diff --git a/htdocs/holiday/card.php b/htdocs/holiday/card.php
index 05fca97348a..f9112f5faad 100644
--- a/htdocs/holiday/card.php
+++ b/htdocs/holiday/card.php
@@ -1174,7 +1174,7 @@ if ((empty($id) && empty($ref)) || $action == 'create' || $action == 'add') {
$errors[] = $langs->transnoentitiesnoconv('NoMotifRefuseCP');
break;
case 'mail':
- $errors[] = $langs->transnoentitiesnoconv('ErrorMailNotSend')."\n".$_GET['error_content'];
+ $errors[] = $langs->transnoentitiesnoconv('ErrorMailNotSend');
break;
}
diff --git a/htdocs/install/step2.php b/htdocs/install/step2.php
index fac191feec5..4569f917dec 100644
--- a/htdocs/install/step2.php
+++ b/htdocs/install/step2.php
@@ -147,10 +147,10 @@ if ($action == "set") {
// To disable some code, so you can call step2 with url like
// http://localhost/dolibarrnew/install/step2.php?action=set&token='.newToken().'&createtables=0&createkeys=0&createfunctions=0&createdata=llx_20_c_departements
- $createtables = isset($_GET['createtables']) ?GETPOST('createtables') : 1;
- $createkeys = isset($_GET['createkeys']) ?GETPOST('createkeys') : 1;
- $createfunctions = isset($_GET['createfunctions']) ?GETPOST('createfunction') : 1;
- $createdata = isset($_GET['createdata']) ?GETPOST('createdata') : 1;
+ $createtables = GETPOSTISSET('createtables') ? GETPOST('createtables') : 1;
+ $createkeys = GETPOSTISSET('createkeys') ? GETPOST('createkeys') : 1;
+ $createfunctions = GETPOSTISSET('createfunctions') ? GETPOST('createfunction') : 1;
+ $createdata = GETPOSTISSET('createdata') ? GETPOST('createdata') : 1;
// To say sql requests are escaped for mysql so we need to unescape them
diff --git a/htdocs/projet/ajax/projects.php b/htdocs/projet/ajax/projects.php
index d933e6f55a0..69e439fdf1f 100644
--- a/htdocs/projet/ajax/projects.php
+++ b/htdocs/projet/ajax/projects.php
@@ -41,7 +41,7 @@ if (!defined('NOREQUIRESOC')) {
if (!defined('NOCSRFCHECK')) {
define('NOCSRFCHECK', '1');
}
-if (empty($_GET['keysearch']) && !defined('NOREQUIREHTML')) {
+if (!defined('NOREQUIREHTML')) {
define('NOREQUIREHTML', '1');
}
diff --git a/htdocs/projet/tasks/time.php b/htdocs/projet/tasks/time.php
index d19047f7abb..d803162afc4 100644
--- a/htdocs/projet/tasks/time.php
+++ b/htdocs/projet/tasks/time.php
@@ -1867,7 +1867,7 @@ if (($id > 0 || !empty($ref)) || $projectidforalltimes > 0 || $allprojectforuser
// Date
if (!empty($arrayfields['t.task_date']['checked'])) {
print '| ';
- if ($action == 'editline' && $_GET['lineid'] == $task_time->rowid) {
+ if ($action == 'editline' && GETPOST('lineid', 'int') == $task_time->rowid) {
if (empty($task_time->task_date_withhour)) {
print $form->selectDate(($date2 ? $date2 : $date1), 'timeline', 3, 3, 2, "timespent_date", 1, 0);
} else {
@@ -1920,7 +1920,7 @@ if (($id > 0 || !empty($ref)) || $projectidforalltimes > 0 || $allprojectforuser
if (!empty($arrayfields['t.task_ref']['checked'])) {
if ((empty($id) && empty($ref)) || !empty($projectidforalltimes)) { // Not a dedicated task
print ' | ';
- if ($action == 'editline' && $_GET['lineid'] == $task_time->rowid) {
+ if ($action == 'editline' && GETPOST('lineid', 'int') == $task_time->rowid) {
$formproject->selectTasks(-1, GETPOST('taskid', 'int') ? GETPOST('taskid', 'int') : $task_time->fk_task, 'taskid', 0, 0, 1, 1, 0, 0, 'maxwidth300', $projectstatic->id, '');
} else {
$tasktmp->id = $task_time->fk_task;
@@ -1952,7 +1952,7 @@ if (($id > 0 || !empty($ref)) || $projectidforalltimes > 0 || $allprojectforuser
// By User
if (!empty($arrayfields['author']['checked'])) {
print ' | ';
- if ($action == 'editline' && $_GET['lineid'] == $task_time->rowid) {
+ if ($action == 'editline' && GETPOST('lineid', 'int') == $task_time->rowid) {
if (empty($object->id)) {
$object->fetch($id);
}
@@ -1983,7 +1983,7 @@ if (($id > 0 || !empty($ref)) || $projectidforalltimes > 0 || $allprojectforuser
// Note
if (!empty($arrayfields['t.note']['checked'])) {
print ' | ';
- if ($action == 'editline' && $_GET['lineid'] == $task_time->rowid) {
+ if ($action == 'editline' && GETPOST('lineid', 'int') == $task_time->rowid) {
print '';
} else {
print dol_nl2br($task_time->note);
@@ -1992,14 +1992,14 @@ if (($id > 0 || !empty($ref)) || $projectidforalltimes > 0 || $allprojectforuser
if (!$i) {
$totalarray['nbfield']++;
}
- } elseif ($action == 'editline' && $_GET['lineid'] == $task_time->rowid) {
+ } elseif ($action == 'editline' && GETPOST('lineid', 'int') == $task_time->rowid) {
print '';
}
// Time spent
if (!empty($arrayfields['t.task_duration']['checked'])) {
print ' | ';
- if ($action == 'editline' && $_GET['lineid'] == $task_time->rowid) {
+ if ($action == 'editline' && GETPOST('lineid', 'int') == $task_time->rowid) {
print '';
print $form->select_duration('new_duration', $task_time->task_duration, 0, 'text');
} else {
@@ -2136,13 +2136,13 @@ if (($id > 0 || !empty($ref)) || $projectidforalltimes > 0 || $allprojectforuser
// Add line to split
- if ($action == 'splitline' && $_GET['lineid'] == $task_time->rowid) {
+ if ($action == 'splitline' && GETPOST('lineid', 'int') == $task_time->rowid) {
print ' | ';
// Date
if (!empty($arrayfields['t.task_date']['checked'])) {
print '| ';
- if ($action == 'splitline' && $_GET['lineid'] == $task_time->rowid) {
+ if ($action == 'splitline' && GETPOST('lineid', 'int') == $task_time->rowid) {
if (empty($task_time->task_date_withhour)) {
print $form->selectDate(($date2 ? $date2 : $date1), 'timeline', 3, 3, 2, "timespent_date", 1, 0);
} else {
@@ -2186,7 +2186,7 @@ if (($id > 0 || !empty($ref)) || $projectidforalltimes > 0 || $allprojectforuser
// User
if (!empty($arrayfields['author']['checked'])) {
print ' | ';
- if ($action == 'splitline' && $_GET['lineid'] == $task_time->rowid) {
+ if ($action == 'splitline' && GETPOST('lineid', 'int') == $task_time->rowid) {
if (empty($object->id)) {
$object->fetch($id);
}
@@ -2214,20 +2214,20 @@ if (($id > 0 || !empty($ref)) || $projectidforalltimes > 0 || $allprojectforuser
// Note
if (!empty($arrayfields['t.note']['checked'])) {
print ' | ';
- if ($action == 'splitline' && $_GET['lineid'] == $task_time->rowid) {
+ if ($action == 'splitline' && GETPOST('lineid', 'int') == $task_time->rowid) {
print '';
} else {
print dol_nl2br($task_time->note);
}
print ' | ';
- } elseif ($action == 'splitline' && $_GET['lineid'] == $task_time->rowid) {
+ } elseif ($action == 'splitline' && GETPOST('lineid', 'int') == $task_time->rowid) {
print '';
}
// Time spent
if (!empty($arrayfields['t.task_duration']['checked'])) {
print '';
- if ($action == 'splitline' && $_GET['lineid'] == $task_time->rowid) {
+ if ($action == 'splitline' && GETPOST('lineid', 'int') == $task_time->rowid) {
print '';
print $form->select_duration('new_duration', $task_time->task_duration, 0, 'text');
} else {
@@ -2280,7 +2280,7 @@ if (($id > 0 || !empty($ref)) || $projectidforalltimes > 0 || $allprojectforuser
// Date
if (!empty($arrayfields['t.task_date']['checked'])) {
print ' | ';
- if ($action == 'splitline' && $_GET['lineid'] == $task_time->rowid) {
+ if ($action == 'splitline' && GETPOST('lineid', 'int') == $task_time->rowid) {
if (empty($task_time->task_date_withhour)) {
print $form->selectDate(($date2 ? $date2 : $date1), 'timeline_2', 3, 3, 2, "timespent_date", 1, 0);
} else {
@@ -2324,7 +2324,7 @@ if (($id > 0 || !empty($ref)) || $projectidforalltimes > 0 || $allprojectforuser
// User
if (!empty($arrayfields['author']['checked'])) {
print ' | ';
- if ($action == 'splitline' && $_GET['lineid'] == $task_time->rowid) {
+ if ($action == 'splitline' && GETPOST('lineid', 'int') == $task_time->rowid) {
if (empty($object->id)) {
$object->fetch($id);
}
@@ -2352,20 +2352,20 @@ if (($id > 0 || !empty($ref)) || $projectidforalltimes > 0 || $allprojectforuser
// Note
if (!empty($arrayfields['t.note']['checked'])) {
print ' | ';
- if ($action == 'splitline' && $_GET['lineid'] == $task_time->rowid) {
+ if ($action == 'splitline' && GETPOST('lineid', 'int') == $task_time->rowid) {
print '';
} else {
print dol_nl2br($task_time->note);
}
print ' | ';
- } elseif ($action == 'splitline' && $_GET['lineid'] == $task_time->rowid) {
+ } elseif ($action == 'splitline' && GETPOST('lineid', 'int') == $task_time->rowid) {
print '';
}
// Time spent
if (!empty($arrayfields['t.task_duration']['checked'])) {
print '';
- if ($action == 'splitline' && $_GET['lineid'] == $task_time->rowid) {
+ if ($action == 'splitline' && GETPOST('lineid', 'int') == $task_time->rowid) {
print '';
print $form->select_duration('new_duration_2', 0, 0, 'text');
} else {
diff --git a/htdocs/salaries/payment_salary/card.php b/htdocs/salaries/payment_salary/card.php
index 9e5a55563e4..b3234e39490 100644
--- a/htdocs/salaries/payment_salary/card.php
+++ b/htdocs/salaries/payment_salary/card.php
@@ -111,7 +111,7 @@ if ($action == 'delete') {
/*
if ($action == 'valide')
{
- $facid = $_GET['facid'];
+ $facid = GETPOST('facid', 'int');
print $form->formconfirm('card.php?id='.$object->id.'&facid='.$facid, $langs->trans("ValidatePayment"), $langs->trans("ConfirmValidatePayment"), 'confirm_valide','',0,2);
}
diff --git a/htdocs/societe/list.php b/htdocs/societe/list.php
index a358cbe5d6f..07591d7db9d 100644
--- a/htdocs/societe/list.php
+++ b/htdocs/societe/list.php
@@ -50,17 +50,11 @@ $show_files = GETPOST('show_files', 'int');
$confirm = GETPOST('confirm', 'alpha');
$toselect = GETPOST('toselect', 'array');
$contextpage = GETPOST('contextpage', 'aZ') ?GETPOST('contextpage', 'aZ') : 'thirdpartylist';
-
+$optioncss = GETPOST('optioncss', 'alpha');
if ($contextpage == 'poslist') {
- $_GET['optioncss'] = 'print';
+ $optioncss = 'print';
}
-
-// Security check
-$socid = GETPOST('socid', 'int');
-if ($user->socid) {
- $socid = $user->socid;
-}
-$result = restrictedArea($user, 'societe', $socid, '');
+$mode = GETPOST("mode", 'alpha');
$search_all = trim(GETPOST('search_all', 'alphanohtml') ?GETPOST('search_all', 'alphanohtml') : GETPOST('sall', 'alphanohtml'));
$search_cti = preg_replace('/^0+/', '', preg_replace('/[^0-9]/', '', GETPOST('search_cti', 'alphanohtml'))); // Phone number without any special chars
@@ -105,8 +99,6 @@ $search_import_key = trim(GETPOST("search_import_key", "alpha"));
$search_parent_name = trim(GETPOST('search_parent_name', 'alpha'));
$type = GETPOST('type', 'alpha');
-$optioncss = GETPOST('optioncss', 'alpha');
-$mode = GETPOST("mode", 'alpha');
$place = GETPOST('place', 'aZ09') ? GETPOST('place', 'aZ09') : '0'; // $place is string id of table for Bar or Restaurant
$diroutputmassaction = $conf->societe->dir_output.'/temp/massgeneration/'.$user->id;
@@ -268,6 +260,14 @@ include DOL_DOCUMENT_ROOT.'/core/tpl/extrafields_list_array_fields.tpl.php';
$object->fields = dol_sort_array($object->fields, 'position');
$arrayfields = dol_sort_array($arrayfields, 'position');
+// Security check
+$socid = GETPOST('socid', 'int');
+if ($user->socid) {
+ $socid = $user->socid;
+}
+$result = restrictedArea($user, 'societe', $socid, '');
+
+
/*
* Actions
@@ -1737,9 +1737,10 @@ while ($i < min($num, $limit)) {
$totalarray['nbfield']++;
}
}
+ // Import key
if (!empty($arrayfields['s.import_key']['checked'])) {
- print ' | ';
- print $obj->import_key;
+ print ' | ';
+ print dol_escape_htmltag($obj->import_key);
print " | \n";
if (!$i) {
$totalarray['nbfield']++;