From b1215875824c2fd4f38a34926ef5f07ecc93e27e Mon Sep 17 00:00:00 2001
From: Florian HENRY <florian.henry@open-concept.pro>
Date: Mon, 22 Mar 2021 15:39:54 +0100
Subject: [PATCH] change  to GETPOST

---
 htdocs/projet/tasks/time.php | 26 +++++++++++++-------------
 1 file changed, 13 insertions(+), 13 deletions(-)

diff --git a/htdocs/projet/tasks/time.php b/htdocs/projet/tasks/time.php
index ffb214e3830..3cd49eb7d9e 100644
--- a/htdocs/projet/tasks/time.php
+++ b/htdocs/projet/tasks/time.php
@@ -175,10 +175,10 @@ if ($action == 'addtimespent' && $user->rights->projet->lire)
 				$action = 'createtime';
 				$error++;
 			} else {
-				$object->timespent_note = $_POST["timespent_note"];
+				$object->timespent_note = GETPOST('timespent_note','alpha');
 				if (GETPOST('progress', 'int') > 0) $object->progress = GETPOST('progress', 'int'); // If progress is -1 (not defined), we do not change value
-				$object->timespent_duration = $_POST["timespent_durationhour"] * 60 * 60; // We store duration in seconds
-				$object->timespent_duration += ($_POST["timespent_durationmin"] ? $_POST["timespent_durationmin"] : 0) * 60; // We store duration in seconds
+				$object->timespent_duration = (int) GETPOST("timespent_durationhour",'int') * 60 * 60; // We store duration in seconds
+				$object->timespent_duration += (GETPOST('timespent_durationmin','int') ? (int) GETPOST('timespent_durationmin','int') : 0) * 60; // We store duration in seconds
 				if (GETPOST("timehour") != '' && GETPOST("timehour") >= 0)	// If hour was entered
 				{
 					$object->timespent_date = dol_mktime(GETPOST("timehour"), GETPOST("timemin"), 0, GETPOST("timemonth"), GETPOST("timeday"), GETPOST("timeyear"));
@@ -224,10 +224,10 @@ if (($action == 'updateline' || $action == 'updatesplitline') && !$cancel && $us
 			$result = $object->delTimeSpent($user);
 
 			$object->fetch($id, $ref);
-			$object->timespent_note = $_POST["timespent_note_line"];
-			$object->timespent_old_duration = $_POST["old_duration"];
-			$object->timespent_duration = $_POST["new_durationhour"] * 60 * 60; // We store duration in seconds
-			$object->timespent_duration += ($_POST["new_durationmin"] ? $_POST["new_durationmin"] : 0) * 60; // We store duration in seconds
+			$object->timespent_note = GETPOST('timespent_note_line','alpha');
+			$object->timespent_old_duration = GETPOST("old_duration");
+			$object->timespent_duration = (int) GETPOST("new_durationhour", 'int') * 60 * 60; // We store duration in seconds
+			$object->timespent_duration += (GETPOST("new_durationmin", 'int') ? (int) GETPOST('new_durationmin', 'int') : 0) * 60; // We store duration in seconds
 			if (GETPOST("timelinehour") != '' && GETPOST("timelinehour") >= 0)	// If hour was entered
 			{
 				$object->timespent_date = dol_mktime(GETPOST("timelinehour"), GETPOST("timelinemin"), 0, GETPOST("timelinemonth"), GETPOST("timelineday"), GETPOST("timelineyear"));
@@ -248,11 +248,11 @@ if (($action == 'updateline' || $action == 'updatesplitline') && !$cancel && $us
 			$object->fetch($id, $ref);
 			// TODO Check that ($task_time->fk_user == $user->id || in_array($task_time->fk_user, $childids))
 
-			$object->timespent_id = $_POST["lineid"];
-			$object->timespent_note = $_POST["timespent_note_line"];
-			$object->timespent_old_duration = $_POST["old_duration"];
-			$object->timespent_duration = $_POST["new_durationhour"] * 60 * 60; // We store duration in seconds
-			$object->timespent_duration += ($_POST["new_durationmin"] ? $_POST["new_durationmin"] : 0) * 60; // We store duration in seconds
+			$object->timespent_id = GETPOST("lineid" , 'int');
+			$object->timespent_note = GETPOST('timespent_note_line','alpha');
+			$object->timespent_old_duration = GETPOST("old_duration");
+			$object->timespent_duration = (int) GETPOST("new_durationhour", 'int') * 60 * 60; // We store duration in seconds
+			$object->timespent_duration += (GETPOST("new_durationmin", 'int') ? (int) GETPOST('new_durationmin', 'int') : 0) * 60; // We store duration in seconds
 			if (GETPOST("timelinehour") != '' && GETPOST("timelinehour") >= 0)	// If hour was entered
 			{
 				$object->timespent_date = dol_mktime(GETPOST("timelinehour"), GETPOST("timelinemin"), 0, GETPOST("timelinemonth"), GETPOST("timelineday"), GETPOST("timelineyear"));
@@ -260,7 +260,7 @@ if (($action == 'updateline' || $action == 'updatesplitline') && !$cancel && $us
 			} else {
 				$object->timespent_date = dol_mktime(12, 0, 0, GETPOST("timelinemonth"), GETPOST("timelineday"), GETPOST("timelineyear"));
 			}
-			$object->timespent_fk_user = $_POST["userid_line"];
+			$object->timespent_fk_user = GETPOST("userid_line" , 'int');
 
 			$result = $object->updateTimeSpent($user);
 			if ($result >= 0)