From 5062eb80065e172c6d23662ac4e35d4181f24ec6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=A9dric=20Salvador?= Date: Thu, 27 Jun 2013 15:54:04 +0200 Subject: [PATCH] check types on getpost + date research --- htdocs/product/stock/replenish.php | 12 ++++---- htdocs/product/stock/replenishorders.php | 39 +++++++++++++++--------- 2 files changed, 31 insertions(+), 20 deletions(-) diff --git a/htdocs/product/stock/replenish.php b/htdocs/product/stock/replenish.php index 728c5713261..0b0f1235a62 100644 --- a/htdocs/product/stock/replenish.php +++ b/htdocs/product/stock/replenish.php @@ -69,11 +69,11 @@ function ordered($product_id) } $action = GETPOST('action','alpha'); -$sref = GETPOST('sref'); -$snom = GETPOST('snom'); -$sall = GETPOST('sall'); +$sref = GETPOST('sref', 'alpha'); +$snom = GETPOST('snom', 'alpha'); +$sall = GETPOST('sall', 'alpha'); $type = GETPOST('type','int'); -$tobuy = GETPOST('tobuy'); +$tobuy = GETPOST('tobuy', 'int'); $sortfield = GETPOST('sortfield','alpha'); $sortorder = GETPOST('sortorder','alpha'); @@ -238,7 +238,7 @@ if ($resql) { $head[1][1] = $langs->trans("ReplenishmentOrders"); $head[1][2] = 'replenishorders'; dol_fiche_head($head, 'replenish', $title, 0, 'stock'); - if ($sref || $snom || $sall || GETPOST('search')) { + if ($sref || $snom || $sall || GETPOST('search', 'alpha')) { $filters = '&sref=' . $sref . '&snom=' . $snom; $filters .= '&sall=' . $sall; print_barre_liste($texte, @@ -496,7 +496,7 @@ if ($resql) { ''; if ($num > $conf->liste_limit) { - if ($sref || $snom || $sall || GETPOST('search')) { + if ($sref || $snom || $sall || GETPOST('search', 'alpha')) { $filters = '&sref=' . $sref . '&snom=' . $snom; $filters .= '&sall=' . $sall; print_barre_liste('', diff --git a/htdocs/product/stock/replenishorders.php b/htdocs/product/stock/replenishorders.php index 8fd3a110205..c4b8bf657a2 100644 --- a/htdocs/product/stock/replenishorders.php +++ b/htdocs/product/stock/replenishorders.php @@ -53,16 +53,16 @@ dol_fiche_head($head, 0, 'stock'); $commandestatic = new CommandeFournisseur($db); -$sref = GETPOST('search_ref'); -$snom = GETPOST('search_nom'); -$suser = GETPOST('search_user'); -$sttc = GETPOST('search_ttc'); -$sall = GETPOST('search_all'); -$sdate = GETPOST('search_date'); +$sref = GETPOST('search_ref', 'alpha'); +$snom = GETPOST('search_nom', 'alpha'); +$suser = GETPOST('search_user', 'alpha'); +$sttc = GETPOST('search_ttc', 'int'); +$sall = GETPOST('search_all', 'alpha'); +$sdate = GETPOST('search_date', 'alpha'); $page = GETPOST('page', 'int'); -$sortorder = GETPOST('sortorder'); -$sortfield = GETPOST('sortfield'); +$sortorder = GETPOST('sortorder', 'alpha'); +$sortfield = GETPOST('sortfield', 'alpha'); if (!$sortorder) { $sortorder = 'DESC'; @@ -109,10 +109,21 @@ if ($sttc) { } if ($sdate) { $elts = explode('/', $sdate); - $date = date('Y-m-d', - mktime(0, 0, 0, $elts[1], $elts[0], $elts[2]) - ); - $sql .= ' AND cf.date_creation LIKE "' . $date . '%"'; + $datearray = array(); + if($elts[2]) + { + $datearray[0] = $elts[2]; + } + if($elts[1]) + { + $datearray[1] = $elts[1]; + } + if($elts[0]) + { + $datearray[2] = $elts[0]; + } + $date = implode('-', $datearray); + $sql .= ' AND cf.date_creation LIKE "%' . $date . '%"'; } if ($sall) { $sql .= ' AND (cf.ref LIKE "%' . $db->escape($sall) . '%" '; @@ -122,8 +133,8 @@ if ($socid) { $sql .= ' AND s.rowid = ' . $socid; } -if (GETPOST('statut')) { - $sql .= ' AND fk_statut = ' . GETPOST('statut'); +if (GETPOST('statut', 'int')) { + $sql .= ' AND fk_statut = ' . GETPOST('statut', 'int'); } $sql .= ' ORDER BY ' . $sortfield . ' ' . $sortorder . ' ';