Merge pull request #12487 from grandoc/new_branch_21_11_2019

fix : invoid sql injection

htdocs/accountancy/bookkeeping/balance.php

@@ -38,7 +38,7 @@ require_once DOL_DOCUMENT_ROOT.'/core/class/html.formother.class.php';
 // Load translation files required by the page
 $langs->loadLangs(array("accountancy"));
 
-$page = GETPOST("page");
+$page = GETPOST("page", 'int');
 $sortorder = GETPOST("sortorder", 'alpha');
 $sortfield = GETPOST("sortfield", 'alpha');
 $action = GETPOST('action', 'aZ09');

htdocs/accountancy/bookkeeping/list.php

@@ -575,8 +575,8 @@ if ($action == 'delmouv') {
 }
 if ($action == 'delbookkeepingyear') {
 	$form_question = array();
-	$delyear = GETPOST('delyear');
-	$deljournal = GETPOST('deljournal');
+	$delyear = GETPOST('delyear', 'int');
+	$deljournal = GETPOST('deljournal', 'alpha');
 
 	if (empty($delyear)) {
 		$delyear = dol_print_date(dol_now(), '%Y');

htdocs/commande/list.php

@@ -80,7 +80,7 @@ $search_total_ttc = GETPOST('search_total_ttc', 'alpha');
 $search_categ_cus = trim(GETPOST("search_categ_cus", 'int'));
 $optioncss = GETPOST('optioncss', 'alpha');
 $billed = GETPOST('billed', 'int');
-$viewstatut = GETPOST('viewstatut');
+$viewstatut = GETPOST('viewstatut', 'int');
 $search_btn = GETPOST('button_search', 'alpha');
 $search_remove_btn = GETPOST('button_removefilter', 'alpha');
 $search_project_ref = GETPOST('search_project_ref', 'alpha');