diff --git a/htdocs/admin/boxes.php b/htdocs/admin/boxes.php index 8d6cdd939f3..ecd1b6cefc9 100644 --- a/htdocs/admin/boxes.php +++ b/htdocs/admin/boxes.php @@ -28,10 +28,11 @@ include_once(DOL_DOCUMENT_ROOT."/core/lib/admin.lib.php"); $langs->load("admin"); -$id=GETPOST('rowid','int'); - if (!$user->admin) accessforbidden(); +$rowid = GETPOST('rowid','int'); +$action = GETPOST('action'); + // Definition des positions possibles pour les boites $pos_array = array(0); // Positions possibles pour une boite (0,1,2,...) $pos_name = array(0=>$langs->trans("Home")); // Nom des positions 0=Homepage, 1=... @@ -41,13 +42,13 @@ $boxes = array(); /* * Actions */ +if ($action == 'addconst') -if ((isset($_POST["action"]) && $_POST["action"] == 'addconst')) { dolibarr_set_const($db, "MAIN_BOXES_MAXLINES",$_POST["MAIN_BOXES_MAXLINES"],'',0,'',$conf->entity); } -if ($_POST["action"] == 'add') +if ($action == 'add') { $sql = "SELECT rowid"; $sql.= " FROM ".MAIN_DB_PREFIX."boxes"; @@ -98,12 +99,12 @@ if ($_POST["action"] == 'add') } } -if ($_GET["action"] == 'delete') +if ($action == 'delete') { $db->begin(); $sql = "DELETE FROM ".MAIN_DB_PREFIX."boxes"; - $sql.= " WHERE rowid=".$id; + $sql.= " WHERE rowid=".$rowid; $resql = $db->query($sql); // Remove all personalized setup when a box is activated or disabled @@ -114,7 +115,7 @@ if ($_GET["action"] == 'delete') $db->commit(); } -if ($_GET["action"] == 'switch') +if ($action == 'switch') { // On permute les valeur du champ box_order des 2 lignes de la table boxes $db->begin(); diff --git a/htdocs/admin/ihm.php b/htdocs/admin/ihm.php index 00192a78d8b..790341a9bd3 100644 --- a/htdocs/admin/ihm.php +++ b/htdocs/admin/ihm.php @@ -37,23 +37,21 @@ $langs->load("companies"); $langs->load("products"); $langs->load("members"); -if (!$user->admin) accessforbidden(); +if (! $user->admin) accessforbidden(); + +$action = GETPOST('action'); if (! defined("MAIN_MOTD")) define("MAIN_MOTD",""); // List of supported permanent search area -$searchform=array( "MAIN_SEARCHFORM_SOCIETE","MAIN_SEARCHFORM_CONTACT", - "MAIN_SEARCHFORM_PRODUITSERVICE","MAIN_SEARCHFORM_ADHERENT"); -$searchformconst=array($conf->global->MAIN_SEARCHFORM_SOCIETE,$conf->global->MAIN_SEARCHFORM_CONTACT, - $conf->global->MAIN_SEARCHFORM_PRODUITSERVICE,$conf->global->MAIN_SEARCHFORM_ADHERENT); -$searchformtitle=array($langs->trans("Companies"),$langs->trans("Contacts"), - $langs->trans("ProductsAndServices"),$langs->trans("Members")); -$searchformmodule=array('Module1Name','Module1Name', - 'Module50Name','Module310Name'); +$searchform=array("MAIN_SEARCHFORM_SOCIETE","MAIN_SEARCHFORM_CONTACT", "MAIN_SEARCHFORM_PRODUITSERVICE","MAIN_SEARCHFORM_ADHERENT"); +$searchformconst=array($conf->global->MAIN_SEARCHFORM_SOCIETE,$conf->global->MAIN_SEARCHFORM_CONTACT,$conf->global->MAIN_SEARCHFORM_PRODUITSERVICE,$conf->global->MAIN_SEARCHFORM_ADHERENT); +$searchformtitle=array($langs->trans("Companies"),$langs->trans("Contacts"),$langs->trans("ProductsAndServices"),$langs->trans("Members")); +$searchformmodule=array('Module1Name','Module1Name','Module50Name','Module310Name'); -if (isset($_POST["action"]) && $_POST["action"] == 'update') +if ($action == 'update') { dolibarr_set_const($db, "MAIN_LANG_DEFAULT", $_POST["main_lang_default"],'chaine',0,'',$conf->entity); dolibarr_set_const($db, "MAIN_MULTILANGS", $_POST["main_multilangs"],'chaine',0,'',$conf->entity); @@ -101,7 +99,7 @@ print $langs->trans("DisplayDesc")."
\n"; print "
\n"; -if (isset($_GET["action"]) && $_GET["action"] == 'edit') // Edit +if ($action == 'edit') // Edit { print '
'; print ''; diff --git a/htdocs/main.inc.php b/htdocs/main.inc.php index 9ef7fa7db3b..d05c59494b6 100644 --- a/htdocs/main.inc.php +++ b/htdocs/main.inc.php @@ -84,7 +84,7 @@ function test_sql_and_script_inject($val, $get) // For XSS Injection done by adding javascript with script $sql_inj += preg_match('/