From b1215875824c2fd4f38a34926ef5f07ecc93e27e Mon Sep 17 00:00:00 2001
From: Florian HENRY <florian.henry@open-concept.pro>
Date: Mon, 22 Mar 2021 15:39:54 +0100
Subject: [PATCH 1/3] change  to GETPOST

---
 htdocs/projet/tasks/time.php | 26 +++++++++++++-------------
 1 file changed, 13 insertions(+), 13 deletions(-)

diff --git a/htdocs/projet/tasks/time.php b/htdocs/projet/tasks/time.php
index ffb214e3830..3cd49eb7d9e 100644
--- a/htdocs/projet/tasks/time.php
+++ b/htdocs/projet/tasks/time.php
@@ -175,10 +175,10 @@ if ($action == 'addtimespent' && $user->rights->projet->lire)
 				$action = 'createtime';
 				$error++;
 			} else {
-				$object->timespent_note = $_POST["timespent_note"];
+				$object->timespent_note = GETPOST('timespent_note','alpha');
 				if (GETPOST('progress', 'int') > 0) $object->progress = GETPOST('progress', 'int'); // If progress is -1 (not defined), we do not change value
-				$object->timespent_duration = $_POST["timespent_durationhour"] * 60 * 60; // We store duration in seconds
-				$object->timespent_duration += ($_POST["timespent_durationmin"] ? $_POST["timespent_durationmin"] : 0) * 60; // We store duration in seconds
+				$object->timespent_duration = (int) GETPOST("timespent_durationhour",'int') * 60 * 60; // We store duration in seconds
+				$object->timespent_duration += (GETPOST('timespent_durationmin','int') ? (int) GETPOST('timespent_durationmin','int') : 0) * 60; // We store duration in seconds
 				if (GETPOST("timehour") != '' && GETPOST("timehour") >= 0)	// If hour was entered
 				{
 					$object->timespent_date = dol_mktime(GETPOST("timehour"), GETPOST("timemin"), 0, GETPOST("timemonth"), GETPOST("timeday"), GETPOST("timeyear"));
@@ -224,10 +224,10 @@ if (($action == 'updateline' || $action == 'updatesplitline') && !$cancel && $us
 			$result = $object->delTimeSpent($user);
 
 			$object->fetch($id, $ref);
-			$object->timespent_note = $_POST["timespent_note_line"];
-			$object->timespent_old_duration = $_POST["old_duration"];
-			$object->timespent_duration = $_POST["new_durationhour"] * 60 * 60; // We store duration in seconds
-			$object->timespent_duration += ($_POST["new_durationmin"] ? $_POST["new_durationmin"] : 0) * 60; // We store duration in seconds
+			$object->timespent_note = GETPOST('timespent_note_line','alpha');
+			$object->timespent_old_duration = GETPOST("old_duration");
+			$object->timespent_duration = (int) GETPOST("new_durationhour", 'int') * 60 * 60; // We store duration in seconds
+			$object->timespent_duration += (GETPOST("new_durationmin", 'int') ? (int) GETPOST('new_durationmin', 'int') : 0) * 60; // We store duration in seconds
 			if (GETPOST("timelinehour") != '' && GETPOST("timelinehour") >= 0)	// If hour was entered
 			{
 				$object->timespent_date = dol_mktime(GETPOST("timelinehour"), GETPOST("timelinemin"), 0, GETPOST("timelinemonth"), GETPOST("timelineday"), GETPOST("timelineyear"));
@@ -248,11 +248,11 @@ if (($action == 'updateline' || $action == 'updatesplitline') && !$cancel && $us
 			$object->fetch($id, $ref);
 			// TODO Check that ($task_time->fk_user == $user->id || in_array($task_time->fk_user, $childids))
 
-			$object->timespent_id = $_POST["lineid"];
-			$object->timespent_note = $_POST["timespent_note_line"];
-			$object->timespent_old_duration = $_POST["old_duration"];
-			$object->timespent_duration = $_POST["new_durationhour"] * 60 * 60; // We store duration in seconds
-			$object->timespent_duration += ($_POST["new_durationmin"] ? $_POST["new_durationmin"] : 0) * 60; // We store duration in seconds
+			$object->timespent_id = GETPOST("lineid" , 'int');
+			$object->timespent_note = GETPOST('timespent_note_line','alpha');
+			$object->timespent_old_duration = GETPOST("old_duration");
+			$object->timespent_duration = (int) GETPOST("new_durationhour", 'int') * 60 * 60; // We store duration in seconds
+			$object->timespent_duration += (GETPOST("new_durationmin", 'int') ? (int) GETPOST('new_durationmin', 'int') : 0) * 60; // We store duration in seconds
 			if (GETPOST("timelinehour") != '' && GETPOST("timelinehour") >= 0)	// If hour was entered
 			{
 				$object->timespent_date = dol_mktime(GETPOST("timelinehour"), GETPOST("timelinemin"), 0, GETPOST("timelinemonth"), GETPOST("timelineday"), GETPOST("timelineyear"));
@@ -260,7 +260,7 @@ if (($action == 'updateline' || $action == 'updatesplitline') && !$cancel && $us
 			} else {
 				$object->timespent_date = dol_mktime(12, 0, 0, GETPOST("timelinemonth"), GETPOST("timelineday"), GETPOST("timelineyear"));
 			}
-			$object->timespent_fk_user = $_POST["userid_line"];
+			$object->timespent_fk_user = GETPOST("userid_line" , 'int');
 
 			$result = $object->updateTimeSpent($user);
 			if ($result >= 0)

From ba66eaeb188f45f553f595d743a861d3115a0ca5 Mon Sep 17 00:00:00 2001
From: stickler-ci <support@stickler-ci.com>
Date: Mon, 22 Mar 2021 14:42:31 +0000
Subject: [PATCH 2/3] Fixing style errors.

---
 htdocs/projet/tasks/time.php | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/htdocs/projet/tasks/time.php b/htdocs/projet/tasks/time.php
index 3cd49eb7d9e..eeca9e34cd1 100644
--- a/htdocs/projet/tasks/time.php
+++ b/htdocs/projet/tasks/time.php
@@ -175,10 +175,10 @@ if ($action == 'addtimespent' && $user->rights->projet->lire)
 				$action = 'createtime';
 				$error++;
 			} else {
-				$object->timespent_note = GETPOST('timespent_note','alpha');
+				$object->timespent_note = GETPOST('timespent_note', 'alpha');
 				if (GETPOST('progress', 'int') > 0) $object->progress = GETPOST('progress', 'int'); // If progress is -1 (not defined), we do not change value
-				$object->timespent_duration = (int) GETPOST("timespent_durationhour",'int') * 60 * 60; // We store duration in seconds
-				$object->timespent_duration += (GETPOST('timespent_durationmin','int') ? (int) GETPOST('timespent_durationmin','int') : 0) * 60; // We store duration in seconds
+				$object->timespent_duration = (int) GETPOST("timespent_durationhour", 'int') * 60 * 60; // We store duration in seconds
+				$object->timespent_duration += (GETPOST('timespent_durationmin', 'int') ? (int) GETPOST('timespent_durationmin', 'int') : 0) * 60; // We store duration in seconds
 				if (GETPOST("timehour") != '' && GETPOST("timehour") >= 0)	// If hour was entered
 				{
 					$object->timespent_date = dol_mktime(GETPOST("timehour"), GETPOST("timemin"), 0, GETPOST("timemonth"), GETPOST("timeday"), GETPOST("timeyear"));
@@ -224,7 +224,7 @@ if (($action == 'updateline' || $action == 'updatesplitline') && !$cancel && $us
 			$result = $object->delTimeSpent($user);
 
 			$object->fetch($id, $ref);
-			$object->timespent_note = GETPOST('timespent_note_line','alpha');
+			$object->timespent_note = GETPOST('timespent_note_line', 'alpha');
 			$object->timespent_old_duration = GETPOST("old_duration");
 			$object->timespent_duration = (int) GETPOST("new_durationhour", 'int') * 60 * 60; // We store duration in seconds
 			$object->timespent_duration += (GETPOST("new_durationmin", 'int') ? (int) GETPOST('new_durationmin', 'int') : 0) * 60; // We store duration in seconds
@@ -248,8 +248,8 @@ if (($action == 'updateline' || $action == 'updatesplitline') && !$cancel && $us
 			$object->fetch($id, $ref);
 			// TODO Check that ($task_time->fk_user == $user->id || in_array($task_time->fk_user, $childids))
 
-			$object->timespent_id = GETPOST("lineid" , 'int');
-			$object->timespent_note = GETPOST('timespent_note_line','alpha');
+			$object->timespent_id = GETPOST("lineid", 'int');
+			$object->timespent_note = GETPOST('timespent_note_line', 'alpha');
 			$object->timespent_old_duration = GETPOST("old_duration");
 			$object->timespent_duration = (int) GETPOST("new_durationhour", 'int') * 60 * 60; // We store duration in seconds
 			$object->timespent_duration += (GETPOST("new_durationmin", 'int') ? (int) GETPOST('new_durationmin', 'int') : 0) * 60; // We store duration in seconds
@@ -260,7 +260,7 @@ if (($action == 'updateline' || $action == 'updatesplitline') && !$cancel && $us
 			} else {
 				$object->timespent_date = dol_mktime(12, 0, 0, GETPOST("timelinemonth"), GETPOST("timelineday"), GETPOST("timelineyear"));
 			}
-			$object->timespent_fk_user = GETPOST("userid_line" , 'int');
+			$object->timespent_fk_user = GETPOST("userid_line", 'int');
 
 			$result = $object->updateTimeSpent($user);
 			if ($result >= 0)

From 443fd544be8fc5dad558d22936eb12f1c31be42f Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Thu, 25 Mar 2021 01:07:29 +0100
Subject: [PATCH 3/3] Update time.php

---
 htdocs/projet/tasks/time.php | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/htdocs/projet/tasks/time.php b/htdocs/projet/tasks/time.php
index eeca9e34cd1..534a7ec09f5 100644
--- a/htdocs/projet/tasks/time.php
+++ b/htdocs/projet/tasks/time.php
@@ -177,8 +177,8 @@ if ($action == 'addtimespent' && $user->rights->projet->lire)
 			} else {
 				$object->timespent_note = GETPOST('timespent_note', 'alpha');
 				if (GETPOST('progress', 'int') > 0) $object->progress = GETPOST('progress', 'int'); // If progress is -1 (not defined), we do not change value
-				$object->timespent_duration = (int) GETPOST("timespent_durationhour", 'int') * 60 * 60; // We store duration in seconds
-				$object->timespent_duration += (GETPOST('timespent_durationmin', 'int') ? (int) GETPOST('timespent_durationmin', 'int') : 0) * 60; // We store duration in seconds
+				$object->timespent_duration = GETPOSTINT("timespent_durationhour") * 60 * 60; // We store duration in seconds
+				$object->timespent_duration += (GETPOSTINT('timespent_durationmin') ? GETPOSTINT('timespent_durationmin') : 0) * 60; // We store duration in seconds
 				if (GETPOST("timehour") != '' && GETPOST("timehour") >= 0)	// If hour was entered
 				{
 					$object->timespent_date = dol_mktime(GETPOST("timehour"), GETPOST("timemin"), 0, GETPOST("timemonth"), GETPOST("timeday"), GETPOST("timeyear"));
@@ -226,8 +226,8 @@ if (($action == 'updateline' || $action == 'updatesplitline') && !$cancel && $us
 			$object->fetch($id, $ref);
 			$object->timespent_note = GETPOST('timespent_note_line', 'alpha');
 			$object->timespent_old_duration = GETPOST("old_duration");
-			$object->timespent_duration = (int) GETPOST("new_durationhour", 'int') * 60 * 60; // We store duration in seconds
-			$object->timespent_duration += (GETPOST("new_durationmin", 'int') ? (int) GETPOST('new_durationmin', 'int') : 0) * 60; // We store duration in seconds
+			$object->timespent_duration = GETPOSTINT("new_durationhour") * 60 * 60; // We store duration in seconds
+			$object->timespent_duration += (GETPOSTINT("new_durationmin") ? GETPOSTINT('new_durationmin') : 0) * 60; // We store duration in seconds
 			if (GETPOST("timelinehour") != '' && GETPOST("timelinehour") >= 0)	// If hour was entered
 			{
 				$object->timespent_date = dol_mktime(GETPOST("timelinehour"), GETPOST("timelinemin"), 0, GETPOST("timelinemonth"), GETPOST("timelineday"), GETPOST("timelineyear"));
@@ -251,8 +251,8 @@ if (($action == 'updateline' || $action == 'updatesplitline') && !$cancel && $us
 			$object->timespent_id = GETPOST("lineid", 'int');
 			$object->timespent_note = GETPOST('timespent_note_line', 'alpha');
 			$object->timespent_old_duration = GETPOST("old_duration");
-			$object->timespent_duration = (int) GETPOST("new_durationhour", 'int') * 60 * 60; // We store duration in seconds
-			$object->timespent_duration += (GETPOST("new_durationmin", 'int') ? (int) GETPOST('new_durationmin', 'int') : 0) * 60; // We store duration in seconds
+			$object->timespent_duration = GETPOSTINT("new_durationhour") * 60 * 60; // We store duration in seconds
+			$object->timespent_duration += (GETPOSTINT("new_durationmin") ? GETPOSTINT('new_durationmin') : 0) * 60; // We store duration in seconds
 			if (GETPOST("timelinehour") != '' && GETPOST("timelinehour") >= 0)	// If hour was entered
 			{
 				$object->timespent_date = dol_mktime(GETPOST("timelinehour"), GETPOST("timelinemin"), 0, GETPOST("timelinemonth"), GETPOST("timelineday"), GETPOST("timelineyear"));