diff --git a/htdocs/admin/compta.php b/htdocs/admin/compta.php index 3004a4e2cab..0ffd319cf13 100644 --- a/htdocs/admin/compta.php +++ b/htdocs/admin/compta.php @@ -2,7 +2,7 @@ /* Copyright (C) 2004 Rodolphe Quiedeville * Copyright (C) 2004-2008 Laurent Destailleur * Copyright (C) 2005-2009 Regis Houssin - * Copyright (C) 2011 Juanjo Menent + * Copyright (C) 2011-2012 Juanjo Menent * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -33,13 +33,13 @@ $langs->load('compta'); if (!$user->admin) accessforbidden(); -$action = GETPOST("action"); +$action = GETPOST('action','alpha'); $compta_mode = defined('COMPTA_MODE')?COMPTA_MODE:'RECETTES-DEPENSES'; if ($action == 'setcomptamode') { - $compta_mode = GETPOST("compta_mode"); + $compta_mode = GETPOST('compta_mode','alpha'); $res = dolibarr_set_const($db, 'COMPTA_MODE', $compta_mode,'chaine',0,'',$conf->entity); @@ -58,10 +58,10 @@ if ($action == 'setcomptamode') if ($action == 'update' || $action == 'add') { - $constname = GETPOST("constname"); - $constvalue = GETPOST("constvalue"); - $consttype = GETPOST("consttype"); - $constnote = GETPOST("constnote"); + $constname = GETPOST('constname','alpha'); + $constvalue = GETPOST('constvalue','alpha'); + $consttype = GETPOST('consttype','alpha'); + $constnote = GETPOST('constnote','alpha'); $res = dolibarr_set_const($db, $constname, $constvalue, $consttype, 0, $constnote, $conf->entity); diff --git a/htdocs/admin/dons.php b/htdocs/admin/dons.php index 7fada7e9ee8..b78dfb92797 100644 --- a/htdocs/admin/dons.php +++ b/htdocs/admin/dons.php @@ -1,5 +1,6 @@ +/* Copyright (C) 2005-2010 Laurent Destailleur + * Copyright (C) 2012 Juanjo Menent * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -31,14 +32,16 @@ if (!$user->admin) accessforbidden(); $typeconst=array('yesno','texte','chaine'); +$action = GETPOST('action','alpha'); + /* * Action */ -if ($_GET["action"] == 'specimen') +if ($action == 'specimen') { - $modele=$_GET["module"]; + $modele=GETPOST('module','alpha'); $don = new Don($db); $don->initAsSpecimen(); @@ -71,25 +74,29 @@ if ($_GET["action"] == 'specimen') } } -if ($_GET["action"] == 'setdoc') +if ($action == 'setdoc') { + $value = GETPOST('value','alpha'); + $label = GETPOST('label','alpha'); + $scandir = GETPOST('scandir','alpha'); + $db->begin(); - if (dolibarr_set_const($db, "DON_ADDON_MODEL",$_GET["value"],'chaine',0,'',$conf->entity)) + if (dolibarr_set_const($db, "DON_ADDON_MODEL",$value,'chaine',0,'',$conf->entity)) { - $conf->global->DON_ADDON_MODEL = $_GET["value"]; + $conf->global->DON_ADDON_MODEL = $value; } // On active le modele $type='donation'; $sql_del = "DELETE FROM ".MAIN_DB_PREFIX."document_model"; - $sql_del.= " WHERE nom = '".$db->escape($_GET["value"])."' AND type = '".$type."'"; + $sql_del.= " WHERE nom = '".$db->escape($value)."' AND type = '".$type."'"; $result1=$db->query($sql_del); $sql = "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity, libelle, description)"; - $sql.= " VALUES ('".$db->escape($_GET["value"])."', '".$type."', ".$conf->entity.", "; - $sql.= ($_GET["label"]?"'".$db->escape($_GET["label"])."'":'null').", "; - $sql.= (! empty($_GET["scandir"])?"'".$db->escape($_GET["scandir"])."'":"null"); + $sql.= " VALUES ('".$db->escape($value)."', '".$type."', ".$conf->entity.", "; + $sql.= ($label?"'".$db->escape($label)."'":'null').", "; + $sql.= (! empty($scandir)?"'".$db->escape($scandir)."'":"null"); $sql.= ")"; $result2=$db->query($sql); if ($result1 && $result2) @@ -102,22 +109,28 @@ if ($_GET["action"] == 'setdoc') } } -if ($_GET["action"] == 'set') +if ($action == 'set') { + $value = GETPOST('value','alpha'); + $label = GETPOST('label','alpha'); + $scandir = GETPOST('scandir','alpha'); + $type='donation'; $sql = "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity, libelle, description)"; - $sql.= " VALUES ('".$db->escape($_GET["value"])."','".$type."',".$conf->entity.", "; - $sql.= ($_GET["label"]?"'".$db->escape($_GET["label"])."'":'null').", "; - $sql.= (! empty($_GET["scandir"])?"'".$db->escape($_GET["scandir"])."'":"null"); + $sql.= " VALUES ('".$db->escape($value)."','".$type."',".$conf->entity.", "; + $sql.= ($label?"'".$db->escape($label)."'":'null').", "; + $sql.= (! empty($scandir)?"'".$db->escape($scandir)."'":"null"); $sql.= ")"; $resql=$db->query($sql); } -if ($_GET["action"] == 'del') +if ($action == 'del') { + $value = GETPOST('value','alpha'); + $type='donation'; $sql = "DELETE FROM ".MAIN_DB_PREFIX."document_model"; - $sql .= " WHERE nom = '".$_GET["value"]."' AND type = '".$type."'"; + $sql .= " WHERE nom = '".$value."' AND type = '".$type."'"; $resql=$db->query($sql); } diff --git a/htdocs/admin/facture.php b/htdocs/admin/facture.php index 06b749d7afc..b7f362f21ae 100644 --- a/htdocs/admin/facture.php +++ b/htdocs/admin/facture.php @@ -4,6 +4,7 @@ * Copyright (C) 2005 Eric Seigne * Copyright (C) 2005-2012 Regis Houssin * Copyright (C) 2008 Raphael Bertrand (Resultic) + * Copyright (C) 2012 Juanjo Menent * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -44,10 +45,10 @@ $value = GETPOST('value','alpha'); if ($action == 'updateMask') { - $maskconstinvoice=GETPOST("maskconstinvoice"); - $maskconstcredit=GETPOST("maskconstcredit"); - $maskinvoice=GETPOST("maskinvoice"); - $maskcredit=GETPOST("maskcredit"); + $maskconstinvoice=GETPOST('maskconstinvoice','alpha'); + $maskconstcredit=GETPOST('maskconstcredit','alpha'); + $maskinvoice=GETPOST('maskinvoice','alpha'); + $maskcredit=GETPOST('maskcredit','alpha'); if ($maskconstinvoice) $res = dolibarr_set_const($db,$maskconstinvoice,$maskinvoice,'chaine',0,'',$conf->entity); if ($maskconstcredit) $res = dolibarr_set_const($db,$maskconstcredit,$maskcredit,'chaine',0,'',$conf->entity); @@ -65,7 +66,7 @@ if ($action == 'updateMask') if ($action == 'specimen') { - $modele=GETPOST("module"); + $modele=GETPOST('module','alpha'); $facture = new Facture($db); $facture->initAsSpecimen(); @@ -116,8 +117,8 @@ if ($action == 'setModuleOptions') { if (array_key_exists('param'.$i,$_POST)) { - $param=$_POST["param".$i]; - $value=$_POST["value".$i]; + $param=GETPOST("param".$i,'alpha'); + $value=GETPOST("value".$i,'alpha'); if ($param) $res = dolibarr_set_const($db,$param,$value,'chaine',0,'',$conf->entity); } } @@ -135,8 +136,8 @@ if ($action == 'setModuleOptions') if ($action == 'set') { - $label = GETPOST("label"); - $scandir = GETPOST("scandir"); + $label = GETPOST('label','alpha'); + $scandir = GETPOST('scandir','alpha'); $type='invoice'; $sql = "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity, libelle, description)"; @@ -166,8 +167,8 @@ if ($action == 'del') if ($action == 'setdoc') { - $label = GETPOST("label"); - $scandir = GETPOST("scandir"); + $label = GETPOST('label','alpha'); + $scandir = GETPOST('scandir','alpha'); $db->begin(); @@ -214,8 +215,8 @@ if ($action == 'setmod') if ($action == 'setribchq') { - $rib = GETPOST("rib"); - $chq = GETPOST("chq"); + $rib = GETPOST('rib','alpha'); + $chq = GETPOST('chq','alpha'); $res = dolibarr_set_const($db, "FACTURE_RIB_NUMBER",$rib,'chaine',0,'',$conf->entity); $res = dolibarr_set_const($db, "FACTURE_CHQ_NUMBER",$chq,'chaine',0,'',$conf->entity); @@ -234,7 +235,7 @@ if ($action == 'setribchq') if ($action == 'set_FACTURE_DRAFT_WATERMARK') { - $draft = GETPOST("FACTURE_DRAFT_WATERMARK"); + $draft = GETPOST('FACTURE_DRAFT_WATERMARK','alpha'); $res = dolibarr_set_const($db, "FACTURE_DRAFT_WATERMARK",trim($draft),'chaine',0,'',$conf->entity); @@ -252,7 +253,7 @@ if ($action == 'set_FACTURE_DRAFT_WATERMARK') if ($action == 'set_FACTURE_FREE_TEXT') { - $free = GETPOST("FACTURE_FREE_TEXT"); + $free = GETPOST('FACTURE_FREE_TEXT','alpha'); $res = dolibarr_set_const($db, "FACTURE_FREE_TEXT",$free,'chaine',0,'',$conf->entity); @@ -270,7 +271,7 @@ if ($action == 'set_FACTURE_FREE_TEXT') if ($action == 'setforcedate') { - $forcedate = GETPOST("forcedate"); + $forcedate = GETPOST('forcedate','alpha'); $res = dolibarr_set_const($db, "FAC_FORCE_DATE_VALIDATION",$forcedate,'chaine',0,'',$conf->entity); diff --git a/htdocs/admin/prelevement.php b/htdocs/admin/prelevement.php index d128244c369..a5c02129e37 100644 --- a/htdocs/admin/prelevement.php +++ b/htdocs/admin/prelevement.php @@ -35,7 +35,7 @@ $langs->load("withdrawals"); // Security check if (!$user->admin) accessforbidden(); -$action = GETPOST("action"); +$action = GETPOST('action','alpha'); /* diff --git a/htdocs/admin/taxes.php b/htdocs/admin/taxes.php index 9a110b89f24..f161fbd3927 100644 --- a/htdocs/admin/taxes.php +++ b/htdocs/admin/taxes.php @@ -2,7 +2,7 @@ /* Copyright (C) 2004 Rodolphe Quiedeville * Copyright (C) 2004-2008 Laurent Destailleur * Copyright (C) 2005-2009 Regis Houssin - * Copyright (C) 2011 Juanjo Menent + * Copyright (C) 2011-2012 Juanjo Menent * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -31,7 +31,7 @@ $langs->load('admin'); if (!$user->admin) accessforbidden(); -$action = GETPOST("action"); +$action = GETPOST('action','alpha'); /* * Actions @@ -53,7 +53,7 @@ $tax_mode = empty($conf->global->TAX_MODE)?0:$conf->global->TAX_MODE; if ($action == 'settaxmode') { - $tax_mode = GETPOST("tax_mode"); + $tax_mode = GETPOST('tax_mode','alpha'); $db->begin(); diff --git a/htdocs/compta/bank/admin/bank.php b/htdocs/compta/bank/admin/bank.php index e9c205f2776..ffe87be45ce 100644 --- a/htdocs/compta/bank/admin/bank.php +++ b/htdocs/compta/bank/admin/bank.php @@ -1,6 +1,6 @@ - * Copyright (C) 2010-2011 Juanjo Menent + * Copyright (C) 2010-2012 Juanjo Menent * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -36,7 +36,7 @@ $langs->load("banks"); if (!$user->admin) accessforbidden(); -$action = GETPOST("action"); +$action = GETPOST('action','alpha'); /* @@ -45,7 +45,7 @@ $action = GETPOST("action"); if ($action == 'set_BANK_CHEQUERECEIPT_FREE_TEXT') { - $free = GETPOST("BANK_CHEQUERECEIPT_FREE_TEXT"); + $free = GETPOST('BANK_CHEQUERECEIPT_FREE_TEXT','alpha'); $res = dolibarr_set_const($db, "BANK_CHEQUERECEIPT_FREE_TEXT",$free,'chaine',0,'',$conf->entity); if (! $res > 0) $error++; @@ -63,7 +63,7 @@ if ($action == 'set_BANK_CHEQUERECEIPT_FREE_TEXT') //Order display of bank account if ($action == 'setbankorder') { - if (dolibarr_set_const($db, "BANK_SHOW_ORDER_OPTION",$_GET["value"],'chaine',0,'',$conf->entity) > 0) + if (dolibarr_set_const($db, "BANK_SHOW_ORDER_OPTION",GETPOST('value','alpha'),'chaine',0,'',$conf->entity) > 0) { Header("Location: ".$_SERVER["PHP_SELF"]); exit;