diff --git a/htdocs/public/paybox/newpayment.php b/htdocs/public/paybox/newpayment.php
index e09f0b1f174..17a56fcc253 100644
--- a/htdocs/public/paybox/newpayment.php
+++ b/htdocs/public/paybox/newpayment.php
@@ -54,7 +54,7 @@ $langs->load("paybox");
// currency (iso code)
$suffix=GETPOST("suffix",'alpha');
-$amount=GETPOST("amount");
+$amount=price2num(GETPOST("amount"));
if (! GETPOST("currency",'alpha')) $currency=$conf->global->MAIN_MONNAIE;
else $currency=GETPOST("currency",'alpha');
@@ -65,12 +65,12 @@ if (! GETPOST("action"))
dol_print_error('',$langs->trans('ErrorBadParameters')." - amount or source");
exit;
}
- if (is_numeric($amount) && empty($_REQUEST["tag"]) && empty($_REQUEST["source"]))
+ if (is_numeric($amount) && ! GETPOST("tag") && ! GETPOST("source"))
{
dol_print_error('',$langs->trans('ErrorBadParameters')." - tag or source");
exit;
}
- if (! empty($REQUEST["source"]) && empty($_REQUEST["ref"]))
+ if (GETPOST("source") && ! GETPOST("ref"))
{
dol_print_error('',$langs->trans('ErrorBadParameters')." - ref");
exit;
@@ -81,6 +81,7 @@ $urlwithouturlroot=preg_replace('/'.preg_quote(DOL_URL_ROOT,'/').'$/i','',$dolib
$urlok=$urlwithouturlroot.DOL_URL_ROOT.'/public/paypal/paymentok.php?';
$urlko=$urlwithouturlroot.DOL_URL_ROOT.'/public/paypal/paymentko.php?';
+// Complete urls
$TAG=GETPOST("tag",'alpha');
$FULLTAG=GETPOST("fulltag",'alpha'); // fulltag is tag with more informations
@@ -94,12 +95,14 @@ if (!empty($FULLTAG))
$urlok.='fulltag='.urlencode($FULLTAG).'&';
$urlko.='fulltag='.urlencode($FULLTAG).'&';
}
+$urlok=preg_replace('/&$/','',$urlok); // Remove last &
+$urlko=preg_replace('/&$/','',$urlko); // Remove last &
/*
* Actions
*/
-if ($_REQUEST["action"] == 'dopayment')
+if (GETPOST("action") == 'dopayment')
{
$PRICE=price2num(GETPOST("newamount"),'MT');
$EMAIL=GETPOST("EMAIL");
@@ -198,11 +201,11 @@ $var=false;
// Free payment
-if (empty($_REQUEST["source"]))
+if (! GETPOST("source"))
{
$found=true;
- $tag=$_REQUEST["tag"];
- $fulltag=$tag;
+ $tag=GETPOST("tag");
+ $fulltag=$tag;
// Creditor
$var=!$var;
@@ -216,7 +219,7 @@ if (empty($_REQUEST["source"]))
print '| '.$langs->trans("Amount");
if (empty($amount)) print ' ('.$langs->trans("ToComplete").')';
print ' | ';
- if (empty($amount) || ! is_numeric($amount)) print '';
+ if (empty($amount) || ! is_numeric($amount)) print '';
else {
print ''.price($amount).'';
print '';
@@ -239,12 +242,12 @@ if (empty($_REQUEST["source"]))
$var=!$var;
print ' |
| '.$langs->trans("YourEMail");
print ' ('.$langs->trans("ToComplete").')';
- print ' | |
'."\n";
+ print ' | '."\n";
}
// Payment on customer order
-if ($_REQUEST["source"] == 'order')
+if (GETPOST("source") == 'order')
{
$found=true;
$langs->load("orders");
@@ -264,7 +267,8 @@ if ($_REQUEST["source"] == 'order')
}
$amount=$order->total_ttc;
- if ($_REQUEST["amount"]) $amount=$_REQUEST["amount"];
+ if (GETPOST("amount",'int')) $amount=GETPOST("amount",'int');
+ $amount=price2num($amount);
$fulltag='IR='.$order->ref.'.TPID='.$order->client->id.'.TP='.strtr($order->client->nom,"-"," ");
if (! empty($_REQUEST["tag"])) { $tag=$_REQUEST["tag"]; $fulltag.='.TAG='.$_REQUEST["tag"]; }
@@ -287,7 +291,7 @@ if ($_REQUEST["source"] == 'order')
$text=''.$langs->trans("PaymentOrderRef",$order->ref).'';
print '| '.$langs->trans("Designation");
print ' | '.$text;
- print '';
+ print '';
print '';
print ' |
'."\n";
@@ -296,7 +300,7 @@ if ($_REQUEST["source"] == 'order')
print '| '.$langs->trans("Amount");
if (empty($amount)) print ' ('.$langs->trans("ToComplete").')';
print ' | ';
- if (empty($amount) || ! is_numeric($amount)) print '';
+ if (empty($amount) || ! is_numeric($amount)) print '';
else {
print ''.price($amount).'';
print '';
@@ -326,7 +330,7 @@ if ($_REQUEST["source"] == 'order')
// Payment on customer invoice
-if ($_REQUEST["source"] == 'invoice')
+if (GETPOST("source") == 'invoice')
{
$found=true;
$langs->load("bills");
@@ -346,7 +350,8 @@ if ($_REQUEST["source"] == 'invoice')
}
$amount=$invoice->total_ttc - $invoice->getSommePaiement();
- if ($_REQUEST["amount"]) $amount=$_REQUEST["amount"];
+ if (GETPOST("amount",'int')) $amount=GETPOST("amount",'int');
+ $amount=price2num($amount);
$fulltag='IR='.$invoice->ref.'.TPID='.$invoice->client->id.'.TP='.strtr($invoice->client->nom,"-"," ");
if (! empty($_REQUEST["tag"])) { $tag=$_REQUEST["tag"]; $fulltag.='.TAG='.$_REQUEST["tag"]; }
@@ -369,7 +374,7 @@ if ($_REQUEST["source"] == 'invoice')
$text=''.$langs->trans("PaymentInvoiceRef",$invoice->ref).'';
print ' |
| '.$langs->trans("Designation");
print ' | '.$text;
- print '';
+ print '';
print '';
print ' |
'."\n";
@@ -378,7 +383,7 @@ if ($_REQUEST["source"] == 'invoice')
print '| '.$langs->trans("Amount");
if (empty($amount)) print ' ('.$langs->trans("ToComplete").')';
print ' | ';
- if (empty($amount) || ! is_numeric($amount)) print '';
+ if (empty($amount) || ! is_numeric($amount)) print '';
else {
print ''.price($amount).'';
print '';
@@ -407,7 +412,7 @@ if ($_REQUEST["source"] == 'invoice')
}
// Payment on contract line
-if ($_REQUEST["source"] == 'contractline')
+if (GETPOST("source") == 'contractline')
{
$found=true;
$langs->load("contracts");
@@ -471,7 +476,8 @@ if ($_REQUEST["source"] == 'contractline')
exit;
}
}
- if ($_REQUEST["amount"]) $amount=$_REQUEST["amount"];
+ if (GETPOST("amount",'int')) $amount=GETPOST("amount",'int');
+ $amount=price2num($amount);
$fulltag='CLR='.$contractline->ref.'.CR='.$contract->ref.'.TPID='.$contract->client->id.'.TP='.strtr($contract->client->nom,"-"," ");
if (! empty($_REQUEST["tag"])) { $tag=$_REQUEST["tag"]; $fulltag.='.TAG='.$_REQUEST["tag"]; }
@@ -511,7 +517,7 @@ if ($_REQUEST["source"] == 'contractline')
print ' |
| '.$langs->trans("Designation");
print ' | '.$text;
- print '';
+ print '';
print '';
print ' |
'."\n";
@@ -540,7 +546,7 @@ if ($_REQUEST["source"] == 'contractline')
}
print '| '.$label.' | ';
print ''.($duration?$duration:$qty).'';
- print '';
+ print '';
print ' |
'."\n";
// Amount
@@ -578,7 +584,7 @@ if ($_REQUEST["source"] == 'contractline')
}
// Payment on member subscription
-if ($_REQUEST["source"] == 'membersubscription')
+if (GETPOST("source") == 'membersubscription')
{
$found=true;
$langs->load("members");
@@ -587,7 +593,7 @@ if ($_REQUEST["source"] == 'membersubscription')
require_once(DOL_DOCUMENT_ROOT."/adherents/class/cotisation.class.php");
$member=new Adherent($db);
- $result=$member->fetch('',$_REQUEST["ref"]);
+ $result=$member->fetch('',GETPOST("ref"));
if ($result < 0)
{
$mesg=$member->error;
@@ -599,7 +605,8 @@ if ($_REQUEST["source"] == 'membersubscription')
}
$amount=$subscription->total_ttc;
- if ($_REQUEST["amount"]) $amount=$_REQUEST["amount"];
+ if (GETPOST("amount",'int')) $amount=GETPOST("amount",'int');
+ $amount=price2num($amount);
$fulltag='MID='.$member->id.'.M='.strtr($member->getFullName($langs),"-"," ");
if (! empty($_REQUEST["tag"])) { $tag=$_REQUEST["tag"]; $fulltag.='.TAG='.$_REQUEST["tag"]; }
@@ -622,7 +629,7 @@ if ($_REQUEST["source"] == 'membersubscription')
$text=''.$langs->trans("PaymentSubscription").'';
print '| '.$langs->trans("Designation");
print ' | '.$text;
- print '';
+ print '';
print '';
print ' |
'."\n";
diff --git a/htdocs/public/paypal/newpayment.php b/htdocs/public/paypal/newpayment.php
index 6c9ebe9321c..f41f3ccfdfe 100755
--- a/htdocs/public/paypal/newpayment.php
+++ b/htdocs/public/paypal/newpayment.php
@@ -48,10 +48,6 @@ $langs->load("errors");
$langs->load("paybox");
$langs->load("paypal");
-$urlwithouturlroot=preg_replace('/'.preg_quote(DOL_URL_ROOT,'/').'$/i','',$dolibarr_main_url_root);
-$urlok=$urlwithouturlroot.DOL_URL_ROOT.'/public/paypal/paymentok.php?';
-$urlko=$urlwithouturlroot.DOL_URL_ROOT.'/public/paypal/paymentko.php?';
-
// Input are:
// type ('invoice','order','contractline'),
// id (object id),
@@ -60,7 +56,7 @@ $urlko=$urlwithouturlroot.DOL_URL_ROOT.'/public/paypal/paymentko.php?';
// currency (iso code)
$suffix=GETPOST("suffix",'alpha');
-$amount=GETPOST("amount");
+$amount=price2num(GETPOST("amount"));
if (! GETPOST("currency",'alpha')) $currency=$conf->global->MAIN_MONNAIE;
else $currency=GETPOST("currency",'alpha');
@@ -71,21 +67,26 @@ if (! GETPOST("action"))
dol_print_error('',$langs->trans('ErrorBadParameters')." - amount or source");
exit;
}
- if (is_numeric($amount) && empty($_REQUEST["tag"]) && empty($_REQUEST["source"]))
+ if (is_numeric($amount) && ! GETPOST("tag") && ! GETPOST("source"))
{
dol_print_error('',$langs->trans('ErrorBadParameters')." - tag or source");
exit;
}
- if (! empty($REQUEST["source"]) && empty($_REQUEST["ref"]))
+ if (GETPOST("source") && ! GETPOST("ref"))
{
dol_print_error('',$langs->trans('ErrorBadParameters')." - ref");
exit;
}
}
+$urlwithouturlroot=preg_replace('/'.preg_quote(DOL_URL_ROOT,'/').'$/i','',$dolibarr_main_url_root);
+$urlok=$urlwithouturlroot.DOL_URL_ROOT.'/public/paypal/paymentok.php?';
+$urlko=$urlwithouturlroot.DOL_URL_ROOT.'/public/paypal/paymentko.php?';
+
// Complete urls
$TAG=GETPOST("tag",'alpha');
$FULLTAG=GETPOST("fulltag",'alpha'); // fulltag is tag with more informations
+
if (!empty($TAG))
{
$urlok.='tag='.urlencode($TAG).'&';
@@ -281,12 +282,12 @@ $var=false;
// Free payment
-if (empty($_REQUEST["source"]))
+if (! GETPOST("source"))
{
$found=true;
- $tag=$_REQUEST["tag"];
+ $tag=GETPOST("tag");
$fulltag=$tag;
-
+
// Creditor
$var=!$var;
print '| '.$langs->trans("Creditor");
@@ -299,7 +300,7 @@ if (empty($_REQUEST["source"]))
print ' |
| '.$langs->trans("Amount");
if (empty($amount)) print ' ('.$langs->trans("ToComplete").')';
print ' | ';
- if (empty($amount) || ! is_numeric($amount)) print '';
+ if (empty($amount) || ! is_numeric($amount)) print '';
else {
print ''.price($amount).'';
print '';
@@ -322,7 +323,7 @@ if (empty($_REQUEST["source"]))
$var=!$var;
print ' |
| '.$langs->trans("YourEMail");
print ' ('.$langs->trans("ToComplete").')';
- print ' | |
'."\n";
+ print ' | '."\n";
// We do not add fields shipToName, shipToStreet, shipToCity, shipToState, shipToCountryCode, shipToZip, shipToStreet2, phoneNum
// as they don't exists (buyer is unknown, tag is free).
@@ -330,7 +331,7 @@ if (empty($_REQUEST["source"]))
// Payment on customer order
-if ($_REQUEST["source"] == 'order')
+if (GETPOST("source") == 'order')
{
$found=true;
$langs->load("orders");
@@ -350,7 +351,8 @@ if ($_REQUEST["source"] == 'order')
}
$amount=$order->total_ttc;
- if ($_REQUEST["amount"]) $amount=$_REQUEST["amount"];
+ if (GETPOST("amount",'int')) $amount=GETPOST("amount",'int');
+ $amount=price2num($amount);
$fulltag='ORD='.$order->ref.'.CUS='.$order->client->id;
//$fulltag.='.NAM='.strtr($order->client->nom,"-"," ");
@@ -374,7 +376,7 @@ if ($_REQUEST["source"] == 'order')
$text=''.$langs->trans("PaymentOrderRef",$order->ref).'';
print '| '.$langs->trans("Designation");
print ' | '.$text;
- print '';
+ print '';
print '';
print ' |
'."\n";
@@ -383,7 +385,7 @@ if ($_REQUEST["source"] == 'order')
print '| '.$langs->trans("Amount");
if (empty($amount)) print ' ('.$langs->trans("ToComplete").')';
print ' | ';
- if (empty($amount) || ! is_numeric($amount)) print '';
+ if (empty($amount) || ! is_numeric($amount)) print '';
else {
print ''.price($amount).'';
print '';
@@ -438,7 +440,7 @@ if ($_REQUEST["source"] == 'order')
// Payment on customer invoice
-if ($_REQUEST["source"] == 'invoice')
+if (GETPOST("source") == 'invoice')
{
$found=true;
$langs->load("bills");
@@ -457,8 +459,9 @@ if ($_REQUEST["source"] == 'invoice')
$result=$invoice->fetch_thirdparty($invoice->socid);
}
- $amount=$invoice->total_ttc - $invoice->getSommePaiement();
- if ($_REQUEST["amount"]) $amount=$_REQUEST["amount"];
+ $amount=price2num($invoice->total_ttc - $invoice->getSommePaiement());
+ if (GETPOST("amount",'int')) $amount=GETPOST("amount",'int');
+ $amount=price2num($amount);
$fulltag='INV='.$invoice->ref.'.CUS='.$invoice->client->id;
//$fulltag.='.NAM='.strtr($invoice->client->nom,"-"," ");
@@ -482,7 +485,7 @@ if ($_REQUEST["source"] == 'invoice')
$text=''.$langs->trans("PaymentInvoiceRef",$invoice->ref).'';
print ' |
| '.$langs->trans("Designation");
print ' | '.$text;
- print '';
+ print '';
print '';
print ' |
'."\n";
@@ -491,7 +494,7 @@ if ($_REQUEST["source"] == 'invoice')
print '| '.$langs->trans("Amount");
if (empty($amount)) print ' ('.$langs->trans("ToComplete").')';
print ' | ';
- if (empty($amount) || ! is_numeric($amount)) print '';
+ if (empty($amount) || ! is_numeric($amount)) print '';
else {
print ''.price($amount).'';
print '';
@@ -545,7 +548,7 @@ if ($_REQUEST["source"] == 'invoice')
}
// Payment on contract line
-if ($_REQUEST["source"] == 'contractline')
+if (GETPOST("source") == 'contractline')
{
$found=true;
$langs->load("contracts");
@@ -609,7 +612,8 @@ if ($_REQUEST["source"] == 'contractline')
exit;
}
}
- if ($_REQUEST["amount"]) $amount=$_REQUEST["amount"];
+ if (GETPOST("amount",'int')) $amount=GETPOST("amount",'int');
+ $amount=price2num($amount);
$fulltag='COL='.$contractline->ref.'.CON='.$contract->ref.'.CUS='.$contract->client->id;
//$fulltag.='.NAM='.strtr($contract->client->nom,"-"," ");
@@ -650,7 +654,7 @@ if ($_REQUEST["source"] == 'contractline')
print ' |
| '.$langs->trans("Designation");
print ' | '.$text;
- print '';
+ print '';
print '';
print ' |
'."\n";
@@ -679,7 +683,7 @@ if ($_REQUEST["source"] == 'contractline')
}
print '| '.$label.' | ';
print ''.($duration?$duration:$qty).'';
- print '';
+ print '';
print ' |
'."\n";
// Amount
@@ -687,7 +691,7 @@ if ($_REQUEST["source"] == 'contractline')
print '| '.$langs->trans("Amount");
if (empty($amount)) print ' ('.$langs->trans("ToComplete").')';
print ' | ';
- if (empty($amount) || ! is_numeric($amount)) print '';
+ if (empty($amount) || ! is_numeric($amount)) print '';
else {
print ''.price($amount).'';
print '';
@@ -741,7 +745,7 @@ if ($_REQUEST["source"] == 'contractline')
}
// Payment on member subscription
-if ($_REQUEST["source"] == 'membersubscription')
+if (GETPOST("source") == 'membersubscription')
{
$found=true;
$langs->load("members");
@@ -762,7 +766,8 @@ if ($_REQUEST["source"] == 'membersubscription')
}
$amount=$subscription->total_ttc;
- if ($_REQUEST["amount"]) $amount=$_REQUEST["amount"];
+ if (GETPOST("amount",'int')) $amount=GETPOST("amount",'int');
+ $amount=price2num($amount);
$fulltag='MEM='.$member->id;
//$fulltag.='.NAM='.strtr($member->getFullName($langs),"-"," ");
@@ -786,7 +791,7 @@ if ($_REQUEST["source"] == 'membersubscription')
$text=''.$langs->trans("PaymentSubscription").'';
print ' |
| '.$langs->trans("Designation");
print ' | '.$text;
- print '';
+ print '';
print '';
print ' |
'."\n";
@@ -795,7 +800,7 @@ if ($_REQUEST["source"] == 'membersubscription')
print '| '.$langs->trans("Amount");
if (empty($amount)) print ' ('.$langs->trans("ToComplete").')';
print ' | ';
- if (empty($amount) || ! is_numeric($amount)) print '';
+ if (empty($amount) || ! is_numeric($amount)) print '';
else {
print ''.price($amount).'';
print '';
|