From 5807db9a228850f92b2091d667b3b0e14ff3537a Mon Sep 17 00:00:00 2001
From: Regis Houssin <regis@dolibarr.fr>
Date: Wed, 10 Nov 2010 21:07:04 +0000
Subject: [PATCH] Fix: XSS injection

---
 htdocs/commande/liste.php | 18 +++++++++---------
 1 file changed, 9 insertions(+), 9 deletions(-)

diff --git a/htdocs/commande/liste.php b/htdocs/commande/liste.php
index 188340c7682..56b2230b2b4 100644
--- a/htdocs/commande/liste.php
+++ b/htdocs/commande/liste.php
@@ -35,15 +35,15 @@ $langs->load('orders');
 $langs->load('deliveries');
 $langs->load('companies');
 
-$orderyear=isset($_GET["orderyear"])?$_GET["orderyear"]:$_POST["orderyear"];
-$ordermonth=isset($_GET["ordermonth"])?$_GET["ordermonth"]:$_POST["ordermonth"];
-$deliveryyear=isset($_GET["deliveryyear"])?$_GET["deliveryyear"]:$_POST["deliveryyear"];
-$deliverymonth=isset($_GET["deliverymonth"])?$_GET["deliverymonth"]:$_POST["deliverymonth"];
-$sref=isset($_GET['sref'])?$_GET['sref']:$_POST['sref'];
-$sref_client=isset($_GET['sref_client'])?$_GET['sref_client']:(isset($_POST['sref_client'])?$_POST['sref_client']:'');
-$snom=isset($_GET['snom'])?$_GET['snom']:$_POST['snom'];
-$sall=isset($_GET['sall'])?$_GET['sall']:$_POST['sall'];
-$socid=isset($_GET['socid'])?$_GET['socid']:$_POST['socid'];
+$orderyear=GETPOST("orderyear","int");
+$ordermonth=GETPOST("ordermonth","int");
+$deliveryyear=GETPOST("deliveryyear","int");
+$deliverymonth=GETPOST("deliverymonth","int");
+$sref=GETPOST('sref');
+$sref_client=GETPOST('sref_client');
+$snom=GETPOST('snom');
+$sall=GETPOST('sall');
+$socid=GETPOST('socid','int');
 
 // Security check
 $orderid = isset($_GET["orderid"])?$_GET["orderid"]:'';