diff --git a/htdocs/adherents/cartes/carte.php b/htdocs/adherents/cartes/carte.php index 2c1db41ed00..be3a13d8771 100644 --- a/htdocs/adherents/cartes/carte.php +++ b/htdocs/adherents/cartes/carte.php @@ -29,19 +29,18 @@ require_once DOL_DOCUMENT_ROOT.'/adherents/class/adherent.class.php'; require_once DOL_DOCUMENT_ROOT.'/core/modules/member/modules_cards.php'; require_once DOL_DOCUMENT_ROOT.'/core/modules/printsheet/modules_labels.php'; -$langs->load("members"); -$langs->load("errors"); +$langs->loadLangs(array("members","errors")); // Choix de l'annee d'impression ou annee courante. $now = dol_now(); $year=dol_print_date($now,'%Y'); $month=dol_print_date($now,'%m'); $day=dol_print_date($now,'%d'); -$foruserid=GETPOST('foruserid'); -$foruserlogin=GETPOST('foruserlogin'); -$mode=GETPOST('mode'); -$model=GETPOST("model"); // Doc template to use for business cards -$modellabel=GETPOST("modellabel"); // Doc template to use for address sheet +$foruserid=GETPOST('foruserid','alphanohtml'); +$foruserlogin=GETPOST('foruserlogin','alphanohtml'); +$mode=GETPOST('mode','aZ09'); +$model=GETPOST("model",'aZ09'); // Doc template to use for business cards +$modellabel=GETPOST("modellabel",'aZ09'); // Doc template to use for address sheet $mesg=''; $adherentstatic=new Adherent($db); diff --git a/htdocs/adherents/list.php b/htdocs/adherents/list.php index 7f4b0a92c1e..aa6763654e3 100644 --- a/htdocs/adherents/list.php +++ b/htdocs/adherents/list.php @@ -43,7 +43,7 @@ $toselect = GETPOST('toselect', 'array'); $result=restrictedArea($user,'adherent'); $filter=GETPOST("filter",'alpha'); -$statut=GETPOST("statut",'alpha'); +$statut=GETPOST("statut",'intcomma'); $search=GETPOST("search",'alpha'); $search_ref=GETPOST("search_ref",'alpha'); $search_lastname=GETPOST("search_lastname",'alpha'); diff --git a/htdocs/admin/agenda.php b/htdocs/admin/agenda.php index 2c90c0ed99b..748fc7a0309 100644 --- a/htdocs/admin/agenda.php +++ b/htdocs/admin/agenda.php @@ -75,6 +75,12 @@ else if (GETPOST('button_removefilter_x','alpha') || GETPOST('button_removefilter.x','alpha') ||GETPOST('button_removefilter','alpha')) // All tests are required to be compatible with all browsers { $search_event = ''; + $action = ''; +} + +if (GETPOST('button_search_x','alpha') || GETPOST('button_search.x','alpha') ||GETPOST('button_search','alpha')) // To avoid the save when we click on search +{ + $action = ''; } if ($action == "save" && empty($cancel)) @@ -106,34 +112,6 @@ if ($action == "save" && empty($cancel)) } } -if (preg_match('/set_(.*)/',$action,$reg)) -{ - $code=$reg[1]; - $value=(GETPOST($code) ? GETPOST($code) : 1); - if (dolibarr_set_const($db, $code, $value, 'chaine', 0, '', $conf->entity) > 0) - { - Header("Location: ".$_SERVER["PHP_SELF"]); - exit; - } - else - { - dol_print_error($db); - } -} - -if (preg_match('/del_(.*)/',$action,$reg)) -{ - $code=$reg[1]; - if (dolibarr_del_const($db, $code, $conf->entity) > 0) - { - Header("Location: ".$_SERVER["PHP_SELF"]); - exit; - } - else - { - dol_print_error($db); - } -} /** diff --git a/htdocs/admin/agenda_other.php b/htdocs/admin/agenda_other.php index 54414e094d3..b6b332a4b99 100644 --- a/htdocs/admin/agenda_other.php +++ b/htdocs/admin/agenda_other.php @@ -52,10 +52,10 @@ $type = 'action'; include DOL_DOCUMENT_ROOT.'/core/actions_setmoduleoptions.inc.php'; -if (preg_match('/set_(.*)/',$action,$reg)) +if (preg_match('/set_([a-z0-9_\-]+)/i',$action,$reg)) { $code=$reg[1]; - $value=(GETPOST($code) ? GETPOST($code) : 1); + $value=(GETPOST($code, 'alpha') ? GETPOST($code, 'alpha') : 1); if (dolibarr_set_const($db, $code, $value, 'chaine', 0, '', $conf->entity) > 0) { Header("Location: ".$_SERVER["PHP_SELF"]); @@ -67,7 +67,7 @@ if (preg_match('/set_(.*)/',$action,$reg)) } } -if (preg_match('/del_(.*)/',$action,$reg)) +if (preg_match('/del_([a-z0-9_\-]+)/i',$action,$reg)) { $code=$reg[1]; if (dolibarr_del_const($db, $code, $conf->entity) > 0) diff --git a/htdocs/admin/agenda_reminder.php b/htdocs/admin/agenda_reminder.php index 3e946dd8e60..fac49dcfcde 100644 --- a/htdocs/admin/agenda_reminder.php +++ b/htdocs/admin/agenda_reminder.php @@ -47,10 +47,10 @@ $type = 'action'; include DOL_DOCUMENT_ROOT.'/core/actions_setmoduleoptions.inc.php'; -if (preg_match('/set_(.*)/',$action,$reg)) +if (preg_match('/set_([a-z0-9_\-]+)/i',$action,$reg)) { $code=$reg[1]; - $value=(GETPOST($code) ? GETPOST($code) : 1); + $value=(GETPOST($code, 'alpha') ? GETPOST($code, 'alpha') : 1); if (dolibarr_set_const($db, $code, $value, 'chaine', 0, '', $conf->entity) > 0) { Header("Location: ".$_SERVER["PHP_SELF"]); @@ -62,7 +62,7 @@ if (preg_match('/set_(.*)/',$action,$reg)) } } -if (preg_match('/del_(.*)/',$action,$reg)) +if (preg_match('/del_([a-z0-9_\-]+)/i',$action,$reg)) { $code=$reg[1]; if (dolibarr_del_const($db, $code, $conf->entity) > 0) diff --git a/htdocs/admin/ecm.php b/htdocs/admin/ecm.php index dd9e748de02..2d8bd936b50 100644 --- a/htdocs/admin/ecm.php +++ b/htdocs/admin/ecm.php @@ -33,7 +33,7 @@ if (! $user->admin) accessforbidden(); /* * Action */ -if (preg_match('/set_(.*)/',$action,$reg)) +if (preg_match('/set_([a-z0-9_\-]+)/i',$action,$reg)) { $code=$reg[1]; if (dolibarr_set_const($db, $code, 1, 'chaine', 0, '', $conf->entity) > 0) @@ -47,7 +47,7 @@ if (preg_match('/set_(.*)/',$action,$reg)) } } -if (preg_match('/del_(.*)/',$action,$reg)) +if (preg_match('/del_([a-z0-9_\-]+)/i',$action,$reg)) { $code=$reg[1]; if (dolibarr_del_const($db, $code, $conf->entity) > 0) diff --git a/htdocs/admin/multicurrency.php b/htdocs/admin/multicurrency.php index 25feceda0d1..467ffffeb41 100644 --- a/htdocs/admin/multicurrency.php +++ b/htdocs/admin/multicurrency.php @@ -48,10 +48,11 @@ $action = GETPOST('action', 'alpha'); */ -if (preg_match('/set_(.*)/',$action,$reg)) +if (preg_match('/set_([a-z0-9_\-]+)/i',$action,$reg)) { $code=$reg[1]; - if (dolibarr_set_const($db, $code, GETPOST($code), 'chaine', 0, '', $conf->entity) > 0) + $value=(GETPOST($code, 'alpha') ? GETPOST($code, 'alpha') : 1); + if (dolibarr_set_const($db, $code, $value, 'chaine', 0, '', $conf->entity) > 0) { header("Location: ".$_SERVER["PHP_SELF"]); exit; @@ -62,7 +63,7 @@ if (preg_match('/set_(.*)/',$action,$reg)) } } -if (preg_match('/del_(.*)/',$action,$reg)) +if (preg_match('/del_([a-z0-9_\-]+)/i',$action,$reg)) { $code=$reg[1]; if (dolibarr_del_const($db, $code, 0) > 0) diff --git a/htdocs/admin/security_file.php b/htdocs/admin/security_file.php index 1053658b191..7ce087ead6f 100644 --- a/htdocs/admin/security_file.php +++ b/htdocs/admin/security_file.php @@ -51,41 +51,17 @@ if (GETPOST('sendit') && ! empty($conf->global->MAIN_UPLOAD_DOC)) dol_add_file_process($upload_dir, 0, 0, 'userfile'); } -if (preg_match('/set_(.*)/',$action,$reg)) +if ($action == 'updateform') { - $code=$reg[1]; - $value=(GETPOST($code, 'alpha') ? GETPOST($code, 'alpha') : 1); - if (dolibarr_set_const($db, $code, $value, 'chaine', 0, '', $conf->entity) > 0) - { - Header("Location: ".$_SERVER["PHP_SELF"]); - exit; - } - else - { - dol_print_error($db); - } -} + $antivircommand = GETPOST('MAIN_ANTIVIRUS_COMMAND','none'); // Use GETPOST none because we must accept ". Example c:\Progra~1\ClamWin\bin\clamscan.exe + $antivirparam = GETPOST('MAIN_ANTIVIRUS_PARAM','none'); // Use GETPOST none because we must accept ". Example --database="C:\Program Files (x86)\ClamWin\lib" + $antivircommand = dol_string_nospecial($antivircommand, '', array("|", ";", "<", ">", "&")); // Sanitize command + $antivirparam = dol_string_nospecial($antivirparam, '', array("|", ";", "<", ">", "&")); // Sanitize params -else if (preg_match('/del_(.*)/',$action,$reg)) -{ - $code=$reg[1]; - if (dolibarr_del_const($db, $code, $conf->entity) > 0) - { - Header("Location: ".$_SERVER["PHP_SELF"]); - exit; - } - else - { - dol_print_error($db); - } -} - -else if ($action == 'updateform') -{ $res3=dolibarr_set_const($db, 'MAIN_UPLOAD_DOC',GETPOST('MAIN_UPLOAD_DOC','alpha'),'chaine',0,'',$conf->entity); $res4=dolibarr_set_const($db, "MAIN_UMASK", GETPOST('MAIN_UMASK','alpha'),'chaine',0,'',$conf->entity); - $res5=dolibarr_set_const($db, "MAIN_ANTIVIRUS_COMMAND", trim(GETPOST('MAIN_ANTIVIRUS_COMMAND','none')),'chaine',0,'',$conf->entity); // Use GETPOST none because we must accept " - $res6=dolibarr_set_const($db, "MAIN_ANTIVIRUS_PARAM", trim(GETPOST('MAIN_ANTIVIRUS_PARAM','none')),'chaine',0,'',$conf->entity); // Use GETPOST none because we must accept " + $res5=dolibarr_set_const($db, "MAIN_ANTIVIRUS_COMMAND", trim($antivircommand),'chaine',0,'',$conf->entity); + $res6=dolibarr_set_const($db, "MAIN_ANTIVIRUS_PARAM", trim($antivirparam),'chaine',0,'',$conf->entity); if ($res3 && $res4 && $res5 && $res6) setEventMessages($langs->trans("RecordModifiedSuccessfully"), null, 'mesgs'); } @@ -95,10 +71,10 @@ else if ($action == 'updateform') else if ($action == 'delete') { $langs->load("other"); - $file = $conf->admin->dir_temp . '/' . GETPOST('urlfile'); // Do not use urldecode here ($_GET and $_REQUEST are already decoded by PHP). + $file = $conf->admin->dir_temp . '/' . GETPOST('urlfile','alpha'); // Do not use urldecode here ($_GET and $_REQUEST are already decoded by PHP). $ret=dol_delete_file($file); - if ($ret) setEventMessages($langs->trans("FileWasRemoved", GETPOST('urlfile')), null, 'mesgs'); - else setEventMessages($langs->trans("ErrorFailToDeleteFile", GETPOST('urlfile')), null, 'errors'); + if ($ret) setEventMessages($langs->trans("FileWasRemoved", GETPOST('urlfile','alpha')), null, 'mesgs'); + else setEventMessages($langs->trans("ErrorFailToDeleteFile", GETPOST('urlfile','alpha')), null, 'errors'); Header('Location: '.$_SERVER["PHP_SELF"]); exit; } diff --git a/htdocs/admin/security_other.php b/htdocs/admin/security_other.php index e5c66d9e24b..60d0888ed91 100644 --- a/htdocs/admin/security_other.php +++ b/htdocs/admin/security_other.php @@ -43,10 +43,10 @@ $action=GETPOST('action','alpha'); * Actions */ -if (preg_match('/set_(.*)/',$action,$reg)) +if (preg_match('/set_([a-z0-9_\-]+)/i',$action,$reg)) { $code=$reg[1]; - $value=(GETPOST($code) ? GETPOST($code) : 1); + $value=(GETPOST($code, 'alpha') ? GETPOST($code, 'alpha') : 1); if (dolibarr_set_const($db, $code, $value, 'chaine', 0, '', $conf->entity) > 0) { Header("Location: ".$_SERVER["PHP_SELF"]); @@ -58,7 +58,7 @@ if (preg_match('/set_(.*)/',$action,$reg)) } } -else if (preg_match('/del_(.*)/',$action,$reg)) +else if (preg_match('/del_([a-z0-9_\-]+)/i',$action,$reg)) { $code=$reg[1]; if (dolibarr_del_const($db, $code, $conf->entity) > 0) diff --git a/htdocs/admin/user.php b/htdocs/admin/user.php index ee5faefeaee..a7b1c5b9373 100644 --- a/htdocs/admin/user.php +++ b/htdocs/admin/user.php @@ -86,7 +86,7 @@ elseif ($action == 'setdoc') } $res = true; } -elseif (preg_match('/set_(.*)/',$action,$reg)) +elseif (preg_match('/set_([a-z0-9_\-]+)/i',$action,$reg)) { $code=$reg[1]; if (dolibarr_set_const($db, $code, 1, 'chaine', 0, '', $conf->entity) > 0) @@ -100,7 +100,7 @@ elseif (preg_match('/set_(.*)/',$action,$reg)) } } -elseif (preg_match('/del_(.*)/',$action,$reg)) +elseif (preg_match('/del_([a-z0-9_\-]+)/i',$action,$reg)) { $code=$reg[1]; if (dolibarr_del_const($db, $code, $conf->entity) > 0) diff --git a/htdocs/admin/usergroup.php b/htdocs/admin/usergroup.php index 5a1cf94e59f..75497e9d19d 100644 --- a/htdocs/admin/usergroup.php +++ b/htdocs/admin/usergroup.php @@ -83,7 +83,7 @@ elseif ($action == 'setdoc') } $res = true; } -elseif (preg_match('/set_(.*)/',$action,$reg)) +elseif (preg_match('/set_([a-z0-9_\-]+)/i',$action,$reg)) { $code=$reg[1]; if (dolibarr_set_const($db, $code, 1, 'chaine', 0, '', $conf->entity) > 0) @@ -97,7 +97,7 @@ elseif (preg_match('/set_(.*)/',$action,$reg)) } } -elseif (preg_match('/del_(.*)/',$action,$reg)) +elseif (preg_match('/del_([a-z0-9_\-]+)/i',$action,$reg)) { $code=$reg[1]; if (dolibarr_del_const($db, $code, $conf->entity) > 0) diff --git a/htdocs/categories/admin/categorie.php b/htdocs/categories/admin/categorie.php index c1564e1b892..518d8903edd 100644 --- a/htdocs/categories/admin/categorie.php +++ b/htdocs/categories/admin/categorie.php @@ -38,7 +38,7 @@ $action=GETPOST('action','aZ09'); * Actions */ -if (preg_match('/set_(.*)/',$action,$reg)) +if (preg_match('/set_([a-z0-9_\-]+)/i',$action,$reg)) { $code=$reg[1]; if (dolibarr_set_const($db, $code, 1, 'chaine', 0, '', $conf->entity) > 0) @@ -52,7 +52,7 @@ if (preg_match('/set_(.*)/',$action,$reg)) } } -if (preg_match('/del_(.*)/',$action,$reg)) +if (preg_match('/del_([a-z0-9_\-]+)/i',$action,$reg)) { $code=$reg[1]; if (dolibarr_del_const($db, $code, $conf->entity) > 0) diff --git a/htdocs/langs/en_US/dict.lang b/htdocs/langs/en_US/dict.lang index f0fa27bcbf8..81f62469896 100644 --- a/htdocs/langs/en_US/dict.lang +++ b/htdocs/langs/en_US/dict.lang @@ -5,7 +5,8 @@ CountryIT=Italy CountryES=Spain CountryDE=Germany CountryCH=Switzerland -CountryGB=Great Britain +# Warning, country code GB is for United Kingdom. UK Does not exists as country code in ISO standard. +CountryGB=United Kingdom CountryUK=United Kingdom CountryIE=Ireland CountryCN=China diff --git a/htdocs/main.inc.php b/htdocs/main.inc.php index 5bc55bd0d53..862b0701e33 100644 --- a/htdocs/main.inc.php +++ b/htdocs/main.inc.php @@ -198,7 +198,7 @@ if (! empty($_POST["DOL_AUTOSET_COOKIE"])) { $tmpautoset=explode(':',$_POST["DOL_AUTOSET_COOKIE"],2); $tmplist=explode(',',$tmpautoset[1]); - $cookiearrayvalue=''; + $cookiearrayvalue=array(); foreach ($tmplist as $tmpkey) { $postkey=$tmpautoset[0].'_'.$tmpkey; diff --git a/htdocs/margin/admin/margin.php b/htdocs/margin/admin/margin.php index 559b5b13564..d37dfe0c83b 100644 --- a/htdocs/margin/admin/margin.php +++ b/htdocs/margin/admin/margin.php @@ -42,7 +42,7 @@ $action=GETPOST('action','alpha'); /* * Action */ -if (preg_match('/set_(.*)/',$action,$reg)) +if (preg_match('/set_([a-z0-9_\-]+)/i',$action,$reg)) { $code=$reg[1]; if (dolibarr_set_const($db, $code, 1, 'yesno', 0, '', $conf->entity) > 0) @@ -56,7 +56,7 @@ if (preg_match('/set_(.*)/',$action,$reg)) } } -if (preg_match('/del_(.*)/',$action,$reg)) +if (preg_match('/del_([a-z0-9_\-]+)/i',$action,$reg)) { $code=$reg[1]; if (dolibarr_del_const($db, $code, $conf->entity) > 0)