From 77b9718473794675f8736716391ba6699c3a36e2 Mon Sep 17 00:00:00 2001 From: Regis Houssin Date: Fri, 13 Jul 2012 10:15:47 +0200 Subject: [PATCH] Fix: strict mode street --- htdocs/comm/propal/list.php | 4 +- htdocs/comm/propal/stats/index.php | 6 ++- htdocs/commande/class/commandestats.class.php | 2 +- htdocs/commande/index.php | 3 +- htdocs/commande/liste.php | 25 ++++++---- htdocs/commande/stats/index.php | 47 ++++++++++--------- htdocs/core/class/html.formmail.class.php | 2 + htdocs/core/lib/files.lib.php | 2 +- htdocs/core/lib/security2.lib.php | 14 +++--- htdocs/fourn/commande/document.php | 9 ++-- htdocs/fourn/commande/fiche.php | 4 +- htdocs/fourn/commande/history.php | 15 +++--- htdocs/fourn/commande/liste.php | 28 +++++------ htdocs/main.inc.php | 10 ++-- htdocs/user/logout.php | 5 +- 15 files changed, 99 insertions(+), 77 deletions(-) diff --git a/htdocs/comm/propal/list.php b/htdocs/comm/propal/list.php index 8da342ae7d6..ab967914c48 100644 --- a/htdocs/comm/propal/list.php +++ b/htdocs/comm/propal/list.php @@ -247,14 +247,14 @@ if ($result) $moreforfilter=''; // If the user can view prospects other than his' - if ($user->rights->societe->client->voir || $socid) // TODO same of the second !! + if ($user->rights->societe->client->voir || $socid) { $moreforfilter.=$langs->trans('ThirdPartiesOfSaleRepresentative'). ': '; $moreforfilter.=$formother->select_salesrepresentatives($search_sale,'search_sale',$user); $moreforfilter.='       '; } // If the user can view prospects other than his' - if ($user->rights->societe->client->voir || $socid) // TODO same of the first !! + if ($user->rights->societe->client->voir || $socid) { $moreforfilter.=$langs->trans('LinkedToSpecificUsers'). ': '; $moreforfilter.=$form->select_dolusers($search_user,'search_user',1); diff --git a/htdocs/comm/propal/stats/index.php b/htdocs/comm/propal/stats/index.php index 0617a1e5081..d891b18f8ef 100644 --- a/htdocs/comm/propal/stats/index.php +++ b/htdocs/comm/propal/stats/index.php @@ -206,7 +206,9 @@ if (! $mesg) $data = $stats->getAllByYear(); $arrayyears=array(); foreach($data as $val) { - $arrayyears[$val['year']]=$val['year']; + if (! empty($val['year'])) { + $arrayyears[$val['year']]=$val['year']; + } } if (! count($arrayyears)) $arrayyears[$nowyear]=$nowyear; @@ -265,7 +267,7 @@ foreach ($data as $val) { $year = $val['year']; //print $avg; // TODO $avg not defined ? - while ($oldyear > $year+1) + while (! empty($year) && $oldyear > $year+1) { // If we have empty year $oldyear--; print ''; diff --git a/htdocs/commande/class/commandestats.class.php b/htdocs/commande/class/commandestats.class.php index e8aa6c6ffea..5221b01fe1b 100644 --- a/htdocs/commande/class/commandestats.class.php +++ b/htdocs/commande/class/commandestats.class.php @@ -1,7 +1,7 @@ * Copyright (c) 2005 Laurent Destailleur - * Copyright (C) 2005-2009 Regis Houssin + * Copyright (C) 2005-2012 Regis Houssin * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by diff --git a/htdocs/commande/index.php b/htdocs/commande/index.php index c2000d6b8b1..283eea505eb 100644 --- a/htdocs/commande/index.php +++ b/htdocs/commande/index.php @@ -106,7 +106,8 @@ if ($resql) { //if ($row[1]!=-1 && ($row[1]!=3 || $row[2]!=1)) { - $bool=$row[2]?true:false; + $bool=(! empty($row[2])?true:false); + if (! isset($vals[$row[1].$bool])) $vals[$row[1].$bool]=0; $vals[$row[1].$bool]+=$row[0]; $totalinprocess+=$row[0]; } diff --git a/htdocs/commande/liste.php b/htdocs/commande/liste.php index 542727e08c6..5efeaad7b04 100644 --- a/htdocs/commande/liste.php +++ b/htdocs/commande/liste.php @@ -79,8 +79,10 @@ if (GETPOST("button_removefilter_x")) $search_refcustomer=''; $search_societe=''; $search_montant_ht=''; - $year=''; - $month=''; + $orderyear=''; + $ordermonth=''; + $deliverymonth=''; + $deliveryyear=''; } @@ -214,8 +216,10 @@ if ($resql) $title.=' - '.$langs->trans('StatusOrderToProcessShort'); $param='&socid='.$socid.'&viewstatut='.$viewstatut; - if ($month) $param.='&month='.$month; - if ($year) $param.='&year='.$year; + if ($ordermonth) $param.='&ordermonth='.$ordermonth; + if ($orderyear) $param.='&orderyear='.$orderyear; + if ($deliverymonth) $param.='&deliverymonth='.$deliverymonth; + if ($deliveryyear) $param.='&deliveryyear='.$deliveryyear; if ($sref) $param.='&sref='.$sref; if ($snom) $param.='&snom='.$snom; if ($sref_client) $param.='&sref_client='.$sref_client; @@ -231,6 +235,8 @@ if ($resql) print ''; + $moreforfilter=''; + // If the user can view prospects other than his' if ($user->rights->societe->client->voir || $socid) { @@ -244,7 +250,7 @@ if ($resql) $moreforfilter.=$langs->trans('LinkedToSpecificUsers'). ': '; $moreforfilter.=$form->select_dolusers($search_user,'search_user',1); } - if ($moreforfilter) + if (! empty($moreforfilter)) { print ''; print ''; - $var=True; + $var=true; + $total=0; + $subtotal=0; + $generic_commande = new Commande($db); while ($i < min($num,$limit)) { @@ -340,8 +349,8 @@ if ($resql) print ''; - $total = $total + $objp->price; - $subtotal = $subtotal + $objp->price; + $total+=$objp->total_ht; + $subtotal+=$objp->total_ht; $i++; } print '
'; @@ -273,7 +279,10 @@ if ($resql) print ''; print '
'; diff --git a/htdocs/commande/stats/index.php b/htdocs/commande/stats/index.php index 6ef7e808126..3e773b90a8e 100644 --- a/htdocs/commande/stats/index.php +++ b/htdocs/commande/stats/index.php @@ -1,6 +1,7 @@ * Copyright (c) 2004-2012 Laurent Destailleur + * Copyright (C) 2005-2012 Regis Houssin * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -71,7 +72,7 @@ if ($mode == 'supplier') $dir=$conf->fournisseur->dir_output.'/commande/temp'; } -print_fiche_titre($title, $mesg); +print_fiche_titre($title); dol_mkdir($dir); @@ -221,11 +222,12 @@ if (! $mesg) $data = $stats->getAllByYear(); $arrayyears=array(); foreach($data as $val) { - $arrayyears[$val['year']]=$val['year']; + if (! empty($val['year'])) { + $arrayyears[$val['year']]=$val['year']; + } } if (! count($arrayyears)) $arrayyears[$nowyear]=$nowyear; - $h=0; $head = array(); $head[$h][0] = DOL_URL_ROOT . '/commande/stats/index.php?mode='.$mode; @@ -236,6 +238,7 @@ $h++; if ($mode == 'customer') $type='order_stats'; if ($mode == 'supplier') $type='supplier_order_stats'; +$object=(object) array(); // TODO $object not defined ? complete_head_from_modules($conf,$langs,$object,$head,$h,$type); dol_fiche_head($head,'byyear',$langs->trans("Statistics")); @@ -280,24 +283,26 @@ print ''; $oldyear=0; foreach ($data as $val) { - $year = $val['year']; - while ($year && $oldyear > $year+1) - { // If we have empty year - $oldyear--; - print ''; - print ''.$oldyear.''; - print '0'; - print '0'; - print '0'; - print ''; - } - print ''; - print ''.$year.''; - print ''.$val['nb'].''; - print ''.price(price2num($val['total'],'MT'),1).''; - print ''.price(price2num($val['avg'],'MT'),1).''; - print ''; - $oldyear=$year; + $year = $val['year']; + while (! empty($year) && $oldyear > $year+1) + { // If we have empty year + $oldyear--; + print ''; + print ''.$oldyear.''; + + print '0'; + print '0'; + print '0'; + print ''; + } + + print ''; + print ''.$year.''; + print ''.$val['nb'].''; + print ''.price(price2num($val['total'],'MT'),1).''; + print ''.price(price2num($val['avg'],'MT'),1).''; + print ''; + $oldyear=$year; } print ''; diff --git a/htdocs/core/class/html.formmail.class.php b/htdocs/core/class/html.formmail.class.php index 55d7628ab19..f9913b92906 100644 --- a/htdocs/core/class/html.formmail.class.php +++ b/htdocs/core/class/html.formmail.class.php @@ -61,6 +61,7 @@ class FormMail var $withfilereadonly; var $withdeliveryreceipt; var $withcancel; + var $withfckeditor; var $substit=array(); var $param=array(); @@ -98,6 +99,7 @@ class FormMail $this->withfilereadonly=0; $this->withbodyreadonly=0; $this->withdeliveryreceiptreadonly=0; + $this->withfckeditor=0; return 1; } diff --git a/htdocs/core/lib/files.lib.php b/htdocs/core/lib/files.lib.php index d15219fb858..d1eabadedac 100644 --- a/htdocs/core/lib/files.lib.php +++ b/htdocs/core/lib/files.lib.php @@ -51,7 +51,7 @@ function dol_basename($pathfile) */ function dol_dir_list($path, $types="all", $recursive=0, $filter="", $excludefilter="", $sortcriteria="name", $sortorder=SORT_ASC, $mode=0) { - dol_syslog("files.lib.php::dol_dir_list path=".$path." types=".$types." recursive=".$recursive." filter=".$filter." excludefilter=".$excludefilter); + dol_syslog("files.lib.php::dol_dir_list path=".$path." types=".$types." recursive=".$recursive." filter=".$filter." excludefilter=".json_encode($excludefilter)); $loaddate=($mode==1||$mode==2)?true:false; $loadsize=($mode==1||$mode==3)?true:false; diff --git a/htdocs/core/lib/security2.lib.php b/htdocs/core/lib/security2.lib.php index 1c0d87a9e23..589075cc5f1 100644 --- a/htdocs/core/lib/security2.lib.php +++ b/htdocs/core/lib/security2.lib.php @@ -94,10 +94,10 @@ function checkLoginPassEntity($usertotest,$passwordtotest,$entitytotest,$authmod { $test=false; // To stop once at first login success $conf->authmode=$mode; // This properties is defined only when logged to say what mode was successfully used - $dol_tz=$_POST["tz"]; - $dol_dst=$_POST["dst"]; - $dol_screenwidth=$_POST["screenwidth"]; - $dol_screenheight=$_POST["screenheight"]; + $dol_tz=GETPOST('tz'); + $dol_dst=GETPOST('dst'); + $dol_screenwidth=GETPOST('screenwidth'); + $dol_screenheight=GETPOST('screenheight'); } } else @@ -206,7 +206,7 @@ function dol_loginfunction($langs,$conf,$mysoc) // Execute hook getLoginPageOptions // Should be an array with differents options in $hookmanager->resArray - $parameters=array('entity' => $_POST['entity']); + $parameters=array('entity' => GETPOST('entity','int')); $hookmanager->executeHooks('getLoginPageOptions',$parameters); // Note that $action and $object may have been modified by some hooks // Login @@ -276,10 +276,10 @@ function dol_loginfunction($langs,$conf,$mysoc) // Google AD $main_google_ad_client = ((! empty($conf->global->MAIN_GOOGLE_AD_CLIENT) && ! empty($conf->global->MAIN_GOOGLE_AD_SLOT))?1:0); - $dol_loginmesg = $_SESSION["dol_loginmesg"]; + $dol_loginmesg = (! empty($_SESSION["dol_loginmesg"])?$_SESSION["dol_loginmesg"]:''); $favicon=DOL_URL_ROOT.'/theme/'.$conf->theme.'/img/favicon.ico'; $jquerytheme = 'smoothness'; - if (!empty($conf->global->MAIN_USE_JQUERY_THEME)) $jquerytheme = $conf->global->MAIN_USE_JQUERY_THEME; + if (! empty($conf->global->MAIN_USE_JQUERY_THEME)) $jquerytheme = $conf->global->MAIN_USE_JQUERY_THEME; include($template_dir.'login.tpl.php'); // To use native PHP diff --git a/htdocs/fourn/commande/document.php b/htdocs/fourn/commande/document.php index b60a19e07a9..d35b8900596 100644 --- a/htdocs/fourn/commande/document.php +++ b/htdocs/fourn/commande/document.php @@ -2,7 +2,7 @@ /* Copyright (C) 2003-2007 Rodolphe Quiedeville * Copyright (C) 2004-2009 Laurent Destailleur * Copyright (C) 2005 Marc Barilley / Ocebo - * Copyright (C) 2005-2009 Regis Houssin + * Copyright (C) 2005-2012 Regis Houssin * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -47,6 +47,7 @@ $action = GETPOST('action','alpha'); $confirm = GETPOST('confirm','alpha'); $mesg=''; +$mesgs=array(); if (isset($_SESSION['DolMessage'])) { $mesg=$_SESSION['DolMessage']; @@ -84,7 +85,7 @@ $object->fetch_thirdparty(); */ // Envoi fichier -if ($_POST["sendit"] && ! empty($conf->global->MAIN_UPLOAD_DOC)) +if (GETPOST('sendit') && ! empty($conf->global->MAIN_UPLOAD_DOC)) { if (dol_mkdir($upload_dir) >= 0) { @@ -210,9 +211,9 @@ if ($object->id > 0) print "\n"; print "\n"; - + dol_htmloutput_mesg($mesg,$mesgs); - + /* * Confirmation suppression fichier */ diff --git a/htdocs/fourn/commande/fiche.php b/htdocs/fourn/commande/fiche.php index 9ac816f4db2..ef5d48c7d34 100644 --- a/htdocs/fourn/commande/fiche.php +++ b/htdocs/fourn/commande/fiche.php @@ -693,7 +693,7 @@ if (GETPOST('removedfile')) /* * Send mail */ -if ($action == 'send' && ! $_POST['addfile'] && ! $_POST['removedfile'] && ! $_POST['cancel']) +if ($action == 'send' && ! GETPOST('addfile') && ! GETPOST('removedfile') && ! GETPOST('cancel')) { $langs->load('mails'); @@ -1747,7 +1747,7 @@ if ($id > 0 || ! empty($ref)) $formmail->withtosocid=$soc->id; $formmail->withtocc=1; $formmail->withtoccsocid=0; - $formmail->withtoccc=$conf->global->MAIN_EMAIL_USECCC; + $formmail->withtoccc=(! empty($conf->global->MAIN_EMAIL_USECCC)?$conf->global->MAIN_EMAIL_USECCC:false); $formmail->withtocccsocid=0; $formmail->withtopic=$langs->trans('SendOrderRef','__ORDERREF__'); $formmail->withfile=2; diff --git a/htdocs/fourn/commande/history.php b/htdocs/fourn/commande/history.php index 1dcd927f2ae..499565927a3 100644 --- a/htdocs/fourn/commande/history.php +++ b/htdocs/fourn/commande/history.php @@ -1,7 +1,7 @@ * Copyright (C) 2004-2009 Laurent Destailleur - * Copyright (C) 2005-2009 Regis Houssin + * Copyright (C) 2005-2012 Regis Houssin * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -32,9 +32,12 @@ $langs->load("suppliers"); $langs->load("companies"); $langs->load('stocks'); +$id=GETPOST('id','int'); +$ref=GETPOST('ref','alpha'); + // Security check -$id = isset($_GET["id"])?$_GET["id"]:''; -if ($user->societe_id) $socid=$user->societe_id; +$socid=''; +if (! empty($user->societe_id)) $socid=$user->societe_id; $result = restrictedArea($user, 'commande_fournisseur', $id,''); @@ -46,14 +49,12 @@ $form = new Form($db); $now=dol_now(); -$ref= $_GET['ref']; - if ($id > 0 || ! empty($ref)) { $soc = new Societe($db); $commande = new CommandeFournisseur($db); - $result=$commande->fetch($_GET["id"],$_GET['ref']); + $result=$commande->fetch($id,$ref); if ($result >= 0) { $soc->fetch($commande->socid); @@ -184,7 +185,7 @@ if ($id > 0 || ! empty($ref)) } } -$db->close(); llxFooter(); +$db->close(); ?> diff --git a/htdocs/fourn/commande/liste.php b/htdocs/fourn/commande/liste.php index 3e182374e84..8c76b779730 100644 --- a/htdocs/fourn/commande/liste.php +++ b/htdocs/fourn/commande/liste.php @@ -1,7 +1,7 @@ * Copyright (C) 2004-2010 Laurent Destailleur - * Copyright (C) 2005-2011 Regis Houssin + * Copyright (C) 2005-2012 Regis Houssin * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -29,19 +29,19 @@ require_once(DOL_DOCUMENT_ROOT."/fourn/class/fournisseur.commande.class.php"); $langs->load("orders"); -$sref=isset($_GET['search_ref'])?$_GET['search_ref']:$_POST['search_ref']; -$snom=isset($_GET['search_nom'])?$_GET['search_nom']:$_POST['search_nom']; -$suser=isset($_GET['search_user'])?$_GET['search_user']:$_POST['search_user']; -$sttc=isset($_GET['search_ttc'])?$_GET['search_ttc']:$_POST['search_ttc']; -$sall=isset($_GET['search_all'])?$_GET['search_all']:$_POST['search_all']; +$sref=GETPOST('search_ref'); +$snom=GETPOST('search_nom'); +$suser=GETPOST('search_user'); +$sttc=GETPOST('search_ttc'); +$sall=GETPOST('search_all'); -$page = (is_numeric($_GET["page"]) ? $_GET["page"] : 0); -$socid = (is_numeric($_GET["socid"]) ? $_GET["socid"] : 0); -$sortorder = $_GET["sortorder"]; -$sortfield = $_GET["sortfield"]; +$page = GETPOST('page','int'); +$socid = GETPOST('socid','int'); +$sortorder = GETPOST('sortorder'); +$sortfield = GETPOST('sortfield'); // Security check -$orderid = isset($_GET["orderid"])?$_GET["orderid"]:''; +$orderid = GETPOST('orderid'); if ($user->societe_id) $socid=$user->societe_id; $result = restrictedArea($user, 'commande_fournisseur', $orderid,''); @@ -105,9 +105,9 @@ if ($sall) } if ($socid) $sql.= " AND s.rowid = ".$socid; -if (dol_strlen($_GET["statut"])) +if (GETPOST('statut')) { - $sql .= " AND fk_statut =".$_GET["statut"]; + $sql .= " AND fk_statut =".GETPOST('statut'); } $sql .= " ORDER BY $sortfield $sortorder " . $db->plimit($conf->liste_limit+1, $offset); @@ -200,7 +200,7 @@ else dol_print_error($db); } -$db->close(); llxFooter(); +$db->close(); ?> diff --git a/htdocs/main.inc.php b/htdocs/main.inc.php index 5ae9909408b..7d8a41d5740 100644 --- a/htdocs/main.inc.php +++ b/htdocs/main.inc.php @@ -274,7 +274,7 @@ if (! empty($conf->global->MAIN_SECURITY_CSRF)) // Check validity of token, only { if (($_POST['token'] != $_SESSION['token'])) { - dol_syslog("Invalid token in ".$_SERVER['HTTP_REFERER'].", action=".$_POST['action'].", _POST['token']=".$_POST['token'].", _SESSION['token']=".$_SESSION['token'],LOG_WARNING); + dol_syslog("Invalid token in ".$_SERVER['HTTP_REFERER'].", action=".GETPOST('action').", _POST['token']=".GETPOST('token').", _SESSION['token']=".$_SESSION['token'],LOG_WARNING); //print 'Unset POST by CSRF protection in main.inc.php.'; // Do not output anything because this create problems when using the BACK button on browsers. unset($_POST); } @@ -328,7 +328,7 @@ if (! defined('NOLOGIN')) include_once(DOL_DOCUMENT_ROOT.'/core/lib/security2.lib.php'); // If in demo mode, we check we go to home page through the public/demo/index.php page - if ($dolibarr_main_demo && $_SERVER['PHP_SELF'] == DOL_URL_ROOT.'/index.php') // We ask index page + if (! empty($dolibarr_main_demo) && $_SERVER['PHP_SELF'] == DOL_URL_ROOT.'/index.php') // We ask index page { if (! preg_match('/public/',$_SERVER['HTTP_REFERER'])) { @@ -367,8 +367,8 @@ if (! defined('NOLOGIN')) } $usertotest = (! empty($_COOKIE['login_dolibarr']) ? $_COOKIE['login_dolibarr'] : GETPOST("username","alpha",2)); - $passwordtotest = (! empty($_COOKIE['password_dolibarr']) ? $_COOKIE['password_dolibarr'] : $_POST["password"]); - $entitytotest = (! empty($_POST["entity"]) ? $_POST["entity"] : 1); + $passwordtotest = (! empty($_COOKIE['password_dolibarr']) ? $_COOKIE['password_dolibarr'] : GETPOST('password')); + $entitytotest = (GETPOST('entity','int') ? GETPOST('entity','int') : 1); // Validation of login/pass/entity // If ok, the variable login will be returned @@ -556,7 +556,7 @@ if (! defined('NOLOGIN')) // Call triggers include_once(DOL_DOCUMENT_ROOT . "/core/class/interfaces.class.php"); $interface=new Interfaces($db); - $result=$interface->run_triggers('USER_LOGIN',$user,$user,$langs,$conf,$_POST["entity"]); + $result=$interface->run_triggers('USER_LOGIN',$user,$user,$langs,$conf,GETPOST('entity','int')); if ($result < 0) { $error++; } diff --git a/htdocs/user/logout.php b/htdocs/user/logout.php index dcd3d283576..572aea960e7 100644 --- a/htdocs/user/logout.php +++ b/htdocs/user/logout.php @@ -2,7 +2,7 @@ /* Copyright (C) 2004 Rodolphe Quiedeville * Copyright (C) 2003 Xavier Dutoit * Copyright (C) 2004-2009 Laurent Destailleur - * Copyright (C) 2005-2009 Regis Houssin + * Copyright (C) 2005-2012 Regis Houssin * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -50,7 +50,8 @@ if ($result < 0) { $error++; } $urlfrom=empty($_SESSION["urlfrom"])?'':$_SESSION["urlfrom"]; // Destroy some cookies -if ($conf->phenix->enabled && $conf->phenix->cookie) +// TODO external module +if (! empty($conf->phenix->enabled) && ! empty($conf->phenix->cookie)) { // Destroy cookie setcookie($conf->phenix->cookie, '', 1, "/");