From 4917403365ddbbf0ac51d8a904c9761ba751a245 Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Wed, 25 Nov 2020 12:46:03 +0100
Subject: [PATCH] Avoid dynamic var

---
 htdocs/opensurvey/wizard/create_survey.php | 14 ++++++--------
 1 file changed, 6 insertions(+), 8 deletions(-)

diff --git a/htdocs/opensurvey/wizard/create_survey.php b/htdocs/opensurvey/wizard/create_survey.php
index 1ae5699500b..b295f007ca8 100644
--- a/htdocs/opensurvey/wizard/create_survey.php
+++ b/htdocs/opensurvey/wizard/create_survey.php
@@ -35,15 +35,13 @@ if (!$user->rights->opensurvey->write) accessforbidden();
 
 $langs->load("opensurvey");
 
-// On teste toutes les variables pour supprimer l'ensemble des warnings PHP
-// On transforme en entites html les données afin éviter les failles XSS
-$post_var = array('title', 'description', 'mailsonde', 'creation_sondage_date', 'creation_sondage_autre');
-foreach ($post_var as $var)
-{
-	$$var = GETPOST($var);
-}
+$title = GETPOST('title');
+$description = GETPOST('description', 'restricthtml');
+$mailsonde = GETPOST('mailsonde');
+$creation_sondage_date = GETPOST('creation_sondage_date');
+$creation_sondage_date = GETPOST('creation_sondage_date');
 
-// On initialise egalement la session car sinon bonjour les warning :-)
+// We init some session variable to avoir warning
 $session_var = array('title', 'description', 'mailsonde');
 foreach ($session_var as $var)
 {