* Copyright (C) 2011 Juanjo Menent <jmenent@2byte.es>
|
||||
* Copyright (C) 2011-2012 Juanjo Menent <jmenent@2byte.es>
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License as published by
|
||||
@ -33,13 +33,13 @@ $langs->load('compta');
|
||||
if (!$user->admin)
|
||||
accessforbidden();
|
||||
|
||||
$action = GETPOST("action");
|
||||
$action = GETPOST('action','alpha');
|
||||
|
||||
$compta_mode = defined('COMPTA_MODE')?COMPTA_MODE:'RECETTES-DEPENSES';
|
||||
|
||||
if ($action == 'setcomptamode')
|
||||
{
|
||||
$compta_mode = GETPOST("compta_mode");
|
||||
$compta_mode = GETPOST('compta_mode','alpha');
|
||||
|
||||
$res = dolibarr_set_const($db, 'COMPTA_MODE', $compta_mode,'chaine',0,'',$conf->entity);
|
||||
|
||||
@ -58,10 +58,10 @@ if ($action == 'setcomptamode')
|
||||
|
||||
if ($action == 'update' || $action == 'add')
|
||||
{
|
||||
$constname = GETPOST("constname");
|
||||
$constvalue = GETPOST("constvalue");
|
||||
$consttype = GETPOST("consttype");
|
||||
$constnote = GETPOST("constnote");
|
||||
$constname = GETPOST('constname','alpha');
|
||||
$constvalue = GETPOST('constvalue','alpha');
|
||||
$consttype = GETPOST('consttype','alpha');
|
||||
$constnote = GETPOST('constnote','alpha');
|
||||
|
||||
$res = dolibarr_set_const($db, $constname, $constvalue, $consttype, 0, $constnote, $conf->entity);
|
||||
|
||||
|
||||
@ -1,5 +1,6 @@
|
||||
<?php
|
||||
/* Copyright (C) 2005-2010 Laurent Destailleur <eldy@users.sourceforge.net>
|
||||
/* Copyright (C) 2005-2010 Laurent Destailleur <eldy@users.sourceforge.net>
|
||||
* Copyright (C) 2012 Juanjo Menent <jmenent@2byte.es>
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License as published by
|
||||
@ -31,14 +32,16 @@ if (!$user->admin) accessforbidden();
|
||||
|
||||
$typeconst=array('yesno','texte','chaine');
|
||||
|
||||
$action = GETPOST('action','alpha');
|
||||
|
||||
|
||||
/*
|
||||
* Action
|
||||
*/
|
||||
|
||||
if ($_GET["action"] == 'specimen')
|
||||
if ($action == 'specimen')
|
||||
{
|
||||
$modele=$_GET["module"];
|
||||
$modele=GETPOST('module','alpha');
|
||||
|
||||
$don = new Don($db);
|
||||
$don->initAsSpecimen();
|
||||
@ -71,25 +74,29 @@ if ($_GET["action"] == 'specimen')
|
||||
}
|
||||
}
|
||||
|
||||
if ($_GET["action"] == 'setdoc')
|
||||
if ($action == 'setdoc')
|
||||
{
|
||||
$value = GETPOST('value','alpha');
|
||||
$label = GETPOST('label','alpha');
|
||||
$scandir = GETPOST('scandir','alpha');
|
||||
|
||||
$db->begin();
|
||||
|
||||
if (dolibarr_set_const($db, "DON_ADDON_MODEL",$_GET["value"],'chaine',0,'',$conf->entity))
|
||||
if (dolibarr_set_const($db, "DON_ADDON_MODEL",$value,'chaine',0,'',$conf->entity))
|
||||
{
|
||||
$conf->global->DON_ADDON_MODEL = $_GET["value"];
|
||||
$conf->global->DON_ADDON_MODEL = $value;
|
||||
}
|
||||
|
||||
// On active le modele
|
||||
$type='donation';
|
||||
$sql_del = "DELETE FROM ".MAIN_DB_PREFIX."document_model";
|
||||
$sql_del.= " WHERE nom = '".$db->escape($_GET["value"])."' AND type = '".$type."'";
|
||||
$sql_del.= " WHERE nom = '".$db->escape($value)."' AND type = '".$type."'";
|
||||
$result1=$db->query($sql_del);
|
||||
|
||||
$sql = "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity, libelle, description)";
|
||||
$sql.= " VALUES ('".$db->escape($_GET["value"])."', '".$type."', ".$conf->entity.", ";
|
||||
$sql.= ($_GET["label"]?"'".$db->escape($_GET["label"])."'":'null').", ";
|
||||
$sql.= (! empty($_GET["scandir"])?"'".$db->escape($_GET["scandir"])."'":"null");
|
||||
$sql.= " VALUES ('".$db->escape($value)."', '".$type."', ".$conf->entity.", ";
|
||||
$sql.= ($label?"'".$db->escape($label)."'":'null').", ";
|
||||
$sql.= (! empty($scandir)?"'".$db->escape($scandir)."'":"null");
|
||||
$sql.= ")";
|
||||
$result2=$db->query($sql);
|
||||
if ($result1 && $result2)
|
||||
@ -102,22 +109,28 @@ if ($_GET["action"] == 'setdoc')
|
||||
}
|
||||
}
|
||||
|
||||
if ($_GET["action"] == 'set')
|
||||
if ($action == 'set')
|
||||
{
|
||||
$value = GETPOST('value','alpha');
|
||||
$label = GETPOST('label','alpha');
|
||||
$scandir = GETPOST('scandir','alpha');
|
||||
|
||||
$type='donation';
|
||||
$sql = "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity, libelle, description)";
|
||||
$sql.= " VALUES ('".$db->escape($_GET["value"])."','".$type."',".$conf->entity.", ";
|
||||
$sql.= ($_GET["label"]?"'".$db->escape($_GET["label"])."'":'null').", ";
|
||||
$sql.= (! empty($_GET["scandir"])?"'".$db->escape($_GET["scandir"])."'":"null");
|
||||
$sql.= " VALUES ('".$db->escape($value)."','".$type."',".$conf->entity.", ";
|
||||
$sql.= ($label?"'".$db->escape($label)."'":'null').", ";
|
||||
$sql.= (! empty($scandir)?"'".$db->escape($scandir)."'":"null");
|
||||
$sql.= ")";
|
||||
$resql=$db->query($sql);
|
||||
}
|
||||
|
||||
if ($_GET["action"] == 'del')
|
||||
if ($action == 'del')
|
||||
{
|
||||
$value = GETPOST('value','alpha');
|
||||
|
||||
$type='donation';
|
||||
$sql = "DELETE FROM ".MAIN_DB_PREFIX."document_model";
|
||||
$sql .= " WHERE nom = '".$_GET["value"]."' AND type = '".$type."'";
|
||||
$sql .= " WHERE nom = '".$value."' AND type = '".$type."'";
|
||||
$resql=$db->query($sql);
|
||||
}
|
||||
|
||||
|
||||
@ -4,6 +4,7 @@
|
||||
* Copyright (C) 2005 Eric Seigne <eric.seigne@ryxeo.com>
|
||||
* Copyright (C) 2005-2012 Regis Houssin <regis@dolibarr.fr>
|
||||
* Copyright (C) 2008 Raphael Bertrand (Resultic) <raphael.bertrand@resultic.fr>
|
||||
* Copyright (C) 2012 Juanjo Menent <jmenent@2byte.es>
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License as published by
|
||||
@ -44,10 +45,10 @@ $value = GETPOST('value','alpha');
|
||||
|
||||
if ($action == 'updateMask')
|
||||
{
|
||||
$maskconstinvoice=GETPOST("maskconstinvoice");
|
||||
$maskconstcredit=GETPOST("maskconstcredit");
|
||||
$maskinvoice=GETPOST("maskinvoice");
|
||||
$maskcredit=GETPOST("maskcredit");
|
||||
$maskconstinvoice=GETPOST('maskconstinvoice','alpha');
|
||||
$maskconstcredit=GETPOST('maskconstcredit','alpha');
|
||||
$maskinvoice=GETPOST('maskinvoice','alpha');
|
||||
$maskcredit=GETPOST('maskcredit','alpha');
|
||||
if ($maskconstinvoice) $res = dolibarr_set_const($db,$maskconstinvoice,$maskinvoice,'chaine',0,'',$conf->entity);
|
||||
if ($maskconstcredit) $res = dolibarr_set_const($db,$maskconstcredit,$maskcredit,'chaine',0,'',$conf->entity);
|
||||
|
||||
@ -65,7 +66,7 @@ if ($action == 'updateMask')
|
||||
|
||||
if ($action == 'specimen')
|
||||
{
|
||||
$modele=GETPOST("module");
|
||||
$modele=GETPOST('module','alpha');
|
||||
|
||||
$facture = new Facture($db);
|
||||
$facture->initAsSpecimen();
|
||||
@ -116,8 +117,8 @@ if ($action == 'setModuleOptions')
|
||||
{
|
||||
if (array_key_exists('param'.$i,$_POST))
|
||||
{
|
||||
$param=$_POST["param".$i];
|
||||
$value=$_POST["value".$i];
|
||||
$param=GETPOST("param".$i,'alpha');
|
||||
$value=GETPOST("value".$i,'alpha');
|
||||
if ($param) $res = dolibarr_set_const($db,$param,$value,'chaine',0,'',$conf->entity);
|
||||
}
|
||||
}
|
||||
@ -135,8 +136,8 @@ if ($action == 'setModuleOptions')
|
||||
|
||||
if ($action == 'set')
|
||||
{
|
||||
$label = GETPOST("label");
|
||||
$scandir = GETPOST("scandir");
|
||||
$label = GETPOST('label','alpha');
|
||||
$scandir = GETPOST('scandir','alpha');
|
||||
|
||||
$type='invoice';
|
||||
$sql = "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity, libelle, description)";
|
||||
@ -166,8 +167,8 @@ if ($action == 'del')
|
||||
|
||||
if ($action == 'setdoc')
|
||||
{
|
||||
$label = GETPOST("label");
|
||||
$scandir = GETPOST("scandir");
|
||||
$label = GETPOST('label','alpha');
|
||||
$scandir = GETPOST('scandir','alpha');
|
||||
|
||||
$db->begin();
|
||||
|
||||
@ -214,8 +215,8 @@ if ($action == 'setmod')
|
||||
|
||||
if ($action == 'setribchq')
|
||||
{
|
||||
$rib = GETPOST("rib");
|
||||
$chq = GETPOST("chq");
|
||||
$rib = GETPOST('rib','alpha');
|
||||
$chq = GETPOST('chq','alpha');
|
||||
|
||||
$res = dolibarr_set_const($db, "FACTURE_RIB_NUMBER",$rib,'chaine',0,'',$conf->entity);
|
||||
$res = dolibarr_set_const($db, "FACTURE_CHQ_NUMBER",$chq,'chaine',0,'',$conf->entity);
|
||||
@ -234,7 +235,7 @@ if ($action == 'setribchq')
|
||||
|
||||
if ($action == 'set_FACTURE_DRAFT_WATERMARK')
|
||||
{
|
||||
$draft = GETPOST("FACTURE_DRAFT_WATERMARK");
|
||||
$draft = GETPOST('FACTURE_DRAFT_WATERMARK','alpha');
|
||||
|
||||
$res = dolibarr_set_const($db, "FACTURE_DRAFT_WATERMARK",trim($draft),'chaine',0,'',$conf->entity);
|
||||
|
||||
@ -252,7 +253,7 @@ if ($action == 'set_FACTURE_DRAFT_WATERMARK')
|
||||
|
||||
if ($action == 'set_FACTURE_FREE_TEXT')
|
||||
{
|
||||
$free = GETPOST("FACTURE_FREE_TEXT");
|
||||
$free = GETPOST('FACTURE_FREE_TEXT','alpha');
|
||||
|
||||
$res = dolibarr_set_const($db, "FACTURE_FREE_TEXT",$free,'chaine',0,'',$conf->entity);
|
||||
|
||||
@ -270,7 +271,7 @@ if ($action == 'set_FACTURE_FREE_TEXT')
|
||||
|
||||
if ($action == 'setforcedate')
|
||||
{
|
||||
$forcedate = GETPOST("forcedate");
|
||||
$forcedate = GETPOST('forcedate','alpha');
|
||||
|
||||
$res = dolibarr_set_const($db, "FAC_FORCE_DATE_VALIDATION",$forcedate,'chaine',0,'',$conf->entity);
|
||||
|
||||
|
||||
@ -35,7 +35,7 @@ $langs->load("withdrawals");
|
||||
// Security check
|
||||
if (!$user->admin) accessforbidden();
|
||||
|
||||
$action = GETPOST("action");
|
||||
$action = GETPOST('action','alpha');
|
||||
|
||||
|
||||
/*
|
||||
|
||||
@ -2,7 +2,7 @@
|
||||
/* Copyright (C) 2004 Rodolphe Quiedeville <rodolphe@quiedeville.org>
|
||||
* Copyright (C) 2004-2008 Laurent Destailleur <eldy@users.sourceforge.net>
|
||||
* Copyright (C) 2005-2009 Regis Houssin <regis@dolibarr.fr>
|
||||
* Copyright (C) 2011 Juanjo Menent <jmenent@2byte.es>
|
||||
* Copyright (C) 2011-2012 Juanjo Menent <jmenent@2byte.es>
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License as published by
|
||||
@ -31,7 +31,7 @@ $langs->load('admin');
|
||||
|
||||
if (!$user->admin) accessforbidden();
|
||||
|
||||
$action = GETPOST("action");
|
||||
$action = GETPOST('action','alpha');
|
||||
|
||||
/*
|
||||
* Actions
|
||||
@ -53,7 +53,7 @@ $tax_mode = empty($conf->global->TAX_MODE)?0:$conf->global->TAX_MODE;
|
||||
|
||||
if ($action == 'settaxmode')
|
||||
{
|
||||
$tax_mode = GETPOST("tax_mode");
|
||||
$tax_mode = GETPOST('tax_mode','alpha');
|
||||
|
||||
$db->begin();
|
||||
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
<?php
|
||||
/* Copyright (C) 2009 Laurent Destailleur <eldy@users.sourceforge.net>
|
||||
* Copyright (C) 2010-2011 Juanjo Menent <jmenent@2byte.es>
|
||||
* Copyright (C) 2010-2012 Juanjo Menent <jmenent@2byte.es>
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License as published by
|
||||
@ -36,7 +36,7 @@ $langs->load("banks");
|
||||
if (!$user->admin)
|
||||
accessforbidden();
|
||||
|
||||
$action = GETPOST("action");
|
||||
$action = GETPOST('action','alpha');
|
||||
|
||||
|
||||
/*
|
||||
@ -45,7 +45,7 @@ $action = GETPOST("action");
|
||||
|
||||
if ($action == 'set_BANK_CHEQUERECEIPT_FREE_TEXT')
|
||||
{
|
||||
$free = GETPOST("BANK_CHEQUERECEIPT_FREE_TEXT");
|
||||
$free = GETPOST('BANK_CHEQUERECEIPT_FREE_TEXT','alpha');
|
||||
$res = dolibarr_set_const($db, "BANK_CHEQUERECEIPT_FREE_TEXT",$free,'chaine',0,'',$conf->entity);
|
||||
|
||||
if (! $res > 0) $error++;
|
||||
@ -63,7 +63,7 @@ if ($action == 'set_BANK_CHEQUERECEIPT_FREE_TEXT')
|
||||
//Order display of bank account
|
||||
if ($action == 'setbankorder')
|
||||
{
|
||||
if (dolibarr_set_const($db, "BANK_SHOW_ORDER_OPTION",$_GET["value"],'chaine',0,'',$conf->entity) > 0)
|
||||
if (dolibarr_set_const($db, "BANK_SHOW_ORDER_OPTION",GETPOST('value','alpha'),'chaine',0,'',$conf->entity) > 0)
|
||||
{
|
||||
Header("Location: ".$_SERVER["PHP_SELF"]);
|
||||
exit;
|
||||
|
||||
Loading…
Reference in New Issue
Block a user