diff --git a/htdocs/accountancy/admin/account.php b/htdocs/accountancy/admin/account.php index 7f909cd2f13..d3556135972 100644 --- a/htdocs/accountancy/admin/account.php +++ b/htdocs/accountancy/admin/account.php @@ -37,7 +37,7 @@ $langs->load("accountancy"); $langs->load("salaries"); $mesg = ''; -$action = GETPOST('action'); +$action = GETPOST('action','aZ09'); $cancel = GETPOST('cancel'); $id = GETPOST('id', 'int'); $rowid = GETPOST('rowid', 'int'); diff --git a/htdocs/accountancy/admin/card.php b/htdocs/accountancy/admin/card.php index 8e77c4a5dab..3522460e07b 100644 --- a/htdocs/accountancy/admin/card.php +++ b/htdocs/accountancy/admin/card.php @@ -37,7 +37,7 @@ $langs->load("bills"); $langs->load("accountancy"); $mesg = ''; -$action = GETPOST('action'); +$action = GETPOST('action','aZ09'); $backtopage = GETPOST('backtopage'); $id = GETPOST('id', 'int'); $rowid = GETPOST('rowid', 'int'); diff --git a/htdocs/accountancy/admin/categories.php b/htdocs/accountancy/admin/categories.php index 19c33d848c8..fd8c67246f4 100644 --- a/htdocs/accountancy/admin/categories.php +++ b/htdocs/accountancy/admin/categories.php @@ -36,7 +36,7 @@ $mesg = ''; $id = GETPOST('id', 'int'); $rowid = GETPOST('rowid', 'int'); $cancel = GETPOST('cancel'); -$action = GETPOST('action'); +$action = GETPOST('action','aZ09'); $cat_id = GETPOST('account_category'); $selectcpt = GETPOST('cpt_bk', 'array'); $cpt_id = GETPOST('cptid'); diff --git a/htdocs/accountancy/admin/fiscalyear.php b/htdocs/accountancy/admin/fiscalyear.php index 507a68a3c01..16e11225d49 100644 --- a/htdocs/accountancy/admin/fiscalyear.php +++ b/htdocs/accountancy/admin/fiscalyear.php @@ -25,7 +25,7 @@ require '../../main.inc.php'; require_once DOL_DOCUMENT_ROOT . '/core/lib/date.lib.php'; require_once DOL_DOCUMENT_ROOT . '/core/class/fiscalyear.class.php'; -$action = GETPOST('action'); +$action = GETPOST('action','aZ09'); // Load variable for pagination $limit = GETPOST("limit")?GETPOST("limit","int"):$conf->liste_limit; diff --git a/htdocs/accountancy/bookkeeping/card.php b/htdocs/accountancy/bookkeeping/card.php index 055451016e9..7ee3e6bb4fe 100644 --- a/htdocs/accountancy/bookkeeping/card.php +++ b/htdocs/accountancy/bookkeeping/card.php @@ -43,7 +43,7 @@ if ($user->societe_id > 0) { accessforbidden(); } -$action = GETPOST('action'); +$action = GETPOST('action','aZ09'); $piece_num = GETPOST("piece_num"); $mesg = ''; diff --git a/htdocs/accountancy/expensereport/index.php b/htdocs/accountancy/expensereport/index.php index 4bfeb630b02..a38194356bd 100644 --- a/htdocs/accountancy/expensereport/index.php +++ b/htdocs/accountancy/expensereport/index.php @@ -55,7 +55,7 @@ if ($year == 0) { } // Validate History -$action = GETPOST('action'); +$action = GETPOST('action','aZ09'); /* diff --git a/htdocs/accountancy/journal/bankjournal.php b/htdocs/accountancy/journal/bankjournal.php index a68798869a2..d1602bedf00 100644 --- a/htdocs/accountancy/journal/bankjournal.php +++ b/htdocs/accountancy/journal/bankjournal.php @@ -71,7 +71,7 @@ $date_startyear = GETPOST('date_startyear'); $date_endmonth = GETPOST('date_endmonth'); $date_endday = GETPOST('date_endday'); $date_endyear = GETPOST('date_endyear'); -$action = GETPOST('action'); +$action = GETPOST('action','aZ09'); $now = dol_now(); diff --git a/htdocs/accountancy/journal/expensereportsjournal.php b/htdocs/accountancy/journal/expensereportsjournal.php index 8e343bcbb08..f67224e3996 100644 --- a/htdocs/accountancy/journal/expensereportsjournal.php +++ b/htdocs/accountancy/journal/expensereportsjournal.php @@ -58,7 +58,7 @@ $now = dol_now(); if ($user->societe_id > 0) accessforbidden(); -$action = GETPOST('action'); +$action = GETPOST('action','aZ09'); /* diff --git a/htdocs/accountancy/journal/purchasesjournal.php b/htdocs/accountancy/journal/purchasesjournal.php index 232a6d7611c..f9cd162b6a0 100644 --- a/htdocs/accountancy/journal/purchasesjournal.php +++ b/htdocs/accountancy/journal/purchasesjournal.php @@ -57,7 +57,7 @@ $now = dol_now(); if ($user->societe_id > 0) accessforbidden(); -$action = GETPOST('action'); +$action = GETPOST('action','aZ09'); /* diff --git a/htdocs/accountancy/journal/sellsjournal.php b/htdocs/accountancy/journal/sellsjournal.php index 9af2bd2d135..85ce7361394 100644 --- a/htdocs/accountancy/journal/sellsjournal.php +++ b/htdocs/accountancy/journal/sellsjournal.php @@ -60,7 +60,7 @@ $now = dol_now(); if ($user->societe_id > 0) accessforbidden(); -$action = GETPOST('action'); +$action = GETPOST('action','aZ09'); /* diff --git a/htdocs/accountancy/report/result.php b/htdocs/accountancy/report/result.php index a487cb641ff..aa31185604a 100644 --- a/htdocs/accountancy/report/result.php +++ b/htdocs/accountancy/report/result.php @@ -35,7 +35,7 @@ $langs->load("accountancy"); $langs->load("compta"); $mesg = ''; -$action = GETPOST('action'); +$action = GETPOST('action','aZ09'); $cat_id = GETPOST('account_category'); $selectcpt = GETPOST('cpt_bk'); $id = GETPOST('id', 'int'); diff --git a/htdocs/adherents/ldap.php b/htdocs/adherents/ldap.php index a5f61a45642..38e90663c0f 100644 --- a/htdocs/adherents/ldap.php +++ b/htdocs/adherents/ldap.php @@ -35,7 +35,7 @@ $langs->load("ldap"); $langs->load("admin"); $rowid = GETPOST('id','int'); -$action = GETPOST('action'); +$action = GETPOST('action','aZ09'); // Protection $socid=0; diff --git a/htdocs/adherents/list.php b/htdocs/adherents/list.php index 7a6013b9b78..33d175e6350 100644 --- a/htdocs/adherents/list.php +++ b/htdocs/adherents/list.php @@ -37,7 +37,7 @@ $langs->load("companies"); // Security check $result=restrictedArea($user,'adherent'); -$action=GETPOST("action"); +$action=GETPOST('action','aZ09'); $filter=GETPOST("filter"); $statut=GETPOST("statut"); $search=GETPOST("search"); diff --git a/htdocs/admin/clicktodial.php b/htdocs/admin/clicktodial.php index 86b94d8ecf0..df3c54f758c 100644 --- a/htdocs/admin/clicktodial.php +++ b/htdocs/admin/clicktodial.php @@ -30,7 +30,7 @@ $langs->load("admin"); if (!$user->admin) accessforbidden(); -$action = GETPOST("action"); +$action = GETPOST('action','aZ09'); /* diff --git a/htdocs/admin/company.php b/htdocs/admin/company.php index ef22d8ecb4a..4487f81c2fe 100644 --- a/htdocs/admin/company.php +++ b/htdocs/admin/company.php @@ -36,7 +36,7 @@ require_once DOL_DOCUMENT_ROOT.'/core/lib/functions2.lib.php'; require_once DOL_DOCUMENT_ROOT.'/core/class/html.formother.class.php'; require_once DOL_DOCUMENT_ROOT.'/core/class/html.formcompany.class.php'; -$action=GETPOST('action'); +$action=GETPOST('action','aZ09'); $langs->load("admin"); $langs->load("companies"); diff --git a/htdocs/admin/events.php b/htdocs/admin/events.php index 74525a6855b..7a8c71c0130 100644 --- a/htdocs/admin/events.php +++ b/htdocs/admin/events.php @@ -35,7 +35,7 @@ $langs->load("users"); $langs->load("admin"); $langs->load("other"); -$action=GETPOST("action"); +$action=GETPOST('action','aZ09'); $securityevent=new Events($db); diff --git a/htdocs/admin/external_rss.php b/htdocs/admin/external_rss.php index 30646b749fa..1d9621ad378 100644 --- a/htdocs/admin/external_rss.php +++ b/htdocs/admin/external_rss.php @@ -38,7 +38,7 @@ if (!$user->admin) accessforbidden(); $def = array(); $lastexternalrss=0; -$action=GETPOST('action'); +$action=GETPOST('action','aZ09'); /* diff --git a/htdocs/admin/geoipmaxmind.php b/htdocs/admin/geoipmaxmind.php index 5a69a356777..5ae1a04e2ea 100644 --- a/htdocs/admin/geoipmaxmind.php +++ b/htdocs/admin/geoipmaxmind.php @@ -33,7 +33,7 @@ accessforbidden(); $langs->load("admin"); $langs->load("errors"); -$action = GETPOST("action"); +$action = GETPOST('action','aZ09'); /* * Actions diff --git a/htdocs/admin/ihm.php b/htdocs/admin/ihm.php index 6e5c814639b..7c23b62f230 100644 --- a/htdocs/admin/ihm.php +++ b/htdocs/admin/ihm.php @@ -45,7 +45,7 @@ $langs->load("agenda"); if (! $user->admin) accessforbidden(); -$action = GETPOST('action'); +$action = GETPOST('action','aZ09'); if (! defined("MAIN_MOTD")) define("MAIN_MOTD",""); diff --git a/htdocs/admin/ldap.php b/htdocs/admin/ldap.php index 770d91d1d11..4d8dab035ca 100644 --- a/htdocs/admin/ldap.php +++ b/htdocs/admin/ldap.php @@ -36,7 +36,7 @@ $langs->load("admin"); if (!$user->admin) accessforbidden(); - $action = GETPOST("action"); + $action = GETPOST('action','aZ09'); /* * Actions diff --git a/htdocs/admin/ldap_contacts.php b/htdocs/admin/ldap_contacts.php index 27e32f8cd7c..d5ca994c258 100644 --- a/htdocs/admin/ldap_contacts.php +++ b/htdocs/admin/ldap_contacts.php @@ -38,7 +38,7 @@ $langs->load("errors"); if (!$user->admin) accessforbidden(); -$action = GETPOST("action"); +$action = GETPOST('action','aZ09'); /* * Actions diff --git a/htdocs/admin/ldap_groups.php b/htdocs/admin/ldap_groups.php index 192b11bfd8d..3f8869de70f 100644 --- a/htdocs/admin/ldap_groups.php +++ b/htdocs/admin/ldap_groups.php @@ -39,7 +39,7 @@ $langs->load("errors"); if (!$user->admin) accessforbidden(); -$action = GETPOST("action"); +$action = GETPOST('action','aZ09'); /* diff --git a/htdocs/admin/ldap_members.php b/htdocs/admin/ldap_members.php index 8c7291c3dc4..afbf8da375a 100644 --- a/htdocs/admin/ldap_members.php +++ b/htdocs/admin/ldap_members.php @@ -39,7 +39,7 @@ $langs->load("errors"); if (!$user->admin) accessforbidden(); -$action = GETPOST("action"); +$action = GETPOST('action','aZ09'); /* * Actions diff --git a/htdocs/admin/ldap_users.php b/htdocs/admin/ldap_users.php index 79f34001a63..43a6720a448 100644 --- a/htdocs/admin/ldap_users.php +++ b/htdocs/admin/ldap_users.php @@ -39,7 +39,7 @@ $langs->load("errors"); if (!$user->admin) accessforbidden(); -$action = GETPOST("action"); +$action = GETPOST('action','aZ09'); /* * Actions diff --git a/htdocs/admin/mailman.php b/htdocs/admin/mailman.php index 27d7b59553a..3048f519a86 100644 --- a/htdocs/admin/mailman.php +++ b/htdocs/admin/mailman.php @@ -41,7 +41,7 @@ if (! $user->admin) accessforbidden(); $type=array('yesno','texte','chaine'); -$action = GETPOST("action"); +$action = GETPOST('action','aZ09'); $testsubscribeemail = GETPOST("testsubscribeemail"); $testunsubscribeemail = GETPOST("testunsubscribeemail"); diff --git a/htdocs/admin/menus.php b/htdocs/admin/menus.php index ddfb4d0cd62..888045f3297 100644 --- a/htdocs/admin/menus.php +++ b/htdocs/admin/menus.php @@ -27,7 +27,7 @@ require '../main.inc.php'; require_once DOL_DOCUMENT_ROOT.'/core/lib/admin.lib.php'; require_once DOL_DOCUMENT_ROOT.'/core/class/html.formadmin.class.php'; -$action=GETPOST('action'); +$action=GETPOST('action','aZ09'); $langs->load("companies"); $langs->load("products"); diff --git a/htdocs/admin/menus/edit.php b/htdocs/admin/menus/edit.php index 0a2669e960d..db03407fed1 100644 --- a/htdocs/admin/menus/edit.php +++ b/htdocs/admin/menus/edit.php @@ -43,7 +43,7 @@ foreach($dirmenus as $dirmenu) $dirsmartphone[]=$dirmenu.'smartphone'; } -$action=GETPOST('action'); +$action=GETPOST('action','aZ09'); $menu_handler_top=$conf->global->MAIN_MENU_STANDARD; $menu_handler_smartphone=$conf->global->MAIN_MENU_SMARTPHONE; diff --git a/htdocs/admin/notification.php b/htdocs/admin/notification.php index c82e64d48ea..73fb3d91587 100644 --- a/htdocs/admin/notification.php +++ b/htdocs/admin/notification.php @@ -41,7 +41,7 @@ $langs->load("mails"); if (!$user->admin) accessforbidden(); -$action = GETPOST("action"); +$action = GETPOST('action','aZ09'); /* diff --git a/htdocs/admin/perms.php b/htdocs/admin/perms.php index 5acbeb2e627..0c7ed656d9f 100644 --- a/htdocs/admin/perms.php +++ b/htdocs/admin/perms.php @@ -32,7 +32,7 @@ $langs->load("admin"); $langs->load("users"); $langs->load("other"); -$action=GETPOST('action'); +$action=GETPOST('action','aZ09'); if (!$user->admin) accessforbidden(); diff --git a/htdocs/admin/proxy.php b/htdocs/admin/proxy.php index 224fac14ce7..ee22f377200 100644 --- a/htdocs/admin/proxy.php +++ b/htdocs/admin/proxy.php @@ -40,7 +40,7 @@ $upload_dir=$conf->admin->dir_temp; * Actions */ -if (GETPOST("action") == 'set_proxy') +if (GETPOST('action','aZ09') == 'set_proxy') { if (GETPOST("MAIN_USE_CONNECT_TIMEOUT") && ! is_numeric(GETPOST("MAIN_USE_CONNECT_TIMEOUT"))) { diff --git a/htdocs/admin/security.php b/htdocs/admin/security.php index 4d0415dbd01..9627164f534 100644 --- a/htdocs/admin/security.php +++ b/htdocs/admin/security.php @@ -27,7 +27,7 @@ require '../main.inc.php'; require_once DOL_DOCUMENT_ROOT.'/core/lib/admin.lib.php'; require_once DOL_DOCUMENT_ROOT.'/core/lib/security2.lib.php'; -$action=GETPOST('action'); +$action=GETPOST('action','aZ09'); $langs->load("users"); $langs->load("admin"); diff --git a/htdocs/admin/sms.php b/htdocs/admin/sms.php index faf05b7fb0f..0027f2e834d 100644 --- a/htdocs/admin/sms.php +++ b/htdocs/admin/sms.php @@ -43,7 +43,7 @@ $substitutionarrayfortest=array( '__FIRSTNAME__' => 'TESTFirstname' ); -$action=GETPOST('action'); +$action=GETPOST('action','aZ09'); /* diff --git a/htdocs/admin/spip.php b/htdocs/admin/spip.php index 241062732a4..12fc15823bd 100644 --- a/htdocs/admin/spip.php +++ b/htdocs/admin/spip.php @@ -41,7 +41,7 @@ if (! $user->admin) accessforbidden(); $type=array('yesno','texte','chaine'); -$action = GETPOST("action"); +$action = GETPOST('action','aZ09'); /* diff --git a/htdocs/admin/syslog.php b/htdocs/admin/syslog.php index 03a1872c90c..65933c25639 100644 --- a/htdocs/admin/syslog.php +++ b/htdocs/admin/syslog.php @@ -35,7 +35,7 @@ $langs->load("admin"); $langs->load("other"); $error=0; -$action = GETPOST("action"); +$action = GETPOST('action','aZ09'); $syslogModules = array(); $activeModules = array(); diff --git a/htdocs/admin/system/perf.php b/htdocs/admin/system/perf.php index 9b23dc74089..25079d8f185 100644 --- a/htdocs/admin/system/perf.php +++ b/htdocs/admin/system/perf.php @@ -33,7 +33,7 @@ $langs->load("other"); if (! $user->admin) accessforbidden(); -if (GETPOST('action') == 'donothing') +if (GETPOST('action','aZ09') == 'donothing') { exit; } diff --git a/htdocs/admin/system/xcache.php b/htdocs/admin/system/xcache.php index 361be2b461a..53eaeec085f 100644 --- a/htdocs/admin/system/xcache.php +++ b/htdocs/admin/system/xcache.php @@ -26,7 +26,7 @@ $langs->load("admin"); if (!$user->admin) accessforbidden(); -$action=GETPOST('action'); +$action=GETPOST('action','aZ09'); /* diff --git a/htdocs/api/admin/index.php b/htdocs/api/admin/index.php index 8142b564c1e..d7f002d02aa 100644 --- a/htdocs/api/admin/index.php +++ b/htdocs/api/admin/index.php @@ -34,7 +34,7 @@ $langs->load("admin"); if (! $user->admin) accessforbidden(); -$action=GETPOST("action"); +$action=GETPOST('action','aZ09'); //Activate ProfId if ($action == 'setproductionmode') diff --git a/htdocs/barcode/codeinit.php b/htdocs/barcode/codeinit.php index ebe121301b7..1ebd512e772 100644 --- a/htdocs/barcode/codeinit.php +++ b/htdocs/barcode/codeinit.php @@ -38,7 +38,7 @@ $forbarcode=GETPOST('forbarcode'); $fk_barcode_type=GETPOST('fk_barcode_type'); $eraseallbarcode=GETPOST('eraseallbarcode'); -$action=GETPOST('action'); +$action=GETPOST('action','aZ09'); $producttmp=new Product($db); $thirdpartytmp=new Societe($db); diff --git a/htdocs/barcode/printsheet.php b/htdocs/barcode/printsheet.php index a60ac19d0af..a4857c94e87 100644 --- a/htdocs/barcode/printsheet.php +++ b/htdocs/barcode/printsheet.php @@ -45,7 +45,7 @@ $numberofsticker=GETPOST('numberofsticker','int'); $mesg=''; -$action=GETPOST('action'); +$action=GETPOST('action','aZ09'); $producttmp=new Product($db); $thirdpartytmp=new Societe($db); diff --git a/htdocs/cashdesk/validation_verif.php b/htdocs/cashdesk/validation_verif.php index 0722b3fb92e..5e4ed9b028e 100644 --- a/htdocs/cashdesk/validation_verif.php +++ b/htdocs/cashdesk/validation_verif.php @@ -34,7 +34,7 @@ require_once DOL_DOCUMENT_ROOT.'/core/lib/date.lib.php'; $obj_facturation = unserialize($_SESSION['serObjFacturation']); unset ($_SESSION['serObjFacturation']); -$action =GETPOST('action'); +$action =GETPOST('action','aZ09'); $bankaccountid=GETPOST('cashdeskbank'); switch ($action) diff --git a/htdocs/categories/admin/categorie.php b/htdocs/categories/admin/categorie.php index bc27be9bb12..d16b081e6ae 100644 --- a/htdocs/categories/admin/categorie.php +++ b/htdocs/categories/admin/categorie.php @@ -32,7 +32,7 @@ accessforbidden(); $langs->load("categories"); -$action=GETPOST("action"); +$action=GETPOST('action','aZ09'); /* * Actions diff --git a/htdocs/categories/edit.php b/htdocs/categories/edit.php index b96042d7a8e..9981d09cda0 100644 --- a/htdocs/categories/edit.php +++ b/htdocs/categories/edit.php @@ -34,7 +34,7 @@ $langs->load("categories"); $id=GETPOST('id','int'); $ref=GETPOST('ref'); $type=GETPOST('type'); -$action=GETPOST('action'); +$action=GETPOST('action','aZ09'); $confirm=GETPOST('confirm'); $cancel=GETPOST('cancel'); diff --git a/htdocs/categories/photos.php b/htdocs/categories/photos.php index 100d2d0d48e..e99e081e015 100644 --- a/htdocs/categories/photos.php +++ b/htdocs/categories/photos.php @@ -39,7 +39,7 @@ $langs->load("bills"); $id=GETPOST('id','int'); $ref=GETPOST('ref'); $type=GETPOST('type'); -$action=GETPOST('action'); +$action=GETPOST('action','aZ09'); $confirm=GETPOST('confirm'); if ($id == "") diff --git a/htdocs/categories/viewcat.php b/htdocs/categories/viewcat.php index d04d0baebd2..665b033936e 100644 --- a/htdocs/categories/viewcat.php +++ b/htdocs/categories/viewcat.php @@ -37,7 +37,7 @@ $langs->load("categories"); $id=GETPOST('id','int'); $ref=GETPOST('ref'); $type=GETPOST('type'); -$action=GETPOST('action'); +$action=GETPOST('action','aZ09'); $confirm=GETPOST('confirm'); $removeelem = GETPOST('removeelem','int'); $elemid=GETPOST('elemid'); diff --git a/htdocs/collab/index.php b/htdocs/collab/index.php index 0c892c4e776..ea7abde4151 100644 --- a/htdocs/collab/index.php +++ b/htdocs/collab/index.php @@ -77,7 +77,7 @@ $langs->load("website"); if (! $user->admin) accessforbidden(); -if (! ((GETPOST('testmenuhider') || ! empty($conf->global->MAIN_TESTMENUHIDER)) && empty($conf->global->MAIN_OPTIMIZEFORTEXTBROWSER))) +if (! ((GETPOST('testmenuhider','int') || ! empty($conf->global->MAIN_TESTMENUHIDER)) && empty($conf->global->MAIN_OPTIMIZEFORTEXTBROWSER))) { $conf->dol_hide_leftmenu = 1; // Force hide of left menu. } diff --git a/htdocs/comm/card.php b/htdocs/comm/card.php index b933289be4f..b26ce4fa7ac 100644 --- a/htdocs/comm/card.php +++ b/htdocs/comm/card.php @@ -60,7 +60,7 @@ $id = (GETPOST('socid','int') ? GETPOST('socid','int') : GETPOST('id','int')); if ($user->societe_id > 0) $id=$user->societe_id; $result = restrictedArea($user,'societe',$id,'&societe'); -$action = GETPOST('action'); +$action = GETPOST('action','aZ09'); $mode = GETPOST("mode"); $sortfield = GETPOST("sortfield",'alpha'); diff --git a/htdocs/comm/mailing/advtargetemailing.php b/htdocs/comm/mailing/advtargetemailing.php index 362bec914b6..0a9cdca7abc 100644 --- a/htdocs/comm/mailing/advtargetemailing.php +++ b/htdocs/comm/mailing/advtargetemailing.php @@ -59,7 +59,7 @@ if (! $sortfield) $id = GETPOST('id', 'int'); $rowid = GETPOST('rowid', 'int'); -$action = GETPOST("action"); +$action = GETPOST('action','aZ09'); $search_nom = GETPOST("search_nom"); $search_prenom = GETPOST("search_prenom"); $search_email = GETPOST("search_email"); diff --git a/htdocs/comm/mailing/cibles.php b/htdocs/comm/mailing/cibles.php index 118cc336fb7..0020a8fd771 100644 --- a/htdocs/comm/mailing/cibles.php +++ b/htdocs/comm/mailing/cibles.php @@ -52,7 +52,7 @@ if (! $sortorder) $sortorder="ASC"; $id=GETPOST('id','int'); $rowid=GETPOST('rowid','int'); -$action=GETPOST("action"); +$action=GETPOST('action','aZ09'); $search_lastname=GETPOST("search_lastname"); $search_firstname=GETPOST("search_firstname"); $search_email=GETPOST("search_email"); diff --git a/htdocs/comm/remise.php b/htdocs/comm/remise.php index 2be1981c5ae..bca371977a7 100644 --- a/htdocs/comm/remise.php +++ b/htdocs/comm/remise.php @@ -52,7 +52,7 @@ if (GETPOST('cancel') && ! empty($backtopage)) exit; } -if (GETPOST("action") == 'setremise') +if (GETPOST('action','aZ09') == 'setremise') { $object = new Societe($db); $object->fetch($id); diff --git a/htdocs/comm/remx.php b/htdocs/comm/remx.php index 375b4d0ecb8..9964db9ecde 100644 --- a/htdocs/comm/remx.php +++ b/htdocs/comm/remx.php @@ -185,7 +185,7 @@ if ($action == 'setremise' && $user->rights->societe->creer) } } -if (GETPOST("action") == 'confirm_remove' && GETPOST("confirm")=='yes') +if (GETPOST('action','aZ09') == 'confirm_remove' && GETPOST("confirm")=='yes') { //if ($user->rights->societe->creer) //if ($user->rights->facture->creer) diff --git a/htdocs/commande/customer.php b/htdocs/commande/customer.php index b5672f276e7..431a54b9f76 100644 --- a/htdocs/commande/customer.php +++ b/htdocs/commande/customer.php @@ -30,7 +30,7 @@ require '../main.inc.php'; require_once DOL_DOCUMENT_ROOT.'/contact/class/contact.class.php'; require_once DOL_DOCUMENT_ROOT.'/comm/action/class/actioncomm.class.php'; -$action=GETPOST('action'); +$action=GETPOST('action','aZ09'); // Secrutiy check if ($user->societe_id > 0) diff --git a/htdocs/commande/document.php b/htdocs/commande/document.php index ef4f220f3e4..0b6cb908ef3 100644 --- a/htdocs/commande/document.php +++ b/htdocs/commande/document.php @@ -36,7 +36,7 @@ require_once DOL_DOCUMENT_ROOT .'/commande/class/commande.class.php'; $langs->load('companies'); $langs->load('other'); -$action = GETPOST('action'); +$action = GETPOST('action','aZ09'); $confirm = GETPOST('confirm'); $id = GETPOST('id','int'); $ref = GETPOST('ref'); diff --git a/htdocs/compta/bank/card.php b/htdocs/compta/bank/card.php index 804d2c5511d..be16e1f8bd6 100644 --- a/htdocs/compta/bank/card.php +++ b/htdocs/compta/bank/card.php @@ -46,7 +46,7 @@ $langs->load("categories"); $langs->load("companies"); $langs->load("compta"); -$action=GETPOST("action"); +$action=GETPOST('action','aZ09'); $cancel = GETPOST('cancel', 'alpha'); // Security check diff --git a/htdocs/compta/bank/categ.php b/htdocs/compta/bank/categ.php index 0cf88224e63..83e1f15ef36 100644 --- a/htdocs/compta/bank/categ.php +++ b/htdocs/compta/bank/categ.php @@ -33,7 +33,7 @@ require_once DOL_DOCUMENT_ROOT.'/compta/bank/class/bankcateg.class.php'; $langs->load("banks"); $langs->load("categories"); -$action=GETPOST('action'); +$action=GETPOST('action','aZ09'); if (!$user->rights->banque->configurer) accessforbidden(); @@ -108,7 +108,7 @@ if ($result) print ''; print ''.$objp->rowid.''; - if (GETPOST("action") == 'edit' && GETPOST("categid")== $objp->rowid) + if (GETPOST('action','aZ09') == 'edit' && GETPOST("categid")== $objp->rowid) { print ""; print ''; diff --git a/htdocs/compta/bank/various_payment/info.php b/htdocs/compta/bank/various_payment/info.php index 73c1baa5c02..cda6b4ce137 100644 --- a/htdocs/compta/bank/various_payment/info.php +++ b/htdocs/compta/bank/various_payment/info.php @@ -31,7 +31,7 @@ $langs->load("bills"); $langs->load("salaries"); $id=GETPOST('id','int'); -$action=GETPOST("action"); +$action=GETPOST('action','aZ09'); // Security check $socid = GETPOST('socid','int'); diff --git a/htdocs/compta/clients.php b/htdocs/compta/clients.php index 28eaa0a7c9b..59fb3af2f00 100644 --- a/htdocs/compta/clients.php +++ b/htdocs/compta/clients.php @@ -27,7 +27,7 @@ require '../main.inc.php'; require_once DOL_DOCUMENT_ROOT.'/contact/class/contact.class.php'; require_once DOL_DOCUMENT_ROOT.'/comm/action/class/actioncomm.class.php'; -$action=GETPOST('action'); +$action=GETPOST('action','aZ09'); // Secrutiy check if ($user->societe_id > 0) diff --git a/htdocs/compta/paiement.php b/htdocs/compta/paiement.php index 8cd924a0df8..0881ce061dc 100644 --- a/htdocs/compta/paiement.php +++ b/htdocs/compta/paiement.php @@ -817,7 +817,7 @@ if ($action == 'create' || $action == 'confirm_paiement' || $action == 'add_paie /** * Show list of payments */ -if (! GETPOST('action')) +if (! GETPOST('action','aZ09')) { if ($page == -1) $page = 0 ; $limit = GETPOST('limit')?GETPOST('limit','int'):$conf->liste_limit; diff --git a/htdocs/compta/paiement/rapport.php b/htdocs/compta/paiement/rapport.php index c73f79c60a4..a185f0aba6e 100644 --- a/htdocs/compta/paiement/rapport.php +++ b/htdocs/compta/paiement/rapport.php @@ -31,7 +31,7 @@ require_once DOL_DOCUMENT_ROOT.'/core/class/html.formother.class.php'; // Security check if (! $user->rights->facture->lire) accessforbidden(); -$action=GETPOST('action'); +$action=GETPOST('action','aZ09'); $socid=0; if ($user->societe_id > 0) diff --git a/htdocs/compta/payment_sc/card.php b/htdocs/compta/payment_sc/card.php index 2d653f2ba05..45762ed95bb 100644 --- a/htdocs/compta/payment_sc/card.php +++ b/htdocs/compta/payment_sc/card.php @@ -38,7 +38,7 @@ $langs->load('companies'); // Security check $id=GETPOST("id",'int'); -$action=GETPOST("action"); +$action=GETPOST('action','aZ09'); $confirm=GETPOST('confirm'); if ($user->societe_id) $socid=$user->societe_id; // TODO ajouter regle pour restreindre acces paiement diff --git a/htdocs/compta/salaries/card.php b/htdocs/compta/salaries/card.php index 569aa81629e..0ea91dc2857 100644 --- a/htdocs/compta/salaries/card.php +++ b/htdocs/compta/salaries/card.php @@ -39,7 +39,7 @@ $langs->load("salaries"); $langs->load('hrm'); $id=GETPOST("id",'int'); -$action=GETPOST('action'); +$action=GETPOST('action','aZ09'); // Security check $socid = GETPOST("socid","int"); diff --git a/htdocs/compta/salaries/info.php b/htdocs/compta/salaries/info.php index 429efc27a33..f15aac021ec 100644 --- a/htdocs/compta/salaries/info.php +++ b/htdocs/compta/salaries/info.php @@ -32,7 +32,7 @@ $langs->load("bills"); $langs->load("salaries"); $id=GETPOST('id','int'); -$action=GETPOST("action"); +$action=GETPOST('action','aZ09'); // Security check $socid = GETPOST('socid','int'); diff --git a/htdocs/compta/sociales/card.php b/htdocs/compta/sociales/card.php index aa479ec4369..f34ff9b1a31 100644 --- a/htdocs/compta/sociales/card.php +++ b/htdocs/compta/sociales/card.php @@ -38,7 +38,7 @@ $langs->load("compta"); $langs->load("bills"); $id=GETPOST('id','int'); -$action=GETPOST("action"); +$action=GETPOST('action','aZ09'); $confirm=GETPOST('confirm'); $projectid = (GETPOST('projectid') ? GETPOST('projectid', 'int') : 0); diff --git a/htdocs/compta/sociales/document.php b/htdocs/compta/sociales/document.php index cf42a11b515..95c72cbedb2 100644 --- a/htdocs/compta/sociales/document.php +++ b/htdocs/compta/sociales/document.php @@ -40,7 +40,7 @@ $langs->load("compta"); $langs->load("bills"); $id = GETPOST('id','int'); -$action = GETPOST("action"); +$action = GETPOST('action','aZ09'); $confirm = GETPOST('confirm', 'alpha'); // Security check diff --git a/htdocs/compta/sociales/info.php b/htdocs/compta/sociales/info.php index 7caa212be9e..bbacfafd430 100644 --- a/htdocs/compta/sociales/info.php +++ b/htdocs/compta/sociales/info.php @@ -30,7 +30,7 @@ $langs->load("compta"); $langs->load("bills"); $id=GETPOST('id','int'); -$action=GETPOST("action"); +$action=GETPOST('action','aZ09'); // Security check $socid = GETPOST('socid','int'); diff --git a/htdocs/compta/tva/info.php b/htdocs/compta/tva/info.php index f85ab9fc2b0..0c6ce29475a 100644 --- a/htdocs/compta/tva/info.php +++ b/htdocs/compta/tva/info.php @@ -30,7 +30,7 @@ $langs->load("compta"); $langs->load("bills"); $id=GETPOST('id','int'); -$action=GETPOST("action"); +$action=GETPOST('action','aZ09'); // Security check $socid = GETPOST('socid','int'); diff --git a/htdocs/contact/document.php b/htdocs/contact/document.php index b0067d81ec1..5d70ba7b4e1 100644 --- a/htdocs/contact/document.php +++ b/htdocs/contact/document.php @@ -34,7 +34,7 @@ $langs->load("companies"); $langs->load("contact"); $id = GETPOST('id','int'); -$action = GETPOST("action"); +$action = GETPOST('action','aZ09'); $confirm = GETPOST('confirm', 'alpha'); $object = new Contact($db); diff --git a/htdocs/contact/ldap.php b/htdocs/contact/ldap.php index af8fccfd7b9..3e998b43ec5 100644 --- a/htdocs/contact/ldap.php +++ b/htdocs/contact/ldap.php @@ -32,7 +32,7 @@ $langs->load("companies"); $langs->load("ldap"); $langs->load("admin"); -$action=GETPOST('action'); +$action=GETPOST('action','aZ09'); // Security check $id = GETPOST('id', 'int'); diff --git a/htdocs/contact/note.php b/htdocs/contact/note.php index eed044cdadf..c49dbc9f787 100644 --- a/htdocs/contact/note.php +++ b/htdocs/contact/note.php @@ -29,7 +29,7 @@ require '../main.inc.php'; require_once DOL_DOCUMENT_ROOT.'/core/lib/contact.lib.php'; require_once DOL_DOCUMENT_ROOT.'/contact/class/contact.class.php'; -$action = GETPOST('action'); +$action = GETPOST('action','aZ09'); $langs->load("companies"); diff --git a/htdocs/core/ajax/ajaxdirpreview.php b/htdocs/core/ajax/ajaxdirpreview.php index 3fec57091cb..8d8f48ec141 100644 --- a/htdocs/core/ajax/ajaxdirpreview.php +++ b/htdocs/core/ajax/ajaxdirpreview.php @@ -40,7 +40,7 @@ if (! isset($mode) || $mode != 'noajax') // For ajax call require_once DOL_DOCUMENT_ROOT.'/core/class/html.formfile.class.php'; require_once DOL_DOCUMENT_ROOT.'/ecm/class/ecmdirectory.class.php'; - $action=GETPOST("action"); + $action=GETPOST('action','aZ09'); $file=urldecode(GETPOST('file')); $section=GETPOST("section"); $module=GETPOST("module"); diff --git a/htdocs/core/ajax/bankconciliate.php b/htdocs/core/ajax/bankconciliate.php index 3a8a3e30687..24318be6cf8 100644 --- a/htdocs/core/ajax/bankconciliate.php +++ b/htdocs/core/ajax/bankconciliate.php @@ -31,7 +31,7 @@ require '../../main.inc.php'; require_once DOL_DOCUMENT_ROOT.'/core/lib/admin.lib.php'; require_once DOL_DOCUMENT_ROOT.'/compta/bank/class/account.class.php'; -$action=GETPOST('action'); +$action=GETPOST('action','aZ09'); /* diff --git a/htdocs/core/boxes/box_graph_invoices_permonth.php b/htdocs/core/boxes/box_graph_invoices_permonth.php index d313d10b310..8d8fea71411 100644 --- a/htdocs/core/boxes/box_graph_invoices_permonth.php +++ b/htdocs/core/boxes/box_graph_invoices_permonth.php @@ -122,7 +122,7 @@ class box_graph_invoices_permonth extends ModeleBoxes // Build graphic number of object. $data = array(array('Lib',val1,val2,val3),...) if ($shownb) { - $data1 = $stats->getNbByMonthWithPrevYear($endyear,$startyear,(GETPOST('action')==$refreshaction?-1:(3600*24))); + $data1 = $stats->getNbByMonthWithPrevYear($endyear,$startyear,(GETPOST('action','aZ09')==$refreshaction?-1:(3600*24))); $filenamenb = $dir."/".$prefix."invoicesnbinyear-".$endyear.".png"; if ($mode == 'customer') $fileurlnb = DOL_URL_ROOT.'/viewimage.php?modulepart=billstats&file=invoicesnbinyear-'.$endyear.'.png'; @@ -162,7 +162,7 @@ class box_graph_invoices_permonth extends ModeleBoxes // Build graphic number of object. $data = array(array('Lib',val1,val2,val3),...) if ($showtot) { - $data2 = $stats->getAmountByMonthWithPrevYear($endyear,$startyear,(GETPOST('action')==$refreshaction?-1:(3600*24))); + $data2 = $stats->getAmountByMonthWithPrevYear($endyear,$startyear,(GETPOST('action','aZ09')==$refreshaction?-1:(3600*24))); $filenamenb = $dir."/".$prefix."invoicesamountinyear-".$endyear.".png"; if ($mode == 'customer') $fileurlnb = DOL_URL_ROOT.'/viewimage.php?modulepart=billstats&file=invoicesamountinyear-'.$endyear.'.png'; diff --git a/htdocs/core/boxes/box_graph_invoices_supplier_permonth.php b/htdocs/core/boxes/box_graph_invoices_supplier_permonth.php index 7c3d6ab4e7f..e7ece7a2a53 100644 --- a/htdocs/core/boxes/box_graph_invoices_supplier_permonth.php +++ b/htdocs/core/boxes/box_graph_invoices_supplier_permonth.php @@ -121,7 +121,7 @@ class box_graph_invoices_supplier_permonth extends ModeleBoxes // Build graphic number of object. $data = array(array('Lib',val1,val2,val3),...) if ($shownb) { - $data1 = $stats->getNbByMonthWithPrevYear($endyear,$startyear,(GETPOST('action')==$refreshaction?-1:(3600*24))); + $data1 = $stats->getNbByMonthWithPrevYear($endyear,$startyear,(GETPOST('action','aZ09')==$refreshaction?-1:(3600*24))); $filenamenb = $dir."/".$prefix."invoicessuppliernbinyear-".$year.".png"; if ($mode == 'customer') $fileurlnb = DOL_URL_ROOT.'/viewimage.php?modulepart=billstats&file=invoicesnbinyear-'.$year.'.png'; @@ -161,7 +161,7 @@ class box_graph_invoices_supplier_permonth extends ModeleBoxes // Build graphic number of object. $data = array(array('Lib',val1,val2,val3),...) if ($showtot) { - $data2 = $stats->getAmountByMonthWithPrevYear($endyear,$startyear,(GETPOST('action')==$refreshaction?-1:(3600*24))); + $data2 = $stats->getAmountByMonthWithPrevYear($endyear,$startyear,(GETPOST('action','aZ09')==$refreshaction?-1:(3600*24))); $filenamenb = $dir."/".$prefix."invoicessupplieramountinyear-".$year.".png"; if ($mode == 'customer') $fileurlnb = DOL_URL_ROOT.'/viewimage.php?modulepart=billstats&file=invoicesamountinyear-'.$year.'.png'; diff --git a/htdocs/core/boxes/box_graph_orders_permonth.php b/htdocs/core/boxes/box_graph_orders_permonth.php index 0d3077a82ce..ec45cc3dde7 100644 --- a/htdocs/core/boxes/box_graph_orders_permonth.php +++ b/htdocs/core/boxes/box_graph_orders_permonth.php @@ -124,7 +124,7 @@ class box_graph_orders_permonth extends ModeleBoxes // Build graphic number of object. $data = array(array('Lib',val1,val2,val3),...) if ($shownb) { - $data1 = $stats->getNbByMonthWithPrevYear($endyear,$startyear,(GETPOST('action')==$refreshaction?-1:(3600*24))); + $data1 = $stats->getNbByMonthWithPrevYear($endyear,$startyear,(GETPOST('action','aZ09')==$refreshaction?-1:(3600*24))); $filenamenb = $dir."/".$prefix."ordersnbinyear-".$endyear.".png"; if ($mode == 'customer') $fileurlnb = DOL_URL_ROOT.'/viewimage.php?modulepart=orderstats&file=ordersnbinyear-'.$endyear.'.png'; @@ -162,7 +162,7 @@ class box_graph_orders_permonth extends ModeleBoxes // Build graphic number of object. $data = array(array('Lib',val1,val2,val3),...) if ($showtot) { - $data2 = $stats->getAmountByMonthWithPrevYear($endyear,$startyear,(GETPOST('action')==$refreshaction?-1:(3600*24))); + $data2 = $stats->getAmountByMonthWithPrevYear($endyear,$startyear,(GETPOST('action','aZ09')==$refreshaction?-1:(3600*24))); $filenamenb = $dir."/".$prefix."ordersamountinyear-".$endyear.".png"; if ($mode == 'customer') $fileurlnb = DOL_URL_ROOT.'/viewimage.php?modulepart=orderstats&file=ordersamountinyear-'.$endyear.'.png'; diff --git a/htdocs/core/boxes/box_graph_orders_supplier_permonth.php b/htdocs/core/boxes/box_graph_orders_supplier_permonth.php index d16bfbc0f90..28335c79b62 100644 --- a/htdocs/core/boxes/box_graph_orders_supplier_permonth.php +++ b/htdocs/core/boxes/box_graph_orders_supplier_permonth.php @@ -123,7 +123,7 @@ class box_graph_orders_supplier_permonth extends ModeleBoxes // Build graphic number of object. $data = array(array('Lib',val1,val2,val3),...) if ($shownb) { - $data1 = $stats->getNbByMonthWithPrevYear($endyear,$startyear,(GETPOST('action')==$refreshaction?-1:(3600*24))); + $data1 = $stats->getNbByMonthWithPrevYear($endyear,$startyear,(GETPOST('action','aZ09')==$refreshaction?-1:(3600*24))); $filenamenb = $dir."/".$prefix."orderssuppliernbinyear-".$endyear.".png"; if ($mode == 'customer') $fileurlnb = DOL_URL_ROOT.'/viewimage.php?modulepart=orderstats&file=ordersnbinyear-'.$endyear.'.png'; @@ -161,7 +161,7 @@ class box_graph_orders_supplier_permonth extends ModeleBoxes // Build graphic number of object. $data = array(array('Lib',val1,val2,val3),...) if ($showtot) { - $data2 = $stats->getAmountByMonthWithPrevYear($endyear,$startyear,(GETPOST('action')==$refreshaction?-1:(3600*24))); + $data2 = $stats->getAmountByMonthWithPrevYear($endyear,$startyear,(GETPOST('action','aZ09')==$refreshaction?-1:(3600*24))); $filenamenb = $dir."/".$prefix."orderssupplieramountinyear-".$endyear.".png"; if ($mode == 'customer') $fileurlnb = DOL_URL_ROOT.'/viewimage.php?modulepart=orderstats&file=ordersamountinyear-'.$endyear.'.png'; diff --git a/htdocs/core/boxes/box_graph_product_distribution.php b/htdocs/core/boxes/box_graph_product_distribution.php index 2b3c69a9e15..44d5d0b0c15 100644 --- a/htdocs/core/boxes/box_graph_product_distribution.php +++ b/htdocs/core/boxes/box_graph_product_distribution.php @@ -139,7 +139,7 @@ class box_graph_product_distribution extends ModeleBoxes $showpointvalue = 1; $nocolor = 0; $mode='customer'; $stats_invoice = new FactureStats($this->db, $socid, $mode, ($userid>0?$userid:0)); - $data1 = $stats_invoice->getAllByProductEntry($year,(GETPOST('action')==$refreshaction?-1:(3600*24))); + $data1 = $stats_invoice->getAllByProductEntry($year,(GETPOST('action','aZ09')==$refreshaction?-1:(3600*24))); if (empty($data1)) { $showpointvalue=0; @@ -197,7 +197,7 @@ class box_graph_product_distribution extends ModeleBoxes $showpointvalue = 1; $nocolor = 0; $stats_proposal = new PropaleStats($this->db, $socid, ($userid>0?$userid:0)); - $data2 = $stats_proposal->getAllByProductEntry($year,(GETPOST('action')==$refreshaction?-1:(3600*24))); + $data2 = $stats_proposal->getAllByProductEntry($year,(GETPOST('action','aZ09')==$refreshaction?-1:(3600*24))); if (empty($data2)) { $showpointvalue = 0; @@ -259,7 +259,7 @@ class box_graph_product_distribution extends ModeleBoxes $showpointvalue = 1; $nocolor = 0; $mode='customer'; $stats_order = new CommandeStats($this->db, $socid, $mode, ($userid>0?$userid:0)); - $data3 = $stats_order->getAllByProductEntry($year,(GETPOST('action')==$refreshaction?-1:(3600*24))); + $data3 = $stats_order->getAllByProductEntry($year,(GETPOST('action','aZ09')==$refreshaction?-1:(3600*24))); if (empty($data3)) { $showpointvalue = 0; diff --git a/htdocs/core/boxes/box_graph_propales_permonth.php b/htdocs/core/boxes/box_graph_propales_permonth.php index 2a29cf27314..ccce8372d1f 100644 --- a/htdocs/core/boxes/box_graph_propales_permonth.php +++ b/htdocs/core/boxes/box_graph_propales_permonth.php @@ -121,7 +121,7 @@ class box_graph_propales_permonth extends ModeleBoxes // Build graphic number of object. $data = array(array('Lib',val1,val2,val3),...) if ($shownb) { - $data1 = $stats->getNbByMonthWithPrevYear($endyear,$startyear,(GETPOST('action')==$refreshaction?-1:(3600*24))); + $data1 = $stats->getNbByMonthWithPrevYear($endyear,$startyear,(GETPOST('action','aZ09')==$refreshaction?-1:(3600*24))); $datatype1 = array_pad(array(), ($endyear-$startyear+1), 'bars'); $filenamenb = $dir."/".$prefix."propalsnbinyear-".$endyear.".png"; @@ -160,7 +160,7 @@ class box_graph_propales_permonth extends ModeleBoxes // Build graphic number of object. $data = array(array('Lib',val1,val2,val3),...) if ($showtot) { - $data2 = $stats->getAmountByMonthWithPrevYear($endyear,$startyear,(GETPOST('action')==$refreshaction?-1:(3600*24))); + $data2 = $stats->getAmountByMonthWithPrevYear($endyear,$startyear,(GETPOST('action','aZ09')==$refreshaction?-1:(3600*24))); $datatype2 = array_pad(array(), ($endyear-$startyear+1), 'bars'); //$datatype2 = array('lines','bars'); diff --git a/htdocs/core/class/html.form.class.php b/htdocs/core/class/html.form.class.php index b12e58fe8f7..afa2006864f 100644 --- a/htdocs/core/class/html.form.class.php +++ b/htdocs/core/class/html.form.class.php @@ -110,18 +110,18 @@ class Form } else { - if (empty($notabletag) && GETPOST('action') != 'edit'.$htmlname && $perm) $ret.=''; + if (empty($notabletag) && GETPOST('action','aZ09') != 'edit'.$htmlname && $perm) $ret.='
'; + if (empty($notabletag) && GETPOST('action','aZ09') != 'edit'.$htmlname && $perm) $ret.=''; - if (empty($notabletag) && GETPOST('action') != 'edit'.$htmlname && $perm) $ret.=''; + if (empty($notabletag) && GETPOST('action','aZ09') != 'edit'.$htmlname && $perm) $ret.=''; - if (empty($notabletag) && GETPOST('action') != 'edit'.$htmlname && $perm) $ret.='
'; if ($fieldrequired) $ret.=''; $ret.=$langs->trans($text); if ($fieldrequired) $ret.=''; if (! empty($notabletag)) $ret.=' '; - if (empty($notabletag) && GETPOST('action') != 'edit'.$htmlname && $perm) $ret.=''; - if ($htmlname && GETPOST('action') != 'edit'.$htmlname && $perm) $ret.='id.$moreparam.'">'.img_edit($langs->trans('Edit'), ($notabletag ? 0 : 1)).''; + if (empty($notabletag) && GETPOST('action','aZ09') != 'edit'.$htmlname && $perm) $ret.=''; + if ($htmlname && GETPOST('action','aZ09') != 'edit'.$htmlname && $perm) $ret.='id.$moreparam.'">'.img_edit($langs->trans('Edit'), ($notabletag ? 0 : 1)).''; if (! empty($notabletag) && $notabletag == 1) $ret.=' : '; if (! empty($notabletag) && $notabletag == 3) $ret.=' '; - if (empty($notabletag) && GETPOST('action') != 'edit'.$htmlname && $perm) $ret.='
'; + if (empty($notabletag) && GETPOST('action','aZ09') != 'edit'.$htmlname && $perm) $ret.='
'; } return $ret; @@ -159,7 +159,7 @@ class Form } else { - if (GETPOST('action') == 'edit'.$htmlname) + if (GETPOST('action','aZ09') == 'edit'.$htmlname) { $ret.="\n"; $ret.='
'; diff --git a/htdocs/core/class/html.formfile.class.php b/htdocs/core/class/html.formfile.class.php index adacddb2163..225825d6699 100644 --- a/htdocs/core/class/html.formfile.class.php +++ b/htdocs/core/class/html.formfile.class.php @@ -994,7 +994,7 @@ class FormFile if (empty($url)) $url=$_SERVER["PHP_SELF"]; print ''."\n"; - if (GETPOST('action') == 'editfile' && $permtoeditline) + if (GETPOST('action','aZ09') == 'editfile' && $permtoeditline) { print ''; print ''; @@ -1131,7 +1131,7 @@ class FormFile print img_mime($file['name'],$file['name'].' ('.dol_print_size($file['size'],0,0).')').' '; if ($showrelpart == 1) print $relativepath; //print dol_trunc($file['name'],$maxlength,'middle'); - if (GETPOST('action') == 'editfile' && $file['name'] == basename(GETPOST('urlfile'))) + if (GETPOST('action','aZ09') == 'editfile' && $file['name'] == basename(GETPOST('urlfile'))) { print ''; print ''; @@ -1268,7 +1268,7 @@ class FormFile } } - if (GETPOST('action') == 'editfile' && $permtoeditline) + if (GETPOST('action','aZ09') == 'editfile' && $permtoeditline) { print '
'; } diff --git a/htdocs/core/datepicker.php b/htdocs/core/datepicker.php index eeb20ee265c..d2441487231 100644 --- a/htdocs/core/datepicker.php +++ b/htdocs/core/datepicker.php @@ -39,7 +39,6 @@ if (! defined('NOREQUIREHTML')) define('NOREQUIREHTML',1); require_once '../main.inc.php'; require_once DOL_DOCUMENT_ROOT.'/core/lib/date.lib.php'; -if (GETPOST('lang')) $langs->setDefaultLang(GETPOST('lang')); // If language was forced on URL by the main.inc.php $langs->load("main"); $langs->load("agenda"); $right=($langs->trans("DIRECTION")=='rtl'?'left':'right'); diff --git a/htdocs/core/get_menudiv.php b/htdocs/core/get_menudiv.php index fd80124e7df..0e2f0bcb7c3 100644 --- a/htdocs/core/get_menudiv.php +++ b/htdocs/core/get_menudiv.php @@ -47,7 +47,6 @@ if (! defined('DISABLE_SELECT2')) define('DISABLE_SELECT2',1); require_once '../main.inc.php'; -if (GETPOST('lang')) $langs->setDefaultLang(GETPOST('lang')); // If language was forced on URL by the main.inc.php $langs->load("main"); $right=($langs->trans("DIRECTION")=='rtl'?'left':'right'); $left=($langs->trans("DIRECTION")=='rtl'?'right':'left'); diff --git a/htdocs/core/lib/functions.lib.php b/htdocs/core/lib/functions.lib.php index 63990112be5..06ed76c5008 100644 --- a/htdocs/core/lib/functions.lib.php +++ b/htdocs/core/lib/functions.lib.php @@ -240,7 +240,17 @@ function dol_shutdown() * Return value of a param into GET or POST supervariable * * @param string $paramname Name of parameter to found - * @param string $check Type of check (''=no check, 'none'=no check, 'int'=check it's numeric, 'alpha'=check it's text and sign, 'aZ'=check it's a-z only, 'array'=check it's array, 'san_alpha'=Use filter_var with FILTER_SANITIZE_STRING (do not use this for free text string), 'day', 'month', 'year', 'custom'= custom filter specify $filter and $options) + * @param string $check Type of check + * ''=no check (deprecated) + * 'none'=no check (only for param that should have very rich content) + * 'int'=check it's numeric + * 'alpha'=check it's text and sign + * 'aZ'=check it's a-z only + * 'aZ09'=check it's simple alpha string (recommended for keys) + * 'array'=check it's array + * 'san_alpha'=Use filter_var with FILTER_SANITIZE_STRING (do not use this for free text string) + * 'nohtml', 'alphanohtml'=check there is no html content + * 'custom'= custom filter specify $filter and $options) * @param int $method Type of method (0 = get then post, 1 = only get, 2 = only post, 3 = post then get, 4 = post then get then cookie) * @param int $filter Filter to apply when $check is set to 'custom'. (See http://php.net/manual/en/filter.filters.php for détails) * @param mixed $options Options to pass to filter_var when $check is set to 'custom'. @@ -317,9 +327,14 @@ function GETPOST($paramname, $check='', $method=0, $filter=NULL, $options=NULL) } } + if (empty($check) && $conf->global->MAIN_FEATURES_LEVEL > 0) + { + dol_syslog("A GETPOST is called with 1st param = ".$paramname." and 2nd param not defined, when calling page ".$_SERVER["PHP_SELF"], LOG_WARNING); + } + if (! empty($check)) { - // Replace vars like __DAY__, __MONTH__, __YEAR__, __MYCOUNTRYID__, __USERID__, __ENTITYID__ + // Replace vars like __DAY__, __MONTH__, __YEAR__, __MYCOUNTRYID__, __USERID__, __ENTITYID__, ... if (! is_array($out)) { $maxloop=20; $loopnb=0; // Protection against infinite loop @@ -358,8 +373,11 @@ function GETPOST($paramname, $check='', $method=0, $filter=NULL, $options=NULL) } } + // Check is done after replacement switch ($check) { + case 'none': + break; case 'int': if (! is_numeric($out)) { $out=''; } break; diff --git a/htdocs/core/lib/security.lib.php b/htdocs/core/lib/security.lib.php index 7870824285a..ccc8a68a5d9 100644 --- a/htdocs/core/lib/security.lib.php +++ b/htdocs/core/lib/security.lib.php @@ -98,7 +98,7 @@ function dol_hash($chain,$type=0) /** * Check permissions of a user to show a page and an object. Check read permission. - * If GETPOST('action') defined, we also check write and delete permission. + * If GETPOST('action','aZ09') defined, we also check write and delete permission. * * @param User $user User to check * @param string $features Features to check (it must be module name. Examples: 'societe', 'contact', 'produit&service', 'produit|service', ...) @@ -207,7 +207,7 @@ function restrictedArea($user, $features, $objectid=0, $tableandshare='', $featu // Check write permission from module $createok=1; $nbko=0; - if (GETPOST("action") == 'create') + if (GETPOST('action','aZ09') == 'create') { foreach ($featuresarray as $feature) { @@ -262,7 +262,7 @@ function restrictedArea($user, $features, $objectid=0, $tableandshare='', $featu // Check create user permission $createuserok=1; - if (GETPOST("action") == 'confirm_create_user' && GETPOST("confirm") == 'yes') + if (GETPOST('action','aZ09') == 'confirm_create_user' && GETPOST("confirm") == 'yes') { if (! $user->rights->user->user->creer) $createuserok=0; @@ -272,7 +272,7 @@ function restrictedArea($user, $features, $objectid=0, $tableandshare='', $featu // Check delete permission from module $deleteok=1; $nbko=0; - if ((GETPOST("action") == 'confirm_delete' && GETPOST("confirm") == 'yes') || GETPOST("action") == 'delete') + if ((GETPOST('action','aZ09') == 'confirm_delete' && GETPOST("confirm") == 'yes') || GETPOST('action','aZ09') == 'delete') { foreach ($featuresarray as $feature) { diff --git a/htdocs/core/lib/security2.lib.php b/htdocs/core/lib/security2.lib.php index a14645a3152..b6b8d4ddd72 100644 --- a/htdocs/core/lib/security2.lib.php +++ b/htdocs/core/lib/security2.lib.php @@ -155,7 +155,7 @@ function dol_loginfunction($langs,$conf,$mysoc) $titletruedolibarrversion=constant('DOL_VERSION'); // $title used by login template after the @ to inform of true Dolibarr version // Note: $conf->css looks like '/theme/eldy/style.css.php' - $conf->css = "/theme/".(GETPOST('theme')?GETPOST('theme','alpha'):$conf->theme)."/style.css.php"; + $conf->css = "/theme/".(GETPOST('theme','alpha')?GETPOST('theme','alpha'):$conf->theme)."/style.css.php"; //$themepath=dol_buildpath((empty($conf->global->MAIN_FORCETHEMEDIR)?'':$conf->global->MAIN_FORCETHEMEDIR).$conf->css,1); $themepath=dol_buildpath($conf->css,1); if (! empty($conf->modules_parts['theme'])) // Using this feature slow down application diff --git a/htdocs/core/lib/usergroups.lib.php b/htdocs/core/lib/usergroups.lib.php index 797af488f46..2cea718dcc0 100644 --- a/htdocs/core/lib/usergroups.lib.php +++ b/htdocs/core/lib/usergroups.lib.php @@ -417,7 +417,7 @@ function show_theme($fuser,$edit=0,$foruserprofile=false) $file=$dirtheme."/".$subdir."/thumb.png"; $url=$urltheme."/".$subdir."/thumb.png"; if (! file_exists($file)) $url=DOL_URL_ROOT.'/public/theme/common/nophoto.png'; - print 'id:'').'" style="font-weight: normal;" alt="'.$langs->trans("Preview").'">'; + print 'id:'').'" style="font-weight: normal;" alt="'.$langs->trans("Preview").'">'; if ($subdir == $conf->global->MAIN_THEME) $title=$langs->trans("ThemeCurrentlyActive"); else $title=$langs->trans("ShowPreview"); print ''.$title.''; diff --git a/htdocs/core/menus/standard/auguria.lib.php b/htdocs/core/menus/standard/auguria.lib.php index d2d8e36b8ca..7272eb000d4 100644 --- a/htdocs/core/menus/standard/auguria.lib.php +++ b/htdocs/core/menus/standard/auguria.lib.php @@ -53,7 +53,7 @@ function print_auguria_menu($db,$atarget,$type_user,&$tabMenu,&$menu,$noout=0,$m if (empty($noout)) print_start_menu_array_auguria(); - $usemenuhider = (GETPOST('testmenuhider') || ! empty($conf->global->MAIN_TESTMENUHIDER)); + $usemenuhider = (GETPOST('testmenuhider','int') || ! empty($conf->global->MAIN_TESTMENUHIDER)); // Show/Hide vertical menu if ($mode != 'jmobile' && $mode != 'topnb' && $usemenuhider && empty($conf->global->MAIN_OPTIMIZEFORTEXTBROWSER)) @@ -248,7 +248,7 @@ function print_left_auguria_menu($db,$menu_array_before,$menu_array_after,&$tabM $mainmenu=($forcemainmenu?$forcemainmenu:$_SESSION["mainmenu"]); $leftmenu=($forceleftmenu?'':(empty($_SESSION["leftmenu"])?'none':$_SESSION["leftmenu"])); - $usemenuhider = (GETPOST('testmenuhider') || ! empty($conf->global->MAIN_TESTMENUHIDER)); + $usemenuhider = (GETPOST('testmenuhider','int') || ! empty($conf->global->MAIN_TESTMENUHIDER)); global $usemenuhider; // Show logo company diff --git a/htdocs/core/menus/standard/eldy.lib.php b/htdocs/core/menus/standard/eldy.lib.php index b7a372e50bd..4aa5064977d 100644 --- a/htdocs/core/menus/standard/eldy.lib.php +++ b/htdocs/core/menus/standard/eldy.lib.php @@ -51,7 +51,7 @@ function print_eldy_menu($db,$atarget,$type_user,&$tabMenu,&$menu,$noout=0,$mode if (empty($noout)) print_start_menu_array(); - $usemenuhider = (GETPOST('testmenuhider') || ! empty($conf->global->MAIN_TESTMENUHIDER)); + $usemenuhider = (GETPOST('testmenuhider','int') || ! empty($conf->global->MAIN_TESTMENUHIDER)); // Show/Hide vertical menu if ($mode != 'jmobile' && $mode != 'topnb' && $usemenuhider && empty($conf->global->MAIN_OPTIMIZEFORTEXTBROWSER)) @@ -458,7 +458,7 @@ function print_left_eldy_menu($db,$menu_array_before,$menu_array_after,&$tabMenu $mainmenu=($forcemainmenu?$forcemainmenu:$_SESSION["mainmenu"]); $leftmenu=($forceleftmenu?'':(empty($_SESSION["leftmenu"])?'none':$_SESSION["leftmenu"])); - $usemenuhider = (GETPOST('testmenuhider') || ! empty($conf->global->MAIN_TESTMENUHIDER)); + $usemenuhider = (GETPOST('testmenuhider','int') || ! empty($conf->global->MAIN_TESTMENUHIDER)); // Show logo company if (empty($conf->global->MAIN_MENU_INVERT) && empty($noout) && ! empty($conf->global->MAIN_SHOW_LOGO) && empty($conf->global->MAIN_OPTIMIZEFORTEXTBROWSER)) diff --git a/htdocs/core/menus/standard/empty.php b/htdocs/core/menus/standard/empty.php index 9a98fa4ffa4..501216ec860 100644 --- a/htdocs/core/menus/standard/empty.php +++ b/htdocs/core/menus/standard/empty.php @@ -93,7 +93,7 @@ class MenuManager $classname='class="tmenusel"'; // Show/Hide vertical menu - if ($mode != 'jmobile' && $mode != 'topnb' && (GETPOST('testmenuhider') || ! empty($conf->global->MAIN_TESTMENUHIDER)) && empty($conf->global->MAIN_OPTIMIZEFORTEXTBROWSER)) + if ($mode != 'jmobile' && $mode != 'topnb' && (GETPOST('testmenuhider','int') || ! empty($conf->global->MAIN_TESTMENUHIDER)) && empty($conf->global->MAIN_OPTIMIZEFORTEXTBROWSER)) { $showmode=1; $classname = 'class="tmenu menuhider"'; diff --git a/htdocs/core/search_page.php b/htdocs/core/search_page.php index ffbad81a30f..36f1e29e558 100644 --- a/htdocs/core/search_page.php +++ b/htdocs/core/search_page.php @@ -35,7 +35,6 @@ if (! defined('NOREQUIREMENU')) define('NOREQUIREMENU',1); require_once '../main.inc.php'; -if (GETPOST('lang')) $langs->setDefaultLang(GETPOST('lang')); // If language was forced on URL by the main.inc.php $langs->load("main"); $right=($langs->trans("DIRECTION")=='rtl'?'left':'right'); $left=($langs->trans("DIRECTION")=='rtl'?'right':'left'); diff --git a/htdocs/core/tpl/ajaxrow.tpl.php b/htdocs/core/tpl/ajaxrow.tpl.php index 0708ae07a51..96be9b49196 100644 --- a/htdocs/core/tpl/ajaxrow.tpl.php +++ b/htdocs/core/tpl/ajaxrow.tpl.php @@ -31,7 +31,7 @@ $forcereloadpage=empty($conf->global->MAIN_FORCE_RELOAD_PAGE)?0:1; $tagidfortablednd=(empty($tagidfortablednd)?'tablelines':$tagidfortablednd); $filepath=(empty($filepath)?'':$filepath); -if (GETPOST('action') != 'editline' && $nboflines > 1) { ?> +if (GETPOST('action','aZ09') != 'editline' && $nboflines > 1) { ?>