Merge branch 'develop' of ssh://git@github.com/Dolibarr/dolibarr.git into develop

2012-03-30 00:55:16 +02:00 · 2012-03-30 00:55:16 +02:00 · 485363eefa
commit 485363eefa
parent d8c975da3d e9d3bc7530
29 changed files with 194 additions and 160 deletions
--- a/htdocs/adherents/admin/adherent.php
+++ b/htdocs/adherents/admin/adherent.php
@ -4,8 +4,8 @@
 * Copyright (C) 2004-2012 Laurent Destailleur  <eldy@users.sourceforge.net>
 * Copyright (C) 2004      Sebastien Di Cintio  <sdicintio@ressource-toi.org>
 * Copyright (C) 2004      Benoit Mortier       <benoit.mortier@opensides.be>
- * Copyright (C) 2005-2011 Regis Houssin        <regis@dolibarr.fr>
- * Copyright (C) 2011 	   Juanjo Menent		<jmenent@2byte.es>
+ * Copyright (C) 2005-2012 Regis Houssin        <regis@dolibarr.fr>
+ * Copyright (C) 2011-2012 Juanjo Menent		<jmenent@2byte.es>
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
@ -39,7 +39,7 @@ if (! $user->admin) accessforbidden();

 $type=array('yesno','texte','chaine');

-$action = GETPOST("action");
+$action = GETPOST('action','alpha');


 /*
@ -78,7 +78,7 @@ if ($action == 'update' || $action == 'add')
 // Action activation d'un sous module du module adherent
 if ($action == 'set')
 {
-    $result=dolibarr_set_const($db, $_GET["name"],$_GET["value"],'',0,'',$conf->entity);
+    $result=dolibarr_set_const($db, GETPOST('name','alpha'),GETPOST('value','alpha'),'',0,'',$conf->entity);
    if ($result < 0)
    {
        print $db->error();
@ -88,7 +88,7 @@ if ($action == 'set')
 // Action desactivation d'un sous module du module adherent
 if ($action == 'unset')
 {
-    $result=dolibarr_del_const($db,$_GET["name"],$conf->entity);
+    $result=dolibarr_del_const($db,GETPOST('name','alpha'),$conf->entity);
    if ($result < 0)
    {
        print $db->error();
--- a/htdocs/admin/agenda.php
+++ b/htdocs/admin/agenda.php
@ -1,7 +1,7 @@
 <?php
 /* Copyright (C) 2008-2010	Laurent Destailleur <eldy@users.sourceforge.net>
 * Copyright (C) 2011		Regis Houssin		<regis@dolibarr.fr>
- * Copyright (C) 2011 	    Juanjo Menent		<jmenent@2byte.es>
+ * Copyright (C) 2011-2012  Juanjo Menent		<jmenent@2byte.es>
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
@ -33,7 +33,8 @@ if (!$user->admin)
 $langs->load("admin");
 $langs->load("other");

-$action=$_POST["action"];
+$action = GETPOST('action','alpha');
+$cancel = GETPOST('cancel','alpha');

 // Get list of triggers available
 $sql = "SELECT a.rowid, a.code, a.label, a.elementtype";
@ -66,7 +67,7 @@ else
 /*
 *	Actions
 */
-if ($action == "save" && empty($_POST["cancel"]))
+if ($action == "save" && empty($cancel))
 {
    $i=0;

@ -76,7 +77,7 @@ if ($action == "save" && empty($_POST["cancel"]))
 	{
 		$param='MAIN_AGENDA_ACTIONAUTO_'.$trigger['code'];
 		//print "param=".$param." - ".$_POST[$param];
-		if (! empty($_POST[$param])) $res = dolibarr_set_const($db,$param,$_POST[$param],'chaine',0,'',$conf->entity);
+		if (GETPOST($param,'alpha')) $res = dolibarr_set_const($db,$param,GETPOST($param,'alpha'),'chaine',0,'',$conf->entity);
 		else $res = dolibarr_del_const($db,$param,$conf->entity);
 		if (! $res > 0) $error++;
 	}
@ -141,7 +142,7 @@ if (! empty($triggers))
 			print '<td align="right" width="40">';
 			$key='MAIN_AGENDA_ACTIONAUTO_'.$trigger['code'];
 			$value=$conf->global->$key;
-			print '<input '.$bc[$var].' type="checkbox" name="'.$key.'" value="1"'.((($_GET["action"]=='selectall'||$value) && $_GET["action"]!="selectnone")?' checked="checked"':'').'>';
+			print '<input '.$bc[$var].' type="checkbox" name="'.$key.'" value="1"'.((($action=='selectall'||$value) && $action!="selectnone")?' checked="checked"':'').'>';
 			print '</td></tr>'."\n";
 		}
 	}
--- a/htdocs/admin/agenda_extsites.php
+++ b/htdocs/admin/agenda_extsites.php
@ -1,6 +1,6 @@
 <?php
 /* Copyright (C) 2008-2011 Laurent Destailleur  <eldy@users.sourceforge.net>
- * Copyright (C) 2011 	   Juanjo Menent        <jmenent@2byte.es>
+ * Copyright (C) 2011-2012 Juanjo Menent        <jmenent@2byte.es>
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
@ -37,8 +37,8 @@ $langs->load("admin");
 $langs->load("other");

 $def = array();
-$actiontest=GETPOST("test");
-$actionsave=GETPOST("save");
+$actiontest=GETPOST('test','alpha');
+$actionsave=GETPOST('save','alpha');

 if (empty($conf->global->AGENDA_EXT_NB)) $conf->global->AGENDA_EXT_NB=5;
 $MAXAGENDA=empty($conf->global->AGENDA_EXT_NB)?5:$conf->global->AGENDA_EXT_NB;
@ -53,7 +53,7 @@ if ($actionsave)
 {
    $db->begin();

-    $disableext=GETPOST("AGENDA_DISABLE_EXT");
+    $disableext=GETPOST('AGENDA_DISABLE_EXT','alpha');
    if ($disableext) $disableext=0; else $disableext=1;
 	$res=dolibarr_set_const($db,'AGENDA_DISABLE_EXT',$disableext,'chaine',0);

@ -63,20 +63,20 @@ if ($actionsave)
 	// Save agendas
 	while ($i <= $MAXAGENDA)
 	{
-		$color=trim(GETPOST("agenda_ext_color".$i));
+		$color=trim(GETPOST('agenda_ext_color'.$i,'alpha'));
 		if ($color=='-1') $color='';

 		//print 'color='.$color;
-		$res=dolibarr_set_const($db,'AGENDA_EXT_NAME'.$i,trim(GETPOST("agenda_ext_name".$i)),'chaine',0);
+		$res=dolibarr_set_const($db,'AGENDA_EXT_NAME'.$i,trim(GETPOST('agenda_ext_name'.$i),'alpha'),'chaine',0);
 		if (! $res > 0) $error++;
-		$res=dolibarr_set_const($db,'AGENDA_EXT_SRC'.$i,trim(GETPOST("agenda_ext_src".$i)),'chaine',0);
+		$res=dolibarr_set_const($db,'AGENDA_EXT_SRC'.$i,trim(GETPOST('agenda_ext_src'.$i,'alpha')),'chaine',0);
 		if (! $res > 0) $error++;
 		$res=dolibarr_set_const($db,'AGENDA_EXT_COLOR'.$i,$color,'chaine',0);
 		if (! $res > 0) $error++;
 		$i++;
 	}
 	// Save nb of agenda
-	$res=dolibarr_set_const($db,'AGENDA_EXT_NB',trim(GETPOST("AGENDA_EXT_NB")),'chaine',0);
+	$res=dolibarr_set_const($db,'AGENDA_EXT_NB',trim(GETPOST('AGENDA_EXT_NB','alpha')),'chaine',0);
 	if (! $res > 0) $error++;
 	if (empty($conf->global->AGENDA_EXT_NB)) $conf->global->AGENDA_EXT_NB=5;
 	$MAXAGENDA=empty($conf->global->AGENDA_EXT_NB)?5:$conf->global->AGENDA_EXT_NB;
@ -119,7 +119,7 @@ dol_fiche_head($head, 'extsites', $langs->trans("Agenda"));

 print '<form name="extsitesconfig" action="'.$_SERVER["PHP_SELF"].'" method="post">';

-$selectedvalue=(GETPOST("AGENDA_DISABLE_AGENDA"))?GETPOST("AGENDA_DISABLE_EXT"):$conf->global->AGENDA_DISABLE_EXT;
+$selectedvalue=(GETPOST('AGENDA_DISABLE_AGENDA','alpha'))?GETPOST('AGENDA_DISABLE_EXT','alpha'):$conf->global->AGENDA_DISABLE_EXT;
 if ($selectedvalue==1) $selectedvalue=0; else $selectedvalue=1;
 print $langs->trans("ExtSitesEnableThisTool").' '.$form->selectyesno("AGENDA_DISABLE_EXT",$selectedvalue,1).'<br><br>';

--- a/htdocs/admin/agenda_xcal.php
+++ b/htdocs/admin/agenda_xcal.php
@ -1,5 +1,6 @@
 <?php
-/* Copyright (C) 2008-2010 Laurent Destailleur  <eldy@users.sourceforge.net>
+/* Copyright (C) 2008-2010 	Laurent Destailleur <eldy@users.sourceforge.net>
+ * Copyright (C) 2012		Juanjo Menent		<jmenent@2byte.es>
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
@ -34,7 +35,7 @@ $langs->load("other");
 $langs->load("agenda");

 $def = array();
-$actionsave=$_POST["save"];
+$actionsave=GETPOST('save','alpha');

 // Sauvegardes parametres
 if ($actionsave)
@ -43,9 +44,9 @@ if ($actionsave)

    $db->begin();

-    $i+=dolibarr_set_const($db,'MAIN_AGENDA_XCAL_EXPORTKEY',trim($_POST["MAIN_AGENDA_XCAL_EXPORTKEY"]),'chaine',0,'',$conf->entity);
-    $i+=dolibarr_set_const($db,'MAIN_AGENDA_EXPORT_PAST_DELAY',trim($_POST["MAIN_AGENDA_EXPORT_PAST_DELAY"]),'chaine',0,'',$conf->entity);
-    $i+=dolibarr_set_const($db,'MAIN_AGENDA_EXPORT_CACHE',trim($_POST["MAIN_AGENDA_EXPORT_CACHE"]),'chaine',0,'',$conf->entity);
+    $i+=dolibarr_set_const($db,'MAIN_AGENDA_XCAL_EXPORTKEY',trim(GETPOST('MAIN_AGENDA_XCAL_EXPORTKEY','alpha')),'chaine',0,'',$conf->entity);
+    $i+=dolibarr_set_const($db,'MAIN_AGENDA_EXPORT_PAST_DELAY',trim(GETPOST('MAIN_AGENDA_EXPORT_PAST_DELAY','alpha')),'chaine',0,'',$conf->entity);
+    $i+=dolibarr_set_const($db,'MAIN_AGENDA_EXPORT_CACHE',trim(GETPOST('MAIN_AGENDA_EXPORT_CACHE','alpha')),'chaine',0,'',$conf->entity);

    if ($i >= 3)
    {
@ -94,19 +95,19 @@ print "</tr>";

 print "<tr class=\"impair\">";
 print '<td class="fieldrequired">'.$langs->trans("PasswordTogetVCalExport")."</td>";
-print "<td><input type=\"text\" class=\"flat\" name=\"MAIN_AGENDA_XCAL_EXPORTKEY\" value=\"". ($_POST["MAIN_AGENDA_XCAL_EXPORTKEY"]?$_POST["MAIN_AGENDA_XCAL_EXPORTKEY"]:$conf->global->MAIN_AGENDA_XCAL_EXPORTKEY) . "\" size=\"40\"></td>";
+print "<td><input type=\"text\" class=\"flat\" name=\"MAIN_AGENDA_XCAL_EXPORTKEY\" value=\"". (GETPOST('MAIN_AGENDA_XCAL_EXPORTKEY','alpha')?GETPOST('MAIN_AGENDA_XCAL_EXPORTKEY','alpha'):$conf->global->MAIN_AGENDA_XCAL_EXPORTKEY) . "\" size=\"40\"></td>";
 print "<td>&nbsp;</td>";
 print "</tr>";

 print "<tr class=\"pair\">";
 print "<td>".$langs->trans("PastDelayVCalExport")."</td>";
-print "<td><input type=\"text\" class=\"flat\" name=\"MAIN_AGENDA_EXPORT_PAST_DELAY\" value=\"". ($_POST["MAIN_AGENDA_EXPORT_PAST_DELAY"]?$_POST["MAIN_AGENDA_EXPORT_PAST_DELAY"]:$conf->global->MAIN_AGENDA_EXPORT_PAST_DELAY) . "\" size=\"10\"> ".$langs->trans("days")."</td>";
+print "<td><input type=\"text\" class=\"flat\" name=\"MAIN_AGENDA_EXPORT_PAST_DELAY\" value=\"". (GETPOST('MAIN_AGENDA_EXPORT_PAST_DELAY','alpha')?GETPOST('MAIN_AGENDA_EXPORT_PAST_DELAY','alpha'):$conf->global->MAIN_AGENDA_EXPORT_PAST_DELAY) . "\" size=\"10\"> ".$langs->trans("days")."</td>";
 print "<td>&nbsp;</td>";
 print "</tr>";

 print "<tr class=\"impair\">";
 print "<td>".$langs->trans("UseACacheDelay")."</td>";
-print "<td><input type=\"text\" class=\"flat\" name=\"MAIN_AGENDA_EXPORT_CACHE\" value=\"". ($_POST["MAIN_AGENDA_EXPORT_CACHE"]?$_POST["MAIN_AGENDA_EXPORT_CACHE"]:$conf->global->MAIN_AGENDA_EXPORT_CACHE) . "\" size=\"10\"></td>";
+print "<td><input type=\"text\" class=\"flat\" name=\"MAIN_AGENDA_EXPORT_CACHE\" value=\"". (GETPOST('MAIN_AGENDA_EXPORT_CACHE','alpha')?GETPOST('MAIN_AGENDA_EXPORT_CACHE','alpha'):$conf->global->MAIN_AGENDA_EXPORT_CACHE) . "\" size=\"10\"></td>";
 print "<td>&nbsp;</td>";
 print "</tr>";

--- a/htdocs/admin/barcode.php
+++ b/htdocs/admin/barcode.php
@ -2,6 +2,7 @@
 /* Copyright (C) 2003-2004 Rodolphe Quiedeville <rodolphe@quiedeville.org>
 * Copyright (C) 2004-2011 Laurent Destailleur  <eldy@users.sourceforge.net>
 * Copyright (C) 2005-2009 Regis Houssin        <regis@dolibarr.fr>
+ * Copyright (C) 2011	   Juanjo Menent        <jmenent@2byte.es>
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
@ -31,7 +32,7 @@ $langs->load("admin");

 if (!$user->admin) accessforbidden();

-$action = GETPOST("action");
+$action = GETPOST('action','alpha');


 /*
@ -40,8 +41,8 @@ $action = GETPOST("action");

 if ($action == 'setcoder')
 {
-	$coder = GETPOST("coder");
-	$code_id = GETPOST("code_id");
+	$coder = GETPOST('coder','alpha');
+	$code_id = GETPOST('code_id','alpha');
 	$sqlp = "UPDATE ".MAIN_DB_PREFIX."c_barcode_type";
 	$sqlp.= " SET coder = '" . $coder."'";
 	$sqlp.= " WHERE rowid = ". $code_id;
@ -52,17 +53,17 @@ if ($action == 'setcoder')
 }
 else if ($action == 'setgenbarcodelocation')
 {
-	$location = GETPOST("genbarcodelocation");
+	$location = GETPOST('genbarcodelocation','alpha');
 	$res = dolibarr_set_const($db, "GENBARCODE_LOCATION",$location,'chaine',0,'',$conf->entity);
 }
 else if ($action == 'setdefaultbarcodetype')
 {
-	$coder_id = GETPOST("coder_id");
+	$coder_id = GETPOST('coder_id','alpha');
 	$res = dolibarr_set_const($db, "PRODUIT_DEFAULT_BARCODE_TYPE", $coder_id,'chaine',0,'',$conf->entity);
 }
 else if ($action == 'GENBARCODE_BARCODETYPE_THIRDPARTY')
 {
-	$coder_id = GETPOST("coder_id");
+	$coder_id = GETPOST('coder_id','alpha');
 	$res = dolibarr_set_const($db, "GENBARCODE_BARCODETYPE_THIRDPARTY", $coder_id,'chaine',0,'',$conf->entity);
 }
 /*
--- a/htdocs/admin/compta.php
+++ b/htdocs/admin/compta.php
@ -2,7 +2,7 @@
 /* Copyright (C) 2004      Rodolphe Quiedeville <rodolphe@quiedeville.org>
 * Copyright (C) 2004-2008 Laurent Destailleur  <eldy@users.sourceforge.net>
 * Copyright (C) 2005-2009 Regis Houssin        <regis@dolibarr.fr>
- * Copyright (C) 2011      Juanjo Menent	    <jmenent@2byte.es>
+ * Copyright (C) 2011-2012 Juanjo Menent	    <jmenent@2byte.es>
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
@ -33,13 +33,13 @@ $langs->load('compta');
 if (!$user->admin)
 accessforbidden();

-$action = GETPOST("action");
+$action = GETPOST('action','alpha');

 $compta_mode = defined('COMPTA_MODE')?COMPTA_MODE:'RECETTES-DEPENSES';

 if ($action == 'setcomptamode')
 {
-	$compta_mode = GETPOST("compta_mode");
+	$compta_mode = GETPOST('compta_mode','alpha');
 	
 	$res = dolibarr_set_const($db, 'COMPTA_MODE', $compta_mode,'chaine',0,'',$conf->entity);
 	
@ -58,10 +58,10 @@ if ($action == 'setcomptamode')

 if ($action == 'update' || $action == 'add')
 {
-	$constname = GETPOST("constname");
-	$constvalue = GETPOST("constvalue");
-	$consttype = GETPOST("consttype");
-	$constnote = GETPOST("constnote");
+	$constname = GETPOST('constname','alpha');
+	$constvalue = GETPOST('constvalue','alpha');
+	$consttype = GETPOST('consttype','alpha');
+	$constnote = GETPOST('constnote','alpha');
 	
 	$res = dolibarr_set_const($db, $constname, $constvalue, $consttype, 0, $constnote, $conf->entity);
 	
--- a/htdocs/admin/dons.php
+++ b/htdocs/admin/dons.php
@ -1,5 +1,6 @@
 <?php
-/* Copyright (C) 2005-2010 Laurent Destailleur  <eldy@users.sourceforge.net>
+/* Copyright (C) 2005-2010  Laurent Destailleur  	<eldy@users.sourceforge.net>
+ * Copyright (C) 2012		Juanjo Menent			<jmenent@2byte.es>
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
@ -31,14 +32,16 @@ if (!$user->admin) accessforbidden();

 $typeconst=array('yesno','texte','chaine');

+$action = GETPOST('action','alpha');
+

 /*
 * Action
 */

-if ($_GET["action"] == 'specimen')
+if ($action == 'specimen')
 {
-    $modele=$_GET["module"];
+    $modele=GETPOST('module','alpha');

    $don = new Don($db);
    $don->initAsSpecimen();
@ -71,25 +74,29 @@ if ($_GET["action"] == 'specimen')
    }
 }

-if ($_GET["action"] == 'setdoc')
+if ($action == 'setdoc')
 {
+	$value = GETPOST('value','alpha');
+	$label = GETPOST('label','alpha');
+	$scandir = GETPOST('scandir','alpha');
+	
    $db->begin();

-    if (dolibarr_set_const($db, "DON_ADDON_MODEL",$_GET["value"],'chaine',0,'',$conf->entity))
+    if (dolibarr_set_const($db, "DON_ADDON_MODEL",$value,'chaine',0,'',$conf->entity))
    {
-        $conf->global->DON_ADDON_MODEL = $_GET["value"];
+        $conf->global->DON_ADDON_MODEL = $value;
    }

    // On active le modele
    $type='donation';
    $sql_del = "DELETE FROM ".MAIN_DB_PREFIX."document_model";
-    $sql_del.= " WHERE nom = '".$db->escape($_GET["value"])."' AND type = '".$type."'";
+    $sql_del.= " WHERE nom = '".$db->escape($value)."' AND type = '".$type."'";
    $result1=$db->query($sql_del);

    $sql = "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity, libelle, description)";
-    $sql.= " VALUES ('".$db->escape($_GET["value"])."', '".$type."', ".$conf->entity.", ";
-    $sql.= ($_GET["label"]?"'".$db->escape($_GET["label"])."'":'null').", ";
-    $sql.= (! empty($_GET["scandir"])?"'".$db->escape($_GET["scandir"])."'":"null");
+    $sql.= " VALUES ('".$db->escape($value)."', '".$type."', ".$conf->entity.", ";
+    $sql.= ($label?"'".$db->escape($label)."'":'null').", ";
+    $sql.= (! empty($scandir)?"'".$db->escape($scandir)."'":"null");
    $sql.= ")";
    $result2=$db->query($sql);
    if ($result1 && $result2)
@ -102,22 +109,28 @@ if ($_GET["action"] == 'setdoc')
    }
 }

-if ($_GET["action"] == 'set')
+if ($action == 'set')
 {
+	$value = GETPOST('value','alpha');
+	$label = GETPOST('label','alpha');
+	$scandir = GETPOST('scandir','alpha');
+	
    $type='donation';
    $sql = "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity, libelle, description)";
-    $sql.= " VALUES ('".$db->escape($_GET["value"])."','".$type."',".$conf->entity.", ";
-    $sql.= ($_GET["label"]?"'".$db->escape($_GET["label"])."'":'null').", ";
-    $sql.= (! empty($_GET["scandir"])?"'".$db->escape($_GET["scandir"])."'":"null");
+    $sql.= " VALUES ('".$db->escape($value)."','".$type."',".$conf->entity.", ";
+    $sql.= ($label?"'".$db->escape($label)."'":'null').", ";
+    $sql.= (! empty($scandir)?"'".$db->escape($scandir)."'":"null");
    $sql.= ")";
    $resql=$db->query($sql);
 }

-if ($_GET["action"] == 'del')
+if ($action == 'del')
 {
+	$value = GETPOST('value','alpha');
+	
    $type='donation';
    $sql = "DELETE FROM ".MAIN_DB_PREFIX."document_model";
-    $sql .= "  WHERE nom = '".$_GET["value"]."' AND type = '".$type."'";
+    $sql .= "  WHERE nom = '".$value."' AND type = '".$type."'";
    $resql=$db->query($sql);
 }

--- a/htdocs/admin/facture.php
+++ b/htdocs/admin/facture.php
@ -4,6 +4,7 @@
 * Copyright (C) 2005		Eric Seigne					<eric.seigne@ryxeo.com>
 * Copyright (C) 2005-2012	Regis Houssin				<regis@dolibarr.fr>
 * Copyright (C) 2008		Raphael Bertrand (Resultic)	<raphael.bertrand@resultic.fr>
+ * Copyright (C) 2012		Juanjo Menent				<jmenent@2byte.es>
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
@ -44,10 +45,10 @@ $value = GETPOST('value','alpha');

 if ($action == 'updateMask')
 {
-    $maskconstinvoice=GETPOST("maskconstinvoice");
-    $maskconstcredit=GETPOST("maskconstcredit");
-    $maskinvoice=GETPOST("maskinvoice");
-    $maskcredit=GETPOST("maskcredit");
+    $maskconstinvoice=GETPOST('maskconstinvoice','alpha');
+    $maskconstcredit=GETPOST('maskconstcredit','alpha');
+    $maskinvoice=GETPOST('maskinvoice','alpha');
+    $maskcredit=GETPOST('maskcredit','alpha');
    if ($maskconstinvoice) $res = dolibarr_set_const($db,$maskconstinvoice,$maskinvoice,'chaine',0,'',$conf->entity);
    if ($maskconstcredit)  $res = dolibarr_set_const($db,$maskconstcredit,$maskcredit,'chaine',0,'',$conf->entity);

@ -65,7 +66,7 @@ if ($action == 'updateMask')

 if ($action == 'specimen')
 {
-    $modele=GETPOST("module");
+    $modele=GETPOST('module','alpha');

    $facture = new Facture($db);
    $facture->initAsSpecimen();
@ -116,8 +117,8 @@ if ($action == 'setModuleOptions')
    {
        if (array_key_exists('param'.$i,$_POST))
        {
-            $param=$_POST["param".$i];
-            $value=$_POST["value".$i];
+            $param=GETPOST("param".$i,'alpha');
+            $value=GETPOST("value".$i,'alpha');
            if ($param) $res = dolibarr_set_const($db,$param,$value,'chaine',0,'',$conf->entity);
        }
    }
@ -135,8 +136,8 @@ if ($action == 'setModuleOptions')

 if ($action == 'set')
 {
-	$label = GETPOST("label");
-	$scandir = GETPOST("scandir");
+	$label = GETPOST('label','alpha');
+	$scandir = GETPOST('scandir','alpha');

    $type='invoice';
    $sql = "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity, libelle, description)";
@ -166,8 +167,8 @@ if ($action == 'del')

 if ($action == 'setdoc')
 {
-	$label = GETPOST("label");
-	$scandir = GETPOST("scandir");
+	$label = GETPOST('label','alpha');
+	$scandir = GETPOST('scandir','alpha');

    $db->begin();

@ -214,8 +215,8 @@ if ($action == 'setmod')

 if ($action == 'setribchq')
 {
-	$rib = GETPOST("rib");
-	$chq = GETPOST("chq");
+	$rib = GETPOST('rib','alpha');
+	$chq = GETPOST('chq','alpha');

 	$res = dolibarr_set_const($db, "FACTURE_RIB_NUMBER",$rib,'chaine',0,'',$conf->entity);
    $res = dolibarr_set_const($db, "FACTURE_CHQ_NUMBER",$chq,'chaine',0,'',$conf->entity);
@ -234,7 +235,7 @@ if ($action == 'setribchq')

 if ($action == 'set_FACTURE_DRAFT_WATERMARK')
 {
-	$draft = GETPOST("FACTURE_DRAFT_WATERMARK");
+	$draft = GETPOST('FACTURE_DRAFT_WATERMARK','alpha');

    $res = dolibarr_set_const($db, "FACTURE_DRAFT_WATERMARK",trim($draft),'chaine',0,'',$conf->entity);

@ -252,7 +253,7 @@ if ($action == 'set_FACTURE_DRAFT_WATERMARK')

 if ($action == 'set_FACTURE_FREE_TEXT')
 {
-	$free = GETPOST("FACTURE_FREE_TEXT");
+	$free = GETPOST('FACTURE_FREE_TEXT','alpha');

    $res = dolibarr_set_const($db, "FACTURE_FREE_TEXT",$free,'chaine',0,'',$conf->entity);

@ -270,7 +271,7 @@ if ($action == 'set_FACTURE_FREE_TEXT')

 if ($action == 'setforcedate')
 {
-	$forcedate = GETPOST("forcedate");
+	$forcedate = GETPOST('forcedate','alpha');

    $res = dolibarr_set_const($db, "FAC_FORCE_DATE_VALIDATION",$forcedate,'chaine',0,'',$conf->entity);

--- a/htdocs/admin/fckeditor.php
+++ b/htdocs/admin/fckeditor.php
@ -1,6 +1,7 @@
 <?php
 /* Copyright (C) 2004-2011 Laurent Destailleur   <eldy@users.sourceforge.net>
 * Copyright (C) 2005-2011 Regis Houssin         <regis@dolibarr.fr>
+ * Copyright (C) 2012	   Juanjo Menent         <jmenent@2byte.es>
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
@ -30,6 +31,8 @@ require_once(DOL_DOCUMENT_ROOT."/core/class/doleditor.class.php");
 $langs->load("admin");
 $langs->load("fckeditor");

+$action = GETPOST('action','alpha');
+
 if (!$user->admin) accessforbidden();

 // Constante et traduction de la description du module
@ -62,7 +65,7 @@ $picto = array(

 foreach($modules as $const => $desc)
 {
-    if ($_GET["action"] == 'activate_'.strtolower($const))
+    if ($action == 'activate_'.strtolower($const))
    {
        dolibarr_set_const($db, "FCKEDITOR_ENABLE_".$const, "1",'chaine',0,'',$conf->entity);
        // Si fckeditor est active dans la description produit/service, on l'active dans les formulaires
@ -73,7 +76,7 @@ foreach($modules as $const => $desc)
        Header("Location: ".$_SERVER["PHP_SELF"]);
        exit;
    }
-    if ($_GET["action"] == 'disable_'.strtolower($const))
+    if ($action == 'disable_'.strtolower($const))
    {
        dolibarr_del_const($db, "FCKEDITOR_ENABLE_".$const,$conf->entity);
        Header("Location: ".$_SERVER["PHP_SELF"]);
@ -81,9 +84,9 @@ foreach($modules as $const => $desc)
    }
 }

-if ($_POST["save"])
+if (GETPOST('save','alpha'))
 {
-    dolibarr_set_const($db, "FCKEDITOR_TEST", $_POST["formtestfield"],'chaine',0,'',$conf->entity);
+    dolibarr_set_const($db, "FCKEDITOR_TEST", GETPOST('formtestfield','alpha'),'chaine',0,'',$conf->entity);
 }


--- a/htdocs/admin/fournisseur.php
+++ b/htdocs/admin/fournisseur.php
@ -4,7 +4,7 @@
 * Copyright (C) 2005-2011 Regis Houssin           <regis@dolibarr.fr>
 * Copyright (C) 2004      Sebastien Di Cintio     <sdicintio@ressource-toi.org>
 * Copyright (C) 2004      Benoit Mortier          <benoit.mortier@opensides.be>
- * Copyright (C) 2010-2011 Juanjo Menent           <jmenent@2byte.es>
+ * Copyright (C) 2010-2012 Juanjo Menent           <jmenent@2byte.es>
 * Copyright (C) 2011      Philippe Grand          <philippe.grand@atoo-net.com>
 *
 * This program is free software; you can redistribute it and/or modify
@ -38,9 +38,9 @@ $langs->load("admin");
 if (!$user->admin)
 accessforbidden();

-$type=GETPOST('type');
-$value=GETPOST('value');
-$action=GETPOST('action');
+$type=GETPOST('type', 'alpha');
+$value=GETPOST('value', 'alpha');
+$action=GETPOST('action', 'alpha');

 $specimenthirdparty=new Societe($db);
 $specimenthirdparty->initAsSpecimen();
@ -52,8 +52,9 @@ $specimenthirdparty->initAsSpecimen();

 if ($action == 'updateMask')
 {
-    $maskconstorder=$_POST['maskconstorder'];
-    $maskorder=$_POST['maskorder'];
+    $maskconstorder=GETPOST('maskconstorder','alpha');
+    $maskorder=GETPOST('maskorder','alpha');
+    
    if ($maskconstorder)  $res = dolibarr_set_const($db,$maskconstorder,$maskorder,'chaine',0,'',$conf->entity);

    if (! $res > 0) $error++;
@ -70,7 +71,7 @@ if ($action == 'updateMask')

 if ($action == 'specimen')  // For orders
 {
-    $modele=GETPOST("module");
+    $modele=GETPOST('module','alpha');

    $commande = new CommandeFournisseur($db);
    $commande->initAsSpecimen();
@ -116,7 +117,7 @@ if ($action == 'specimen')  // For orders

 if ($action == 'specimenfacture')   // For invoices
 {
-    $modele=GETPOST("module");
+    $modele=GETPOST('module','alpha');

    $facture = new FactureFournisseur($db);
    $facture->initAsSpecimen();
@ -162,10 +163,13 @@ if ($action == 'specimenfacture')   // For invoices

 if ($action == 'set')
 {
+	$label = GETPOST('label','alpha');
+	$scandir = GETPOST('scandir','alpha');
+	
    $sql = "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity, libelle, description)";
    $sql.= " VALUES ('".$db->escape($value)."','".$type."',".$conf->entity.", ";
-    $sql.= ($_GET["label"]?"'".$db->escape($_GET["label"])."'":'null').", ";
-    $sql.= (! empty($_GET["scandir"])?"'".$db->escape($_GET["scandir"])."'":"null");
+    $sql.= ($label?"'".$db->escape($label)."'":'null').", ";
+    $sql.= (! empty($scandir)?"'".$db->escape($scandir)."'":"null");
    $sql.= ")";
    $res=$db->query($sql);
    if ($res)
@ -191,14 +195,17 @@ if ($action == 'del')

 if ($action == 'setdoc')
 {
+	$label = GETPOST('label','alpha');
+	$scandir = GETPOST('scandir','alpha');
+	
    $db->begin();

-    if ($_GET["type"] == 'order_supplier' && dolibarr_set_const($db, "COMMANDE_SUPPLIER_ADDON_PDF",$value,'chaine',0,'',$conf->entity))
+    if ($type == 'order_supplier' && dolibarr_set_const($db, "COMMANDE_SUPPLIER_ADDON_PDF",$value,'chaine',0,'',$conf->entity))
    {
        $conf->global->COMMANDE_SUPPLIER_ADDON_PDF = $value;
    }

-    if ($_GET["type"] == 'invoice_supplier' && dolibarr_set_const($db, "INVOICE_SUPPLIER_ADDON_PDF",$value,'chaine',0,'',$conf->entity))
+    if ($type == 'invoice_supplier' && dolibarr_set_const($db, "INVOICE_SUPPLIER_ADDON_PDF",$value,'chaine',0,'',$conf->entity))
    {
        $conf->global->INVOICE_SUPPLIER_ADDON_PDF = $value;
    }
@ -212,8 +219,8 @@ if ($action == 'setdoc')

    $sql = "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity, libelle, description)";
    $sql.= " VALUES ('".$db->escape($value)."', '".$type."', ".$conf->entity.", ";
-    $sql.= ($_GET["label"]?"'".$db->escape($_GET["label"])."'":'null').", ";
-    $sql.= (! empty($_GET["scandir"])?"'".$db->escape($_GET["scandir"])."'":"null");
+    $sql.= ($label?"'".$db->escape($label)."'":'null').", ";
+    $sql.= (! empty($scandir)?"'".$db->escape($scandir)."'":"null");
    $sql.= ")";
    $result2=$db->query($sql);
    if ($result1 && $result2)
@ -242,7 +249,7 @@ if ($action == 'addcat')

 if ($action == 'set_SUPPLIER_INVOICE_FREE_TEXT')
 {
-    $free = GETPOST("SUPPLIER_INVOICE_FREE_TEXT");
+    $free = GETPOST('SUPPLIER_INVOICE_FREE_TEXT','alpha');
    $res = dolibarr_set_const($db, "SUPPLIER_INVOICE_FREE_TEXT",$free,'chaine',0,'',$conf->entity);

    if (! $res > 0) $error++;
--- a/htdocs/admin/mailing.php
+++ b/htdocs/admin/mailing.php
@ -1,7 +1,7 @@
 <?php
-/* Copyright (C) 2004      Rodolphe Quiedeville <rodolphe@quiedeville.org>
- * Copyright (C) 2005-2011 Laurent Destailleur  <eldy@users.sourceforge.org>
- * Copyright (C) 2011 Juanjo Menent		   <jmenent@2byte.es>
+/* Copyright (C) 2004      Rodolphe Quiedeville 	<rodolphe@quiedeville.org>
+ * Copyright (C) 2005-2011 Laurent Destailleur  	<eldy@users.sourceforge.org>
+ * Copyright (C) 2011-2012 Juanjo Menent			<jmenent@2byte.es>
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
@ -32,7 +32,7 @@ $langs->load("mails");
 if (!$user->admin)
  accessforbidden();

-$action = GETPOST("action");
+$action = GETPOST('action','alpha');

 /*
 * Actions
@ -42,8 +42,8 @@ if ($action == 'setvalue' && $user->admin)
 {
 	$db->begin();
 	
-	$mailfrom = GETPOST("MAILING_EMAIL_FROM");
-	$mailerror = GETPOST("MAILING_EMAIL_ERRORSTO");
+	$mailfrom = GETPOST('MAILING_EMAIL_FROM','alpha');
+	$mailerror = GETPOST('MAILING_EMAIL_ERRORSTO','alpha');
 	
 	$res=dolibarr_set_const($db, "MAILING_EMAIL_FROM",$mailfrom,'chaine',0,'',$conf->entity);
 	if (! $res > 0) $error++;
--- a/htdocs/admin/prelevement.php
+++ b/htdocs/admin/prelevement.php
@ -35,7 +35,7 @@ $langs->load("withdrawals");
 // Security check
 if (!$user->admin) accessforbidden();

-$action = GETPOST("action");
+$action = GETPOST('action','alpha');


 /*
--- a/htdocs/admin/project.php
+++ b/htdocs/admin/project.php
@ -1,7 +1,7 @@
 <?php
-/* Copyright (C) 2010 Regis Houssin        <regis@dolibarr.fr>
- * Copyright (C) 2011 Laurent Destailleur  <eldy@users.sourceforge.net>
- * Copyright (C) 2011 Juanjo Menent		   <jmenent@2byte.es>
+/* Copyright (C) 2010 		Regis Houssin		<regis@dolibarr.fr>
+ * Copyright (C) 2011 		Laurent Destailleur	<eldy@users.sourceforge.net>
+ * Copyright (C) 2011-2012 	Juanjo Menent		<jmenent@2byte.es>
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
@ -35,8 +35,8 @@ $langs->load("projects");
 if (!$user->admin)
 accessforbidden();

-$value=GETPOST('value');
-$action=GETPOST('action');
+$value=GETPOST('value','action');
+$action=GETPOST('action','action');


 /*
@ -45,8 +45,9 @@ $action=GETPOST('action');

 if ($action == 'updateMask')
 {
-	$maskconstproject=GETPOST("maskconstproject");
-	$maskproject=GETPOST("maskproject");
+	$maskconstproject=GETPOST('maskconstproject','alpha');
+	$maskproject=GETPOST('maskproject','alpha');
+	
 	if ($maskconstproject)  $res = dolibarr_set_const($db,$maskconstproject,$maskproject,'chaine',0,'',$conf->entity);

 	if (! $res > 0) $error++;
@ -63,7 +64,7 @@ if ($action == 'updateMask')

 if ($action == 'specimen')
 {
-	$modele=GETPOST("module");
+	$modele=GETPOST('module','alpha');

 	$project = new Project($db);
 	$project->initAsSpecimen();
@ -98,8 +99,8 @@ if ($action == 'specimen')

 if ($action == 'set')
 {
-	$label = GETPOST("label");
-	$scandir = GETPOST("scandir");
+	$label = GETPOST('label','alpha');
+	$scandir = GETPOST('scandir','alpha');

 	$type='project';
    $sql = "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity, libelle, description)";
@ -125,8 +126,8 @@ if ($action == 'del')

 if ($action == 'setdoc')
 {
-	$label = GETPOST("label");
-	$scandir = GETPOST("scandir");
+	$label = GETPOST('label','alpha');
+	$scandir = GETPOST('scandir','alpha');

 	$db->begin();

@ -164,7 +165,7 @@ if ($action == 'setmod')
 	// TODO Verifier si module numerotation choisi peut etre active
 	// par appel methode canBeActivated

-	dolibarr_set_const($db, "PROJECT_ADDON",$_GET["value"],'chaine',0,'',$conf->entity);
+	dolibarr_set_const($db, "PROJECT_ADDON",GETPOST('value','alpha'),'chaine',0,'',$conf->entity);
 }

 /*
--- a/htdocs/admin/stock.php
+++ b/htdocs/admin/stock.php
@ -2,6 +2,7 @@
 /* Copyright (C) 2006      Rodolphe Quiedeville <rodolphe@quiedeville.org>
 * Copyright (C) 2008-2010 Laurent Destailleur  <eldy@users.sourceforge.net>
 * Copyright (C) 2005-2009 Regis Houssin        <regis@dolibarr.fr>
+ * Copyright (C) 2012      Juanjo Menent		<jmenent@2byte.es>
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
@ -31,7 +32,7 @@ $langs->load("stocks");
 // Securit check
 if (!$user->admin) accessforbidden();

-$action = GETPOST("action");
+$action = GETPOST('action','alpha');


 /*
@ -41,7 +42,7 @@ $action = GETPOST("action");
 if ($action == 'STOCK_USERSTOCK_AUTOCREATE')
 {
 	$db->begin();
-	$res = dolibarr_set_const($db, "STOCK_USERSTOCK_AUTOCREATE", GETPOST("STOCK_USERSTOCK_AUTOCREATE"),'chaine',0,'',$conf->entity);
+	$res = dolibarr_set_const($db, "STOCK_USERSTOCK_AUTOCREATE", GETPOST('STOCK_USERSTOCK_AUTOCREATE','alpha'),'chaine',0,'',$conf->entity);
 }
 // Mode of stock decrease
 if ($action == 'STOCK_CALCULATE_ON_BILL'
@ -52,9 +53,9 @@ if ($action == 'STOCK_CALCULATE_ON_BILL'
 	$res=dolibarr_set_const($db, "STOCK_CALCULATE_ON_BILL", '','chaine',0,'',$conf->entity);
 	$res=dolibarr_set_const($db, "STOCK_CALCULATE_ON_VALIDATE_ORDER", '','chaine',0,'',$conf->entity);
 	$res=dolibarr_set_const($db, "STOCK_CALCULATE_ON_SHIPMENT", '','chaine',0,'',$conf->entity);
-	if ($action == 'STOCK_CALCULATE_ON_BILL')           $res=dolibarr_set_const($db, "STOCK_CALCULATE_ON_BILL", GETPOST("STOCK_CALCULATE_ON_BILL"),'chaine',0,'',$conf->entity);
-	if ($action == 'STOCK_CALCULATE_ON_VALIDATE_ORDER') $res=dolibarr_set_const($db, "STOCK_CALCULATE_ON_VALIDATE_ORDER", GETPOST("STOCK_CALCULATE_ON_VALIDATE_ORDER"),'chaine',0,'',$conf->entity);
-	if ($action == 'STOCK_CALCULATE_ON_SHIPMENT')       $res=dolibarr_set_const($db, "STOCK_CALCULATE_ON_SHIPMENT", GETPOST("STOCK_CALCULATE_ON_SHIPMENT"),'chaine',0,'',$conf->entity);
+	if ($action == 'STOCK_CALCULATE_ON_BILL')           $res=dolibarr_set_const($db, "STOCK_CALCULATE_ON_BILL", GETPOST('STOCK_CALCULATE_ON_BILL','alpha'),'chaine',0,'',$conf->entity);
+	if ($action == 'STOCK_CALCULATE_ON_VALIDATE_ORDER') $res=dolibarr_set_const($db, "STOCK_CALCULATE_ON_VALIDATE_ORDER", GETPOST('STOCK_CALCULATE_ON_VALIDATE_ORDER','alpha'),'chaine',0,'',$conf->entity);
+	if ($action == 'STOCK_CALCULATE_ON_SHIPMENT')       $res=dolibarr_set_const($db, "STOCK_CALCULATE_ON_SHIPMENT", GETPOST('STOCK_CALCULATE_ON_SHIPMENT','alpha'),'chaine',0,'',$conf->entity);
 }
 // Mode of stock increase
 if ($action == 'STOCK_CALCULATE_ON_SUPPLIER_BILL'
@ -65,9 +66,9 @@ if ($action == 'STOCK_CALCULATE_ON_SUPPLIER_BILL'
 	$res=dolibarr_set_const($db, "STOCK_CALCULATE_ON_SUPPLIER_BILL", '','chaine',0,'',$conf->entity);
 	$res=dolibarr_set_const($db, "STOCK_CALCULATE_ON_SUPPLIER_VALIDATE_ORDER", '','chaine',0,'',$conf->entity);
 	$res=dolibarr_set_const($db, "STOCK_CALCULATE_ON_SUPPLIER_DISPATCH_ORDER", '','chaine',0,'',$conf->entity);
-	if ($action == 'STOCK_CALCULATE_ON_SUPPLIER_BILL')           $res=dolibarr_set_const($db, "STOCK_CALCULATE_ON_SUPPLIER_BILL", GETPOST("STOCK_CALCULATE_ON_SUPPLIER_BILL"),'chaine',0,'',$conf->entity);
-	if ($action == 'STOCK_CALCULATE_ON_SUPPLIER_VALIDATE_ORDER') $res=dolibarr_set_const($db, "STOCK_CALCULATE_ON_SUPPLIER_VALIDATE_ORDER", GETPOST("STOCK_CALCULATE_ON_SUPPLIER_VALIDATE_ORDER"),'chaine',0,'',$conf->entity);
-	if ($action == 'STOCK_CALCULATE_ON_SUPPLIER_DISPATCH_ORDER') $res=dolibarr_set_const($db, "STOCK_CALCULATE_ON_SUPPLIER_DISPATCH_ORDER", GETPOST("STOCK_CALCULATE_ON_SUPPLIER_DISPATCH_ORDER"),'chaine',0,'',$conf->entity);
+	if ($action == 'STOCK_CALCULATE_ON_SUPPLIER_BILL')           $res=dolibarr_set_const($db, "STOCK_CALCULATE_ON_SUPPLIER_BILL", GETPOST('STOCK_CALCULATE_ON_SUPPLIER_BILL','alpha'),'chaine',0,'',$conf->entity);
+	if ($action == 'STOCK_CALCULATE_ON_SUPPLIER_VALIDATE_ORDER') $res=dolibarr_set_const($db, "STOCK_CALCULATE_ON_SUPPLIER_VALIDATE_ORDER", GETPOST('STOCK_CALCULATE_ON_SUPPLIER_VALIDATE_ORDER','alpha'),'chaine',0,'',$conf->entity);
+	if ($action == 'STOCK_CALCULATE_ON_SUPPLIER_DISPATCH_ORDER') $res=dolibarr_set_const($db, "STOCK_CALCULATE_ON_SUPPLIER_DISPATCH_ORDER", GETPOST('STOCK_CALCULATE_ON_SUPPLIER_DISPATCH_ORDER','alpha'),'chaine',0,'',$conf->entity);
 }

 if($action)
--- a/htdocs/admin/taxes.php
+++ b/htdocs/admin/taxes.php
@ -2,7 +2,7 @@
 /* Copyright (C) 2004      Rodolphe Quiedeville <rodolphe@quiedeville.org>
 * Copyright (C) 2004-2008 Laurent Destailleur  <eldy@users.sourceforge.net>
 * Copyright (C) 2005-2009 Regis Houssin        <regis@dolibarr.fr>
- * Copyright (C) 2011 	   Juanjo Menent		<jmenent@2byte.es>
+ * Copyright (C) 2011-2012 Juanjo Menent		<jmenent@2byte.es>
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
@ -31,7 +31,7 @@ $langs->load('admin');

 if (!$user->admin) accessforbidden();

-$action = GETPOST("action");
+$action = GETPOST('action','alpha');

 /*
 * Actions
@ -53,7 +53,7 @@ $tax_mode = empty($conf->global->TAX_MODE)?0:$conf->global->TAX_MODE;

 if ($action == 'settaxmode')
 {
-    $tax_mode = GETPOST("tax_mode");
+    $tax_mode = GETPOST('tax_mode','alpha');

    $db->begin();

--- a/htdocs/bookmarks/admin/bookmark.php
+++ b/htdocs/bookmarks/admin/bookmark.php
@ -1,7 +1,7 @@
 <?php
 /* Copyright (C) 2004      Rodolphe Quiedeville <rodolphe@quiedeville.org>
 * Copyright (C) 2005-2009 Laurent Destailleur  <eldy@users.sourceforge.org>
- * Copyright (C) 2011      Juanjo Menent        <jmenent@2byte.es>
+ * Copyright (C) 2011-2012 Juanjo Menent        <jmenent@2byte.es>
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
@ -30,11 +30,11 @@ $langs->load("admin");
 if (!$user->admin)
 accessforbidden();

-$action=GETPOST("action");
+$action=GETPOST('action','alpha');

 if ($action == 'setvalue')
 {
-	$showmenu = GETPOST("BOOKMARKS_SHOW_IN_MENU");
+	$showmenu = GETPOST('BOOKMARKS_SHOW_IN_MENU','alpha');
 	$res = dolibarr_set_const($db, "BOOKMARKS_SHOW_IN_MENU",$showmenu,'chaine',0,'',$conf->entity);

 	if (! $res > 0) $error++;
@ -53,8 +53,7 @@ if ($action == 'setvalue')


 /*
- *
- *
+ * View
 */

 llxHeader();
--- a/htdocs/cashdesk/admin/cashdesk.php
+++ b/htdocs/cashdesk/admin/cashdesk.php
@ -1,6 +1,6 @@
 <?php
 /* Copyright (C) 2008-2011 Laurent Destailleur  <eldy@users.sourceforge.net>
- * Copyright (C) 2011 	   Juanjo Menent		<jmenent@2byte.es>
+ * Copyright (C) 2011-2012 Juanjo Menent		<jmenent@2byte.es>
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
@ -29,9 +29,9 @@ require_once(DOL_DOCUMENT_ROOT."/product/class/html.formproduct.class.php");
 // If socid provided by ajax company selector
 if (! empty($_REQUEST['CASHDESK_ID_THIRDPARTY_id']))
 {
-	$_GET['CASHDESK_ID_THIRDPARTY'] = $_GET['CASHDESK_ID_THIRDPARTY_id'];
-	$_POST['CASHDESK_ID_THIRDPARTY'] = $_POST['CASHDESK_ID_THIRDPARTY_id'];
-	$_REQUEST['CASHDESK_ID_THIRDPARTY'] = $_REQUEST['CASHDESK_ID_THIRDPARTY_id'];
+	$_GET['CASHDESK_ID_THIRDPARTY'] = GETPOST('CASHDESK_ID_THIRDPARTY_id','alpha');
+	$_POST['CASHDESK_ID_THIRDPARTY'] = GETPOST('CASHDESK_ID_THIRDPARTY_id','alpha');
+	$_REQUEST['CASHDESK_ID_THIRDPARTY'] = GETPOST('CASHDESK_ID_THIRDPARTY_id','alpha');
 }

 // Security check
@ -45,7 +45,7 @@ $langs->load("cashdesk");
 /*
 * Actions
 */
-if (GETPOST("action") == 'set')
+if (GETPOST('action','alpha') == 'set')
 {
 	$db->begin();

@ -54,13 +54,13 @@ if (GETPOST("action") == 'set')
 	if (GETPOST("CASHDESK_ID_WAREHOUSE") < 0)  $_POST["CASHDESK_ID_WAREHOUSE"]='';*/

 	$res = dolibarr_set_const($db,"CASHDESK_ID_THIRDPARTY",GETPOST('socid','int'),'chaine',0,'',$conf->entity);
-	$res = dolibarr_set_const($db,"CASHDESK_ID_BANKACCOUNT_CASH",GETPOST("CASHDESK_ID_BANKACCOUNT_CASH"),'chaine',0,'',$conf->entity);
-	$res = dolibarr_set_const($db,"CASHDESK_ID_BANKACCOUNT_CHEQUE",GETPOST("CASHDESK_ID_BANKACCOUNT_CHEQUE"),'chaine',0,'',$conf->entity);
-	$res = dolibarr_set_const($db,"CASHDESK_ID_BANKACCOUNT_CB",GETPOST("CASHDESK_ID_BANKACCOUNT_CB"),'chaine',0,'',$conf->entity);
-	$res = dolibarr_set_const($db,"CASHDESK_ID_WAREHOUSE",GETPOST("CASHDESK_ID_WAREHOUSE"),'chaine',0,'',$conf->entity);
-	$res = dolibarr_set_const($db,"CASHDESK_SERVICES", GETPOST("CASHDESK_SERVICES"),'chaine',0,'',$conf->entity);
+	$res = dolibarr_set_const($db,"CASHDESK_ID_BANKACCOUNT_CASH",GETPOST('CASHDESK_ID_BANKACCOUNT_CASH','alpha'),'chaine',0,'',$conf->entity);
+	$res = dolibarr_set_const($db,"CASHDESK_ID_BANKACCOUNT_CHEQUE",GETPOST('CASHDESK_ID_BANKACCOUNT_CHEQUE','alpha'),'chaine',0,'',$conf->entity);
+	$res = dolibarr_set_const($db,"CASHDESK_ID_BANKACCOUNT_CB",GETPOST('CASHDESK_ID_BANKACCOUNT_CB','alpha'),'chaine',0,'',$conf->entity);
+	$res = dolibarr_set_const($db,"CASHDESK_ID_WAREHOUSE",GETPOST('CASHDESK_ID_WAREHOUSE','alpha'),'chaine',0,'',$conf->entity);
+	$res = dolibarr_set_const($db,"CASHDESK_SERVICES", GETPOST('CASHDESK_SERVICES','alpha'),'chaine',0,'',$conf->entity);

-	dol_syslog("admin/cashdesk: level ".GETPOST("level"));
+	dol_syslog("admin/cashdesk: level ".GETPOST('level','alpha'));

 	if (! $res > 0) $error++;

--- a/htdocs/compta/bank/admin/bank.php
+++ b/htdocs/compta/bank/admin/bank.php
@ -1,6 +1,6 @@
 <?php
 /* Copyright (C) 2009 		Laurent Destailleur            <eldy@users.sourceforge.net>
- * Copyright (C) 2010-2011  Juanjo Menent			       <jmenent@2byte.es>
+ * Copyright (C) 2010-2012  Juanjo Menent			       <jmenent@2byte.es>
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
@ -36,7 +36,7 @@ $langs->load("banks");
 if (!$user->admin)
  accessforbidden();

-$action = GETPOST("action");
+$action = GETPOST('action','alpha');


 /*
@ -45,7 +45,7 @@ $action = GETPOST("action");

 if ($action == 'set_BANK_CHEQUERECEIPT_FREE_TEXT')
 {
-	$free = GETPOST("BANK_CHEQUERECEIPT_FREE_TEXT");
+	$free = GETPOST('BANK_CHEQUERECEIPT_FREE_TEXT','alpha');
    $res = dolibarr_set_const($db, "BANK_CHEQUERECEIPT_FREE_TEXT",$free,'chaine',0,'',$conf->entity);

 	if (! $res > 0) $error++;
@ -63,7 +63,7 @@ if ($action == 'set_BANK_CHEQUERECEIPT_FREE_TEXT')
 //Order display of bank account
 if ($action == 'setbankorder')
 {
-	if (dolibarr_set_const($db, "BANK_SHOW_ORDER_OPTION",$_GET["value"],'chaine',0,'',$conf->entity) > 0)
+	if (dolibarr_set_const($db, "BANK_SHOW_ORDER_OPTION",GETPOST('value','alpha'),'chaine',0,'',$conf->entity) > 0)
 	{
 		Header("Location: ".$_SERVER["PHP_SELF"]);
 		exit;
--- a/htdocs/langs/ca_ES/admin.lang
+++ b/htdocs/langs/ca_ES/admin.lang
@ -868,6 +868,7 @@ MAIN_PROXY_PASS=Contrasenya del servidor proxy
 DefineHereComplementaryAttributes=Definiu aquí la llista d'atributs addicionals, no disponibles a estàndard, i que vol gestionar per %s.
 ExtraFields=Atributs addicionals
 ExtraFieldHasWrongValue=L'atribut %s te un valor incorrecte.
+AlphaNumOnlyCharsAndNoSpace=només carateres alfanumèrics sense espais
 SendingMailSetup=Configuració de l'enviament per mail
 SendmailOptionNotComplete=Atenció, en alguns sistemes Linux, amb aquest mètode d'enviament, per poder enviar mails en nom seu, la configuració de sendmail ha de contenir l'opció <b>-ba</b> (paràmetre <b>mail.force_extra_parameters</b> a l'arxiu <b>php.ini</b>). Si alguns dels seus destinataris no reben els seus missatges, proveu de modificar aquest paràmetre PHP amb <b>mail.force_extra_parameters =-ba </b>.
 PathToDocuments=Rutes d'accés a documents
--- a/htdocs/langs/ca_ES/agenda.lang
+++ b/htdocs/langs/ca_ES/agenda.lang
@ -10,6 +10,8 @@ LocalAgenda=Calendari local
 AffectedTo=Assignada a
 DoneBy=Realitzat per
 Events=Esdeveniments
+MyEvents=Els meus events
+OtherEvents=Altres events
 ListOfActions=Llista d'esdeveniments
 EventOnFullDay=Esdeveniment per tot el dia
 Location=Localització
@ -63,12 +65,12 @@ AgendaUrlOptions4=<b>logint=%s</b> per a restringir insercions a accions que afe
 AgendaUrlOptions5=<b>logind=%s</b> per a restringir insercions a accions realitzades per l'usuari <b>%s</b>.
 AgendaShowBirthdayEvents=Mostra aniversari dels contactes
 AgendaHideBirthdayEvents=Amaga aniversari dels contacte
-ExtSites=Calendaris externs

 # External Sites ical
+ExportCal=Exportar calendari
 ExtSites=Calendaris externs
 ExtSitesEnableThisTool=Mostrar calendaris externs a l'agenda
 ExtSitesNbOfAgenda=Nombre de calendaris
 AgendaExtNb=Calendari nº %s
 ExtSiteUrlAgenda=Url d'accés a l'arxiu. ical
-ExtSiteNoLabel=Sense descripció
+ExtSiteNoLabel=Sense descripció
--- a/htdocs/langs/ca_ES/members.lang
+++ b/htdocs/langs/ca_ES/members.lang
@ -123,7 +123,6 @@ LastMembersModified=Els %s darrers membres modificats
 LastSubscriptionsModified=Les %s últimes afiliacions modificades
 AttributeName=Nom de l'atribut
 FieldEdition=Edició del camp %s
-AlphaNumOnlyCharsAndNoSpace=només carateres alfanumèrics sense espais
 String=Cadena
 Text=Text llarg
 Int=Numèric
--- a/htdocs/langs/en_US/admin.lang
+++ b/htdocs/langs/en_US/admin.lang
@ -861,6 +861,7 @@ MAIN_PROXY_PASS=Password to use the proxy server
 DefineHereComplementaryAttributes=Define here all atributes, not already available by default, and that you want to be supported for %s.
 ExtraFields=Complementary attributes
 ExtraFieldHasWrongValue=Attribut %s has a wrong value.
+AlphaNumOnlyCharsAndNoSpace=only alphanumericals characters without space
 SendingMailSetup=Setup of sendings by email
 SendmailOptionNotComplete=Warning, on some Linux systems, to send email from your email, sendmail execution setup must conatins option -ba (parameter mail.force_extra_parameters into your php.ini file). If some recipients never receive emails, try to edit this PHP parameter with mail.force_extra_parameters = -ba).
 PathToDocuments=Path to documents
--- a/htdocs/langs/en_US/members.lang
+++ b/htdocs/langs/en_US/members.lang
@ -120,7 +120,6 @@ LastMembersModified=Last %s modified members
 LastSubscriptionsModified=Last %s modified subscriptions
 AttributeName=Attribute name
 FieldEdition=Edition of field %s
-AlphaNumOnlyCharsAndNoSpace=only alphanumericals characters without space
 String=String
 Text=Text
 Int=Int
--- a/htdocs/langs/es_ES/admin.lang
+++ b/htdocs/langs/es_ES/admin.lang
@ -868,7 +868,8 @@ MAIN_PROXY_PASS=Contraseña del servidor proxy
 DefineHereComplementaryAttributes=Defina aquí la lista de atributos adicionales, no disponibles en estándar, y que desea gestionar para %s.
 ExtraFields=Atributos adicionales
 ExtraFieldHasWrongValue=El atributo %s tiene un valor incorrecto.
-SendingMailSetup=Configuració de l'enviament per mail
+AlphaNumOnlyCharsAndNoSpace=solamente caracteres alfanuméricos sin espacios
+SendingMailSetup=Configuración del envío por mail
 SendmailOptionNotComplete=Atención, en algunos sistemas Linux, con este método de envio, para poder enviar mails en su nombre, la configuración de sendmail debe contener la opción <b>-ba</b> (parámetro <b>mail.force_extra_parameters</b> en el archivo <b>php.ini</b>). Si algunos de sus destinatarios no reciben sus mensajes, pruebe a modificar este parámetro PHP con <b>mail.force_extra_parameters=-ba</b>.
 PathToDocuments=Rutas de acceso a documentos
 PathDirectory=Directorio
--- a/htdocs/langs/es_ES/agenda.lang
+++ b/htdocs/langs/es_ES/agenda.lang
@ -10,6 +10,8 @@ LocalAgenda=Calendario local
 AffectedTo=Asignada a
 DoneBy=Realizado por
 Events=Eventos
+MyEvents=Mis eventos
+OtherEvents=Otros eventos
 ListOfActions=Listado de eventos
 EventOnFullDay=Evento para todo el día
 Location=Localización
@ -63,8 +65,10 @@ AgendaUrlOptions4=<b>logint=%s</b> para restringir inserciones a acciones que af
 AgendaUrlOptions5=<b>logind=%s</b> para restringir inserciones a acciones realizadas por el usuario <b>%s</b>.
 AgendaShowBirthdayEvents=Mostrar cumpleaños de los contactos
 AgendaHideBirthdayEvents=Ocultar cumpleaños de los contactos
+
+# External Sites ical
+ExportCal=Exportar calendario
 ExtSites=Calendarios externos
-# External Sites ical=
 ExtSitesEnableThisTool=Mostrar calendarios externos en la agenda
 ExtSitesNbOfAgenda=Número de calendarios
 AgendaExtNb=Calendario nº %s
--- a/htdocs/langs/es_ES/members.lang
+++ b/htdocs/langs/es_ES/members.lang
@ -123,7 +123,6 @@ LastMembersModified=Los %s últimos miembros modificados
 LastSubscriptionsModified=Lass %s últimas afiliaciones modificadas
 AttributeName=Nombre del atributo
 FieldEdition=Edición del campo %s
-AlphaNumOnlyCharsAndNoSpace=solamente caracteres alfanuméricos sin espacios
 String=Cadena
 Text=Texto largo
 Int=Numérico
--- a/htdocs/langs/fr_FR/admin.lang
+++ b/htdocs/langs/fr_FR/admin.lang
@ -869,6 +869,7 @@ MAIN_PROXY_PASS=Mot de passe pour passer le serveur proxy mandataire
 DefineHereComplementaryAttributes=Definissez ici la liste des attributs supplémentaire, non disponible en standard, et que vous voulez voir gérez sur les %s.
 ExtraFields=Attributs suplémentaires
 ExtraFieldHasWrongValue=L'attribut %s a une valeur incorrecte.
+AlphaNumOnlyCharsAndNoSpace=uniquement caractères alphanumériques sans espace
 SendingMailSetup=Configuration de l'envoi par mail
 SendmailOptionNotComplete=Attention, sur certains systèmes Linux, avec cette méthode d'envoi, pour pouvoir envoyer des mails en votre nom, la configuration d'exécution de sendmail doit contenir l'option <b>-ba</b> (paramètre <b>mail.force_extra_parameters</b> dans le fichier <b>php.ini</b>). Si certains de vos destinataires ne reçoivent pas de message, essayer de modifer ce paramètre PHP avec <b>mail.force_extra_parameters = -ba</b>.
 PathToDocuments= Chemin d'accès aux documents
--- a/htdocs/langs/fr_FR/members.lang
+++ b/htdocs/langs/fr_FR/members.lang
@ -124,7 +124,6 @@ LastMembersModified=Les %s derniers adhérents modifiés
 LastSubscriptionsModified=Les %s dernières adhésions modifiées
 AttributeName=Nom de l'attribut
 FieldEdition=Édition du champ %s
-AlphaNumOnlyCharsAndNoSpace=uniquement caractères alphanumériques sans espace
 String=Chaîne
 Text=Texte long
 Int=Numérique
--- a/htdocs/product/admin/product.php
+++ b/htdocs/product/admin/product.php
@ -4,7 +4,7 @@
 * Copyright (C) 2006-2007 Rodolphe Quiedeville <rodolphe@quiedeville.org>
 * Copyright (C) 2007      Auguria SARL         <info@auguria.org>
 * Copyright (C) 2005-2012 Regis Houssin        <regis@dolibarr.fr>
- * Copyright (C) 2011 	   Juanjo Menent        <jmenent@2byte.es>
+ * Copyright (C) 2011-2012 Juanjo Menent        <jmenent@2byte.es>
 * Copyright (C) 2012      Christophe Battarel   <christophe.battarel@altairis.fr>
 **
 * This program is free software; you can redistribute it and/or modify
@ -38,8 +38,8 @@ $langs->load("products");
 // Security check
 if (! $user->admin) accessforbidden();

-$action = GETPOST("action");
-$value = GETPOST("value");
+$action = GETPOST('action','alpha');
+$value = GETPOST('value','alpha');


 /*
@ -56,35 +56,35 @@ else if ($action == 'multiprix_num')
 }
 if ($action == 'multiprix')
 {
-	$multiprix = GETPOST("activate_multiprix");
+	$multiprix = GETPOST('activate_multiprix','alpha');

 	$res = dolibarr_set_const($db, "PRODUIT_MULTIPRICES", $multiprix,'chaine',0,'',$conf->entity);
 	$res =dolibarr_set_const($db, "PRODUIT_MULTIPRICES_LIMIT", "5",'chaine',0,'',$conf->entity);
 }
 else if ($action == 'sousproduits')
 {
-	$sousproduits = GETPOST("activate_sousproduits");
+	$sousproduits = GETPOST('activate_sousproduits','alpha');
 	$res = dolibarr_set_const($db, "PRODUIT_SOUSPRODUITS", $sousproduits,'chaine',0,'',$conf->entity);
 }
 else if ($action == 'viewProdDescInForm')
 {
-	$view = GETPOST("activate_viewProdDescInForm");
+	$view = GETPOST('activate_viewProdDescInForm','alpha');
 	$res = dolibarr_set_const($db, "PRODUIT_DESC_IN_FORM", $view,'chaine',0,'',$conf->entity);
 }
 else if ($action == 'viewProdTextsInThirdpartyLanguage')
 {
-	$view = GETPOST("activate_viewProdTextsInThirdpartyLanguage");
+	$view = GETPOST('activate_viewProdTextsInThirdpartyLanguage','alpha');
 	$res = dolibarr_set_const($db, "PRODUIT_TEXTS_IN_THIRDPARTY_LANGUAGE", $view,'chaine',0,'',$conf->entity);
 }
 else if ($action == 'usesearchtoselectproduct')
 {
-	$usesearch = GETPOST("activate_usesearchtoselectproduct");
+	$usesearch = GETPOST('activate_usesearchtoselectproduct','alpha');
 	$res = dolibarr_set_const($db, "PRODUIT_USE_SEARCH_TO_SELECT", $usesearch,'chaine',0,'',$conf->entity);
 }
 else if ($action == 'set')
 {
-	$const = "PRODUCT_SPECIAL_".strtoupper($_GET["spe"]);
-	if ($_GET["value"]) $res = dolibarr_set_const($db, $const, $value,'chaine',0,'',$conf->entity);
+	$const = "PRODUCT_SPECIAL_".strtoupper(GETPOST('spe','alpha'));
+	if (GETPOST('value','alpha')) $res = dolibarr_set_const($db, $const, $value,'chaine',0,'',$conf->entity);
 	else $res = dolibarr_del_const($db, $const,$conf->entity);
 }
 /*else if ($action == 'useecotaxe')