diff --git a/htdocs/accountancy/bookkeeping/card.php b/htdocs/accountancy/bookkeeping/card.php index f0042f962bb..e9f50e77715 100644 --- a/htdocs/accountancy/bookkeeping/card.php +++ b/htdocs/accountancy/bookkeeping/card.php @@ -153,13 +153,13 @@ else if ($action == "add") { $book->label_operation= $label_operation; $book->debit = $debit; $book->credit = $credit; - $book->doc_date = GETPOST('doc_date'); - $book->doc_type = GETPOST('doc_type'); + $book->doc_date = GETPOST('doc_date','alpha'); + $book->doc_type = GETPOST('doc_type','alpha'); $book->piece_num = $piece_num; - $book->doc_ref = GETPOST('doc_ref'); - $book->code_journal = GETPOST('code_journal'); - $book->fk_doc = GETPOST('fk_doc'); - $book->fk_docdet = GETPOST('fk_docdet'); + $book->doc_ref = GETPOST('doc_ref','alpha'); + $book->code_journal = GETPOST('code_journal','alpha'); + $book->fk_doc = GETPOST('fk_doc','alpha'); + $book->fk_docdet = GETPOST('fk_docdet','alpha'); if (floatval($debit) != 0.0) { $book->montant = $debit; @@ -210,7 +210,7 @@ else if ($action == "confirm_create") { $book = new BookKeeping($db); - if (! GETPOST('code_journal') || GETPOST('code_journal') == '-1') { + if (! GETPOST('code_journal','alpha') || GETPOST('code_journal','alpha') == '-1') { setEventMessages($langs->trans('ErrorFieldRequired', $langs->transnoentitiesnoconv("Journal")), null, 'errors'); $action='create'; $error++; @@ -226,11 +226,11 @@ else if ($action == "confirm_create") { $book->label_compte = ''; $book->debit = 0; $book->credit = 0; - $book->doc_date = $date_start = dol_mktime(0, 0, 0, GETPOST('doc_datemonth'), GETPOST('doc_dateday'), GETPOST('doc_dateyear')); - $book->doc_type = GETPOST('doc_type'); - $book->piece_num = GETPOST('next_num_mvt'); - $book->doc_ref = GETPOST('doc_ref'); - $book->code_journal = GETPOST('code_journal'); + $book->doc_date = $date_start = dol_mktime(0, 0, 0, GETPOST('doc_datemonth','int'), GETPOST('doc_dateday','int'), GETPOST('doc_dateyear','int')); + $book->doc_type = GETPOST('doc_type','alpha'); + $book->piece_num = GETPOST('next_num_mvt','alpha'); + $book->doc_ref = GETPOST('doc_ref','alpha'); + $book->code_journal = GETPOST('code_journal','alpha'); $book->fk_doc = 0; $book->fk_docdet = 0; $book->montant = 0; @@ -265,8 +265,8 @@ if ($action == 'setdate') { } if ($action == 'setjournal') { - $journaldoc = trim(GETPOST('code_journal')); - $result = $object->updateByMvt($piece_num,'code_journal',$journaldoc,$mode); + $journaldoc = trim(GETPOST('code_journal','alpha')); + $result = $object->updateByMvt($piece_num, 'code_journal', $journaldoc, $mode); if ($result < 0) { setEventMessages($object->error, $object->errors, 'errors'); } else { @@ -279,7 +279,7 @@ if ($action == 'setjournal') { } if ($action == 'setdocref') { - $refdoc = trim(GETPOST('doc_ref')); + $refdoc = trim(GETPOST('doc_ref','alpha')); $result = $object->updateByMvt($piece_num,'doc_ref',$refdoc,$mode); if ($result < 0) { setEventMessages($object->error, $object->errors, 'errors'); @@ -476,11 +476,11 @@ if ($action == 'create') print ''; print ''; print ''; - print ''; + print ''; print ''; print ''; } else { - print $book->doc_ref ; + print $book->doc_ref ; } print ''; print ''; diff --git a/htdocs/accountancy/class/bookkeeping.class.php b/htdocs/accountancy/class/bookkeeping.class.php index d027b7c425b..7e29262324f 100644 --- a/htdocs/accountancy/class/bookkeeping.class.php +++ b/htdocs/accountancy/class/bookkeeping.class.php @@ -1254,7 +1254,7 @@ class BookKeeping extends CommonObject // first check if line not yet in bookkeeping $sql = "DELETE"; $sql .= " FROM " . MAIN_DB_PREFIX . $this->table_element; - $sql .= " WHERE piece_num = " . $piecenum; + $sql .= " WHERE piece_num = " . (int) $piecenum; $sql .= " AND entity IN (" . getEntity('accountancy') . ")"; $resql = $this->db->query($sql); diff --git a/htdocs/adherents/card.php b/htdocs/adherents/card.php index 5f78fb4466b..ffe84da6cf0 100644 --- a/htdocs/adherents/card.php +++ b/htdocs/adherents/card.php @@ -298,38 +298,38 @@ if (empty($reshook)) $object->oldcopy = clone $object; // Change values - $object->civility_id = trim($_POST["civility_id"]); - $object->firstname = trim($_POST["firstname"]); - $object->lastname = trim($_POST["lastname"]); - $object->login = trim($_POST["login"]); - $object->pass = trim($_POST["pass"]); + $object->civility_id = trim(GETPOST("civility_id",'alpha')); + $object->firstname = trim(GETPOST("firstname",'alpha')); + $object->lastname = trim(GETPOST("lastname",'alpha')); + $object->login = trim(GETPOST("login",'alpha')); + $object->pass = trim(GETPOST("pass",'alpha')); - $object->societe = trim($_POST["societe"]); - $object->company = trim($_POST["societe"]); + $object->societe = trim(GETPOST("societe",'alpha')); + $object->company = trim(GETPOST("societe",'alpha')); - $object->address = trim($_POST["address"]); - $object->zip = trim($_POST["zipcode"]); - $object->town = trim($_POST["town"]); - $object->state_id = $_POST["state_id"]; - $object->country_id = $_POST["country_id"]; + $object->address = trim(GETPOST("address",'alpha')); + $object->zip = trim(GETPOST("zipcode",'alpha')); + $object->town = trim(GETPOST("town",'alpha')); + $object->state_id = GETPOST("state_id",'int'); + $object->country_id = GETPOST("country_id",'int'); - $object->phone = trim($_POST["phone"]); - $object->phone_perso = trim($_POST["phone_perso"]); - $object->phone_mobile= trim($_POST["phone_mobile"]); - $object->email = trim($_POST["member_email"]); - $object->skype = trim($_POST["skype"]); + $object->phone = trim(GETPOST("phone",'alpha')); + $object->phone_perso = trim(GETPOST("phone_perso",'alpha')); + $object->phone_mobile= trim(GETPOST("phone_mobile",'alpha')); + $object->email = trim(GETPOST("member_email",'alpha')); + $object->skype = trim(GETPOST("skype",'alpha')); $object->birth = $birthdate; - $object->typeid = $_POST["typeid"]; - //$object->note = trim($_POST["comment"]); - $object->morphy = $_POST["morphy"]; + $object->typeid = GETPOST("typeid",'int'); + //$object->note = trim(GETPOST("comment"]); + $object->morphy = GETPOST("morphy",'alpha'); if (GETPOST('deletephoto')) $object->photo=''; elseif (! empty($_FILES['photo']['name'])) $object->photo = dol_sanitizeFileName($_FILES['photo']['name']); // Get status and public property - $object->statut = $_POST["statut"]; - $object->public = $_POST["public"]; + $object->statut = GETPOST("statut",'alpha'); + $object->public = GETPOST("public",'alpha'); // Fill array 'array_options' with data from add form $ret = $extrafields->setOptionalsFromPost($extralabels,$object); @@ -445,32 +445,32 @@ if (empty($reshook)) $datesubscription=dol_mktime(12, 0, 0, $_POST["remonth"], $_POST["reday"], $_POST["reyear"]); } - $typeid=$_POST["typeid"]; - $civility_id=$_POST["civility_id"]; - $lastname=$_POST["lastname"]; - $firstname=$_POST["firstname"]; - $societe=$_POST["societe"]; - $address=$_POST["address"]; - $zip=$_POST["zipcode"]; - $town=$_POST["town"]; - $state_id=$_POST["state_id"]; - $country_id=$_POST["country_id"]; + $typeid=GETPOST("typeid",'int'); + $civility_id=GETPOST("civility_id",'int'); + $lastname=GETPOST("lastname",'alpha'); + $firstname=GETPOST("firstname",'alpha'); + $societe=GETPOST("societe",'alpha'); + $address=GETPOST("address",'alpha'); + $zip=GETPOST("zipcode",'alpha'); + $town=GETPOST("town",'alpha'); + $state_id=GETPOST("state_id",'int'); + $country_id=GETPOST("country_id",'int'); - $phone=$_POST["phone"]; - $phone_perso=$_POST["phone_perso"]; - $phone_mobile=$_POST["phone_mobile"]; - $skype=$_POST["member_skype"]; - $email=$_POST["member_email"]; - $login=$_POST["member_login"]; - $pass=$_POST["password"]; - $photo=$_POST["photo"]; - //$comment=$_POST["comment"]; - $morphy=$_POST["morphy"]; - $subscription=$_POST["subscription"]; - $public=$_POST["public"]; + $phone=GETPOST("phone",'alpha'); + $phone_perso=GETPOST("phone_perso",'alpha'); + $phone_mobile=GETPOST("phone_mobile",'alpha'); + $skype=GETPOST("member_skype",'alpha'); + $email=GETPOST("member_email",'alpha'); + $login=GETPOST("member_login",'alpha'); + $pass=GETPOST("password",'alpha'); + $photo=GETPOST("photo",'alpha'); + //$comment=GETPOST("comment",'none'); + $morphy=GETPOST("morphy",'alpha'); + $subscription=GETPOST("subscription",'alpha'); + $public=GETPOST("public",'alpha'); - $userid=$_POST["userid"]; - $socid=$_POST["socid"]; + $userid=GETPOST("userid",'int'); + $socid=GETPOST("socid",'int'); $object->civility_id = $civility_id; $object->firstname = $firstname; @@ -1093,14 +1093,14 @@ else $morphys["phy"] = $langs->trans("Physical"); $morphys["mor"] = $langs->trans("Morale"); print ''.$langs->trans("Nature").''; - print $form->selectarray("morphy", $morphys, isset($_POST["morphy"])?$_POST["morphy"]:$object->morphy); + print $form->selectarray("morphy", $morphys, (GETPOSTISSET("morphy")?GETPOST("morphy",'alpha'):$object->morphy)); print ""; // Type print ''.$langs->trans("Type").''; if ($user->rights->adherent->creer) { - print $form->selectarray("typeid", $adht->liste_array(), (isset($_POST["typeid"])?$_POST["typeid"]:$object->typeid)); + print $form->selectarray("typeid", $adht->liste_array(), (GETPOSTISSET("typeid")?GETPOST("typeid",'int'):$object->typeid)); } else { diff --git a/htdocs/adherents/class/adherent.class.php b/htdocs/adherents/class/adherent.class.php index bd0722ae63e..507695b0ffd 100644 --- a/htdocs/adherents/class/adherent.class.php +++ b/htdocs/adherents/class/adherent.class.php @@ -439,8 +439,8 @@ class Adherent extends CommonObject $sql.= ", note_public = ".($this->note_public?"'".$this->db->escape($this->note_public)."'":"null"); $sql.= ", photo = ".($this->photo?"'".$this->db->escape($this->photo)."'":"null"); $sql.= ", public = '".$this->db->escape($this->public)."'"; - $sql.= ", statut = ".$this->statut; - $sql.= ", fk_adherent_type = ".$this->typeid; + $sql.= ", statut = ".$this->db->escape($this->statut); + $sql.= ", fk_adherent_type = ".$this->db->escape($this->typeid); $sql.= ", morphy = '".$this->db->escape($this->morphy)."'"; $sql.= ", birth = ".($this->birth?"'".$this->db->idate($this->birth)."'":"null"); if ($this->datefin) $sql.= ", datefin = '".$this->db->idate($this->datefin)."'"; // Must be modified only when deleting a subscription diff --git a/htdocs/adherents/class/adherent_type.class.php b/htdocs/adherents/class/adherent_type.class.php index c352f5dc944..2f8592d3a21 100644 --- a/htdocs/adherents/class/adherent_type.class.php +++ b/htdocs/adherents/class/adherent_type.class.php @@ -265,7 +265,7 @@ class AdherentType extends CommonObject { $sql = "SELECT d.rowid, d.libelle as label, d.statut, d.subscription, d.mail_valid, d.note, d.vote"; $sql .= " FROM ".MAIN_DB_PREFIX."adherent_type as d"; - $sql .= " WHERE d.rowid = ".$rowid; + $sql .= " WHERE d.rowid = ".(int) $rowid; dol_syslog("Adherent_type::fetch", LOG_DEBUG); diff --git a/htdocs/adherents/list.php b/htdocs/adherents/list.php index fc30d6f1ae2..cae878829b7 100644 --- a/htdocs/adherents/list.php +++ b/htdocs/adherents/list.php @@ -42,23 +42,23 @@ $toselect = GETPOST('toselect', 'array'); // Security check $result=restrictedArea($user,'adherent'); -$filter=GETPOST("filter"); -$statut=GETPOST("statut"); -$search=GETPOST("search"); -$search_ref=GETPOST("search_ref"); -$search_lastname=GETPOST("search_lastname"); -$search_firstname=GETPOST("search_firstname"); -$search_login=GETPOST("search_login"); -$search_address=GETPOST("search_address"); -$search_zip=GETPOST("search_zip"); -$search_town=GETPOST("search_town"); -$search_state=GETPOST("search_state"); -$search_country=GETPOST("search_country"); -$search_phone=GETPOST("search_phone"); -$search_phone_perso=GETPOST("search_phone_perso"); -$search_phone_mobile=GETPOST("search_phone_mobile"); -$search_type=GETPOST("search_type"); -$search_email=GETPOST("search_email"); +$filter=GETPOST("filter",'alpha'); +$statut=GETPOST("statut",'alpha'); +$search=GETPOST("search",'alpha'); +$search_ref=GETPOST("search_ref",'alpha'); +$search_lastname=GETPOST("search_lastname",'alpha'); +$search_firstname=GETPOST("search_firstname",'alpha'); +$search_login=GETPOST("search_login",'alpha'); +$search_address=GETPOST("search_address",'alpha'); +$search_zip=GETPOST("search_zip",'alpha'); +$search_town=GETPOST("search_town",'alpha'); +$search_state=GETPOST("search_state",'alpha'); +$search_country=GETPOST("search_country",'alpha'); +$search_phone=GETPOST("search_phone",'alpha'); +$search_phone_perso=GETPOST("search_phone_perso",'alpha'); +$search_phone_mobile=GETPOST("search_phone_mobile",'alpha'); +$search_type=GETPOST("search_type",'alpha'); +$search_email=GETPOST("search_email",'alpha'); $search_categ = GETPOST("search_categ",'int'); $catid = GETPOST("catid",'int'); $optioncss = GETPOST('optioncss','alpha'); @@ -288,7 +288,7 @@ if ($num == 1 && ! empty($conf->global->MAIN_SEARCH_DIRECT_OPEN_IF_ONLY_ONE) && llxHeader('',$langs->trans("Member"),'EN:Module_Foundations|FR:Module_Adhérents|ES:Módulo_Miembros'); $titre=$langs->trans("MembersList"); -if (isset($_GET["statut"])) +if (GETPOSTISSET("statut")) { if ($statut == '-1,1') { $titre=$langs->trans("MembersListQualified"); } if ($statut == '-1') { $titre=$langs->trans("MembersListToValid"); } diff --git a/htdocs/admin/company.php b/htdocs/admin/company.php index 1a0680363a9..62c3dbd73b7 100644 --- a/htdocs/admin/company.php +++ b/htdocs/admin/company.php @@ -339,18 +339,18 @@ if ($action == 'edit' || $action == 'updateedit') print ''; //if (empty($country_selected)) $country_selected=substr($langs->defaultlang,-2); // By default, country of localization - print $form->select_country($mysoc->country_id,'country_id'); + print $form->select_country($mysoc->country_id, 'country_id'); if ($user->admin) print info_admin($langs->trans("YouCanChangeValuesForThisListFromDictionarySetup"),1); print ''."\n"; print ''; - $formcompany->select_departement($conf->global->MAIN_INFO_SOCIETE_STATE,$mysoc->country_code,'state_id'); + $formcompany->select_departement($conf->global->MAIN_INFO_SOCIETE_STATE, $mysoc->country_code, 'state_id'); print ''."\n"; print ''; - print $form->selectCurrency($conf->currency,"currency"); + print $form->selectCurrency($conf->currency, "currency"); print ''."\n"; diff --git a/htdocs/bookmarks/card.php b/htdocs/bookmarks/card.php index dcc6d8cdeab..54512a8049e 100644 --- a/htdocs/bookmarks/card.php +++ b/htdocs/bookmarks/card.php @@ -35,7 +35,7 @@ if (! $user->rights->bookmark->lire) { restrictedArea($user, 'bookmarks'); } -$id=GETPOST("id"); +$id=GETPOST("id",'int'); $action=GETPOST("action","alpha"); $title=GETPOST("title","alpha"); $url=GETPOST("url","alpha"); diff --git a/htdocs/compta/stats/casoc.php b/htdocs/compta/stats/casoc.php index f59b6fc454f..b7b37d0837c 100644 --- a/htdocs/compta/stats/casoc.php +++ b/htdocs/compta/stats/casoc.php @@ -63,18 +63,18 @@ if (! empty($conf->comptabilite->enabled)) $result=restrictedArea($user,'compta' if (! empty($conf->accounting->enabled)) $result=restrictedArea($user,'accounting','','','comptarapport'); // Date range -$year=GETPOST("year"); -$month=GETPOST("month"); -$search_societe = GETPOST("search_societe"); -$search_zip = GETPOST("search_zip"); -$search_town = GETPOST("search_town"); -$search_country = GETPOST("search_country"); -$date_startyear = GETPOST("date_startyear"); -$date_startmonth = GETPOST("date_startmonth"); -$date_startday = GETPOST("date_startday"); -$date_endyear = GETPOST("date_endyear"); -$date_endmonth = GETPOST("date_endmonth"); -$date_endday = GETPOST("date_endday"); +$year=GETPOST("year",'int'); +$month=GETPOST("month",'int'); +$search_societe = GETPOST("search_societe",'alpha'); +$search_zip = GETPOST("search_zip",'alpha'); +$search_town = GETPOST("search_town",'alpha'); +$search_country = GETPOST("search_country",'alpha'); +$date_startyear = GETPOST("date_startyear",'alpha'); +$date_startmonth = GETPOST("date_startmonth",'alpha'); +$date_startday = GETPOST("date_startday",'alpha'); +$date_endyear = GETPOST("date_endyear",'alpha'); +$date_endmonth = GETPOST("date_endmonth",'alpha'); +$date_endday = GETPOST("date_endday",'alpha'); if (empty($year)) { $year_current = strftime("%Y",dol_now()); @@ -85,8 +85,8 @@ if (empty($year)) $month_current = strftime("%m",dol_now()); $year_start = $year; } -$date_start=dol_mktime(0,0,0,$_REQUEST["date_startmonth"],$_REQUEST["date_startday"],$_REQUEST["date_startyear"]); -$date_end=dol_mktime(23,59,59,$_REQUEST["date_endmonth"],$_REQUEST["date_endday"],$_REQUEST["date_endyear"]); +$date_start=dol_mktime(0,0,0,GETPOST("date_startmonth"),GETPOST("date_startday"),GETPOST("date_startyear")); +$date_end=dol_mktime(23,59,59,GETPOST("date_endmonth"),GETPOST("date_endday"),GETPOST("date_endyear")); // Quarter if (empty($date_start) || empty($date_end)) // We define date_start and date_end { diff --git a/htdocs/langs/en_US/categories.lang b/htdocs/langs/en_US/categories.lang index 41e5f4e4c13..8b38b2f1f42 100644 --- a/htdocs/langs/en_US/categories.lang +++ b/htdocs/langs/en_US/categories.lang @@ -16,7 +16,7 @@ MembersCategoriesArea=Members tags/categories area ContactsCategoriesArea=Contacts tags/categories area AccountsCategoriesArea=Accounts tags/categories area ProjectsCategoriesArea=Projects tags/categories area -SubCats=Subcategories +SubCats=Sub-categories CatList=List of tags/categories NewCategory=New tag/category ModifCat=Modify tag/category diff --git a/htdocs/societe/class/societe.class.php b/htdocs/societe/class/societe.class.php index 71438f0fe3d..bb3a12bb051 100644 --- a/htdocs/societe/class/societe.class.php +++ b/htdocs/societe/class/societe.class.php @@ -980,9 +980,9 @@ class Societe extends CommonObject $sql .= ", code_fournisseur = ".(! empty($this->code_fournisseur)?"'".$this->db->escape($this->code_fournisseur)."'":"null"); $sql .= ", code_compta_fournisseur = ".(! empty($this->code_compta_fournisseur)?"'".$this->db->escape($this->code_compta_fournisseur)."'":"null"); } - $sql .= ", fk_user_modif = ".(! empty($user->id)?"'".$user->id."'":"null"); + $sql .= ", fk_user_modif = ".($user->id > 0 ? $user->id:"null"); $sql .= ", fk_multicurrency = ".(int) $this->fk_multicurrency; - $sql .= ', multicurrency_code = \''.$this->db->escape($this->multicurrency_code)."'"; + $sql .= ", multicurrency_code = '".$this->db->escape($this->multicurrency_code)."'"; $sql .= " WHERE rowid = '" . $id ."'"; $resql=$this->db->query($sql);