FIX #hunterdev2acfc8fe-247c-4f88-aeaa-042b6b8690a0
This commit is contained in:
Laurent Destailleur
parent
e0066e9d2d
commit
bc11cf62f8
@ -285,7 +285,7 @@ if (empty($reshook)) {
|
||||
$object->lastname = trim(GETPOST("lastname", 'alphanohtml'));
|
||||
$object->gender = trim(GETPOST("gender", 'alphanohtml'));
|
||||
$object->login = trim(GETPOST("login", 'alphanohtml'));
|
||||
$object->pass = trim(GETPOST("pass", 'alpha'));
|
||||
$object->pass = trim(GETPOST("pass", 'none')); // For password, we must use 'none'
|
||||
|
||||
$object->societe = trim(GETPOST("societe", 'alphanohtml')); // deprecated
|
||||
$object->company = trim(GETPOST("societe", 'alphanohtml'));
|
||||
@ -450,8 +450,8 @@ if (empty($reshook)) {
|
||||
$email = preg_replace('/\s+/', '', GETPOST("member_email", 'alpha'));
|
||||
$url = trim(GETPOST('url', 'custom', 0, FILTER_SANITIZE_URL));
|
||||
$login = GETPOST("member_login", 'alphanohtml');
|
||||
$pass = GETPOST("password", 'alpha');
|
||||
$photo = GETPOST("photo", 'alpha');
|
||||
$pass = GETPOST("password", 'none'); // For password, we use 'none'
|
||||
$photo = GETPOST("photo", 'alphanohtml');
|
||||
$morphy = GETPOST("morphy", 'alphanohtml');
|
||||
$public = GETPOST("public", 'alphanohtml');
|
||||
|
||||
@ -999,7 +999,7 @@ if (is_object($objcanvas) && $objcanvas->displayCanvasExists($action)) {
|
||||
require_once DOL_DOCUMENT_ROOT.'/core/lib/security2.lib.php';
|
||||
$generated_password = getRandomPassword(false);
|
||||
print '<tr><td><span class="fieldrequired">'.$langs->trans("Password").'</span></td><td>';
|
||||
print '<input type="text" class="minwidth300" maxlength="50" name="password" value="'.$generated_password.'">';
|
||||
print '<input type="text" class="minwidth300" maxlength="50" name="password" value="'.dol_escape_htmltag($generated_password).'">';
|
||||
print '</td></tr>';
|
||||
}
|
||||
|
||||
@ -1224,7 +1224,7 @@ if (is_object($objcanvas) && $objcanvas->displayCanvasExists($action)) {
|
||||
|
||||
// Password
|
||||
if (empty($conf->global->ADHERENT_LOGIN_NOT_REQUIRED)) {
|
||||
print '<tr><td class="fieldrequired">'.$langs->trans("Password").'</td><td><input type="password" name="pass" class="minwidth300" maxlength="50" value="'.(GETPOSTISSET("pass") ? GETPOST("pass", '', 2) : $object->pass).'"></td></tr>';
|
||||
print '<tr><td class="fieldrequired">'.$langs->trans("Password").'</td><td><input type="password" name="pass" class="minwidth300" maxlength="50" value="'.dol_escape_htmltag(GETPOSTISSET("pass") ? GETPOST("pass", 'none', 2) : $object->pass).'"></td></tr>';
|
||||
}
|
||||
// Morphy
|
||||
$morphys["phy"] = $langs->trans("Physical");
|
||||
|
||||
@ -53,18 +53,18 @@ if ($reshook < 0) {
|
||||
|
||||
if (($action == 'update' && !GETPOST("cancel", 'alpha'))
|
||||
|| ($action == 'updateedit')) {
|
||||
dolibarr_set_const($db, "MAIN_INFO_ACCOUNTANT_NAME", GETPOST("nom", 'nohtml'), 'chaine', 0, '', $conf->entity);
|
||||
dolibarr_set_const($db, "MAIN_INFO_ACCOUNTANT_ADDRESS", GETPOST("address", 'nohtml'), 'chaine', 0, '', $conf->entity);
|
||||
dolibarr_set_const($db, "MAIN_INFO_ACCOUNTANT_TOWN", GETPOST("town", 'nohtml'), 'chaine', 0, '', $conf->entity);
|
||||
dolibarr_set_const($db, "MAIN_INFO_ACCOUNTANT_ZIP", GETPOST("zipcode", 'alpha'), 'chaine', 0, '', $conf->entity);
|
||||
dolibarr_set_const($db, "MAIN_INFO_ACCOUNTANT_STATE", GETPOST("state_id", 'alpha'), 'chaine', 0, '', $conf->entity);
|
||||
dolibarr_set_const($db, "MAIN_INFO_ACCOUNTANT_REGION", GETPOST("region_code", 'alpha'), 'chaine', 0, '', $conf->entity);
|
||||
dolibarr_set_const($db, "MAIN_INFO_ACCOUNTANT_NAME", GETPOST("nom", 'alphanohtml'), 'chaine', 0, '', $conf->entity);
|
||||
dolibarr_set_const($db, "MAIN_INFO_ACCOUNTANT_ADDRESS", GETPOST("address", 'alphanohtml'), 'chaine', 0, '', $conf->entity);
|
||||
dolibarr_set_const($db, "MAIN_INFO_ACCOUNTANT_TOWN", GETPOST("town", 'alphanohtml'), 'chaine', 0, '', $conf->entity);
|
||||
dolibarr_set_const($db, "MAIN_INFO_ACCOUNTANT_ZIP", GETPOST("zipcode", 'alphanohtml'), 'chaine', 0, '', $conf->entity);
|
||||
dolibarr_set_const($db, "MAIN_INFO_ACCOUNTANT_STATE", GETPOST("state_id", 'int'), 'chaine', 0, '', $conf->entity);
|
||||
dolibarr_set_const($db, "MAIN_INFO_ACCOUNTANT_REGION", GETPOST("region_code", 'alphanohtml'), 'chaine', 0, '', $conf->entity);
|
||||
dolibarr_set_const($db, "MAIN_INFO_ACCOUNTANT_COUNTRY", GETPOST('country_id', 'int'), 'chaine', 0, '', $conf->entity);
|
||||
dolibarr_set_const($db, "MAIN_INFO_ACCOUNTANT_PHONE", GETPOST("tel", 'alpha'), 'chaine', 0, '', $conf->entity);
|
||||
dolibarr_set_const($db, "MAIN_INFO_ACCOUNTANT_FAX", GETPOST("fax", 'alpha'), 'chaine', 0, '', $conf->entity);
|
||||
dolibarr_set_const($db, "MAIN_INFO_ACCOUNTANT_MAIL", GETPOST("mail", 'alpha'), 'chaine', 0, '', $conf->entity);
|
||||
dolibarr_set_const($db, "MAIN_INFO_ACCOUNTANT_WEB", GETPOST("web", 'alpha'), 'chaine', 0, '', $conf->entity);
|
||||
dolibarr_set_const($db, "MAIN_INFO_ACCOUNTANT_CODE", GETPOST("code", 'nohtml'), 'chaine', 0, '', $conf->entity);
|
||||
dolibarr_set_const($db, "MAIN_INFO_ACCOUNTANT_PHONE", GETPOST("tel", 'alphanohtml'), 'chaine', 0, '', $conf->entity);
|
||||
dolibarr_set_const($db, "MAIN_INFO_ACCOUNTANT_FAX", GETPOST("fax", 'alphanohtml'), 'chaine', 0, '', $conf->entity);
|
||||
dolibarr_set_const($db, "MAIN_INFO_ACCOUNTANT_MAIL", GETPOST("mail", 'alphanohtml'), 'chaine', 0, '', $conf->entity);
|
||||
dolibarr_set_const($db, "MAIN_INFO_ACCOUNTANT_WEB", GETPOST("web", 'alphanohtml'), 'chaine', 0, '', $conf->entity);
|
||||
dolibarr_set_const($db, "MAIN_INFO_ACCOUNTANT_CODE", GETPOST("code", 'alphanohtml'), 'chaine', 0, '', $conf->entity);
|
||||
dolibarr_set_const($db, "MAIN_INFO_ACCOUNTANT_NOTE", GETPOST("note", 'restricthtml'), 'chaine', 0, '', $conf->entity);
|
||||
|
||||
if ($action != 'updateedit' && !$error) {
|
||||
@ -119,17 +119,17 @@ print '<tr class="liste_titre"><th class="titlefieldcreate wordbreak">'.$langs->
|
||||
|
||||
// Name
|
||||
print '<tr class="oddeven"><td><label for="name">'.$langs->trans("CompanyName").'</label></td><td>';
|
||||
print '<input name="nom" id="name" class="minwidth200" value="'.(GETPOSTISSET('nom') ? GETPOST('nom', 'nohtml') : (!empty($conf->global->MAIN_INFO_ACCOUNTANT_NAME) ? $conf->global->MAIN_INFO_ACCOUNTANT_NAME : '')).'"'.(empty($conf->global->MAIN_INFO_ACCOUNTANT_NAME) ? ' autofocus="autofocus"' : '').'></td></tr>'."\n";
|
||||
print '<input name="nom" id="name" class="minwidth200" value="'.dol_escape_htmltag(GETPOSTISSET('nom') ? GETPOST('nom', 'alphanohtml') : (!empty($conf->global->MAIN_INFO_ACCOUNTANT_NAME) ? $conf->global->MAIN_INFO_ACCOUNTANT_NAME : '')).'"'.(empty($conf->global->MAIN_INFO_ACCOUNTANT_NAME) ? ' autofocus="autofocus"' : '').'></td></tr>'."\n";
|
||||
|
||||
// Address
|
||||
print '<tr class="oddeven"><td><label for="address">'.$langs->trans("CompanyAddress").'</label></td><td>';
|
||||
print '<textarea name="address" id="address" class="quatrevingtpercent" rows="'.ROWS_3.'">'.(GETPOSTISSET('address') ? GETPOST('address', 'nohtml') : (!empty($conf->global->MAIN_INFO_ACCOUNTANT_ADDRESS) ? $conf->global->MAIN_INFO_ACCOUNTANT_ADDRESS : '')).'</textarea></td></tr>'."\n";
|
||||
print '<textarea name="address" id="address" class="quatrevingtpercent" rows="'.ROWS_3.'">'.dol_escape_htmltag(GETPOSTISSET('address') ? GETPOST('address', 'alphanohtml') : (!empty($conf->global->MAIN_INFO_ACCOUNTANT_ADDRESS) ? $conf->global->MAIN_INFO_ACCOUNTANT_ADDRESS : '')).'</textarea></td></tr>'."\n";
|
||||
|
||||
print '<tr class="oddeven"><td><label for="zipcode">'.$langs->trans("CompanyZip").'</label></td><td>';
|
||||
print '<input class="minwidth100" name="zipcode" id="zipcode" value="'.(GETPOSTISSET('zipcode') ? GETPOST('zipcode', 'alpha') : (!empty($conf->global->MAIN_INFO_ACCOUNTANT_ZIP) ? $conf->global->MAIN_INFO_ACCOUNTANT_ZIP : '')).'"></td></tr>'."\n";
|
||||
print '<input class="minwidth100" name="zipcode" id="zipcode" value="'.dol_escape_htmltag(GETPOSTISSET('zipcode') ? GETPOST('zipcode', 'alphanohtml') : (!empty($conf->global->MAIN_INFO_ACCOUNTANT_ZIP) ? $conf->global->MAIN_INFO_ACCOUNTANT_ZIP : '')).'"></td></tr>'."\n";
|
||||
|
||||
print '<tr class="oddeven"><td><label for="town">'.$langs->trans("CompanyTown").'</label></td><td>';
|
||||
print '<input name="town" class="minwidth100" id="town" value="'.(GETPOSTISSET('town') ? GETPOST('town', 'nohtml') : (!empty($conf->global->MAIN_INFO_ACCOUNTANT_TOWN) ? $conf->global->MAIN_INFO_ACCOUNTANT_TOWN : '')).'"></td></tr>'."\n";
|
||||
print '<input name="town" class="minwidth100" id="town" value="'.dol_escape_htmltag(GETPOSTISSET('town') ? GETPOST('town', 'alphanohtml') : (!empty($conf->global->MAIN_INFO_ACCOUNTANT_TOWN) ? $conf->global->MAIN_INFO_ACCOUNTANT_TOWN : '')).'"></td></tr>'."\n";
|
||||
|
||||
// Country
|
||||
print '<tr class="oddeven"><td><label for="selectcountry_id">'.$langs->trans("Country").'</label></td><td class="maxwidthonsmartphone">';
|
||||
@ -142,33 +142,33 @@ print '</td></tr>'."\n";
|
||||
|
||||
print '<tr class="oddeven"><td><label for="state_id">'.$langs->trans("State").'</label></td><td class="maxwidthonsmartphone">';
|
||||
print img_picto('', 'state', 'class="pictofixedwidth"');
|
||||
print $formcompany->select_state((GETPOSTISSET('state_id') ? GETPOST('state_id', 'alpha') : (!empty($conf->global->MAIN_INFO_ACCOUNTANT_STATE) ? $conf->global->MAIN_INFO_ACCOUNTANT_STATE : '')), (GETPOSTISSET('country_id') ? GETPOST('country_id', 'int') : (!empty($conf->global->MAIN_INFO_ACCOUNTANT_COUNTRY) ? $conf->global->MAIN_INFO_ACCOUNTANT_COUNTRY : '')), 'state_id');
|
||||
print $formcompany->select_state((GETPOSTISSET('state_id') ? GETPOST('state_id', 'int') : (!empty($conf->global->MAIN_INFO_ACCOUNTANT_STATE) ? $conf->global->MAIN_INFO_ACCOUNTANT_STATE : '')), (GETPOSTISSET('country_id') ? GETPOST('country_id', 'int') : (!empty($conf->global->MAIN_INFO_ACCOUNTANT_COUNTRY) ? $conf->global->MAIN_INFO_ACCOUNTANT_COUNTRY : '')), 'state_id');
|
||||
print '</td></tr>'."\n";
|
||||
|
||||
print '<tr class="oddeven"><td><label for="phone">'.$langs->trans("Phone").'</label></td><td>';
|
||||
print img_picto('', 'object_phoning', '', false, 0, 0, '', 'pictofixedwidth');
|
||||
print '<input name="tel" id="phone" class="maxwidth150 widthcentpercentminusx" value="'.(GETPOSTISSET('tel') ? GETPOST('tel', 'alpha') : (!empty($conf->global->MAIN_INFO_ACCOUNTANT_PHONE) ? $conf->global->MAIN_INFO_ACCOUNTANT_PHONE : '')).'"></td></tr>';
|
||||
print '<input name="tel" id="phone" class="maxwidth150 widthcentpercentminusx" value="'.dol_escape_htmltag(GETPOSTISSET('tel') ? GETPOST('tel', 'alphanohtml') : (!empty($conf->global->MAIN_INFO_ACCOUNTANT_PHONE) ? $conf->global->MAIN_INFO_ACCOUNTANT_PHONE : '')).'"></td></tr>';
|
||||
print '</td></tr>'."\n";
|
||||
|
||||
print '<tr class="oddeven"><td><label for="fax">'.$langs->trans("Fax").'</label></td><td>';
|
||||
print img_picto('', 'object_phoning_fax', '', false, 0, 0, '', 'pictofixedwidth');
|
||||
print '<input name="fax" id="fax" class="maxwidth150 widthcentpercentminusx" value="'.(GETPOSTISSET('fax') ? GETPOST('fax', 'alpha') : (!empty($conf->global->MAIN_INFO_ACCOUNTANT_FAX) ? $conf->global->MAIN_INFO_ACCOUNTANT_FAX : '')).'"></td></tr>';
|
||||
print '<input name="fax" id="fax" class="maxwidth150 widthcentpercentminusx" value="'.dol_escape_htmltag(GETPOSTISSET('fax') ? GETPOST('fax', 'alphanohtml') : (!empty($conf->global->MAIN_INFO_ACCOUNTANT_FAX) ? $conf->global->MAIN_INFO_ACCOUNTANT_FAX : '')).'"></td></tr>';
|
||||
print '</td></tr>'."\n";
|
||||
|
||||
print '<tr class="oddeven"><td><label for="email">'.$langs->trans("EMail").'</label></td><td>';
|
||||
print img_picto('', 'object_email', '', false, 0, 0, '', 'pictofixedwidth');
|
||||
print '<input name="mail" id="email" class="maxwidth300 widthcentpercentminusx" value="'.(GETPOSTISSET('mail') ? GETPOST('mail', 'alpha') : (!empty($conf->global->MAIN_INFO_ACCOUNTANT_MAIL) ? $conf->global->MAIN_INFO_ACCOUNTANT_MAIL : '')).'"></td></tr>';
|
||||
print '<input name="mail" id="email" class="maxwidth300 widthcentpercentminusx" value="'.dol_escape_htmltag(GETPOSTISSET('mail') ? GETPOST('mail', 'alphanohtml') : (!empty($conf->global->MAIN_INFO_ACCOUNTANT_MAIL) ? $conf->global->MAIN_INFO_ACCOUNTANT_MAIL : '')).'"></td></tr>';
|
||||
print '</td></tr>'."\n";
|
||||
|
||||
// Web
|
||||
print '<tr class="oddeven"><td><label for="web">'.$langs->trans("Web").'</label></td><td>';
|
||||
print img_picto('', 'globe', '', false, 0, 0, '', 'pictofixedwidth');
|
||||
print '<input name="web" id="web" class="maxwidth300 widthcentpercentminusx" value="'.(GETPOSTISSET('web') ? GETPOST('web', 'alpha') : (!empty($conf->global->MAIN_INFO_ACCOUNTANT_WEB) ? $conf->global->MAIN_INFO_ACCOUNTANT_WEB : '')).'"></td></tr>';
|
||||
print '<input name="web" id="web" class="maxwidth300 widthcentpercentminusx" value="'.dol_escape_htmltag(GETPOSTISSET('web') ? GETPOST('web', 'alphanohtml') : (!empty($conf->global->MAIN_INFO_ACCOUNTANT_WEB) ? $conf->global->MAIN_INFO_ACCOUNTANT_WEB : '')).'"></td></tr>';
|
||||
print '</td></tr>'."\n";
|
||||
|
||||
// Code
|
||||
print '<tr class="oddeven"><td><label for="code">'.$langs->trans("AccountantFileNumber").'</label></td><td>';
|
||||
print '<input name="code" id="code" class="minwidth100" value="'.(GETPOSTISSET('code') ? GETPOST('code', 'nohtml') : (!empty($conf->global->MAIN_INFO_ACCOUNTANT_CODE) ? $conf->global->MAIN_INFO_ACCOUNTANT_CODE : '')).'"></td></tr>'."\n";
|
||||
print '<input name="code" id="code" class="minwidth100" value="'.dol_escape_htmltag(GETPOSTISSET('code') ? GETPOST('code', 'alphanohtml') : (!empty($conf->global->MAIN_INFO_ACCOUNTANT_CODE) ? $conf->global->MAIN_INFO_ACCOUNTANT_CODE : '')).'"></td></tr>'."\n";
|
||||
|
||||
// Note
|
||||
print '<tr class="oddeven"><td class="tdtop"><label for="note">'.$langs->trans("Note").'</label></td><td>';
|
||||
|
||||
@ -91,9 +91,9 @@ if (($action == 'update' && !GETPOST("cancel", 'alpha'))
|
||||
|
||||
$db->begin();
|
||||
|
||||
dolibarr_set_const($db, "MAIN_INFO_SOCIETE_NOM", GETPOST("nom", 'nohtml'), 'chaine', 0, '', $conf->entity);
|
||||
dolibarr_set_const($db, "MAIN_INFO_SOCIETE_ADDRESS", GETPOST("MAIN_INFO_SOCIETE_ADDRESS", 'nohtml'), 'chaine', 0, '', $conf->entity);
|
||||
dolibarr_set_const($db, "MAIN_INFO_SOCIETE_TOWN", GETPOST("MAIN_INFO_SOCIETE_TOWN", 'nohtml'), 'chaine', 0, '', $conf->entity);
|
||||
dolibarr_set_const($db, "MAIN_INFO_SOCIETE_NOM", GETPOST("nom", 'alphanohtml'), 'chaine', 0, '', $conf->entity);
|
||||
dolibarr_set_const($db, "MAIN_INFO_SOCIETE_ADDRESS", GETPOST("MAIN_INFO_SOCIETE_ADDRESS", 'alphanohtml'), 'chaine', 0, '', $conf->entity);
|
||||
dolibarr_set_const($db, "MAIN_INFO_SOCIETE_TOWN", GETPOST("MAIN_INFO_SOCIETE_TOWN", 'alphanohtml'), 'chaine', 0, '', $conf->entity);
|
||||
dolibarr_set_const($db, "MAIN_INFO_SOCIETE_ZIP", GETPOST("MAIN_INFO_SOCIETE_ZIP", 'alphanohtml'), 'chaine', 0, '', $conf->entity);
|
||||
dolibarr_set_const($db, "MAIN_INFO_SOCIETE_REGION", GETPOST("region_code", 'alphanohtml'), 'chaine', 0, '', $conf->entity);
|
||||
dolibarr_set_const($db, "MAIN_MONNAIE", GETPOST("currency", 'aZ09'), 'chaine', 0, '', $conf->entity);
|
||||
@ -178,19 +178,19 @@ if (($action == 'update' && !GETPOST("cancel", 'alpha'))
|
||||
}
|
||||
}
|
||||
|
||||
dolibarr_set_const($db, "MAIN_INFO_SOCIETE_MANAGERS", GETPOST("MAIN_INFO_SOCIETE_MANAGERS", 'nohtml'), 'chaine', 0, '', $conf->entity);
|
||||
dolibarr_set_const($db, "MAIN_INFO_GDPR", GETPOST("MAIN_INFO_GDPR", 'nohtml'), 'chaine', 0, '', $conf->entity);
|
||||
dolibarr_set_const($db, "MAIN_INFO_CAPITAL", GETPOST("capital", 'nohtml'), 'chaine', 0, '', $conf->entity);
|
||||
dolibarr_set_const($db, "MAIN_INFO_SOCIETE_FORME_JURIDIQUE", GETPOST("forme_juridique_code", 'nohtml'), 'chaine', 0, '', $conf->entity);
|
||||
dolibarr_set_const($db, "MAIN_INFO_SIREN", GETPOST("siren", 'nohtml'), 'chaine', 0, '', $conf->entity);
|
||||
dolibarr_set_const($db, "MAIN_INFO_SIRET", GETPOST("siret", 'nohtml'), 'chaine', 0, '', $conf->entity);
|
||||
dolibarr_set_const($db, "MAIN_INFO_APE", GETPOST("ape", 'nohtml'), 'chaine', 0, '', $conf->entity);
|
||||
dolibarr_set_const($db, "MAIN_INFO_RCS", GETPOST("rcs", 'nohtml'), 'chaine', 0, '', $conf->entity);
|
||||
dolibarr_set_const($db, "MAIN_INFO_PROFID5", GETPOST("MAIN_INFO_PROFID5", 'nohtml'), 'chaine', 0, '', $conf->entity);
|
||||
dolibarr_set_const($db, "MAIN_INFO_PROFID6", GETPOST("MAIN_INFO_PROFID6", 'nohtml'), 'chaine', 0, '', $conf->entity);
|
||||
dolibarr_set_const($db, "MAIN_INFO_SOCIETE_MANAGERS", GETPOST("MAIN_INFO_SOCIETE_MANAGERS", 'alphanohtml'), 'chaine', 0, '', $conf->entity);
|
||||
dolibarr_set_const($db, "MAIN_INFO_GDPR", GETPOST("MAIN_INFO_GDPR", 'alphanohtml'), 'chaine', 0, '', $conf->entity);
|
||||
dolibarr_set_const($db, "MAIN_INFO_CAPITAL", GETPOST("capital", 'alphanohtml'), 'chaine', 0, '', $conf->entity);
|
||||
dolibarr_set_const($db, "MAIN_INFO_SOCIETE_FORME_JURIDIQUE", GETPOST("forme_juridique_code", 'alphanohtml'), 'chaine', 0, '', $conf->entity);
|
||||
dolibarr_set_const($db, "MAIN_INFO_SIREN", GETPOST("siren", 'alphanohtml'), 'chaine', 0, '', $conf->entity);
|
||||
dolibarr_set_const($db, "MAIN_INFO_SIRET", GETPOST("siret", 'alphanohtml'), 'chaine', 0, '', $conf->entity);
|
||||
dolibarr_set_const($db, "MAIN_INFO_APE", GETPOST("ape", 'alphanohtml'), 'chaine', 0, '', $conf->entity);
|
||||
dolibarr_set_const($db, "MAIN_INFO_RCS", GETPOST("rcs", 'alphanohtml'), 'chaine', 0, '', $conf->entity);
|
||||
dolibarr_set_const($db, "MAIN_INFO_PROFID5", GETPOST("MAIN_INFO_PROFID5", 'alphanohtml'), 'chaine', 0, '', $conf->entity);
|
||||
dolibarr_set_const($db, "MAIN_INFO_PROFID6", GETPOST("MAIN_INFO_PROFID6", 'alphanohtml'), 'chaine', 0, '', $conf->entity);
|
||||
|
||||
dolibarr_set_const($db, "MAIN_INFO_TVAINTRA", GETPOST("tva", 'nohtml'), 'chaine', 0, '', $conf->entity);
|
||||
dolibarr_set_const($db, "MAIN_INFO_SOCIETE_OBJECT", GETPOST("object", 'nohtml'), 'chaine', 0, '', $conf->entity);
|
||||
dolibarr_set_const($db, "MAIN_INFO_TVAINTRA", GETPOST("tva", 'alphanohtml'), 'chaine', 0, '', $conf->entity);
|
||||
dolibarr_set_const($db, "MAIN_INFO_SOCIETE_OBJECT", GETPOST("object", 'alphanohtml'), 'chaine', 0, '', $conf->entity);
|
||||
|
||||
dolibarr_set_const($db, "SOCIETE_FISCAL_MONTH_START", GETPOST("SOCIETE_FISCAL_MONTH_START", 'int'), 'chaine', 0, '', $conf->entity);
|
||||
|
||||
@ -403,18 +403,18 @@ print '<tr class="liste_titre"><th class="titlefieldcreate wordbreak">'.$langs->
|
||||
|
||||
// Name
|
||||
print '<tr class="oddeven"><td class="fieldrequired wordbreak"><label for="name">'.$langs->trans("CompanyName").'</label></td><td>';
|
||||
print '<input name="nom" id="name" class="minwidth200" value="'.dol_escape_htmltag((GETPOSTISSET('nom') ? GETPOST('nom', 'nohtml') : (!empty($conf->global->MAIN_INFO_SOCIETE_NOM) ? $conf->global->MAIN_INFO_SOCIETE_NOM : ''))).'"'.(empty($conf->global->MAIN_INFO_SOCIETE_NOM) ? ' autofocus="autofocus"' : '').'></td></tr>'."\n";
|
||||
print '<input name="nom" id="name" class="minwidth200" value="'.dol_escape_htmltag((GETPOSTISSET('nom') ? GETPOST('nom', 'alphanohtml') : (!empty($conf->global->MAIN_INFO_SOCIETE_NOM) ? $conf->global->MAIN_INFO_SOCIETE_NOM : ''))).'"'.(empty($conf->global->MAIN_INFO_SOCIETE_NOM) ? ' autofocus="autofocus"' : '').'></td></tr>'."\n";
|
||||
|
||||
// Address
|
||||
print '<tr class="oddeven"><td><label for="MAIN_INFO_SOCIETE_ADDRESS">'.$langs->trans("CompanyAddress").'</label></td><td>';
|
||||
print '<textarea name="MAIN_INFO_SOCIETE_ADDRESS" id="MAIN_INFO_SOCIETE_ADDRESS" class="quatrevingtpercent" rows="'.ROWS_3.'">'.(GETPOSTISSET('MAIN_INFO_SOCIETE_ADDRESS') ? GETPOST('MAIN_INFO_SOCIETE_ADDRESS', 'nohtml') : (!empty($conf->global->MAIN_INFO_SOCIETE_ADDRESS) ? $conf->global->MAIN_INFO_SOCIETE_ADDRESS : '')).'</textarea></td></tr>'."\n";
|
||||
print '<textarea name="MAIN_INFO_SOCIETE_ADDRESS" id="MAIN_INFO_SOCIETE_ADDRESS" class="quatrevingtpercent" rows="'.ROWS_3.'">'.(GETPOSTISSET('MAIN_INFO_SOCIETE_ADDRESS') ? GETPOST('MAIN_INFO_SOCIETE_ADDRESS', 'alphanohtml') : (!empty($conf->global->MAIN_INFO_SOCIETE_ADDRESS) ? $conf->global->MAIN_INFO_SOCIETE_ADDRESS : '')).'</textarea></td></tr>'."\n";
|
||||
|
||||
// Zip
|
||||
print '<tr class="oddeven" id="trzipbeforecountry"><td><label for="MAIN_INFO_SOCIETE_ZIP">'.$langs->trans("CompanyZip").'</label></td><td>';
|
||||
print '<input class="width100" name="MAIN_INFO_SOCIETE_ZIP" id="MAIN_INFO_SOCIETE_ZIP" value="'.dol_escape_htmltag((GETPOSTISSET('MAIN_INFO_SOCIETE_ZIP') ? GETPOST('MAIN_INFO_SOCIETE_ZIP', 'alpha') : (!empty($conf->global->MAIN_INFO_SOCIETE_ZIP) ? $conf->global->MAIN_INFO_SOCIETE_ZIP : ''))).'"></td></tr>'."\n";
|
||||
print '<input class="width100" name="MAIN_INFO_SOCIETE_ZIP" id="MAIN_INFO_SOCIETE_ZIP" value="'.dol_escape_htmltag((GETPOSTISSET('MAIN_INFO_SOCIETE_ZIP') ? GETPOST('MAIN_INFO_SOCIETE_ZIP', 'alphanohtml') : (!empty($conf->global->MAIN_INFO_SOCIETE_ZIP) ? $conf->global->MAIN_INFO_SOCIETE_ZIP : ''))).'"></td></tr>'."\n";
|
||||
|
||||
print '<tr class="oddeven" id="trtownbeforecountry"><td><label for="MAIN_INFO_SOCIETE_TOWN">'.$langs->trans("CompanyTown").'</label></td><td>';
|
||||
print '<input name="MAIN_INFO_SOCIETE_TOWN" class="minwidth200" id="MAIN_INFO_SOCIETE_TOWN" value="'.dol_escape_htmltag((GETPOSTISSET('MAIN_INFO_SOCIETE_TOWN') ? GETPOST('MAIN_INFO_SOCIETE_TOWN', 'nohtml') : (!empty($conf->global->MAIN_INFO_SOCIETE_TOWN) ? $conf->global->MAIN_INFO_SOCIETE_TOWN : ''))).'"></td></tr>'."\n";
|
||||
print '<input name="MAIN_INFO_SOCIETE_TOWN" class="minwidth200" id="MAIN_INFO_SOCIETE_TOWN" value="'.dol_escape_htmltag((GETPOSTISSET('MAIN_INFO_SOCIETE_TOWN') ? GETPOST('MAIN_INFO_SOCIETE_TOWN', 'alphanohtml') : (!empty($conf->global->MAIN_INFO_SOCIETE_TOWN) ? $conf->global->MAIN_INFO_SOCIETE_TOWN : ''))).'"></td></tr>'."\n";
|
||||
|
||||
// Country
|
||||
print '<tr class="oddeven"><td class="fieldrequired"><label for="selectcountry_id">'.$langs->trans("Country").'</label></td><td>';
|
||||
@ -564,17 +564,17 @@ $langs->load("companies");
|
||||
|
||||
// Managing Director(s)
|
||||
print '<tr class="oddeven"><td><label for="director">'.$langs->trans("ManagingDirectors").'</label></td><td>';
|
||||
print '<input name="MAIN_INFO_SOCIETE_MANAGERS" id="directors" class="minwidth300" value="'.dol_escape_htmltag((GETPOSTISSET('MAIN_INFO_SOCIETE_MANAGERS') ? GETPOST('MAIN_INFO_SOCIETE_MANAGERS', 'nohtml') : (!empty($conf->global->MAIN_INFO_SOCIETE_MANAGERS) ? $conf->global->MAIN_INFO_SOCIETE_MANAGERS : ''))).'"></td></tr>';
|
||||
print '<input name="MAIN_INFO_SOCIETE_MANAGERS" id="directors" class="minwidth300" value="'.dol_escape_htmltag((GETPOSTISSET('MAIN_INFO_SOCIETE_MANAGERS') ? GETPOST('MAIN_INFO_SOCIETE_MANAGERS', 'alphanohtml') : (!empty($conf->global->MAIN_INFO_SOCIETE_MANAGERS) ? $conf->global->MAIN_INFO_SOCIETE_MANAGERS : ''))).'"></td></tr>';
|
||||
|
||||
// GDPR contact
|
||||
print '<tr class="oddeven"><td>';
|
||||
print $form->textwithpicto($langs->trans("GDPRContact"), $langs->trans("GDPRContactDesc"));
|
||||
print '</td><td>';
|
||||
print '<input name="MAIN_INFO_GDPR" id="infodirector" class="minwidth300" value="'.dol_escape_htmltag((GETPOSTISSET("MAIN_INFO_GDPR") ? GETPOST("MAIN_INFO_GDPR", 'nohtml') : (!empty($conf->global->MAIN_INFO_GDPR) ? $conf->global->MAIN_INFO_GDPR : ''))).'"></td></tr>';
|
||||
print '<input name="MAIN_INFO_GDPR" id="infodirector" class="minwidth300" value="'.dol_escape_htmltag((GETPOSTISSET("MAIN_INFO_GDPR") ? GETPOST("MAIN_INFO_GDPR", 'alphanohtml') : (!empty($conf->global->MAIN_INFO_GDPR) ? $conf->global->MAIN_INFO_GDPR : ''))).'"></td></tr>';
|
||||
|
||||
// Capital
|
||||
print '<tr class="oddeven"><td><label for="capital">'.$langs->trans("Capital").'</label></td><td>';
|
||||
print '<input name="capital" id="capital" class="maxwidth100" value="'.dol_escape_htmltag((GETPOSTISSET('capital') ? GETPOST('capital', 'nohtml') : (!empty($conf->global->MAIN_INFO_CAPITAL) ? $conf->global->MAIN_INFO_CAPITAL : ''))).'"></td></tr>';
|
||||
print '<input name="capital" id="capital" class="maxwidth100" value="'.dol_escape_htmltag((GETPOSTISSET('capital') ? GETPOST('capital', 'alphanohtml') : (!empty($conf->global->MAIN_INFO_CAPITAL) ? $conf->global->MAIN_INFO_CAPITAL : ''))).'"></td></tr>';
|
||||
|
||||
// Juridical Status
|
||||
print '<tr class="oddeven"><td><label for="forme_juridique_code">'.$langs->trans("JuridicalStatus").'</label></td><td>';
|
||||
|
||||
@ -906,7 +906,7 @@ if (empty($reshook)) {
|
||||
} elseif (in_array($keycode, array('joinfile', 'private', 'pos', 'position', 'scale', 'use_default'))) {
|
||||
$sql .= (int) GETPOST($keycode, 'int');
|
||||
} else {
|
||||
$sql .= "'".$db->escape(GETPOST($keycode, 'nohtml'))."'";
|
||||
$sql .= "'".$db->escape(GETPOST($keycode, 'alphanohtml'))."'";
|
||||
}
|
||||
|
||||
$i++;
|
||||
@ -975,7 +975,7 @@ if (empty($reshook)) {
|
||||
} elseif (in_array($keycode, array('joinfile', 'private', 'pos', 'position', 'scale', 'use_default'))) {
|
||||
$sql .= (int) GETPOST($keycode, 'int');
|
||||
} else {
|
||||
$sql .= "'".$db->escape(GETPOST($keycode, 'nohtml'))."'";
|
||||
$sql .= "'".$db->escape(GETPOST($keycode, 'alphanohtml'))."'";
|
||||
}
|
||||
|
||||
$i++;
|
||||
|
||||
@ -244,7 +244,7 @@ print '</td><td class="maxwidthhalf"><span class="opacitymedium">'.$langs->trans
|
||||
// Pass
|
||||
print '<!-- LDAP_ADMIN_PASS -->';
|
||||
print '<tr class="oddeven"><td>'.$langs->trans("LDAPPassword").'</td><td>';
|
||||
print '<input class="minwidth150" type="password" name="pass" value="'.$conf->global->LDAP_ADMIN_PASS.'">';
|
||||
print '<input class="minwidth150" type="password" name="pass" value="'.dol_escape_htmltag($conf->global->LDAP_ADMIN_PASS).'">';
|
||||
print '</td><td><span class="opacitymedium">'.$langs->trans('Password').' (ex: secret)</span></td></tr>';
|
||||
|
||||
print '</table>';
|
||||
|
||||
@ -403,7 +403,7 @@ if (empty($reshook)) {
|
||||
} elseif (in_array($keycode, array('joinfiles', 'private', 'position', 'entity'))) {
|
||||
$sql .= (int) GETPOST($keycode, 'int');
|
||||
} else {
|
||||
$sql .= "'".$db->escape(GETPOST($keycode, 'nohtml'))."'";
|
||||
$sql .= "'".$db->escape(GETPOST($keycode, 'alphanohtml'))."'";
|
||||
}
|
||||
$i++;
|
||||
}
|
||||
@ -485,7 +485,7 @@ if (empty($reshook)) {
|
||||
} elseif (in_array($keycode, array('joinfiles', 'private', 'position'))) {
|
||||
$sql .= (int) GETPOST($keycode, 'int');
|
||||
} else {
|
||||
$sql .= "'".$db->escape(GETPOST($keycode, 'nohtml'))."'";
|
||||
$sql .= "'".$db->escape(GETPOST($keycode, 'alphanohtml'))."'";
|
||||
}
|
||||
|
||||
$i++;
|
||||
|
||||
@ -45,7 +45,7 @@ $printername = GETPOST('printername', 'alpha');
|
||||
$printerid = GETPOST('printerid', 'int');
|
||||
$parameter = GETPOST('parameter', 'alpha');
|
||||
|
||||
$template = GETPOST('template', 'nohtml');
|
||||
$template = GETPOST('template', 'alphanohtml');
|
||||
$templatename = GETPOST('templatename', 'alpha');
|
||||
$templateid = GETPOST('templateid', 'int');
|
||||
|
||||
|
||||
@ -89,7 +89,7 @@ if ($action == 'setTICKET_ENABLE_PUBLIC_INTERFACE') {
|
||||
}
|
||||
}
|
||||
|
||||
$topic_interface = GETPOST('TICKET_PUBLIC_INTERFACE_TOPIC', 'nohtml');
|
||||
$topic_interface = GETPOST('TICKET_PUBLIC_INTERFACE_TOPIC', 'alphanohtml');
|
||||
if (!empty($topic_interface)) {
|
||||
$res = dolibarr_set_const($db, 'TICKET_PUBLIC_INTERFACE_TOPIC', $topic_interface, 'chaine', 0, '', $conf->entity);
|
||||
} else {
|
||||
|
||||
@ -125,11 +125,11 @@ if (empty($reshook)) {
|
||||
$object->cle_rib = trim(GETPOST("cle_rib"));
|
||||
$object->bic = trim(GETPOST("bic"));
|
||||
$object->iban = trim(GETPOST("iban"));
|
||||
$object->domiciliation = trim(GETPOST("domiciliation", "nohtml"));
|
||||
$object->domiciliation = trim(GETPOST("domiciliation", "alphanohtml"));
|
||||
$object->pti_in_ctti = empty(GETPOST("pti_in_ctti")) ? 0 : 1;
|
||||
|
||||
$object->proprio = trim(GETPOST("proprio", 'alphanohtml'));
|
||||
$object->owner_address = trim(GETPOST("owner_address", 'nohtml'));
|
||||
$object->owner_address = trim(GETPOST("owner_address", 'alphanohtml'));
|
||||
|
||||
$object->ics = trim(GETPOST("ics", 'alpha'));
|
||||
$object->ics_transfer = trim(GETPOST("ics_transfer", 'alpha'));
|
||||
@ -226,11 +226,11 @@ if (empty($reshook)) {
|
||||
$object->cle_rib = trim(GETPOST("cle_rib"));
|
||||
$object->bic = trim(GETPOST("bic"));
|
||||
$object->iban = trim(GETPOST("iban"));
|
||||
$object->domiciliation = trim(GETPOST("domiciliation", "nohtml"));
|
||||
$object->domiciliation = trim(GETPOST("domiciliation", "alphanohtml"));
|
||||
$object->pti_in_ctti = empty(GETPOST("pti_in_ctti")) ? 0 : 1;
|
||||
|
||||
$object->proprio = trim(GETPOST("proprio", 'alphanohtml'));
|
||||
$object->owner_address = trim(GETPOST("owner_address", 'nohtml'));
|
||||
$object->owner_address = trim(GETPOST("owner_address", 'alphanohtml'));
|
||||
|
||||
$object->ics = trim(GETPOST("ics", 'alpha'));
|
||||
$object->ics_transfer = trim(GETPOST("ics_transfer", 'alpha'));
|
||||
|
||||
@ -201,12 +201,12 @@ if (empty($reshook)) {
|
||||
}
|
||||
|
||||
if (!$error) {
|
||||
$object->titre = GETPOST('title', 'nohtml'); // deprecated
|
||||
$object->title = GETPOST('title', 'nohtml');
|
||||
$object->titre = GETPOST('title', 'alphanohtml'); // deprecated
|
||||
$object->title = GETPOST('title', 'alphanohtml');
|
||||
$object->note_private = GETPOST('note_private', 'restricthtml');
|
||||
$object->note_public = GETPOST('note_public', 'restricthtml');
|
||||
$object->model_pdf = GETPOST('modelpdf', 'alpha');
|
||||
$object->usenewprice = GETPOST('usenewprice', 'alpha');
|
||||
$object->model_pdf = GETPOST('modelpdf', 'alphanohtml');
|
||||
$object->usenewprice = GETPOST('usenewprice', 'alphanohtml');
|
||||
|
||||
$object->mode_reglement_id = GETPOST('mode_reglement_id', 'int');
|
||||
$object->cond_reglement_id = GETPOST('cond_reglement_id', 'int');
|
||||
|
||||
@ -1039,7 +1039,7 @@ if (is_object($objcanvas) && $objcanvas->displayCanvasExists($action)) {
|
||||
print '<tr><td><label for="address">'.$langs->trans("Address").'</label></td>';
|
||||
print '<td colspan="3">';
|
||||
print '<div class="paddingrightonly valignmiddle inline-block quatrevingtpercent">';
|
||||
print '<textarea class="flat minwidth200 centpercent" name="address" id="address">'.(GETPOSTISSET("address") ? GETPOST("address", 'nohtml') : $object->address).'</textarea>';
|
||||
print '<textarea class="flat minwidth200 centpercent" name="address" id="address">'.(GETPOSTISSET("address") ? GETPOST("address", 'alphanohtml') : $object->address).'</textarea>';
|
||||
print '</div><div class="paddingrightonly valignmiddle inline-block">';
|
||||
if ($conf->use_javascript_ajax) {
|
||||
print '<a href="#" id="copyaddressfromsoc">'.$langs->trans('CopyAddressFromSoc').'</a><br>';
|
||||
|
||||
@ -6634,12 +6634,18 @@ function dol_string_nohtmltag($stringtoclean, $removelinefeed = 1, $pagecodeto =
|
||||
if ($strip_tags) {
|
||||
$temp = strip_tags($temp);
|
||||
} else {
|
||||
$temp = str_replace('<>', '', $temp); // No reason to have this into a text, except if value is to try bypass the next html cleaning
|
||||
$pattern = "/<[^<>]+>/";
|
||||
// Example of $temp: <a href="/myurl" title="<u>A title</u>">0000-021</a>
|
||||
$temp = preg_replace($pattern, "", $temp); // pass 1 - $temp after pass 1: <a href="/myurl" title="A title">0000-021
|
||||
$temp = preg_replace($pattern, "", $temp); // pass 2 - $temp after pass 2: 0000-021
|
||||
// Remove '<' into remainging, so remove non closing html tags like '<abc' or '<<abc'. Note: '<123abc' is not a html tag (can be kept), but '<abc123' is (must be removed).
|
||||
$pattern = "/<[^<>]+>/";
|
||||
do {
|
||||
// Example of $temp: <a href="/myurl" title="<u>A title</u>">0000-021</a>
|
||||
// pass 1 - $temp after pass 1: <a href="/myurl" title="A title">0000-021
|
||||
// pass 2 - $temp after pass 2: 0000-021
|
||||
$tempbis = str_replace('<>', '', $temp); // No reason to have this into a text, except if value is to try bypass the next html cleaning
|
||||
$tempbis = preg_replace($pattern, '', $tempbis);
|
||||
} while ($tempbis != $temp);
|
||||
$temp = $tempbis;
|
||||
|
||||
// Remove '<' into remaining, so remove non closing html tags like '<abc' or '<<abc'. Note: '<123abc' is not a html tag (can be kept), but '<abc123' is (must be removed).
|
||||
$temp = preg_replace('/<+([a-z]+)/i', '\1', $temp);
|
||||
}
|
||||
|
||||
|
||||
@ -185,10 +185,10 @@ if (empty($reshook)) {
|
||||
}
|
||||
|
||||
if (! $error) {
|
||||
$object->titre = GETPOST('title', 'nohtml'); // deprecated
|
||||
$object->title = GETPOST('title', 'nohtml');
|
||||
$object->titre = GETPOST('title', 'alphanohtml'); // deprecated
|
||||
$object->title = GETPOST('title', 'alphanohtml');
|
||||
$object->fk_project = GETPOST('projectid', 'int');
|
||||
$object->ref_supplier = GETPOST('ref_supplier', 'nohtml');
|
||||
$object->ref_supplier = GETPOST('ref_supplier', 'alphanohtml');
|
||||
|
||||
$object->note_private = GETPOST('note_private', 'restricthtml');
|
||||
$object->note_public = GETPOST('note_public', 'restricthtml');
|
||||
|
||||
@ -747,10 +747,10 @@ if (empty($reshook)) {
|
||||
$result = $object->fetch(GETPOST('fac_replacement', 'int'));
|
||||
$object->fetch_thirdparty();
|
||||
|
||||
$object->ref = GETPOST('ref', 'nohtml');
|
||||
$object->ref = GETPOST('ref', 'alphanohtml');
|
||||
$object->ref_supplier = GETPOST('ref_supplier', 'alpha');
|
||||
$object->socid = GETPOST('socid', 'int');
|
||||
$object->libelle = GETPOST('label', 'nohtml');
|
||||
$object->libelle = GETPOST('label', 'alphanohtml');
|
||||
$object->date = $dateinvoice;
|
||||
$object->date_echeance = $datedue;
|
||||
$object->note_public = GETPOST('note_public', 'restricthtml');
|
||||
@ -812,11 +812,11 @@ if (empty($reshook)) {
|
||||
$tmpproject = GETPOST('projectid', 'int');
|
||||
|
||||
// Creation facture
|
||||
$object->ref = GETPOST('ref', 'nohtml');
|
||||
$object->ref_supplier = GETPOST('ref_supplier', 'nohtml');
|
||||
$object->ref = GETPOST('ref', 'alphanohtml');
|
||||
$object->ref_supplier = GETPOST('ref_supplier', 'alphanohtml');
|
||||
$object->socid = GETPOST('socid', 'int');
|
||||
$object->libelle = GETPOST('label', 'nohtml');
|
||||
$object->label = GETPOST('label', 'nohtml');
|
||||
$object->libelle = GETPOST('label', 'alphanohtml');
|
||||
$object->label = GETPOST('label', 'alphanohtml');
|
||||
$object->date = $dateinvoice;
|
||||
$object->date_echeance = $datedue;
|
||||
$object->note_public = GETPOST('note_public', 'restricthtml');
|
||||
@ -903,13 +903,13 @@ if (empty($reshook)) {
|
||||
|
||||
if (!$error) {
|
||||
$object->socid = GETPOST('socid', 'int');
|
||||
$object->type = GETPOST('type');
|
||||
$object->ref = GETPOST('ref');
|
||||
$object->type = GETPOST('type', 'alphanohtml');
|
||||
$object->ref = GETPOST('ref', 'alphanohtml');
|
||||
$object->date = $dateinvoice;
|
||||
$object->note_public = trim(GETPOST('note_public', 'restricthtml'));
|
||||
$object->note_private = trim(GETPOST('note_private', 'restricthtml'));
|
||||
$object->ref_supplier = GETPOST('ref_supplier', 'nohtml');
|
||||
$object->model_pdf = GETPOST('model');
|
||||
$object->ref_supplier = GETPOST('ref_supplier', 'alphanohtml');
|
||||
$object->model_pdf = GETPOST('model', 'alphanohtml');
|
||||
$object->fk_project = GETPOST('projectid', 'int');
|
||||
$object->cond_reglement_id = (GETPOST('type') == 3 ? 1 : GETPOST('cond_reglement_id'));
|
||||
$object->mode_reglement_id = GETPOST('mode_reglement_id', 'int');
|
||||
@ -962,12 +962,12 @@ if (empty($reshook)) {
|
||||
|
||||
// Creation invoice
|
||||
$object->socid = GETPOST('socid', 'int');
|
||||
$object->type = GETPOST('type');
|
||||
$object->ref = GETPOST('ref', 'nohtml');
|
||||
$object->ref_supplier = GETPOST('ref_supplier', 'nohtml');
|
||||
$object->type = GETPOST('type', 'alphanohtml');
|
||||
$object->ref = GETPOST('ref', 'alphanohtml');
|
||||
$object->ref_supplier = GETPOST('ref_supplier', 'alphanohtml');
|
||||
$object->socid = GETPOST('socid', 'int');
|
||||
$object->libelle = GETPOST('label', 'nohtml'); // deprecated
|
||||
$object->label = GETPOST('label', 'nohtml');
|
||||
$object->libelle = GETPOST('label', 'alphanohtml'); // deprecated
|
||||
$object->label = GETPOST('label', 'alphanohtml');
|
||||
$object->date = $dateinvoice;
|
||||
$object->date_echeance = $datedue;
|
||||
$object->note_public = GETPOST('note_public', 'restricthtml');
|
||||
|
||||
@ -139,8 +139,8 @@ $importmodelid = GETPOST('importmodelid', 'int');
|
||||
$excludefirstline = (GETPOST('excludefirstline') ? GETPOST('excludefirstline') : 2);
|
||||
$endatlinenb = (GETPOST('endatlinenb') ? GETPOST('endatlinenb') : '');
|
||||
$updatekeys = (GETPOST('updatekeys', 'array') ? GETPOST('updatekeys', 'array') : array());
|
||||
$separator = (GETPOST('separator', 'nohtml') ? GETPOST('separator', 'nohtml', 3) : '');
|
||||
$enclosure = (GETPOST('enclosure', 'nohtml') ? GETPOST('enclosure', 'nohtml') : '"');
|
||||
$separator = (GETPOST('separator', 'alphanohtml') ? GETPOST('separator', 'alphanohtml', 3) : '');
|
||||
$enclosure = (GETPOST('enclosure', 'nohtml') ? GETPOST('enclosure', 'nohtml') : '"'); // We must use 'nohtml' and not 'alphanohtml' because we must accept "
|
||||
$separator_used = str_replace('\t', "\t", $separator);
|
||||
|
||||
$objimport = new Import($db);
|
||||
|
||||
@ -40,13 +40,13 @@ $backtopage = GETPOST('backtopage', 'alpha');
|
||||
|
||||
if ($action == "update") {
|
||||
$res1 = dolibarr_set_const($db, 'MODULEBUILDER_SPECIFIC_README', GETPOST('MODULEBUILDER_SPECIFIC_README', 'restricthtml'), 'chaine', 0, '', $conf->entity);
|
||||
$res2 = dolibarr_set_const($db, 'MODULEBUILDER_ASCIIDOCTOR', GETPOST('MODULEBUILDER_ASCIIDOCTOR', 'nohtml'), 'chaine', 0, '', $conf->entity);
|
||||
$res3 = dolibarr_set_const($db, 'MODULEBUILDER_ASCIIDOCTORPDF', GETPOST('MODULEBUILDER_ASCIIDOCTORPDF', 'nohtml'), 'chaine', 0, '', $conf->entity);
|
||||
$res4 = dolibarr_set_const($db, 'MODULEBUILDER_SPECIFIC_EDITOR_NAME', GETPOST('MODULEBUILDER_SPECIFIC_EDITOR_NAME', 'nohtml'), 'chaine', 0, '', $conf->entity);
|
||||
$res5 = dolibarr_set_const($db, 'MODULEBUILDER_SPECIFIC_EDITOR_URL', GETPOST('MODULEBUILDER_SPECIFIC_EDITOR_URL', 'nohtml'), 'chaine', 0, '', $conf->entity);
|
||||
$res6 = dolibarr_set_const($db, 'MODULEBUILDER_SPECIFIC_FAMILY', GETPOST('MODULEBUILDER_SPECIFIC_FAMILY', 'nohtml'), 'chaine', 0, '', $conf->entity);
|
||||
$res2 = dolibarr_set_const($db, 'MODULEBUILDER_ASCIIDOCTOR', GETPOST('MODULEBUILDER_ASCIIDOCTOR', 'alphanohtml'), 'chaine', 0, '', $conf->entity);
|
||||
$res3 = dolibarr_set_const($db, 'MODULEBUILDER_ASCIIDOCTORPDF', GETPOST('MODULEBUILDER_ASCIIDOCTORPDF', 'alphanohtml'), 'chaine', 0, '', $conf->entity);
|
||||
$res4 = dolibarr_set_const($db, 'MODULEBUILDER_SPECIFIC_EDITOR_NAME', GETPOST('MODULEBUILDER_SPECIFIC_EDITOR_NAME', 'alphanohtml'), 'chaine', 0, '', $conf->entity);
|
||||
$res5 = dolibarr_set_const($db, 'MODULEBUILDER_SPECIFIC_EDITOR_URL', GETPOST('MODULEBUILDER_SPECIFIC_EDITOR_URL', 'alphanohtml'), 'chaine', 0, '', $conf->entity);
|
||||
$res6 = dolibarr_set_const($db, 'MODULEBUILDER_SPECIFIC_FAMILY', GETPOST('MODULEBUILDER_SPECIFIC_FAMILY', 'alphanohtml'), 'chaine', 0, '', $conf->entity);
|
||||
$res7 = dolibarr_set_const($db, 'MODULEBUILDER_SPECIFIC_AUTHOR', GETPOST('MODULEBUILDER_SPECIFIC_AUTHOR', 'html'), 'chaine', 0, '', $conf->entity);
|
||||
$res8 = dolibarr_set_const($db, 'MODULEBUILDER_SPECIFIC_VERSION', GETPOST('MODULEBUILDER_SPECIFIC_VERSION', 'nohtml'), 'chaine', 0, '', $conf->entity);
|
||||
$res8 = dolibarr_set_const($db, 'MODULEBUILDER_SPECIFIC_VERSION', GETPOST('MODULEBUILDER_SPECIFIC_VERSION', 'alphanohtml'), 'chaine', 0, '', $conf->entity);
|
||||
if ($res1 < 0 || $res2 < 0 || $res3 < 0 || $res4 < 0 || $res5 < 0 || $res6 < 0 || $res7 < 0 || $res8 < 0) {
|
||||
setEventMessages('ErrorFailedToSaveDate', null, 'errors');
|
||||
$db->rollback();
|
||||
|
||||
@ -75,7 +75,7 @@ if (GETPOST("boutonp") || GETPOST("boutonp.x") || GETPOST("boutonp_x")) { // bo
|
||||
}
|
||||
}
|
||||
|
||||
$nom = substr(GETPOST("nom", 'nohtml'), 0, 64);
|
||||
$nom = substr(GETPOST("nom", 'alphanohtml'), 0, 64);
|
||||
|
||||
// Check if vote already exists
|
||||
$sql = 'SELECT id_users, nom as name';
|
||||
|
||||
@ -192,7 +192,7 @@ if (empty($reshook)) {
|
||||
if (empty($ref_fourn_old)) {
|
||||
$ref_fourn_old = $ref_fourn;
|
||||
}
|
||||
$quantity = price2num(GETPOST("qty", 'nohtml'), 'MS');
|
||||
$quantity = price2num(GETPOST("qty", 'alphanohtml'), 'MS');
|
||||
$remise_percent = price2num(GETPOST('remise_percent', 'alpha'));
|
||||
|
||||
$npr = preg_match('/\*/', GETPOST('tva_tx', 'alpha')) ? 1 : 0;
|
||||
@ -555,7 +555,7 @@ if ($id > 0 || $ref) {
|
||||
print '<tr>';
|
||||
print '<td class="fieldrequired">'.$langs->trans("QtyMin").'</td>';
|
||||
print '<td>';
|
||||
$quantity = GETPOSTISSET('qty') ? price2num(GETPOST('qty', 'nohtml'), 'MS') : "1";
|
||||
$quantity = GETPOSTISSET('qty') ? price2num(GETPOST('qty', 'alphanohtml'), 'MS') : "1";
|
||||
if ($rowid) {
|
||||
print '<input type="hidden" name="qty" value="'.$object->fourn_qty.'">';
|
||||
print $object->fourn_qty;
|
||||
@ -577,7 +577,7 @@ if ($id > 0 || $ref) {
|
||||
|
||||
print '<td class="fieldrequired">'.$form->textwithpicto($langs->trans("PackagingForThisProduct"), $langs->trans("PackagingForThisProductDesc")).'</td>';
|
||||
print '<td>';
|
||||
$packaging = GETPOSTISSET('packaging') ? price2num(GETPOST('packaging', 'nohtml'), 'MS') : ((empty($rowid)) ? "1" : price2num($object->packaging, 'MS'));
|
||||
$packaging = GETPOSTISSET('packaging') ? price2num(GETPOST('packaging', 'alphanohtml'), 'MS') : ((empty($rowid)) ? "1" : price2num($object->packaging, 'MS'));
|
||||
print '<input class="flat" name="packaging" size="5" value="'.$packaging.'">';
|
||||
|
||||
// Units
|
||||
|
||||
@ -67,7 +67,7 @@ $action = GETPOST('action', 'aZ09');
|
||||
$email = GETPOST("email");
|
||||
$societe = GETPOST("societe");
|
||||
$emailcompany = GETPOST("emailcompany");
|
||||
$note_public = GETPOST('note_public', "nohtml");
|
||||
$note_public = GETPOST('note_public', "restricthtml");
|
||||
|
||||
// Getting id from Post and decoding it
|
||||
$type = GETPOST('type', 'aZ09');
|
||||
|
||||
@ -563,8 +563,8 @@ print '<input type="text" name="email" maxlength="255" class="minwidth200" value
|
||||
// Login
|
||||
if (empty($conf->global->ADHERENT_LOGIN_NOT_REQUIRED)) {
|
||||
print '<tr><td>'.$langs->trans("Login").' <span style="color: red">*</span></td><td><input type="text" name="login" maxlength="50" class="minwidth100"value="'.dol_escape_htmltag(GETPOST('login')).'"></td></tr>'."\n";
|
||||
print '<tr><td>'.$langs->trans("Password").' <span style="color: red">*</span></td><td><input type="password" maxlength="128" name="pass1" class="minwidth100" value="'.GETPOST("pass1", "nohtml").'"></td></tr>'."\n";
|
||||
print '<tr><td>'.$langs->trans("PasswordAgain").' <span style="color: red">*</span></td><td><input type="password" maxlength="128" name="pass2" class="minwidth100" value="'.GETPOST("pass2", "nohtml").'"></td></tr>'."\n";
|
||||
print '<tr><td>'.$langs->trans("Password").' <span style="color: red">*</span></td><td><input type="password" maxlength="128" name="pass1" class="minwidth100" value="'.dol_escape_htmltag(GETPOST("pass1", "none", 2)).'"></td></tr>'."\n";
|
||||
print '<tr><td>'.$langs->trans("PasswordAgain").' <span style="color: red">*</span></td><td><input type="password" maxlength="128" name="pass2" class="minwidth100" value="'.dol_escape_htmltag(GETPOST("pass2", "none", 2)).'"></td></tr>'."\n";
|
||||
}
|
||||
// Gender
|
||||
print '<tr><td>'.$langs->trans("Gender").'</td>';
|
||||
|
||||
@ -112,7 +112,7 @@ if (GETPOST("boutonp") || GETPOST("boutonp.x") || GETPOST("boutonp_x")) { // bo
|
||||
}
|
||||
|
||||
//Si le nom est bien entré
|
||||
if (GETPOST('nom', 'nohtml')) {
|
||||
if (GETPOST('nom', 'alphanohtml')) {
|
||||
$nouveauchoix = '';
|
||||
for ($i = 0; $i < $nbcolonnes; $i++) {
|
||||
if (GETPOSTISSET("choix$i") && GETPOST("choix$i") == '1') {
|
||||
@ -124,7 +124,7 @@ if (GETPOST("boutonp") || GETPOST("boutonp.x") || GETPOST("boutonp_x")) { // bo
|
||||
}
|
||||
}
|
||||
|
||||
$nom = substr(GETPOST("nom", 'nohtml'), 0, 64);
|
||||
$nom = substr(GETPOST("nom", 'alphanohtml'), 0, 64);
|
||||
|
||||
// Check if vote already exists
|
||||
$sql = 'SELECT id_users, nom as name';
|
||||
|
||||
@ -2594,7 +2594,7 @@ class Ticket extends CommonObject
|
||||
if (is_array($internal_contacts) && count($internal_contacts) > 0) {
|
||||
// altairis: set default subject
|
||||
$label_title = empty($conf->global->MAIN_APPLICATION_TITLE) ? $mysoc->name : $conf->global->MAIN_APPLICATION_TITLE;
|
||||
$subject = GETPOST('subject', 'nohtml') ? GETPOST('subject', 'nohtml') : '['.$label_title.'- ticket #'.$object->track_id.'] '.$langs->trans('TicketNewMessage');
|
||||
$subject = GETPOST('subject', 'alphanohtml') ? GETPOST('subject', 'alphanohtml') : '['.$label_title.'- ticket #'.$object->track_id.'] '.$langs->trans('TicketNewMessage');
|
||||
|
||||
$message_intro = $langs->trans('TicketNotificationEmailBody', "#".$object->id);
|
||||
$message_signature = GETPOST('mail_signature') ? GETPOST('mail_signature') : $conf->global->TICKET_MESSAGE_MAIL_SIGNATURE;
|
||||
|
||||
@ -997,11 +997,11 @@ if ($action == 'create' || $action == 'adduserldap') {
|
||||
}
|
||||
if (preg_match('/dolibarr/', $dolibarr_main_authentication)) {
|
||||
if (!empty($ldap_pass)) { // For very old system comaptibilty. Now clear password can't be viewed from LDAP read
|
||||
$valuetoshow .= ($valuetoshow ? ', ' : '').'<input type="hidden" name="password" value="'.$ldap_pass.'">'; // Dolibarr password is preffiled with LDAP known password
|
||||
$valuetoshow .= ($valuetoshow ? ', ' : '').'<input type="hidden" name="password" value="'.dol_escape_htmltag($ldap_pass).'">'; // Dolibarr password is preffiled with LDAP known password
|
||||
$valuetoshow .= preg_replace('/./i', '*', $ldap_pass);
|
||||
} else {
|
||||
// We do not use a field password but a field text to show new password to use.
|
||||
$valuetoshow .= ($valuetoshow ? ', ' : '').'<input maxsize="32" type="text" name="password" value="'.$password.'" autocomplete="new-password">';
|
||||
$valuetoshow .= ($valuetoshow ? ', ' : '').'<input maxsize="32" type="text" name="password" value="'.dol_escape_htmltag($password).'" autocomplete="new-password">';
|
||||
}
|
||||
}
|
||||
|
||||
@ -2348,7 +2348,7 @@ if ($action == 'create' || $action == 'adduserldap') {
|
||||
}
|
||||
if (preg_match('/dolibarr/', $dolibarr_main_authentication)) {
|
||||
if ($caneditpassword) {
|
||||
$valuetoshow .= ($valuetoshow ? (' '.$langs->trans("or").' ') : '').'<input maxlength="128" type="password" class="flat" name="password" value="'.$object->pass.'" autocomplete="new-password">';
|
||||
$valuetoshow .= ($valuetoshow ? (' '.$langs->trans("or").' ') : '').'<input maxlength="128" type="password" class="flat" name="password" value="'.dol_escape_htmltag($object->pass).'" autocomplete="new-password">';
|
||||
} else {
|
||||
$valuetoshow .= ($valuetoshow ? (' '.$langs->trans("or").' ') : '').preg_replace('/./i', '*', $object->pass);
|
||||
}
|
||||
|
||||
@ -139,7 +139,7 @@ if ($id > 0) {
|
||||
|
||||
print '<tr><td>ClickToDial '.$langs->trans("Password").'</td>';
|
||||
print '<td class="valeur">';
|
||||
print '<input type="password" name="password" value="'.(!empty($object->clicktodial_password) ? $object->clicktodial_password : '').'"></td>';
|
||||
print '<input type="password" name="password" value="'.dol_escape_htmltag(empty($object->clicktodial_password) ? '' : $object->clicktodial_password).'"></td>';
|
||||
print "</tr>\n";
|
||||
|
||||
print '</table>';
|
||||
|
||||
@ -122,11 +122,11 @@ if (empty($reshook)) {
|
||||
// Action add group
|
||||
if ($action == 'add') {
|
||||
if ($caneditperms) {
|
||||
if (!GETPOST("nom", "nohtml")) {
|
||||
if (!GETPOST("nom", "alphanohtml")) {
|
||||
setEventMessages($langs->trans("NameNotDefined"), null, 'errors');
|
||||
$action = "create"; // Go back to create page
|
||||
} else {
|
||||
$object->name = GETPOST("nom", 'nohtml');
|
||||
$object->name = GETPOST("nom", 'alphanohtml');
|
||||
$object->note = dol_htmlcleanlastbr(trim(GETPOST("note", 'restricthtml')));
|
||||
|
||||
// Fill array 'array_options' with data from add form
|
||||
@ -206,7 +206,7 @@ if (empty($reshook)) {
|
||||
|
||||
$object->oldcopy = clone $object;
|
||||
|
||||
$object->name = GETPOST("nom", 'nohtml');
|
||||
$object->name = GETPOST("nom", 'alphanohtml');
|
||||
$object->note = dol_htmlcleanlastbr(trim(GETPOST("note", 'restricthtml')));
|
||||
|
||||
// Fill array 'array_options' with data from add form
|
||||
|
||||
@ -3323,7 +3323,7 @@ if ($action == 'editcss') {
|
||||
// Clean the php htaccesscontent file to remove php code and get only html part
|
||||
$htaccesscontent = preg_replace('/<\?php \/\/ BEGIN PHP[^\?]*END PHP \?>\n*/ims', '', $htaccesscontent);
|
||||
} else {
|
||||
$htaccesscontent = GETPOST('WEBSITE_HTACCESS', 'nohtml');
|
||||
$htaccesscontent = GETPOST('WEBSITE_HTACCESS', 'nohtml'); // We must use 'nohtml' and not 'alphanohtml' because we must accept "
|
||||
}
|
||||
if (!trim($htaccesscontent)) {
|
||||
$htaccesscontent .= "# Order allow,deny\n";
|
||||
|
||||
Loading…
Reference in New Issue
Block a user