From 8184eff66cf2de5d2d2eacb6e494b37de5406111 Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Mon, 9 Jul 2018 15:25:14 +0200
Subject: [PATCH] Fix for #9079

---
 htdocs/admin/const.php           | 6 +++---
 htdocs/admin/defaultvalues.php   | 2 +-
 htdocs/admin/menus/edit.php      | 2 +-
 htdocs/admin/system/dolibarr.php | 2 +-
 htdocs/admin/translation.php     | 2 +-
 5 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/htdocs/admin/const.php b/htdocs/admin/const.php
index 7d7b8a8510c..c91caea435c 100644
--- a/htdocs/admin/const.php
+++ b/htdocs/admin/const.php
@@ -36,11 +36,11 @@ $rowid=GETPOST('rowid','int');
 $entity=GETPOST('entity','int');
 $action=GETPOST('action','alpha');
 $update=GETPOST('update','alpha');
-$delete=GETPOST('delete');	// Do not use alpha here
+$delete=GETPOST('delete','none');	// Do not use alpha here
 $debug=GETPOST('debug','int');
 $consts=GETPOST('const','array');
 $constname=GETPOST('constname','alpha');
-$constvalue=GETPOST('constvalue');
+$constvalue=GETPOST('constvalue','none');	// We shoul dbe able to send everything here
 $constnote=GETPOST('constnote','alpha');
 
 
@@ -247,7 +247,7 @@ if ($result)
 	while ($i < $num)
 	{
 		$obj = $db->fetch_object($result);
-		
+
 
 		print "\n";
 
diff --git a/htdocs/admin/defaultvalues.php b/htdocs/admin/defaultvalues.php
index 790445f7032..03c31180af3 100644
--- a/htdocs/admin/defaultvalues.php
+++ b/htdocs/admin/defaultvalues.php
@@ -38,7 +38,7 @@ if (!$user->admin) accessforbidden();
 $id=GETPOST('rowid','int');
 $action=GETPOST('action','alpha');
 
-$mode = GETPOST('mode')?GETPOST('mode'):'createform';   // 'createform', 'filters', 'sortorder', 'focus'
+$mode = GETPOST('mode','aZ09')?GETPOST('mode','aZ09'):'createform';   // 'createform', 'filters', 'sortorder', 'focus'
 
 $limit = GETPOST('limit','int')?GETPOST('limit','int'):$conf->liste_limit;
 $sortfield = GETPOST("sortfield",'alpha');
diff --git a/htdocs/admin/menus/edit.php b/htdocs/admin/menus/edit.php
index cd236d85122..191db98a402 100644
--- a/htdocs/admin/menus/edit.php
+++ b/htdocs/admin/menus/edit.php
@@ -89,7 +89,7 @@ if ($action == 'update')
         if ($result > 0)
         {
             $menu->titre=GETPOST('titre', 'alpha');
-            $menu->leftmenu=GETPOST('leftmenu', 'alpha');
+            $menu->leftmenu=GETPOST('leftmenu', 'aZ09');
             $menu->url=GETPOST('url','alpha');
             $menu->langs=GETPOST('langs','alpha');
             $menu->position=GETPOST('position','int');
diff --git a/htdocs/admin/system/dolibarr.php b/htdocs/admin/system/dolibarr.php
index c36db521f70..347ac3c0145 100644
--- a/htdocs/admin/system/dolibarr.php
+++ b/htdocs/admin/system/dolibarr.php
@@ -157,7 +157,7 @@ $i=0;
 foreach($_SESSION as $key => $val)
 {
 	if ($i > 0) print ', ';
-	print $key.' => '.$val;
+	print $key.' => '.dol_escape_htmltag($val);
 	$i++;
 }
 print '</td></tr>'."\n";
diff --git a/htdocs/admin/translation.php b/htdocs/admin/translation.php
index 1999aab006c..4faf0cebe8a 100644
--- a/htdocs/admin/translation.php
+++ b/htdocs/admin/translation.php
@@ -39,7 +39,7 @@ $transkey=GETPOST('transkey','alpha');
 $transvalue=GETPOST('transvalue','alpha');
 
 
-$mode = GETPOST('mode')?GETPOST('mode'):'overwrite';
+$mode = GETPOST('mode','aZ09')?GETPOST('mode','aZ09'):'overwrite';
 
 $limit = GETPOST('limit','int')?GETPOST('limit','int'):$conf->liste_limit;
 $sortfield = GETPOST("sortfield",'alpha');