From 733350f2b829bb76b98bd3e3b706d62a71886e0e Mon Sep 17 00:00:00 2001
From: Regis Houssin <regis@dolibarr.fr>
Date: Sun, 11 Mar 2012 09:31:43 +0100
Subject: [PATCH] Fix: more simple

---
 htdocs/core/ajax/loadinplace.php | 23 +++++++++++------------
 htdocs/core/ajax/saveinplace.php | 23 +++++++++++------------
 2 files changed, 22 insertions(+), 24 deletions(-)

diff --git a/htdocs/core/ajax/loadinplace.php b/htdocs/core/ajax/loadinplace.php
index 7042973f84e..152ba07288d 100644
--- a/htdocs/core/ajax/loadinplace.php
+++ b/htdocs/core/ajax/loadinplace.php
@@ -30,6 +30,11 @@ if (! defined('NOREQUIRESOC'))   define('NOREQUIRESOC','1');
 require('../../main.inc.php');
 require_once(DOL_DOCUMENT_ROOT."/core/class/genericobject.class.php");
 
+$field			= GETPOST('field','alpha');
+$element		= GETPOST('element','alpha');
+$table_element	= GETPOST('table_element','alpha');
+$fk_element		= GETPOST('fk_element','alpha');
+
 /*
  * View
  */
@@ -39,18 +44,12 @@ top_httphead();
 //print '<!-- Ajax page called with url '.$_SERVER["PHP_SELF"].'?'.$_SERVER["QUERY_STRING"].' -->'."\n";
 
 // Load original field value
-if((isset($_GET['field']) && ! empty($_GET['field']))
-	&& (isset($_GET['element']) && ! empty($_GET['element']))
-	&& (isset($_GET['table_element']) && ! empty($_GET['table_element']))
-	&& (isset($_GET['fk_element']) && ! empty($_GET['fk_element'])))
+if (! empty($field) && ! empty($element) && ! empty($table_element) && ! empty($fk_element))
 {
-	$element			= GETPOST('element','alpha');
-	$table_element		= GETPOST('table_element','alpha');
-	$fk_element			= GETPOST('fk_element','alpha');
-	$ext_element		= GETPOST('ext_element','alpha');
-	$field				= substr(GETPOST('field','alpha'), 8); // remove prefix val_
-	$type				= GETPOST('type','alpha');
-	$loadmethod			= (GETPOST('loadmethod','alpha') ? GETPOST('loadmethod','alpha') : 'getValueFrom');
+	$ext_element	= GETPOST('ext_element','alpha');
+	$field			= substr($field, 8); // remove prefix val_
+	$type			= GETPOST('type','alpha');
+	$loadmethod		= (GETPOST('loadmethod','alpha') ? GETPOST('loadmethod','alpha') : 'getValueFrom');
 	
 	if ($element != 'order_supplier' && $element != 'invoice_supplier' && preg_match('/^([^_]+)_([^_]+)/i',$element,$regs))
 	{
@@ -78,7 +77,7 @@ if((isset($_GET['field']) && ! empty($_GET['field']))
 		if ($type == 'select')
 		{
 			$methodname	= 'load_cache_'.$loadmethod;
-			$cachename = 'cache_'.GETPOST('loadmethod');
+			$cachename = 'cache_'.GETPOST('loadmethod','alpha');
 			
 			$form = new Form($db);
 			if (method_exists($form, $methodname))
diff --git a/htdocs/core/ajax/saveinplace.php b/htdocs/core/ajax/saveinplace.php
index 5f5dc00cad6..bdedcd6b2db 100644
--- a/htdocs/core/ajax/saveinplace.php
+++ b/htdocs/core/ajax/saveinplace.php
@@ -30,6 +30,11 @@ if (! defined('NOREQUIRESOC'))   define('NOREQUIRESOC','1');
 require('../../main.inc.php');
 require_once(DOL_DOCUMENT_ROOT."/core/class/genericobject.class.php");
 
+$field			= GETPOST('field','alpha');
+$element		= GETPOST('element','alpha');
+$table_element	= GETPOST('table_element','alpha');
+$fk_element		= GETPOST('fk_element','alpha');
+
 /*
  * View
  */
@@ -40,16 +45,10 @@ top_httphead();
 //print_r($_POST);
 
 // Load original field value
-if((isset($_POST['field']) && ! empty($_POST['field']))
-	&& (isset($_POST['element']) && ! empty($_POST['element']))
-	&& (isset($_POST['table_element']) && ! empty($_POST['table_element']))
-	&& (isset($_POST['fk_element']) && ! empty($_POST['fk_element'])))
+if (! empty($field) && ! empty($element) && ! empty($table_element) && ! empty($fk_element))
 {
-	$element			= GETPOST('element','alpha');
-	$table_element		= GETPOST('table_element','alpha');
-	$fk_element			= GETPOST('fk_element','alpha');
 	$ext_element		= GETPOST('ext_element','alpha');
-	$field				= substr(GETPOST('field','alpha'), 8); // remove prefix val_
+	$field				= substr($field, 8); // remove prefix val_
 	$value				= GETPOST('value','alpha');
 	$type				= GETPOST('type','alpha');
 	$savemethod			= GETPOST('savemethod','alpha');
@@ -99,15 +98,15 @@ if((isset($_POST['field']) && ! empty($_POST['field']))
 		}
 		else if ($type == 'datepicker')
 		{
-			$timestamp	= GETPOST('timestamp');
+			$timestamp	= GETPOST('timestamp','int');
 			$format		= 'date';
 			$newvalue	= ($timestamp / 1000);
 		}
 		else if ($type == 'select')
 		{
-			$loadmethodname	= 'load_cache_'.GETPOST('loadmethod');
-			$loadcachename	= 'cache_'.GETPOST('loadmethod');
-			$loadviewname	= 'view_'.GETPOST('loadmethod');
+			$loadmethodname	= 'load_cache_'.GETPOST('loadmethod','alpha');
+			$loadcachename	= 'cache_'.GETPOST('loadmethod','alpha');
+			$loadviewname	= 'view_'.GETPOST('loadmethod','alpha');
 
 			$form = new Form($db);
 			if (method_exists($form, $loadmethodname))