From 831420b8e1bf7ab5445adf76837511110788c364 Mon Sep 17 00:00:00 2001
From: Florian HENRY <florian.henry@open-concept.pro>
Date: Fri, 2 Sep 2022 10:42:27 +0200
Subject: [PATCH] FIX: bad bookmark save

---
 htdocs/bookmarks/bookmarks.lib.php | 45 +++++++++++++++++++-----------
 1 file changed, 28 insertions(+), 17 deletions(-)

diff --git a/htdocs/bookmarks/bookmarks.lib.php b/htdocs/bookmarks/bookmarks.lib.php
index f8daff1cd14..ca0f1486db1 100644
--- a/htdocs/bookmarks/bookmarks.lib.php
+++ b/htdocs/bookmarks/bookmarks.lib.php
@@ -36,28 +36,39 @@ function printDropdownBookmarksList()
 
 	$langs->load("bookmarks");
 
+	$authorized_var=array('page','limit','optioncss','contextpage');
 	$url = $_SERVER["PHP_SELF"];
-
+	$url_param=array();
 	if (!empty($_SERVER["QUERY_STRING"])) {
-		$url .= (dol_escape_htmltag($_SERVER["QUERY_STRING"]) ? '?'.dol_escape_htmltag($_SERVER["QUERY_STRING"]) : '');
-	} else {
-		global $sortfield, $sortorder;
-		$tmpurl = '';
-		// No urlencode, all param $url will be urlencoded later
-		if ($sortfield) {
-			$tmpurl .= ($tmpurl ? '&' : '').'sortfield='.urlencode($sortfield);
-		}
-		if ($sortorder) {
-			$tmpurl .= ($tmpurl ? '&' : '').'sortorder='.urlencode($sortorder);
-		}
-		if (is_array($_POST)) {
-			foreach ($_POST as $key => $val) {
-				if (preg_match('/^search_/', $key) && $val != '') {
-					$tmpurl .= ($tmpurl ? '&' : '').http_build_query(array($key => $val));
+		if (is_array($_GET)) {
+			foreach ($_GET as $key => $val) {
+				if ($val != '') {
+					$url_param[$key]=http_build_query(array($key => $val));
 				}
 			}
 		}
-		$url .= ($tmpurl ? '?'.$tmpurl : '');
+	}
+	global $sortfield, $sortorder;
+	$tmpurl = '';
+	// No urlencode, all param $url will be urlencoded later
+	if ($sortfield) {
+		$tmpurl .= ($tmpurl ? '&' : '').'sortfield='.urlencode($sortfield);
+	}
+	if ($sortorder) {
+		$tmpurl .= ($tmpurl ? '&' : '').'sortorder='.urlencode($sortorder);
+	}
+	if (is_array($_POST)) {
+		foreach ($_POST as $key => $val) {
+			if ((preg_match('/^search_/', $key) || in_array($key, $authorized_var))
+				&& $val != ''
+				&& !array_key_exists($key, $url_param)) {
+				$url_param[$key]=http_build_query(array($key => $val));
+			}
+		}
+	}
+	$url .= ($tmpurl ? '?'.$tmpurl : '');
+	if (!empty($url_param)) {
+		$url .= '&'.implode('&', $url_param);
 	}
 
 	$searchForm = '<!-- form with POST method by default, will be replaced with GET for external link by js -->'."\n";