Fix XSS

htdocs/holiday/list.php

@@ -282,7 +282,7 @@ print "</tr>\n";
 // FILTRES
 print '<tr class="liste_titre">';
 print '<td class="liste_titre" align="left" width="50">';
-print '<input class="flat" size="4" type="text" name="search_ref" value="'.$search_ref.'">';
+print '<input class="flat" size="4" type="text" name="search_ref" value="'.dol_escape_htmltag($search_ref).'">';
 print '</td>';
 
 // DATE CREATE

htdocs/projet/card.php

@@ -310,10 +310,11 @@ if (empty($reshook))
 	    {
 	        $langs->load("other");
 	        $upload_dir =	$conf->projet->dir_output . "/";
-	        $file =	$upload_dir	. '/' .	GETPOST('file');
+	        $urlfile=GETPOST('urlfile','alpha');
+	        $file =	$upload_dir	. '/' .	$filetodelete;
 	        $ret=dol_delete_file($file);
-	        if ($ret) setEventMessage($langs->trans("FileWasRemoved", GETPOST('urlfile')));
-	        else setEventMessage($langs->trans("ErrorFailToDeleteFile", GETPOST('urlfile')), 'errors');
+	        if ($ret) setEventMessage($langs->trans("FileWasRemoved", $urlfile));
+	        else setEventMessage($langs->trans("ErrorFailToDeleteFile", $urlfile), 'errors');
 	    }
 	}