diff --git a/htdocs/admin/tools/purge.php b/htdocs/admin/tools/purge.php
index 414bbbc641e..88db706378f 100644
--- a/htdocs/admin/tools/purge.php
+++ b/htdocs/admin/tools/purge.php
@@ -27,8 +27,11 @@ include_once(DOL_DOCUMENT_ROOT.'/lib/files.lib.php');
$langs->load("admin");
-if (! $user->admin)
-accessforbidden();
+$action=GETPOST('action');
+$confirm=GETPOST('confirm');
+$choice=GETPOST('choice');
+
+if (! $user->admin) accessforbidden();
if ($_GET["msg"]) $message=''.$_GET["msg"].'
';
@@ -44,11 +47,11 @@ if ($conf->syslog->enabled)
/*
* Actions
*/
-if ($_REQUEST["action"]=='purge' && ! preg_match('/^confirm/i',$_REQUEST["choice"]) && ($_REQUEST["choice"] != 'allfiles' || $_REQUEST["confirm"] == 'yes') )
+if ($action=='purge' && ! preg_match('/^confirm/i',$choice) && ($choice != 'allfiles' || $confirm == 'yes') )
{
$filesarray=array();
- if ($_REQUEST["choice"]=='tempfiles')
+ if ($choice=='tempfiles')
{
// Delete temporary files
if ($dolibarr_main_data_root)
@@ -57,16 +60,16 @@ if ($_REQUEST["action"]=='purge' && ! preg_match('/^confirm/i',$_REQUEST["choice
}
}
- if ($_REQUEST["choice"]=='allfiles')
+ if ($choice=='allfiles')
{
// Delete all files
if ($dolibarr_main_data_root)
{
- $filesarray=dol_dir_list($dolibarr_main_data_root,"all",0);
+ $filesarray=dol_dir_list($dolibarr_main_data_root,"all",0,'','install\.lock$');
}
}
- if ($_REQUEST["choice"]=='logfile')
+ if ($choice=='logfile')
{
$filesarray[]=array('fullname'=>$filelog,'type'=>'file');
}
@@ -85,7 +88,7 @@ if ($_REQUEST["action"]=='purge' && ! preg_match('/^confirm/i',$_REQUEST["choice
elseif ($filesarray[$key]['type'] == 'file')
{
// If (file that is not logfile) or (if logfile with option logfile)
- if ($filesarray[$key]['fullname'] != $filelog || $_POST["choice"]=='logfile')
+ if ($filesarray[$key]['fullname'] != $filelog || $choice=='logfile')
{
$count+=dol_delete_file($filesarray[$key]['fullname']);
}
@@ -93,7 +96,7 @@ if ($_REQUEST["action"]=='purge' && ! preg_match('/^confirm/i',$_REQUEST["choice
}
// Update cachenbofdoc
- if ($conf->ecm->enabled && $_REQUEST["choice"]=='allfiles')
+ if ($conf->ecm->enabled && $choice=='allfiles')
{
require_once(DOL_DOCUMENT_ROOT."/ecm/class/ecmdirectory.class.php");
$ecmdirstatic = new ECMDirectory($db);
@@ -133,21 +136,21 @@ print '';
if ($conf->syslog->enabled)
{
print ' '.$langs->trans("PurgeDeleteLogFile",$filelog).'
';
}
print ' '.$langs->trans("PurgeDeleteTemporaryFiles").'
';
print ' '.$langs->trans("PurgeDeleteAllFilesInDocumentsDir",$dolibarr_main_data_root).'
';
print ' |
';
-if ($_REQUEST['choice'] != 'confirm_allfiles')
+if ($choice != 'confirm_allfiles')
{
print '
';
print '';
@@ -162,7 +165,7 @@ if ($message)
print "\n";
}
-if (preg_match('/^confirm/i',$_REQUEST["choice"]))
+if (preg_match('/^confirm/i',$choice))
{
print '
';
$formquestion=array();
diff --git a/htdocs/lib/pdf.lib.php b/htdocs/lib/pdf.lib.php
index 6786ac36a01..9e77a559842 100644
--- a/htdocs/lib/pdf.lib.php
+++ b/htdocs/lib/pdf.lib.php
@@ -731,11 +731,11 @@ function pdf_getlinedesc($object,$i,$outputlangs,$hideref=0,$hidedesc=0,$issuppl
{
if ($idprod)
{
- if ( empty($hidedesc) ) $libelleproduitservice.=$desc;
+ if ( empty($hidedesc) ) $libelleproduitservice.=dol_htmlentitiesbr($desc,1);
}
else
{
- $libelleproduitservice.=$desc;
+ $libelleproduitservice.=dol_htmlentitiesbr($desc,1);
}
}
}