diff --git a/htdocs/accountancy/bookkeeping/balancebymonth.php b/htdocs/accountancy/bookkeeping/balancebymonth.php index 9202371e5a5..83908f72172 100644 --- a/htdocs/accountancy/bookkeeping/balancebymonth.php +++ b/htdocs/accountancy/bookkeeping/balancebymonth.php @@ -38,7 +38,7 @@ $langs->load("other"); $langs->load("accountancy"); // Filter -$year = $_GET["year"]; +$year = GETPOST("year",'int'); if ($year == 0) { $year_current = strftime("%Y", time()); $year_start = $year_current; @@ -47,9 +47,11 @@ if ($year == 0) { $year_start = $year; } + /* * View */ + llxHeader('', $langs->trans("Bookkeeping")); $textprevyear = '' . img_previous() . ''; diff --git a/htdocs/accountancy/customer/index.php b/htdocs/accountancy/customer/index.php index fea8281935f..ef5c512179a 100644 --- a/htdocs/accountancy/customer/index.php +++ b/htdocs/accountancy/customer/index.php @@ -47,7 +47,7 @@ if (! $user->rights->accounting->bind->write) accessforbidden(); // Filter -$year = $_GET["year"]; +$year = GETPOST("year",'int'); if ($year == 0) { $year_current = strftime("%Y", time()); $year_start = $year_current; @@ -57,7 +57,7 @@ if ($year == 0) { } // Validate History -$action = GETPOST('action'); +$action = GETPOST('action','alpha'); diff --git a/htdocs/accountancy/report/result.php b/htdocs/accountancy/report/result.php index e31e1c92f17..317b7193ff3 100644 --- a/htdocs/accountancy/report/result.php +++ b/htdocs/accountancy/report/result.php @@ -43,7 +43,7 @@ $rowid = GETPOST('rowid', 'int'); $cancel = GETPOST('cancel'); // Filter -$year = $_GET["year"]; +$year = GETPOST('year','int'); if ($year == 0) { $year_current = strftime("%Y", time()); $year_start = $year_current; @@ -64,9 +64,11 @@ if (! $user->rights->accounting->comptarapport->lire) $AccCat = new AccountancyCategory($db); + /* * View */ + llxheader('', $langs->trans('ReportInOut')); $formaccounting = new FormAccounting($db); diff --git a/htdocs/accountancy/supplier/index.php b/htdocs/accountancy/supplier/index.php index 82c7cebe087..ef7d470bb07 100644 --- a/htdocs/accountancy/supplier/index.php +++ b/htdocs/accountancy/supplier/index.php @@ -45,7 +45,7 @@ if (! $user->rights->accounting->bind->write) accessforbidden(); // Filter -$year = $_GET["year"]; +$year = GETPOST("year",'int'); if ($year == 0) { $year_current = strftime("%Y", time()); $year_start = $year_current; @@ -55,7 +55,7 @@ if ($year == 0) { } // Validate History -$action = GETPOST('action'); +$action = GETPOST('action', 'alpha'); /* diff --git a/htdocs/asterisk/wrapper.php b/htdocs/asterisk/wrapper.php index e5c9a6b2093..381750546ce 100644 --- a/htdocs/asterisk/wrapper.php +++ b/htdocs/asterisk/wrapper.php @@ -85,10 +85,10 @@ if (! isset($conf->global->ASTERISK_PRIORITY)) $conf->global->ASTERISK_PRIORITY if (! isset($conf->global->ASTERISK_MAX_RETRY)) $conf->global->ASTERISK_MAX_RETRY="2"; -$login = $_GET['login']; -$password = $_GET['password']; -$caller = $_GET['caller']; -$called = $_GET['called']; +$login = GETPOST('login'); +$password = GETPOST('password'); +$caller = GETPOST('caller'); +$called = GETPOST('called'); // IP address of Asterisk server $strHost = $conf->global->ASTERISK_HOST; diff --git a/htdocs/categories/traduction.php b/htdocs/categories/traduction.php index 00741f81390..1967727b32f 100644 --- a/htdocs/categories/traduction.php +++ b/htdocs/categories/traduction.php @@ -277,7 +277,7 @@ if ($action == 'add' && ($user->rights->produit->creer || $user->rights->service print '
'; print ''; print ''; - print ''; + print ''; print ''; print ''; + print ''; print ''; print '
'.$langs->trans('Translation').''; diff --git a/htdocs/install/step4.php b/htdocs/install/step4.php index ce16596bdbf..740a45a9063 100644 --- a/htdocs/install/step4.php +++ b/htdocs/install/step4.php @@ -79,7 +79,7 @@ $db=getDoliDBInstance($conf->db->type,$conf->db->host,$conf->db->user,$conf->db- if ($db->ok) { print '
'.$langs->trans("DolibarrAdminLogin").' :'; - print '
'.$langs->trans("Password").' :'; print '
'.$langs->trans("PasswordAgain").' :'; diff --git a/htdocs/loan/calc.php b/htdocs/loan/calc.php index b6e649962fa..76b4c989aa7 100644 --- a/htdocs/loan/calc.php +++ b/htdocs/loan/calc.php @@ -49,12 +49,12 @@ $error = false; * Set the USER INPUT values * --------------------------------------------------- */ if (isset($_REQUEST['form_complete'])) { - $sale_price = $_REQUEST['sale_price']; - $annual_interest_percent = $_REQUEST['annual_interest_percent']; - $year_term = $_REQUEST['year_term']; - $down_percent = $_REQUEST['down_percent']; - $show_progress = (isset($_REQUEST['show_progress'])) ? $_REQUEST['show_progress'] : false; - $form_complete = $_REQUEST['form_complete']; + $sale_price = GETPOST('sale_price'); + $annual_interest_percent = GETPOST('annual_interest_percent'); + $year_term = GETPOST('year_term'); + $down_percent = GETPOST('down_percent'); + $show_progress = (isset($_REQUEST['show_progress'])) ? GETPOST('show_progress') : false; + $form_complete = GETPOST('form_complete'); } // This function does the actual mortgage calculations diff --git a/htdocs/loan/payment/card.php b/htdocs/loan/payment/card.php index 41f332e5dd0..c76b0565a3f 100644 --- a/htdocs/loan/payment/card.php +++ b/htdocs/loan/payment/card.php @@ -32,7 +32,7 @@ $langs->load('companies'); $langs->load('loan'); // Security check -$id=GETPOST("id"); +$id=GETPOST("id",'int'); $action=GETPOST("action"); $confirm=GETPOST('confirm'); if ($user->societe_id) $socid=$user->societe_id; @@ -120,7 +120,7 @@ $form = new Form($db); $h=0; -$head[$h][0] = DOL_URL_ROOT.'/loan/payment/card.php?id='.$_GET["id"]; +$head[$h][0] = DOL_URL_ROOT.'/loan/payment/card.php?id='.$id; $head[$h][1] = $langs->trans("Card"); $hselected = $h; $h++; diff --git a/htdocs/product/canvas/product/actions_card_product.class.php b/htdocs/product/canvas/product/actions_card_product.class.php index e32d31122dc..06803e8239d 100644 --- a/htdocs/product/canvas/product/actions_card_product.class.php +++ b/htdocs/product/canvas/product/actions_card_product.class.php @@ -325,16 +325,15 @@ class ActionsCardProduct $this->list_datas = array(); - //$_GET["sall"] = 'LL'; // Clean parameters - $sall=trim(isset($_GET["sall"])?$_GET["sall"]:$_POST["sall"]); + $sall=trim(GETPOST("sall")); foreach($this->field_list as $field) { if ($field['enabled']) { $fieldname = "s".$field['alias']; - $$fieldname = trim(isset($_GET[$fieldname])?$_GET[$fieldname]:$_POST[$fieldname]); + $$fieldname = trim(GETPOST($fieldname)); } } diff --git a/htdocs/product/canvas/service/actions_card_service.class.php b/htdocs/product/canvas/service/actions_card_service.class.php index 7bc04ecb42a..af6fbccc320 100644 --- a/htdocs/product/canvas/service/actions_card_service.class.php +++ b/htdocs/product/canvas/service/actions_card_service.class.php @@ -308,9 +308,9 @@ class ActionsCardService $sql.= ' FROM '.MAIN_DB_PREFIX.'product as p'; // We'll need this table joined to the select in order to filter by categ if ($search_categ) $sql.= ", ".MAIN_DB_PREFIX."categorie_product as cp"; - if ($_GET["fourn_id"] > 0) + if (GETPOST("fourn_id",'int') > 0) { - $fourn_id = $_GET["fourn_id"]; + $fourn_id = GETPOST("fourn_id",'int'); $sql.= ", ".MAIN_DB_PREFIX."product_fournisseur_price as pfp"; } $sql.= " WHERE p.entity IN (".getEntity('product', 1).")"; diff --git a/htdocs/product/traduction.php b/htdocs/product/traduction.php index 1f6ae678a81..f616004db42 100644 --- a/htdocs/product/traduction.php +++ b/htdocs/product/traduction.php @@ -305,7 +305,7 @@ if ($action == 'add' && ($user->rights->produit->creer || $user->rights->service print ''; print ''; print ''; - print ''; + print ''; print ''; print '
'.$langs->trans('Language').'';