From 44a105915816c4d8f2904088f6a3d099cc7459ee Mon Sep 17 00:00:00 2001 From: Florian HENRY Date: Thu, 5 Jun 2014 10:53:00 +0200 Subject: [PATCH 1/5] Fix warining message during societe activation --- htdocs/core/modules/modSociete.class.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/core/modules/modSociete.class.php b/htdocs/core/modules/modSociete.class.php index 96a3ee4d31b..9dabf98e5ee 100644 --- a/htdocs/core/modules/modSociete.class.php +++ b/htdocs/core/modules/modSociete.class.php @@ -329,7 +329,7 @@ class modSociete extends DolibarrModules unset($this->export_entities_array[$r]['s.code_fournisseur']); } // Add extra fields - $sql="SELECT name, label FROM ".MAIN_DB_PREFIX."extrafields WHERE elementtype = 'socpeople'"; + $sql="SELECT name, label, type FROM ".MAIN_DB_PREFIX."extrafields WHERE elementtype = 'socpeople'"; $resql=$this->db->query($sql); if ($resql) // This can fail when class is used on old database (during migration for example) { From ebe49b0525b5a316a90a2bd9b2f259099e76d204 Mon Sep 17 00:00:00 2001 From: Florian HENRY Date: Thu, 5 Jun 2014 10:58:38 +0200 Subject: [PATCH 2/5] Same bug, missing select column use in result --- htdocs/core/modules/modSociete.class.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/core/modules/modSociete.class.php b/htdocs/core/modules/modSociete.class.php index 9dabf98e5ee..753e1a0892b 100644 --- a/htdocs/core/modules/modSociete.class.php +++ b/htdocs/core/modules/modSociete.class.php @@ -329,7 +329,7 @@ class modSociete extends DolibarrModules unset($this->export_entities_array[$r]['s.code_fournisseur']); } // Add extra fields - $sql="SELECT name, label, type FROM ".MAIN_DB_PREFIX."extrafields WHERE elementtype = 'socpeople'"; + $sql="SELECT name, label, type, param FROM ".MAIN_DB_PREFIX."extrafields WHERE elementtype = 'socpeople'"; $resql=$this->db->query($sql); if ($resql) // This can fail when class is used on old database (during migration for example) { From 768163c6fcd16d9a7b04a50c4406f555601ae8ca Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Fri, 6 Jun 2014 12:57:12 +0200 Subject: [PATCH 3/5] Fix: Easy fix to solve pb with pagebreak when adding image --- htdocs/core/lib/pdf.lib.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/core/lib/pdf.lib.php b/htdocs/core/lib/pdf.lib.php index 6f7a57bebc1..76d63a10317 100644 --- a/htdocs/core/lib/pdf.lib.php +++ b/htdocs/core/lib/pdf.lib.php @@ -436,7 +436,7 @@ function pdf_pagehead(&$pdf,$outputlangs,$page_height) if (! empty($conf->global->MAIN_USE_BACKGROUND_ON_PDF)) { $pdf->SetAutoPageBreak(0,0); // Disable auto pagebreak before adding image - $pdf->Image($conf->mycompany->dir_output.'/logos/'.$conf->global->MAIN_USE_BACKGROUND_ON_PDF, 0, 0, 0, $page_height); + $pdf->Image($conf->mycompany->dir_output.'/logos/'.$conf->global->MAIN_USE_BACKGROUND_ON_PDF, (isset($conf->global->MAIN_USE_BACKGROUND_ON_PDF_X)?$conf->global->MAIN_USE_BACKGROUND_ON_PDF_X:0), (isset($conf->global->MAIN_USE_BACKGROUND_ON_PDF_Y)?$conf->global->MAIN_USE_BACKGROUND_ON_PDF_Y:0), 0, $page_height); $pdf->SetAutoPageBreak(1,0); // Restore pagebreak } } From 77a9d4eb71a7ede8e503e42104edb33035ad54ee Mon Sep 17 00:00:00 2001 From: Florian HENRY Date: Mon, 9 Jun 2014 12:34:10 +0200 Subject: [PATCH 4/5] Start fix [ bug #1437 ] Securitu Issue Some of them can be fix, because GETPOST even with 'alpha' test do not warn if input is "2%2F0%2F1234%3cscript%3ealert%2893275%29%3c%2fscript%3e" for exemple I don't have magical solution for this kind of security issue --- htdocs/core/lib/security2.lib.php | 10 +++---- htdocs/main.inc.php | 30 ++++++++++---------- htdocs/public/demo/index.php | 10 +++---- htdocs/user/class/user.class.php | 6 ++-- htdocs/user/class/usergroup.class.php | 4 +-- htdocs/user/fiche.php | 41 ++++++++++++++------------- 6 files changed, 51 insertions(+), 50 deletions(-) diff --git a/htdocs/core/lib/security2.lib.php b/htdocs/core/lib/security2.lib.php index a95d7a52356..315e7a8b391 100644 --- a/htdocs/core/lib/security2.lib.php +++ b/htdocs/core/lib/security2.lib.php @@ -292,11 +292,11 @@ function dol_loginfunction($langs,$conf,$mysoc) if (! empty($conf->global->MAIN_USE_JQUERY_THEME)) $jquerytheme = $conf->global->MAIN_USE_JQUERY_THEME; // Set dol_hide_topmenu, dol_hide_leftmenu, dol_optimize_smallscreen, dol_nomousehover - $dol_hide_topmenu=GETPOST('dol_hide_topmenu'); - $dol_hide_leftmenu=GETPOST('dol_hide_leftmenu'); - $dol_optimize_smallscreen=GETPOST('dol_optimize_smallscreen'); - $dol_no_mouse_hover=GETPOST('dol_no_mouse_hover'); - $dol_use_jmobile=GETPOST('dol_use_jmobile'); + $dol_hide_topmenu=GETPOST('dol_hide_topmenu','int'); + $dol_hide_leftmenu=GETPOST('dol_hide_leftmenu','int'); + $dol_optimize_smallscreen=GETPOST('dol_optimize_smallscreen','int'); + $dol_no_mouse_hover=GETPOST('dol_no_mouse_hover','int'); + $dol_use_jmobile=GETPOST('dol_use_jmobile','int'); // Include login page template include $template_dir.'login.tpl.php'; diff --git a/htdocs/main.inc.php b/htdocs/main.inc.php index 12dbfee552d..45ddc3d8734 100644 --- a/htdocs/main.inc.php +++ b/htdocs/main.inc.php @@ -360,16 +360,16 @@ if (! defined('NOLOGIN')) // It is not already authenticated and it requests the login / password include_once DOL_DOCUMENT_ROOT.'/core/lib/security2.lib.php'; - $dol_dst_observed=GETPOST("dst_observed",3); - $dol_dst_first=GETPOST("dst_first",3); - $dol_dst_second=GETPOST("dst_second",3); - $dol_screenwidth=GETPOST("screenwidth",3); - $dol_screenheight=GETPOST("screenheight",3); - $dol_hide_topmenu=GETPOST('dol_hide_topmenu',3); - $dol_hide_leftmenu=GETPOST('dol_hide_leftmenu',3); - $dol_optimize_smallscreen=GETPOST('dol_optimize_smallscreen',3); - $dol_no_mouse_hover=GETPOST('dol_no_mouse_hover',3); - $dol_use_jmobile=GETPOST('dol_use_jmobile',3); + $dol_dst_observed=GETPOST("dst_observed",'int',3); + $dol_dst_first=GETPOST("dst_first",'int',3); + $dol_dst_second=GETPOST("dst_second",'int',3); + $dol_screenwidth=GETPOST("screenwidth",'int',3); + $dol_screenheight=GETPOST("screenheight",'int',3); + $dol_hide_topmenu=GETPOST('dol_hide_topmenu','int',3); + $dol_hide_leftmenu=GETPOST('dol_hide_leftmenu','int',3); + $dol_optimize_smallscreen=GETPOST('dol_optimize_smallscreen','int',3); + $dol_no_mouse_hover=GETPOST('dol_no_mouse_hover','int',3); + $dol_use_jmobile=GETPOST('dol_use_jmobile','int',3); //dol_syslog("POST key=".join(array_keys($_POST),',').' value='.join($_POST,',')); // If in demo mode, we check we go to home page through the public/demo/index.php page @@ -1035,11 +1035,11 @@ function top_htmlhead($head, $title='', $disablejs=0, $disablehead=0, $arrayofjs $themeparam='?lang='.$langs->defaultlang.'&theme='.$conf->theme.(GETPOST('optioncss')?'&optioncss='.GETPOST('optioncss','alpha',1):'').'&userid='.$user->id.'&entity='.$conf->entity; $themeparam.=($ext?'&'.$ext:''); if (! empty($_SESSION['dol_resetcache'])) $themeparam.='&dol_resetcache='.$_SESSION['dol_resetcache']; - if (GETPOST('dol_hide_topmenu')) { $themeparam.='&dol_hide_topmenu='.GETPOST('dol_hide_topmenu'); } - if (GETPOST('dol_hide_leftmenu')) { $themeparam.='&dol_hide_leftmenu='.GETPOST('dol_hide_leftmenu'); } - if (GETPOST('dol_optimize_smallscreen')) { $themeparam.='&dol_optimize_smallscreen='.GETPOST('dol_optimize_smallscreen'); } - if (GETPOST('dol_no_mouse_hover')) { $themeparam.='&dol_no_mouse_hover='.GETPOST('dol_no_mouse_hover'); } - if (GETPOST('dol_use_jmobile')) { $themeparam.='&dol_use_jmobile='.GETPOST('dol_use_jmobile'); $conf->dol_use_jmobile=GETPOST('dol_use_jmobile'); } + if (GETPOST('dol_hide_topmenu')) { $themeparam.='&dol_hide_topmenu='.GETPOST('dol_hide_topmenu','int'); } + if (GETPOST('dol_hide_leftmenu')) { $themeparam.='&dol_hide_leftmenu='.GETPOST('dol_hide_leftmenu','int'); } + if (GETPOST('dol_optimize_smallscreen')) { $themeparam.='&dol_optimize_smallscreen='.GETPOST('dol_optimize_smallscreen','int'); } + if (GETPOST('dol_no_mouse_hover')) { $themeparam.='&dol_no_mouse_hover='.GETPOST('dol_no_mouse_hover','int'); } + if (GETPOST('dol_use_jmobile')) { $themeparam.='&dol_use_jmobile='.GETPOST('dol_use_jmobile','int'); $conf->dol_use_jmobile=GETPOST('dol_use_jmobile','int'); } //print 'themepath='.$themepath.' themeparam='.$themeparam;exit; print ''."\n"; diff --git a/htdocs/public/demo/index.php b/htdocs/public/demo/index.php index 0948be50631..2b36e6c9d5c 100644 --- a/htdocs/public/demo/index.php +++ b/htdocs/public/demo/index.php @@ -33,11 +33,11 @@ $langs->load("main"); $langs->load("install"); $langs->load("other"); -$conf->dol_hide_topmenu=GETPOST('dol_hide_topmenu'); -$conf->dol_hide_leftmenu=GETPOST('dol_hide_leftmenu'); -$conf->dol_optimize_smallscreen=GETPOST('dol_optimize_smallscreen'); -$conf->dol_no_mouse_hover=GETPOST('dol_no_mouse_hover'); -$conf->dol_use_jmobile=GETPOST('dol_use_jmobile'); +$conf->dol_hide_topmenu=GETPOST('dol_hide_topmenu','int'); +$conf->dol_hide_leftmenu=GETPOST('dol_hide_leftmenu','int'); +$conf->dol_optimize_smallscreen=GETPOST('dol_optimize_smallscreen','int'); +$conf->dol_no_mouse_hover=GETPOST('dol_no_mouse_hover','int'); +$conf->dol_use_jmobile=GETPOST('dol_use_jmobile','int'); // Security check global $dolibarr_main_demo; diff --git a/htdocs/user/class/user.class.php b/htdocs/user/class/user.class.php index 00bf221d339..74902878c63 100644 --- a/htdocs/user/class/user.class.php +++ b/htdocs/user/class/user.class.php @@ -806,7 +806,7 @@ class User extends CommonObject $sql = "SELECT login FROM ".MAIN_DB_PREFIX."user"; $sql.= " WHERE login ='".$this->db->escape($this->login)."'"; - $sql.= " AND entity IN (0,".$conf->entity.")"; + $sql.= " AND entity IN (0,".$this->db->escape($conf->entity).")"; dol_syslog(get_class($this)."::create sql=".$sql, LOG_DEBUG); $resql=$this->db->query($sql); @@ -825,7 +825,7 @@ class User extends CommonObject else { $sql = "INSERT INTO ".MAIN_DB_PREFIX."user (datec,login,ldap_sid,entity)"; - $sql.= " VALUES('".$this->db->idate($this->datec)."','".$this->db->escape($this->login)."','".$this->ldap_sid."',".$this->entity.")"; + $sql.= " VALUES('".$this->db->idate($this->datec)."','".$this->db->escape($this->login)."','".$this->ldap_sid."',".$this->db->escape($this->entity).")"; $result=$this->db->query($sql); dol_syslog(get_class($this)."::create sql=".$sql, LOG_DEBUG); @@ -922,7 +922,7 @@ class User extends CommonObject $this->lastname = $contact->lastname; $this->firstname = $contact->firstname; $this->email = $contact->email; - $this->skype = $contact->skype; + $this->skype = $contact->skype; $this->office_phone = $contact->phone_pro; $this->office_fax = $contact->fax; $this->user_mobile = $contact->phone_mobile; diff --git a/htdocs/user/class/usergroup.class.php b/htdocs/user/class/usergroup.class.php index debf67f95eb..7820e40a395 100644 --- a/htdocs/user/class/usergroup.class.php +++ b/htdocs/user/class/usergroup.class.php @@ -589,7 +589,7 @@ class UserGroup extends CommonObject $sql.= ") VALUES ("; $sql.= "'".$this->db->idate($now)."'"; $sql.= ",'".$this->db->escape($this->nom)."'"; - $sql.= ",".$entity; + $sql.= ",".$this->db->escape($entity); $sql.= ")"; dol_syslog(get_class($this)."::create sql=".$sql, LOG_DEBUG); @@ -640,7 +640,7 @@ class UserGroup extends CommonObject $sql = "UPDATE ".MAIN_DB_PREFIX."usergroup SET "; $sql.= " nom = '" . $this->db->escape($this->nom) . "'"; - $sql.= ", entity = " . $entity; + $sql.= ", entity = " . $this->db->escape($entity); $sql.= ", note = '" . $this->db->escape($this->note) . "'"; $sql.= " WHERE rowid = " . $this->id; diff --git a/htdocs/user/fiche.php b/htdocs/user/fiche.php index 32a4e9d25ec..d9ff9c7c71d 100644 --- a/htdocs/user/fiche.php +++ b/htdocs/user/fiche.php @@ -178,16 +178,16 @@ if ($action == 'add' && $canadduser) if (! $message) { - $object->lastname = GETPOST("lastname"); - $object->firstname = GETPOST("firstname"); - $object->login = GETPOST("login"); - $object->admin = GETPOST("admin"); - $object->office_phone = GETPOST("office_phone"); - $object->office_fax = GETPOST("office_fax"); + $object->lastname = GETPOST("lastname",'alpha'); + $object->firstname = GETPOST("firstname",'alpha'); + $object->login = GETPOST("login",'alpha'); + $object->admin = GETPOST("admin",'alpha'); + $object->office_phone = GETPOST("office_phone",'alpha'); + $object->office_fax = GETPOST("office_fax",'alpha'); $object->user_mobile = GETPOST("user_mobile"); $object->skype = GETPOST("skype"); - $object->email = GETPOST("email"); - $object->job = GETPOST("job"); + $object->email = GETPOST("email",'alpha'); + $object->job = GETPOST("job",'alpha'); $object->signature = GETPOST("signature"); $object->accountancy_code = GETPOST("accountancy_code"); $object->note = GETPOST("note"); @@ -200,6 +200,7 @@ if ($action == 'add' && $canadduser) // If multicompany is off, admin users must all be on entity 0. if (! empty($conf->multicompany->enabled)) { + $entity=GETPOST('entity','int'); if (! empty($_POST["superadmin"])) { $object->entity = 0; @@ -210,12 +211,12 @@ if ($action == 'add' && $canadduser) } else { - $object->entity = (empty($_POST["entity"]) ? 0 : $_POST["entity"]); + $object->entity = (empty($entity) ? 0 : $entity); } } else { - $object->entity = (empty($_POST["entity"]) ? 0 : $_POST["entity"]); + $object->entity = (empty($entity) ? 0 : $entity); } $db->begin(); @@ -316,17 +317,17 @@ if ($action == 'update' && ! $_POST["cancel"]) $object->oldcopy=dol_clone($object); - $object->lastname = GETPOST("lastname"); - $object->firstname = GETPOST("firstname"); - $object->login = GETPOST("login"); + $object->lastname = GETPOST("lastname",'alpha'); + $object->firstname = GETPOST("firstname",'alpha'); + $object->login = GETPOST("login",'alpha'); $object->pass = GETPOST("password"); $object->admin = empty($user->admin)?0:GETPOST("admin"); // A user can only be set admin by an admin - $object->office_phone=GETPOST("office_phone"); - $object->office_fax = GETPOST("office_fax"); + $object->office_phone=GETPOST("office_phone",'alpha'); + $object->office_fax = GETPOST("office_fax",'alpha'); $object->user_mobile= GETPOST("user_mobile"); - $object->skype =GETPOST("skype"); - $object->email = GETPOST("email"); - $object->job = GETPOST("job"); + $object->skype = GETPOST("skype"); + $object->email = GETPOST("email",'alpha'); + $object->job = GETPOST("job",'alpha'); $object->signature = GETPOST("signature"); $object->accountancy_code = GETPOST("accountancy_code"); $object->openid = GETPOST("openid"); @@ -384,8 +385,8 @@ if ($action == 'update' && ! $_POST["cancel"]) $contact->fetch($contactid); $sql = "UPDATE ".MAIN_DB_PREFIX."user"; - $sql.= " SET fk_socpeople=".$contactid; - if ($contact->socid) $sql.=", fk_societe=".$contact->socid; + $sql.= " SET fk_socpeople=".$db->escape($contactid); + if ($contact->socid) $sql.=", fk_societe=".$db->escape($contact->socid); $sql.= " WHERE rowid=".$object->id; } else From 4c3c62515d25624a6f551fcbfed50393c2294e39 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Mon, 9 Jun 2014 15:21:20 +0200 Subject: [PATCH 5/5] Fix: Confusion between is_int and is_numeric. --- htdocs/core/class/commonobject.class.php | 2 +- htdocs/core/class/fileupload.class.php | 4 ++-- htdocs/core/class/html.form.class.php | 4 ++-- htdocs/master.inc.php | 9 ++++++--- htdocs/public/members/new.php | 4 ++-- htdocs/public/members/public_card.php | 4 ++-- htdocs/public/members/public_list.php | 4 ++-- htdocs/public/paybox/newpayment.php | 4 ++-- htdocs/public/paybox/paymentko.php | 4 ++-- htdocs/public/paybox/paymentok.php | 4 ++-- htdocs/public/paypal/newpayment.php | 4 ++-- htdocs/public/paypal/paymentko.php | 4 ++-- htdocs/public/paypal/paymentok.php | 4 ++-- 13 files changed, 29 insertions(+), 26 deletions(-) diff --git a/htdocs/core/class/commonobject.class.php b/htdocs/core/class/commonobject.class.php index 49dd62acfd6..bdffb1fc708 100644 --- a/htdocs/core/class/commonobject.class.php +++ b/htdocs/core/class/commonobject.class.php @@ -2083,7 +2083,7 @@ abstract class CommonObject foreach ($tab as $key => $value) { - //Test fetch_array ! is_int($key) because fetch_array seult is a mix table with Key as alpha and Key as int (depend db engine) + // Test fetch_array ! is_int($key) because fetch_array seult is a mix table with Key as alpha and Key as int (depend db engine) if ($key != 'rowid' && $key != 'tms' && $key != 'fk_member' && ! is_int($key)) { // we can add this attribute to adherent object diff --git a/htdocs/core/class/fileupload.class.php b/htdocs/core/class/fileupload.class.php index 910ad55e0a0..ed091e74c83 100644 --- a/htdocs/core/class/fileupload.class.php +++ b/htdocs/core/class/fileupload.class.php @@ -329,14 +329,14 @@ class FileUpload $file->error = 'minFileSize'; return false; } - if (is_int($this->options['max_number_of_files']) && ( + if (is_numeric($this->options['max_number_of_files']) && ( count($this->getFileObjects()) >= $this->options['max_number_of_files']) ) { $file->error = 'maxNumberOfFiles'; return false; } list($img_width, $img_height) = @getimagesize($uploaded_file); - if (is_int($img_width)) { + if (is_numeric($img_width)) { if ($this->options['max_width'] && $img_width > $this->options['max_width'] || $this->options['max_height'] && $img_height > $this->options['max_height']) { $file->error = 'maxResolution'; diff --git a/htdocs/core/class/html.form.class.php b/htdocs/core/class/html.form.class.php index 3d175f49770..43148045e81 100644 --- a/htdocs/core/class/html.form.class.php +++ b/htdocs/core/class/html.form.class.php @@ -2614,7 +2614,7 @@ class Form $autoOpen=true; $dialogconfirm='dialog-confirm'; $button=''; - if (! is_int($useajax)) + if (! is_numeric($useajax)) { $button=$useajax; $useajax=1; @@ -3469,7 +3469,7 @@ class Form if($m == '') $m=0; if($empty == '') $empty=0; - if ($set_time === '' && $empty == 0) + if ($set_time === '' && $empty == 0) { include_once DOL_DOCUMENT_ROOT.'/core/lib/date.lib.php'; $set_time = dol_now('tzuser')-(getServerTimeZoneInt('now')*3600); // set_time must be relative to PHP server timezone diff --git a/htdocs/master.inc.php b/htdocs/master.inc.php index da7642e8df4..d97656a1131 100644 --- a/htdocs/master.inc.php +++ b/htdocs/master.inc.php @@ -160,19 +160,22 @@ if (! defined('NOREQUIREDB')) { $conf->entity = GETPOST("entity",'int'); } - else if (defined('DOLENTITY') && is_int(DOLENTITY)) // For public page with MultiCompany module + else if (defined('DOLENTITY') && is_numeric(DOLENTITY)) // For public page with MultiCompany module { $conf->entity = DOLENTITY; } - else if (!empty($_COOKIE['DOLENTITY'])) // For other application with MultiCompany module + else if (!empty($_COOKIE['DOLENTITY'])) // For other application with MultiCompany module (TODO: We should remove this. entity to use should never be stored into client side) { $conf->entity = $_COOKIE['DOLENTITY']; } - else if (! empty($conf->multicompany->force_entity) && is_int($conf->multicompany->force_entity)) // To force entity in login page + else if (! empty($conf->multicompany->force_entity) && is_numeric($conf->multicompany->force_entity)) // To force entity in login page { $conf->entity = $conf->multicompany->force_entity; } + // Sanitize entity + if (! is_numeric($conf->entity)) $conf->entity=1; + //print "Will work with data into entity instance number '".$conf->entity."'"; // Here we read database (llx_const table) and define $conf->global->XXX var. diff --git a/htdocs/public/members/new.php b/htdocs/public/members/new.php index 34a96f7bcb6..33dee38626e 100644 --- a/htdocs/public/members/new.php +++ b/htdocs/public/members/new.php @@ -38,11 +38,11 @@ define("NOLOGIN",1); // This means this output page does not require to be logged. define("NOCSRFCHECK",1); // We accept to go on this page from external web site. -// For MultiCompany module. +// For MultiCompany module. // Do not use GETPOST here, function is not defined and define must be done before including main.inc.php // TODO This should be useless. Because entity must be retreive from object ref and not from url. $entity=(! empty($_GET['entity']) ? (int) $_GET['entity'] : (! empty($_POST['entity']) ? (int) $_POST['entity'] : 1)); -if (is_int($entity)) define("DOLENTITY", $entity); +if (is_numeric($entity)) define("DOLENTITY", $entity); require '../../main.inc.php'; require_once DOL_DOCUMENT_ROOT.'/adherents/class/adherent.class.php'; diff --git a/htdocs/public/members/public_card.php b/htdocs/public/members/public_card.php index 2a9b3465543..aa164508650 100644 --- a/htdocs/public/members/public_card.php +++ b/htdocs/public/members/public_card.php @@ -27,11 +27,11 @@ define("NOLOGIN",1); // This means this output page does not require to be logged. define("NOCSRFCHECK",1); // We accept to go on this page from external web site. -// For MultiCompany module. +// For MultiCompany module. // Do not use GETPOST here, function is not defined and define must be done before including main.inc.php // TODO This should be useless. Because entity must be retreive from object ref and not from url. $entity=(! empty($_GET['entity']) ? (int) $_GET['entity'] : (! empty($_POST['entity']) ? (int) $_POST['entity'] : 1)); -if (is_int($entity)) define("DOLENTITY", $entity); +if (is_numeric($entity)) define("DOLENTITY", $entity); require '../../main.inc.php'; require_once DOL_DOCUMENT_ROOT.'/adherents/class/adherent.class.php'; diff --git a/htdocs/public/members/public_list.php b/htdocs/public/members/public_list.php index 1b6d23d946c..be901932e12 100644 --- a/htdocs/public/members/public_list.php +++ b/htdocs/public/members/public_list.php @@ -27,11 +27,11 @@ define("NOLOGIN",1); // This means this output page does not require to be logged. define("NOCSRFCHECK",1); // We accept to go on this page from external web site. -// For MultiCompany module. +// For MultiCompany module. // Do not use GETPOST here, function is not defined and define must be done before including main.inc.php // TODO This should be useless. Because entity must be retreive from object ref and not from url. $entity=(! empty($_GET['entity']) ? (int) $_GET['entity'] : (! empty($_POST['entity']) ? (int) $_POST['entity'] : 1)); -if (is_int($entity)) define("DOLENTITY", $entity); +if (is_numeric($entity)) define("DOLENTITY", $entity); require '../../main.inc.php'; diff --git a/htdocs/public/paybox/newpayment.php b/htdocs/public/paybox/newpayment.php index b8bad33c08f..56843afb1b7 100644 --- a/htdocs/public/paybox/newpayment.php +++ b/htdocs/public/paybox/newpayment.php @@ -27,11 +27,11 @@ define("NOLOGIN",1); // This means this output page does not require to be logged. define("NOCSRFCHECK",1); // We accept to go on this page from external web site. -// For MultiCompany module. +// For MultiCompany module. // Do not use GETPOST here, function is not defined and define must be done before including main.inc.php // TODO This should be useless. Because entity must be retreive from object ref and not from url. $entity=(! empty($_GET['entity']) ? (int) $_GET['entity'] : (! empty($_POST['entity']) ? (int) $_POST['entity'] : 1)); -if (is_int($entity)) define("DOLENTITY", $entity); +if (is_numeric($entity)) define("DOLENTITY", $entity); require '../../main.inc.php'; require_once DOL_DOCUMENT_ROOT.'/paybox/lib/paybox.lib.php'; diff --git a/htdocs/public/paybox/paymentko.php b/htdocs/public/paybox/paymentko.php index a9da81d0e68..fdf19f9a247 100644 --- a/htdocs/public/paybox/paymentko.php +++ b/htdocs/public/paybox/paymentko.php @@ -26,11 +26,11 @@ define("NOLOGIN",1); // This means this output page does not require to be logged. define("NOCSRFCHECK",1); // We accept to go on this page from external web site. -// For MultiCompany module. +// For MultiCompany module. // Do not use GETPOST here, function is not defined and define must be done before including main.inc.php // TODO This should be useless. Because entity must be retreive from object ref and not from url. $entity=(! empty($_GET['entity']) ? (int) $_GET['entity'] : (! empty($_POST['entity']) ? (int) $_POST['entity'] : 1)); -if (is_int($entity)) define("DOLENTITY", $entity); +if (is_numeric($entity)) define("DOLENTITY", $entity); require '../../main.inc.php'; require_once DOL_DOCUMENT_ROOT.'/paybox/lib/paybox.lib.php'; diff --git a/htdocs/public/paybox/paymentok.php b/htdocs/public/paybox/paymentok.php index 350d409735c..46fd05c52fd 100644 --- a/htdocs/public/paybox/paymentok.php +++ b/htdocs/public/paybox/paymentok.php @@ -26,11 +26,11 @@ define("NOLOGIN",1); // This means this output page does not require to be logged. define("NOCSRFCHECK",1); // We accept to go on this page from external web site. -// For MultiCompany module. +// For MultiCompany module. // Do not use GETPOST here, function is not defined and define must be done before including main.inc.php // TODO This should be useless. Because entity must be retreive from object ref and not from url. $entity=(! empty($_GET['entity']) ? (int) $_GET['entity'] : (! empty($_POST['entity']) ? (int) $_POST['entity'] : 1)); -if (is_int($entity)) define("DOLENTITY", $entity); +if (is_numeric($entity)) define("DOLENTITY", $entity); require '../../main.inc.php'; require_once DOL_DOCUMENT_ROOT.'/paybox/lib/paybox.lib.php'; diff --git a/htdocs/public/paypal/newpayment.php b/htdocs/public/paypal/newpayment.php index 91d1f67a3b9..51c598f4fab 100644 --- a/htdocs/public/paypal/newpayment.php +++ b/htdocs/public/paypal/newpayment.php @@ -29,11 +29,11 @@ define("NOLOGIN",1); // This means this output page does not require to be logged. define("NOCSRFCHECK",1); // We accept to go on this page from external web site. -// For MultiCompany module. +// For MultiCompany module. // Do not use GETPOST here, function is not defined and define must be done before including main.inc.php // TODO This should be useless. Because entity must be retreive from object ref and not from url. $entity=(! empty($_GET['entity']) ? (int) $_GET['entity'] : (! empty($_POST['entity']) ? (int) $_POST['entity'] : 1)); -if (is_int($entity)) define("DOLENTITY", $entity); +if (is_numeric($entity)) define("DOLENTITY", $entity); require '../../main.inc.php'; require_once DOL_DOCUMENT_ROOT.'/paypal/lib/paypal.lib.php'; diff --git a/htdocs/public/paypal/paymentko.php b/htdocs/public/paypal/paymentko.php index 3427f6a9b82..a7b327f96aa 100644 --- a/htdocs/public/paypal/paymentko.php +++ b/htdocs/public/paypal/paymentko.php @@ -29,11 +29,11 @@ define("NOLOGIN",1); // This means this output page does not require to be logged. define("NOCSRFCHECK",1); // We accept to go on this page from external web site. -// For MultiCompany module. +// For MultiCompany module. // Do not use GETPOST here, function is not defined and define must be done before including main.inc.php // TODO This should be useless. Because entity must be retreive from object ref and not from url. $entity=(! empty($_GET['entity']) ? (int) $_GET['entity'] : (! empty($_POST['entity']) ? (int) $_POST['entity'] : 1)); -if (is_int($entity)) define("DOLENTITY", $entity); +if (is_numeric($entity)) define("DOLENTITY", $entity); require '../../main.inc.php'; require_once DOL_DOCUMENT_ROOT.'/paypal/lib/paypal.lib.php'; diff --git a/htdocs/public/paypal/paymentok.php b/htdocs/public/paypal/paymentok.php index 68420f3bbd8..4182dffde57 100644 --- a/htdocs/public/paypal/paymentok.php +++ b/htdocs/public/paypal/paymentok.php @@ -29,11 +29,11 @@ define("NOLOGIN",1); // This means this output page does not require to be logged. define("NOCSRFCHECK",1); // We accept to go on this page from external web site. -// For MultiCompany module. +// For MultiCompany module. // Do not use GETPOST here, function is not defined and define must be done before including main.inc.php // TODO This should be useless. Because entity must be retreive from object ref and not from url. $entity=(! empty($_GET['entity']) ? (int) $_GET['entity'] : (! empty($_POST['entity']) ? (int) $_POST['entity'] : 1)); -if (is_int($entity)) define("DOLENTITY", $entity); +if (is_numeric($entity)) define("DOLENTITY", $entity); require '../../main.inc.php'; require_once DOL_DOCUMENT_ROOT.'/paypal/lib/paypal.lib.php';