From 9a1588df1385567b527c1f78d3ed32637c925ca6 Mon Sep 17 00:00:00 2001 From: Sean Wang Date: Wed, 14 Mar 2018 16:38:22 +0800 Subject: [PATCH 1/7] Add missing $mode in BookKeeping::createStd() In accountancy ledger, creating new transaction, there is 'ERROR: 55000: currval of sequence "llx_accounting_bookkeeping_rowid_seq" is not yet defined in this session' occurred. According to dolibarr.log, this error will show up after createStd() {...Insert request to llx_accounting_bookkeeping_tmp...}. It query the "llx_accounting_bookkeeping_rowid_seq" instead of "llx_accounting_bookkeeping_tmp_rowid_seq", due to missing $mode at bookkeeping.class.php line504:last_insert_id(). --- htdocs/accountancy/class/bookkeeping.class.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/accountancy/class/bookkeeping.class.php b/htdocs/accountancy/class/bookkeeping.class.php index 16f40139a38..d027b7c425b 100644 --- a/htdocs/accountancy/class/bookkeeping.class.php +++ b/htdocs/accountancy/class/bookkeeping.class.php @@ -501,7 +501,7 @@ class BookKeeping extends CommonObject } if (! $error) { - $this->id = $this->db->last_insert_id(MAIN_DB_PREFIX . $this->table_element); + $this->id = $this->db->last_insert_id(MAIN_DB_PREFIX . $this->table_element . $mode); if (! $notrigger) { // Uncomment this and change MYOBJECT to your own tag if you From 304595ee4f91c0bae0f4aa1e4403d05b692ccc65 Mon Sep 17 00:00:00 2001 From: Ferran Marcet Date: Wed, 14 Mar 2018 09:48:39 +0100 Subject: [PATCH 2/7] Fix: Can't activate tasks on projects configuration --- htdocs/projet/admin/project.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/htdocs/projet/admin/project.php b/htdocs/projet/admin/project.php index 0252ab58f36..67317583273 100644 --- a/htdocs/projet/admin/project.php +++ b/htdocs/projet/admin/project.php @@ -1,11 +1,11 @@ * Copyright (C) 2011-2016 Laurent Destailleur - * Copyright (C) 2011-2012 Juanjo Menent + * Copyright (C) 2011-2015 Juanjo Menent * Copyright (C) 2011-2015 Philippe Grand * Copyright (C) 2013 Florian Henry - * Copyright (C) 2015 Juanjo Menent * Copyright (C) 2015 Marcos García + * Copyright (C) 2018 Ferran Marcet * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -59,7 +59,7 @@ if ($action == 'setmainoptions') else dolibarr_del_const($db, "PROJECT_USE_OPPORTUNITIES", $conf->entity); // Warning, the constant saved and used in code is PROJECT_HIDE_TASKS - if (GETPOST('PROJECT_USE_TASKS')) dolibarr_del_const($db, "PROJECT_USE_TASKS", $conf->entity); + if (GETPOST('PROJECT_USE_TASKS')) dolibarr_del_const($db, "PROJECT_HIDE_TASKS", $conf->entity); else dolibarr_set_const($db, "PROJECT_HIDE_TASKS",1,'chaine',0,'',$conf->entity); } From e47dda72e7f2fc99f33860f847b89801ca09ae85 Mon Sep 17 00:00:00 2001 From: Ferran Marcet Date: Wed, 14 Mar 2018 11:08:38 +0100 Subject: [PATCH 3/7] Fix: Activate all also if there are inactive services --- htdocs/contrat/card.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/htdocs/contrat/card.php b/htdocs/contrat/card.php index 08c43551509..0ad017a94c8 100644 --- a/htdocs/contrat/card.php +++ b/htdocs/contrat/card.php @@ -6,7 +6,7 @@ * Copyright (C) 2010-2017 Juanjo Menent * Copyright (C) 2013 Christophe Battarel * Copyright (C) 2013-2014 Florian Henry - * Copyright (C) 2014-2016 Ferran Marcet + * Copyright (C) 2014-2018 Ferran Marcet * Copyright (C) 2014-2016 Marcos García * Copyright (C) 2015 Jean-François Ferry * @@ -2115,7 +2115,7 @@ else print '
' . $langs->trans("ToClone") . '
'; } - if ($object->nbofservicesclosed > 0) + if ($object->nbofservicesclosed > 0 || $object->nbofserviceswait > 0) { print '
'.$langs->trans("ActivateAllContracts").'
'; } From 5140c1c5d2002451cedf88aebc6848a6ba6e316a Mon Sep 17 00:00:00 2001 From: fmarcet Date: Wed, 14 Mar 2018 13:25:05 +0100 Subject: [PATCH 4/7] Fix: Merge categories when merging thirds --- htdocs/societe/card.php | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/htdocs/societe/card.php b/htdocs/societe/card.php index 090afd3e935..c28d0d9db68 100644 --- a/htdocs/societe/card.php +++ b/htdocs/societe/card.php @@ -11,6 +11,7 @@ * Copyright (C) 2015 Marcos García * Copyright (C) 2015 Raphaël Doursenaud * Copyright (C) 2018 Nicolas ZABOURI + * Copyright (C) 2018 Ferran Marcet * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -180,9 +181,12 @@ if (empty($reshook)) // Merge categories $static_cat = new Categorie($db); - $custcats = $static_cat->containing($soc_origin->id, 'customer', 'id'); + $custcats_ori = $static_cat->containing($soc_origin->id, 'customer', 'id'); + $custcats = $static_cat->containing($object->id, 'customer', 'id'); + $custcats = array_merge($custcats,$custcats_ori); $object->setCategories($custcats, 'customer'); - $suppcats = $static_cat->containing($soc_origin->id, 'supplier', 'id'); + $suppcats_ori = $static_cat->containing($soc_origin->id, 'supplier', 'id'); + $suppcats = $static_cat->containing($object->id, 'supplier', 'id'); $object->setCategories($suppcats, 'supplier'); // If thirdparty has a new code that is same than origin, we clean origin code to avoid duplicate key from database unique keys. @@ -210,7 +214,7 @@ if (empty($reshook)) $objects = array( 'Adherent' => '/adherents/class/adherent.class.php', 'Societe' => '/societe/class/societe.class.php', - 'Categorie' => '/categories/class/categorie.class.php', + //'Categorie' => '/categories/class/categorie.class.php', 'ActionComm' => '/comm/action/class/actioncomm.class.php', 'Propal' => '/comm/propal/class/propal.class.php', 'Commande' => '/commande/class/commande.class.php', From c69f5843da46934c9a83e4ac2b72d42815587576 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Thu, 15 Mar 2018 00:36:56 +0100 Subject: [PATCH 5/7] Update card.php --- htdocs/societe/card.php | 3 +++ 1 file changed, 3 insertions(+) diff --git a/htdocs/societe/card.php b/htdocs/societe/card.php index c28d0d9db68..92da2393f28 100644 --- a/htdocs/societe/card.php +++ b/htdocs/societe/card.php @@ -181,12 +181,15 @@ if (empty($reshook)) // Merge categories $static_cat = new Categorie($db); + $custcats_ori = $static_cat->containing($soc_origin->id, 'customer', 'id'); $custcats = $static_cat->containing($object->id, 'customer', 'id'); $custcats = array_merge($custcats,$custcats_ori); $object->setCategories($custcats, 'customer'); + $suppcats_ori = $static_cat->containing($soc_origin->id, 'supplier', 'id'); $suppcats = $static_cat->containing($object->id, 'supplier', 'id'); + $suppcats = array_merge($suppcats,$suppcats_ori); $object->setCategories($suppcats, 'supplier'); // If thirdparty has a new code that is same than origin, we clean origin code to avoid duplicate key from database unique keys. From 6a70d268e0f25c7e0d565957a9437c2af6d8eab6 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Thu, 15 Mar 2018 01:21:44 +0100 Subject: [PATCH 6/7] Fix SQLi reported by op7ica --- htdocs/core/lib/functions2.lib.php | 4 ++-- htdocs/societe/card.php | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/htdocs/core/lib/functions2.lib.php b/htdocs/core/lib/functions2.lib.php index 49a2f12db03..25c47632a14 100644 --- a/htdocs/core/lib/functions2.lib.php +++ b/htdocs/core/lib/functions2.lib.php @@ -1451,7 +1451,7 @@ function dol_set_user_param($db, $conf, &$user, $tab) foreach ($tab as $key => $value) { if ($i > 0) $sql.=','; - $sql.="'".$key."'"; + $sql.="'".$this->db->escape($key)."'"; $i++; } $sql.= ")"; @@ -1472,7 +1472,7 @@ function dol_set_user_param($db, $conf, &$user, $tab) { $sql = "INSERT INTO ".MAIN_DB_PREFIX."user_param(fk_user,entity,param,value)"; $sql.= " VALUES (".$user->id.",".$conf->entity.","; - $sql.= " '".$key."','".$db->escape($value)."')"; + $sql.= " '".$this->db->escape($key)."','".$db->escape($value)."')"; dol_syslog("functions2.lib::dol_set_user_param", LOG_DEBUG); $result=$db->query($sql); diff --git a/htdocs/societe/card.php b/htdocs/societe/card.php index 92da2393f28..e235f6f431c 100644 --- a/htdocs/societe/card.php +++ b/htdocs/societe/card.php @@ -1649,12 +1649,12 @@ else } else if ($object->codeclient_modifiable()) { - print ''; + print ''; } else { print $object->code_client; - print ''; + print ''; } print ''; $s=$modCodeClient->getToolTip($langs,$object,0); From 4957ea91782c8d3a72eebfdac91d88a970b53afd Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Thu, 15 Mar 2018 01:33:46 +0100 Subject: [PATCH 7/7] Fix SQLi reported by op7ica --- htdocs/accountancy/bookkeeping/card.php | 34 +++---- .../accountancy/class/bookkeeping.class.php | 2 +- htdocs/adherents/card.php | 96 +++++++++---------- htdocs/adherents/class/adherent.class.php | 4 +- .../adherents/class/adherent_type.class.php | 2 +- htdocs/adherents/list.php | 36 +++---- htdocs/admin/company.php | 6 +- htdocs/bookmarks/card.php | 2 +- htdocs/compta/stats/casoc.php | 28 +++--- htdocs/langs/en_US/categories.lang | 2 +- htdocs/societe/class/societe.class.php | 4 +- 11 files changed, 108 insertions(+), 108 deletions(-) diff --git a/htdocs/accountancy/bookkeeping/card.php b/htdocs/accountancy/bookkeeping/card.php index f0042f962bb..e9f50e77715 100644 --- a/htdocs/accountancy/bookkeeping/card.php +++ b/htdocs/accountancy/bookkeeping/card.php @@ -153,13 +153,13 @@ else if ($action == "add") { $book->label_operation= $label_operation; $book->debit = $debit; $book->credit = $credit; - $book->doc_date = GETPOST('doc_date'); - $book->doc_type = GETPOST('doc_type'); + $book->doc_date = GETPOST('doc_date','alpha'); + $book->doc_type = GETPOST('doc_type','alpha'); $book->piece_num = $piece_num; - $book->doc_ref = GETPOST('doc_ref'); - $book->code_journal = GETPOST('code_journal'); - $book->fk_doc = GETPOST('fk_doc'); - $book->fk_docdet = GETPOST('fk_docdet'); + $book->doc_ref = GETPOST('doc_ref','alpha'); + $book->code_journal = GETPOST('code_journal','alpha'); + $book->fk_doc = GETPOST('fk_doc','alpha'); + $book->fk_docdet = GETPOST('fk_docdet','alpha'); if (floatval($debit) != 0.0) { $book->montant = $debit; @@ -210,7 +210,7 @@ else if ($action == "confirm_create") { $book = new BookKeeping($db); - if (! GETPOST('code_journal') || GETPOST('code_journal') == '-1') { + if (! GETPOST('code_journal','alpha') || GETPOST('code_journal','alpha') == '-1') { setEventMessages($langs->trans('ErrorFieldRequired', $langs->transnoentitiesnoconv("Journal")), null, 'errors'); $action='create'; $error++; @@ -226,11 +226,11 @@ else if ($action == "confirm_create") { $book->label_compte = ''; $book->debit = 0; $book->credit = 0; - $book->doc_date = $date_start = dol_mktime(0, 0, 0, GETPOST('doc_datemonth'), GETPOST('doc_dateday'), GETPOST('doc_dateyear')); - $book->doc_type = GETPOST('doc_type'); - $book->piece_num = GETPOST('next_num_mvt'); - $book->doc_ref = GETPOST('doc_ref'); - $book->code_journal = GETPOST('code_journal'); + $book->doc_date = $date_start = dol_mktime(0, 0, 0, GETPOST('doc_datemonth','int'), GETPOST('doc_dateday','int'), GETPOST('doc_dateyear','int')); + $book->doc_type = GETPOST('doc_type','alpha'); + $book->piece_num = GETPOST('next_num_mvt','alpha'); + $book->doc_ref = GETPOST('doc_ref','alpha'); + $book->code_journal = GETPOST('code_journal','alpha'); $book->fk_doc = 0; $book->fk_docdet = 0; $book->montant = 0; @@ -265,8 +265,8 @@ if ($action == 'setdate') { } if ($action == 'setjournal') { - $journaldoc = trim(GETPOST('code_journal')); - $result = $object->updateByMvt($piece_num,'code_journal',$journaldoc,$mode); + $journaldoc = trim(GETPOST('code_journal','alpha')); + $result = $object->updateByMvt($piece_num, 'code_journal', $journaldoc, $mode); if ($result < 0) { setEventMessages($object->error, $object->errors, 'errors'); } else { @@ -279,7 +279,7 @@ if ($action == 'setjournal') { } if ($action == 'setdocref') { - $refdoc = trim(GETPOST('doc_ref')); + $refdoc = trim(GETPOST('doc_ref','alpha')); $result = $object->updateByMvt($piece_num,'doc_ref',$refdoc,$mode); if ($result < 0) { setEventMessages($object->error, $object->errors, 'errors'); @@ -476,11 +476,11 @@ if ($action == 'create') print ''; print ''; print ''; - print ''; + print ''; print ''; print ''; } else { - print $book->doc_ref ; + print $book->doc_ref ; } print ''; print ''; diff --git a/htdocs/accountancy/class/bookkeeping.class.php b/htdocs/accountancy/class/bookkeeping.class.php index d027b7c425b..7e29262324f 100644 --- a/htdocs/accountancy/class/bookkeeping.class.php +++ b/htdocs/accountancy/class/bookkeeping.class.php @@ -1254,7 +1254,7 @@ class BookKeeping extends CommonObject // first check if line not yet in bookkeeping $sql = "DELETE"; $sql .= " FROM " . MAIN_DB_PREFIX . $this->table_element; - $sql .= " WHERE piece_num = " . $piecenum; + $sql .= " WHERE piece_num = " . (int) $piecenum; $sql .= " AND entity IN (" . getEntity('accountancy') . ")"; $resql = $this->db->query($sql); diff --git a/htdocs/adherents/card.php b/htdocs/adherents/card.php index 5f78fb4466b..ffe84da6cf0 100644 --- a/htdocs/adherents/card.php +++ b/htdocs/adherents/card.php @@ -298,38 +298,38 @@ if (empty($reshook)) $object->oldcopy = clone $object; // Change values - $object->civility_id = trim($_POST["civility_id"]); - $object->firstname = trim($_POST["firstname"]); - $object->lastname = trim($_POST["lastname"]); - $object->login = trim($_POST["login"]); - $object->pass = trim($_POST["pass"]); + $object->civility_id = trim(GETPOST("civility_id",'alpha')); + $object->firstname = trim(GETPOST("firstname",'alpha')); + $object->lastname = trim(GETPOST("lastname",'alpha')); + $object->login = trim(GETPOST("login",'alpha')); + $object->pass = trim(GETPOST("pass",'alpha')); - $object->societe = trim($_POST["societe"]); - $object->company = trim($_POST["societe"]); + $object->societe = trim(GETPOST("societe",'alpha')); + $object->company = trim(GETPOST("societe",'alpha')); - $object->address = trim($_POST["address"]); - $object->zip = trim($_POST["zipcode"]); - $object->town = trim($_POST["town"]); - $object->state_id = $_POST["state_id"]; - $object->country_id = $_POST["country_id"]; + $object->address = trim(GETPOST("address",'alpha')); + $object->zip = trim(GETPOST("zipcode",'alpha')); + $object->town = trim(GETPOST("town",'alpha')); + $object->state_id = GETPOST("state_id",'int'); + $object->country_id = GETPOST("country_id",'int'); - $object->phone = trim($_POST["phone"]); - $object->phone_perso = trim($_POST["phone_perso"]); - $object->phone_mobile= trim($_POST["phone_mobile"]); - $object->email = trim($_POST["member_email"]); - $object->skype = trim($_POST["skype"]); + $object->phone = trim(GETPOST("phone",'alpha')); + $object->phone_perso = trim(GETPOST("phone_perso",'alpha')); + $object->phone_mobile= trim(GETPOST("phone_mobile",'alpha')); + $object->email = trim(GETPOST("member_email",'alpha')); + $object->skype = trim(GETPOST("skype",'alpha')); $object->birth = $birthdate; - $object->typeid = $_POST["typeid"]; - //$object->note = trim($_POST["comment"]); - $object->morphy = $_POST["morphy"]; + $object->typeid = GETPOST("typeid",'int'); + //$object->note = trim(GETPOST("comment"]); + $object->morphy = GETPOST("morphy",'alpha'); if (GETPOST('deletephoto')) $object->photo=''; elseif (! empty($_FILES['photo']['name'])) $object->photo = dol_sanitizeFileName($_FILES['photo']['name']); // Get status and public property - $object->statut = $_POST["statut"]; - $object->public = $_POST["public"]; + $object->statut = GETPOST("statut",'alpha'); + $object->public = GETPOST("public",'alpha'); // Fill array 'array_options' with data from add form $ret = $extrafields->setOptionalsFromPost($extralabels,$object); @@ -445,32 +445,32 @@ if (empty($reshook)) $datesubscription=dol_mktime(12, 0, 0, $_POST["remonth"], $_POST["reday"], $_POST["reyear"]); } - $typeid=$_POST["typeid"]; - $civility_id=$_POST["civility_id"]; - $lastname=$_POST["lastname"]; - $firstname=$_POST["firstname"]; - $societe=$_POST["societe"]; - $address=$_POST["address"]; - $zip=$_POST["zipcode"]; - $town=$_POST["town"]; - $state_id=$_POST["state_id"]; - $country_id=$_POST["country_id"]; + $typeid=GETPOST("typeid",'int'); + $civility_id=GETPOST("civility_id",'int'); + $lastname=GETPOST("lastname",'alpha'); + $firstname=GETPOST("firstname",'alpha'); + $societe=GETPOST("societe",'alpha'); + $address=GETPOST("address",'alpha'); + $zip=GETPOST("zipcode",'alpha'); + $town=GETPOST("town",'alpha'); + $state_id=GETPOST("state_id",'int'); + $country_id=GETPOST("country_id",'int'); - $phone=$_POST["phone"]; - $phone_perso=$_POST["phone_perso"]; - $phone_mobile=$_POST["phone_mobile"]; - $skype=$_POST["member_skype"]; - $email=$_POST["member_email"]; - $login=$_POST["member_login"]; - $pass=$_POST["password"]; - $photo=$_POST["photo"]; - //$comment=$_POST["comment"]; - $morphy=$_POST["morphy"]; - $subscription=$_POST["subscription"]; - $public=$_POST["public"]; + $phone=GETPOST("phone",'alpha'); + $phone_perso=GETPOST("phone_perso",'alpha'); + $phone_mobile=GETPOST("phone_mobile",'alpha'); + $skype=GETPOST("member_skype",'alpha'); + $email=GETPOST("member_email",'alpha'); + $login=GETPOST("member_login",'alpha'); + $pass=GETPOST("password",'alpha'); + $photo=GETPOST("photo",'alpha'); + //$comment=GETPOST("comment",'none'); + $morphy=GETPOST("morphy",'alpha'); + $subscription=GETPOST("subscription",'alpha'); + $public=GETPOST("public",'alpha'); - $userid=$_POST["userid"]; - $socid=$_POST["socid"]; + $userid=GETPOST("userid",'int'); + $socid=GETPOST("socid",'int'); $object->civility_id = $civility_id; $object->firstname = $firstname; @@ -1093,14 +1093,14 @@ else $morphys["phy"] = $langs->trans("Physical"); $morphys["mor"] = $langs->trans("Morale"); print ''.$langs->trans("Nature").''; - print $form->selectarray("morphy", $morphys, isset($_POST["morphy"])?$_POST["morphy"]:$object->morphy); + print $form->selectarray("morphy", $morphys, (GETPOSTISSET("morphy")?GETPOST("morphy",'alpha'):$object->morphy)); print ""; // Type print ''.$langs->trans("Type").''; if ($user->rights->adherent->creer) { - print $form->selectarray("typeid", $adht->liste_array(), (isset($_POST["typeid"])?$_POST["typeid"]:$object->typeid)); + print $form->selectarray("typeid", $adht->liste_array(), (GETPOSTISSET("typeid")?GETPOST("typeid",'int'):$object->typeid)); } else { diff --git a/htdocs/adherents/class/adherent.class.php b/htdocs/adherents/class/adherent.class.php index bd0722ae63e..507695b0ffd 100644 --- a/htdocs/adherents/class/adherent.class.php +++ b/htdocs/adherents/class/adherent.class.php @@ -439,8 +439,8 @@ class Adherent extends CommonObject $sql.= ", note_public = ".($this->note_public?"'".$this->db->escape($this->note_public)."'":"null"); $sql.= ", photo = ".($this->photo?"'".$this->db->escape($this->photo)."'":"null"); $sql.= ", public = '".$this->db->escape($this->public)."'"; - $sql.= ", statut = ".$this->statut; - $sql.= ", fk_adherent_type = ".$this->typeid; + $sql.= ", statut = ".$this->db->escape($this->statut); + $sql.= ", fk_adherent_type = ".$this->db->escape($this->typeid); $sql.= ", morphy = '".$this->db->escape($this->morphy)."'"; $sql.= ", birth = ".($this->birth?"'".$this->db->idate($this->birth)."'":"null"); if ($this->datefin) $sql.= ", datefin = '".$this->db->idate($this->datefin)."'"; // Must be modified only when deleting a subscription diff --git a/htdocs/adherents/class/adherent_type.class.php b/htdocs/adherents/class/adherent_type.class.php index c352f5dc944..2f8592d3a21 100644 --- a/htdocs/adherents/class/adherent_type.class.php +++ b/htdocs/adherents/class/adherent_type.class.php @@ -265,7 +265,7 @@ class AdherentType extends CommonObject { $sql = "SELECT d.rowid, d.libelle as label, d.statut, d.subscription, d.mail_valid, d.note, d.vote"; $sql .= " FROM ".MAIN_DB_PREFIX."adherent_type as d"; - $sql .= " WHERE d.rowid = ".$rowid; + $sql .= " WHERE d.rowid = ".(int) $rowid; dol_syslog("Adherent_type::fetch", LOG_DEBUG); diff --git a/htdocs/adherents/list.php b/htdocs/adherents/list.php index fc30d6f1ae2..cae878829b7 100644 --- a/htdocs/adherents/list.php +++ b/htdocs/adherents/list.php @@ -42,23 +42,23 @@ $toselect = GETPOST('toselect', 'array'); // Security check $result=restrictedArea($user,'adherent'); -$filter=GETPOST("filter"); -$statut=GETPOST("statut"); -$search=GETPOST("search"); -$search_ref=GETPOST("search_ref"); -$search_lastname=GETPOST("search_lastname"); -$search_firstname=GETPOST("search_firstname"); -$search_login=GETPOST("search_login"); -$search_address=GETPOST("search_address"); -$search_zip=GETPOST("search_zip"); -$search_town=GETPOST("search_town"); -$search_state=GETPOST("search_state"); -$search_country=GETPOST("search_country"); -$search_phone=GETPOST("search_phone"); -$search_phone_perso=GETPOST("search_phone_perso"); -$search_phone_mobile=GETPOST("search_phone_mobile"); -$search_type=GETPOST("search_type"); -$search_email=GETPOST("search_email"); +$filter=GETPOST("filter",'alpha'); +$statut=GETPOST("statut",'alpha'); +$search=GETPOST("search",'alpha'); +$search_ref=GETPOST("search_ref",'alpha'); +$search_lastname=GETPOST("search_lastname",'alpha'); +$search_firstname=GETPOST("search_firstname",'alpha'); +$search_login=GETPOST("search_login",'alpha'); +$search_address=GETPOST("search_address",'alpha'); +$search_zip=GETPOST("search_zip",'alpha'); +$search_town=GETPOST("search_town",'alpha'); +$search_state=GETPOST("search_state",'alpha'); +$search_country=GETPOST("search_country",'alpha'); +$search_phone=GETPOST("search_phone",'alpha'); +$search_phone_perso=GETPOST("search_phone_perso",'alpha'); +$search_phone_mobile=GETPOST("search_phone_mobile",'alpha'); +$search_type=GETPOST("search_type",'alpha'); +$search_email=GETPOST("search_email",'alpha'); $search_categ = GETPOST("search_categ",'int'); $catid = GETPOST("catid",'int'); $optioncss = GETPOST('optioncss','alpha'); @@ -288,7 +288,7 @@ if ($num == 1 && ! empty($conf->global->MAIN_SEARCH_DIRECT_OPEN_IF_ONLY_ONE) && llxHeader('',$langs->trans("Member"),'EN:Module_Foundations|FR:Module_Adhérents|ES:Módulo_Miembros'); $titre=$langs->trans("MembersList"); -if (isset($_GET["statut"])) +if (GETPOSTISSET("statut")) { if ($statut == '-1,1') { $titre=$langs->trans("MembersListQualified"); } if ($statut == '-1') { $titre=$langs->trans("MembersListToValid"); } diff --git a/htdocs/admin/company.php b/htdocs/admin/company.php index 1a0680363a9..62c3dbd73b7 100644 --- a/htdocs/admin/company.php +++ b/htdocs/admin/company.php @@ -339,18 +339,18 @@ if ($action == 'edit' || $action == 'updateedit') print ''; //if (empty($country_selected)) $country_selected=substr($langs->defaultlang,-2); // By default, country of localization - print $form->select_country($mysoc->country_id,'country_id'); + print $form->select_country($mysoc->country_id, 'country_id'); if ($user->admin) print info_admin($langs->trans("YouCanChangeValuesForThisListFromDictionarySetup"),1); print ''."\n"; print ''; - $formcompany->select_departement($conf->global->MAIN_INFO_SOCIETE_STATE,$mysoc->country_code,'state_id'); + $formcompany->select_departement($conf->global->MAIN_INFO_SOCIETE_STATE, $mysoc->country_code, 'state_id'); print ''."\n"; print ''; - print $form->selectCurrency($conf->currency,"currency"); + print $form->selectCurrency($conf->currency, "currency"); print ''."\n"; diff --git a/htdocs/bookmarks/card.php b/htdocs/bookmarks/card.php index dcc6d8cdeab..54512a8049e 100644 --- a/htdocs/bookmarks/card.php +++ b/htdocs/bookmarks/card.php @@ -35,7 +35,7 @@ if (! $user->rights->bookmark->lire) { restrictedArea($user, 'bookmarks'); } -$id=GETPOST("id"); +$id=GETPOST("id",'int'); $action=GETPOST("action","alpha"); $title=GETPOST("title","alpha"); $url=GETPOST("url","alpha"); diff --git a/htdocs/compta/stats/casoc.php b/htdocs/compta/stats/casoc.php index f59b6fc454f..b7b37d0837c 100644 --- a/htdocs/compta/stats/casoc.php +++ b/htdocs/compta/stats/casoc.php @@ -63,18 +63,18 @@ if (! empty($conf->comptabilite->enabled)) $result=restrictedArea($user,'compta' if (! empty($conf->accounting->enabled)) $result=restrictedArea($user,'accounting','','','comptarapport'); // Date range -$year=GETPOST("year"); -$month=GETPOST("month"); -$search_societe = GETPOST("search_societe"); -$search_zip = GETPOST("search_zip"); -$search_town = GETPOST("search_town"); -$search_country = GETPOST("search_country"); -$date_startyear = GETPOST("date_startyear"); -$date_startmonth = GETPOST("date_startmonth"); -$date_startday = GETPOST("date_startday"); -$date_endyear = GETPOST("date_endyear"); -$date_endmonth = GETPOST("date_endmonth"); -$date_endday = GETPOST("date_endday"); +$year=GETPOST("year",'int'); +$month=GETPOST("month",'int'); +$search_societe = GETPOST("search_societe",'alpha'); +$search_zip = GETPOST("search_zip",'alpha'); +$search_town = GETPOST("search_town",'alpha'); +$search_country = GETPOST("search_country",'alpha'); +$date_startyear = GETPOST("date_startyear",'alpha'); +$date_startmonth = GETPOST("date_startmonth",'alpha'); +$date_startday = GETPOST("date_startday",'alpha'); +$date_endyear = GETPOST("date_endyear",'alpha'); +$date_endmonth = GETPOST("date_endmonth",'alpha'); +$date_endday = GETPOST("date_endday",'alpha'); if (empty($year)) { $year_current = strftime("%Y",dol_now()); @@ -85,8 +85,8 @@ if (empty($year)) $month_current = strftime("%m",dol_now()); $year_start = $year; } -$date_start=dol_mktime(0,0,0,$_REQUEST["date_startmonth"],$_REQUEST["date_startday"],$_REQUEST["date_startyear"]); -$date_end=dol_mktime(23,59,59,$_REQUEST["date_endmonth"],$_REQUEST["date_endday"],$_REQUEST["date_endyear"]); +$date_start=dol_mktime(0,0,0,GETPOST("date_startmonth"),GETPOST("date_startday"),GETPOST("date_startyear")); +$date_end=dol_mktime(23,59,59,GETPOST("date_endmonth"),GETPOST("date_endday"),GETPOST("date_endyear")); // Quarter if (empty($date_start) || empty($date_end)) // We define date_start and date_end { diff --git a/htdocs/langs/en_US/categories.lang b/htdocs/langs/en_US/categories.lang index 41e5f4e4c13..8b38b2f1f42 100644 --- a/htdocs/langs/en_US/categories.lang +++ b/htdocs/langs/en_US/categories.lang @@ -16,7 +16,7 @@ MembersCategoriesArea=Members tags/categories area ContactsCategoriesArea=Contacts tags/categories area AccountsCategoriesArea=Accounts tags/categories area ProjectsCategoriesArea=Projects tags/categories area -SubCats=Subcategories +SubCats=Sub-categories CatList=List of tags/categories NewCategory=New tag/category ModifCat=Modify tag/category diff --git a/htdocs/societe/class/societe.class.php b/htdocs/societe/class/societe.class.php index 71438f0fe3d..bb3a12bb051 100644 --- a/htdocs/societe/class/societe.class.php +++ b/htdocs/societe/class/societe.class.php @@ -980,9 +980,9 @@ class Societe extends CommonObject $sql .= ", code_fournisseur = ".(! empty($this->code_fournisseur)?"'".$this->db->escape($this->code_fournisseur)."'":"null"); $sql .= ", code_compta_fournisseur = ".(! empty($this->code_compta_fournisseur)?"'".$this->db->escape($this->code_compta_fournisseur)."'":"null"); } - $sql .= ", fk_user_modif = ".(! empty($user->id)?"'".$user->id."'":"null"); + $sql .= ", fk_user_modif = ".($user->id > 0 ? $user->id:"null"); $sql .= ", fk_multicurrency = ".(int) $this->fk_multicurrency; - $sql .= ', multicurrency_code = \''.$this->db->escape($this->multicurrency_code)."'"; + $sql .= ", multicurrency_code = '".$this->db->escape($this->multicurrency_code)."'"; $sql .= " WHERE rowid = '" . $id ."'"; $resql=$this->db->query($sql);