From bc11cf62f84ef087f573d926ea08449434103c0f Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Mon, 13 Jun 2022 10:44:20 +0200 Subject: [PATCH] FIX #hunterdev2acfc8fe-247c-4f88-aeaa-042b6b8690a0 --- htdocs/adherents/card.php | 10 ++--- htdocs/admin/accountant.php | 42 +++++++++--------- htdocs/admin/company.php | 44 +++++++++---------- htdocs/admin/dict.php | 4 +- htdocs/admin/ldap.php | 2 +- htdocs/admin/mails_templates.php | 4 +- htdocs/admin/receiptprinter.php | 2 +- htdocs/admin/ticket_public.php | 2 +- htdocs/compta/bank/card.php | 8 ++-- htdocs/compta/facture/card-rec.php | 8 ++-- htdocs/contact/card.php | 2 +- htdocs/core/lib/functions.lib.php | 16 ++++--- htdocs/fourn/facture/card-rec.php | 6 +-- htdocs/fourn/facture/card.php | 30 ++++++------- htdocs/imports/import.php | 4 +- htdocs/modulebuilder/admin/setup.php | 12 ++--- htdocs/opensurvey/results.php | 2 +- htdocs/product/fournisseurs.php | 6 +-- .../public/eventorganization/attendee_new.php | 2 +- htdocs/public/members/new.php | 4 +- htdocs/public/opensurvey/studs.php | 4 +- htdocs/ticket/class/ticket.class.php | 2 +- htdocs/user/card.php | 6 +-- htdocs/user/clicktodial.php | 2 +- htdocs/user/group/card.php | 6 +-- htdocs/website/index.php | 2 +- 26 files changed, 119 insertions(+), 113 deletions(-) diff --git a/htdocs/adherents/card.php b/htdocs/adherents/card.php index 88a63af0ae1..d7e46749de3 100644 --- a/htdocs/adherents/card.php +++ b/htdocs/adherents/card.php @@ -285,7 +285,7 @@ if (empty($reshook)) { $object->lastname = trim(GETPOST("lastname", 'alphanohtml')); $object->gender = trim(GETPOST("gender", 'alphanohtml')); $object->login = trim(GETPOST("login", 'alphanohtml')); - $object->pass = trim(GETPOST("pass", 'alpha')); + $object->pass = trim(GETPOST("pass", 'none')); // For password, we must use 'none' $object->societe = trim(GETPOST("societe", 'alphanohtml')); // deprecated $object->company = trim(GETPOST("societe", 'alphanohtml')); @@ -450,8 +450,8 @@ if (empty($reshook)) { $email = preg_replace('/\s+/', '', GETPOST("member_email", 'alpha')); $url = trim(GETPOST('url', 'custom', 0, FILTER_SANITIZE_URL)); $login = GETPOST("member_login", 'alphanohtml'); - $pass = GETPOST("password", 'alpha'); - $photo = GETPOST("photo", 'alpha'); + $pass = GETPOST("password", 'none'); // For password, we use 'none' + $photo = GETPOST("photo", 'alphanohtml'); $morphy = GETPOST("morphy", 'alphanohtml'); $public = GETPOST("public", 'alphanohtml'); @@ -999,7 +999,7 @@ if (is_object($objcanvas) && $objcanvas->displayCanvasExists($action)) { require_once DOL_DOCUMENT_ROOT.'/core/lib/security2.lib.php'; $generated_password = getRandomPassword(false); print ''.$langs->trans("Password").''; - print ''; + print ''; print ''; } @@ -1224,7 +1224,7 @@ if (is_object($objcanvas) && $objcanvas->displayCanvasExists($action)) { // Password if (empty($conf->global->ADHERENT_LOGIN_NOT_REQUIRED)) { - print ''.$langs->trans("Password").'pass).'">'; + print ''.$langs->trans("Password").'pass).'">'; } // Morphy $morphys["phy"] = $langs->trans("Physical"); diff --git a/htdocs/admin/accountant.php b/htdocs/admin/accountant.php index 693170862e9..c6d321707dc 100644 --- a/htdocs/admin/accountant.php +++ b/htdocs/admin/accountant.php @@ -53,18 +53,18 @@ if ($reshook < 0) { if (($action == 'update' && !GETPOST("cancel", 'alpha')) || ($action == 'updateedit')) { - dolibarr_set_const($db, "MAIN_INFO_ACCOUNTANT_NAME", GETPOST("nom", 'nohtml'), 'chaine', 0, '', $conf->entity); - dolibarr_set_const($db, "MAIN_INFO_ACCOUNTANT_ADDRESS", GETPOST("address", 'nohtml'), 'chaine', 0, '', $conf->entity); - dolibarr_set_const($db, "MAIN_INFO_ACCOUNTANT_TOWN", GETPOST("town", 'nohtml'), 'chaine', 0, '', $conf->entity); - dolibarr_set_const($db, "MAIN_INFO_ACCOUNTANT_ZIP", GETPOST("zipcode", 'alpha'), 'chaine', 0, '', $conf->entity); - dolibarr_set_const($db, "MAIN_INFO_ACCOUNTANT_STATE", GETPOST("state_id", 'alpha'), 'chaine', 0, '', $conf->entity); - dolibarr_set_const($db, "MAIN_INFO_ACCOUNTANT_REGION", GETPOST("region_code", 'alpha'), 'chaine', 0, '', $conf->entity); + dolibarr_set_const($db, "MAIN_INFO_ACCOUNTANT_NAME", GETPOST("nom", 'alphanohtml'), 'chaine', 0, '', $conf->entity); + dolibarr_set_const($db, "MAIN_INFO_ACCOUNTANT_ADDRESS", GETPOST("address", 'alphanohtml'), 'chaine', 0, '', $conf->entity); + dolibarr_set_const($db, "MAIN_INFO_ACCOUNTANT_TOWN", GETPOST("town", 'alphanohtml'), 'chaine', 0, '', $conf->entity); + dolibarr_set_const($db, "MAIN_INFO_ACCOUNTANT_ZIP", GETPOST("zipcode", 'alphanohtml'), 'chaine', 0, '', $conf->entity); + dolibarr_set_const($db, "MAIN_INFO_ACCOUNTANT_STATE", GETPOST("state_id", 'int'), 'chaine', 0, '', $conf->entity); + dolibarr_set_const($db, "MAIN_INFO_ACCOUNTANT_REGION", GETPOST("region_code", 'alphanohtml'), 'chaine', 0, '', $conf->entity); dolibarr_set_const($db, "MAIN_INFO_ACCOUNTANT_COUNTRY", GETPOST('country_id', 'int'), 'chaine', 0, '', $conf->entity); - dolibarr_set_const($db, "MAIN_INFO_ACCOUNTANT_PHONE", GETPOST("tel", 'alpha'), 'chaine', 0, '', $conf->entity); - dolibarr_set_const($db, "MAIN_INFO_ACCOUNTANT_FAX", GETPOST("fax", 'alpha'), 'chaine', 0, '', $conf->entity); - dolibarr_set_const($db, "MAIN_INFO_ACCOUNTANT_MAIL", GETPOST("mail", 'alpha'), 'chaine', 0, '', $conf->entity); - dolibarr_set_const($db, "MAIN_INFO_ACCOUNTANT_WEB", GETPOST("web", 'alpha'), 'chaine', 0, '', $conf->entity); - dolibarr_set_const($db, "MAIN_INFO_ACCOUNTANT_CODE", GETPOST("code", 'nohtml'), 'chaine', 0, '', $conf->entity); + dolibarr_set_const($db, "MAIN_INFO_ACCOUNTANT_PHONE", GETPOST("tel", 'alphanohtml'), 'chaine', 0, '', $conf->entity); + dolibarr_set_const($db, "MAIN_INFO_ACCOUNTANT_FAX", GETPOST("fax", 'alphanohtml'), 'chaine', 0, '', $conf->entity); + dolibarr_set_const($db, "MAIN_INFO_ACCOUNTANT_MAIL", GETPOST("mail", 'alphanohtml'), 'chaine', 0, '', $conf->entity); + dolibarr_set_const($db, "MAIN_INFO_ACCOUNTANT_WEB", GETPOST("web", 'alphanohtml'), 'chaine', 0, '', $conf->entity); + dolibarr_set_const($db, "MAIN_INFO_ACCOUNTANT_CODE", GETPOST("code", 'alphanohtml'), 'chaine', 0, '', $conf->entity); dolibarr_set_const($db, "MAIN_INFO_ACCOUNTANT_NOTE", GETPOST("note", 'restricthtml'), 'chaine', 0, '', $conf->entity); if ($action != 'updateedit' && !$error) { @@ -119,17 +119,17 @@ print ''.$langs-> // Name print ''; -print 'global->MAIN_INFO_ACCOUNTANT_NAME) ? ' autofocus="autofocus"' : '').'>'."\n"; +print 'global->MAIN_INFO_ACCOUNTANT_NAME) ? ' autofocus="autofocus"' : '').'>'."\n"; // Address print ''; -print ''."\n"; +print ''."\n"; print ''; -print ''."\n"; +print ''."\n"; print ''; -print ''."\n"; +print ''."\n"; // Country print ''; @@ -142,33 +142,33 @@ print ''."\n"; print ''; print img_picto('', 'state', 'class="pictofixedwidth"'); -print $formcompany->select_state((GETPOSTISSET('state_id') ? GETPOST('state_id', 'alpha') : (!empty($conf->global->MAIN_INFO_ACCOUNTANT_STATE) ? $conf->global->MAIN_INFO_ACCOUNTANT_STATE : '')), (GETPOSTISSET('country_id') ? GETPOST('country_id', 'int') : (!empty($conf->global->MAIN_INFO_ACCOUNTANT_COUNTRY) ? $conf->global->MAIN_INFO_ACCOUNTANT_COUNTRY : '')), 'state_id'); +print $formcompany->select_state((GETPOSTISSET('state_id') ? GETPOST('state_id', 'int') : (!empty($conf->global->MAIN_INFO_ACCOUNTANT_STATE) ? $conf->global->MAIN_INFO_ACCOUNTANT_STATE : '')), (GETPOSTISSET('country_id') ? GETPOST('country_id', 'int') : (!empty($conf->global->MAIN_INFO_ACCOUNTANT_COUNTRY) ? $conf->global->MAIN_INFO_ACCOUNTANT_COUNTRY : '')), 'state_id'); print ''."\n"; print ''; print img_picto('', 'object_phoning', '', false, 0, 0, '', 'pictofixedwidth'); -print ''; +print ''; print ''."\n"; print ''; print img_picto('', 'object_phoning_fax', '', false, 0, 0, '', 'pictofixedwidth'); -print ''; +print ''; print ''."\n"; print ''; print img_picto('', 'object_email', '', false, 0, 0, '', 'pictofixedwidth'); -print ''; +print ''; print ''."\n"; // Web print ''; print img_picto('', 'globe', '', false, 0, 0, '', 'pictofixedwidth'); -print ''; +print ''; print ''."\n"; // Code print ''; -print ''."\n"; +print ''."\n"; // Note print ''; diff --git a/htdocs/admin/company.php b/htdocs/admin/company.php index c3cb92dba8d..86800eea947 100644 --- a/htdocs/admin/company.php +++ b/htdocs/admin/company.php @@ -91,9 +91,9 @@ if (($action == 'update' && !GETPOST("cancel", 'alpha')) $db->begin(); - dolibarr_set_const($db, "MAIN_INFO_SOCIETE_NOM", GETPOST("nom", 'nohtml'), 'chaine', 0, '', $conf->entity); - dolibarr_set_const($db, "MAIN_INFO_SOCIETE_ADDRESS", GETPOST("MAIN_INFO_SOCIETE_ADDRESS", 'nohtml'), 'chaine', 0, '', $conf->entity); - dolibarr_set_const($db, "MAIN_INFO_SOCIETE_TOWN", GETPOST("MAIN_INFO_SOCIETE_TOWN", 'nohtml'), 'chaine', 0, '', $conf->entity); + dolibarr_set_const($db, "MAIN_INFO_SOCIETE_NOM", GETPOST("nom", 'alphanohtml'), 'chaine', 0, '', $conf->entity); + dolibarr_set_const($db, "MAIN_INFO_SOCIETE_ADDRESS", GETPOST("MAIN_INFO_SOCIETE_ADDRESS", 'alphanohtml'), 'chaine', 0, '', $conf->entity); + dolibarr_set_const($db, "MAIN_INFO_SOCIETE_TOWN", GETPOST("MAIN_INFO_SOCIETE_TOWN", 'alphanohtml'), 'chaine', 0, '', $conf->entity); dolibarr_set_const($db, "MAIN_INFO_SOCIETE_ZIP", GETPOST("MAIN_INFO_SOCIETE_ZIP", 'alphanohtml'), 'chaine', 0, '', $conf->entity); dolibarr_set_const($db, "MAIN_INFO_SOCIETE_REGION", GETPOST("region_code", 'alphanohtml'), 'chaine', 0, '', $conf->entity); dolibarr_set_const($db, "MAIN_MONNAIE", GETPOST("currency", 'aZ09'), 'chaine', 0, '', $conf->entity); @@ -178,19 +178,19 @@ if (($action == 'update' && !GETPOST("cancel", 'alpha')) } } - dolibarr_set_const($db, "MAIN_INFO_SOCIETE_MANAGERS", GETPOST("MAIN_INFO_SOCIETE_MANAGERS", 'nohtml'), 'chaine', 0, '', $conf->entity); - dolibarr_set_const($db, "MAIN_INFO_GDPR", GETPOST("MAIN_INFO_GDPR", 'nohtml'), 'chaine', 0, '', $conf->entity); - dolibarr_set_const($db, "MAIN_INFO_CAPITAL", GETPOST("capital", 'nohtml'), 'chaine', 0, '', $conf->entity); - dolibarr_set_const($db, "MAIN_INFO_SOCIETE_FORME_JURIDIQUE", GETPOST("forme_juridique_code", 'nohtml'), 'chaine', 0, '', $conf->entity); - dolibarr_set_const($db, "MAIN_INFO_SIREN", GETPOST("siren", 'nohtml'), 'chaine', 0, '', $conf->entity); - dolibarr_set_const($db, "MAIN_INFO_SIRET", GETPOST("siret", 'nohtml'), 'chaine', 0, '', $conf->entity); - dolibarr_set_const($db, "MAIN_INFO_APE", GETPOST("ape", 'nohtml'), 'chaine', 0, '', $conf->entity); - dolibarr_set_const($db, "MAIN_INFO_RCS", GETPOST("rcs", 'nohtml'), 'chaine', 0, '', $conf->entity); - dolibarr_set_const($db, "MAIN_INFO_PROFID5", GETPOST("MAIN_INFO_PROFID5", 'nohtml'), 'chaine', 0, '', $conf->entity); - dolibarr_set_const($db, "MAIN_INFO_PROFID6", GETPOST("MAIN_INFO_PROFID6", 'nohtml'), 'chaine', 0, '', $conf->entity); + dolibarr_set_const($db, "MAIN_INFO_SOCIETE_MANAGERS", GETPOST("MAIN_INFO_SOCIETE_MANAGERS", 'alphanohtml'), 'chaine', 0, '', $conf->entity); + dolibarr_set_const($db, "MAIN_INFO_GDPR", GETPOST("MAIN_INFO_GDPR", 'alphanohtml'), 'chaine', 0, '', $conf->entity); + dolibarr_set_const($db, "MAIN_INFO_CAPITAL", GETPOST("capital", 'alphanohtml'), 'chaine', 0, '', $conf->entity); + dolibarr_set_const($db, "MAIN_INFO_SOCIETE_FORME_JURIDIQUE", GETPOST("forme_juridique_code", 'alphanohtml'), 'chaine', 0, '', $conf->entity); + dolibarr_set_const($db, "MAIN_INFO_SIREN", GETPOST("siren", 'alphanohtml'), 'chaine', 0, '', $conf->entity); + dolibarr_set_const($db, "MAIN_INFO_SIRET", GETPOST("siret", 'alphanohtml'), 'chaine', 0, '', $conf->entity); + dolibarr_set_const($db, "MAIN_INFO_APE", GETPOST("ape", 'alphanohtml'), 'chaine', 0, '', $conf->entity); + dolibarr_set_const($db, "MAIN_INFO_RCS", GETPOST("rcs", 'alphanohtml'), 'chaine', 0, '', $conf->entity); + dolibarr_set_const($db, "MAIN_INFO_PROFID5", GETPOST("MAIN_INFO_PROFID5", 'alphanohtml'), 'chaine', 0, '', $conf->entity); + dolibarr_set_const($db, "MAIN_INFO_PROFID6", GETPOST("MAIN_INFO_PROFID6", 'alphanohtml'), 'chaine', 0, '', $conf->entity); - dolibarr_set_const($db, "MAIN_INFO_TVAINTRA", GETPOST("tva", 'nohtml'), 'chaine', 0, '', $conf->entity); - dolibarr_set_const($db, "MAIN_INFO_SOCIETE_OBJECT", GETPOST("object", 'nohtml'), 'chaine', 0, '', $conf->entity); + dolibarr_set_const($db, "MAIN_INFO_TVAINTRA", GETPOST("tva", 'alphanohtml'), 'chaine', 0, '', $conf->entity); + dolibarr_set_const($db, "MAIN_INFO_SOCIETE_OBJECT", GETPOST("object", 'alphanohtml'), 'chaine', 0, '', $conf->entity); dolibarr_set_const($db, "SOCIETE_FISCAL_MONTH_START", GETPOST("SOCIETE_FISCAL_MONTH_START", 'int'), 'chaine', 0, '', $conf->entity); @@ -403,18 +403,18 @@ print ''.$langs-> // Name print ''; -print 'global->MAIN_INFO_SOCIETE_NOM) ? ' autofocus="autofocus"' : '').'>'."\n"; +print 'global->MAIN_INFO_SOCIETE_NOM) ? ' autofocus="autofocus"' : '').'>'."\n"; // Address print ''; -print ''."\n"; +print ''."\n"; // Zip print ''; -print ''."\n"; +print ''."\n"; print ''; -print ''."\n"; +print ''."\n"; // Country print ''; @@ -564,17 +564,17 @@ $langs->load("companies"); // Managing Director(s) print ''; -print ''; +print ''; // GDPR contact print ''; print $form->textwithpicto($langs->trans("GDPRContact"), $langs->trans("GDPRContactDesc")); print ''; -print 'global->MAIN_INFO_GDPR) ? $conf->global->MAIN_INFO_GDPR : ''))).'">'; +print 'global->MAIN_INFO_GDPR) ? $conf->global->MAIN_INFO_GDPR : ''))).'">'; // Capital print ''; -print ''; +print ''; // Juridical Status print ''; diff --git a/htdocs/admin/dict.php b/htdocs/admin/dict.php index b3bc612fde3..5c1a356e102 100644 --- a/htdocs/admin/dict.php +++ b/htdocs/admin/dict.php @@ -906,7 +906,7 @@ if (empty($reshook)) { } elseif (in_array($keycode, array('joinfile', 'private', 'pos', 'position', 'scale', 'use_default'))) { $sql .= (int) GETPOST($keycode, 'int'); } else { - $sql .= "'".$db->escape(GETPOST($keycode, 'nohtml'))."'"; + $sql .= "'".$db->escape(GETPOST($keycode, 'alphanohtml'))."'"; } $i++; @@ -975,7 +975,7 @@ if (empty($reshook)) { } elseif (in_array($keycode, array('joinfile', 'private', 'pos', 'position', 'scale', 'use_default'))) { $sql .= (int) GETPOST($keycode, 'int'); } else { - $sql .= "'".$db->escape(GETPOST($keycode, 'nohtml'))."'"; + $sql .= "'".$db->escape(GETPOST($keycode, 'alphanohtml'))."'"; } $i++; diff --git a/htdocs/admin/ldap.php b/htdocs/admin/ldap.php index e122bdf5930..ef488943a4b 100644 --- a/htdocs/admin/ldap.php +++ b/htdocs/admin/ldap.php @@ -244,7 +244,7 @@ print ''.$langs->trans // Pass print ''; print ''.$langs->trans("LDAPPassword").''; -print ''; +print ''; print ''.$langs->trans('Password').' (ex: secret)'; print ''; diff --git a/htdocs/admin/mails_templates.php b/htdocs/admin/mails_templates.php index 1cb277de4e2..619a5003161 100644 --- a/htdocs/admin/mails_templates.php +++ b/htdocs/admin/mails_templates.php @@ -403,7 +403,7 @@ if (empty($reshook)) { } elseif (in_array($keycode, array('joinfiles', 'private', 'position', 'entity'))) { $sql .= (int) GETPOST($keycode, 'int'); } else { - $sql .= "'".$db->escape(GETPOST($keycode, 'nohtml'))."'"; + $sql .= "'".$db->escape(GETPOST($keycode, 'alphanohtml'))."'"; } $i++; } @@ -485,7 +485,7 @@ if (empty($reshook)) { } elseif (in_array($keycode, array('joinfiles', 'private', 'position'))) { $sql .= (int) GETPOST($keycode, 'int'); } else { - $sql .= "'".$db->escape(GETPOST($keycode, 'nohtml'))."'"; + $sql .= "'".$db->escape(GETPOST($keycode, 'alphanohtml'))."'"; } $i++; diff --git a/htdocs/admin/receiptprinter.php b/htdocs/admin/receiptprinter.php index cb625dbe039..ac136af0c61 100644 --- a/htdocs/admin/receiptprinter.php +++ b/htdocs/admin/receiptprinter.php @@ -45,7 +45,7 @@ $printername = GETPOST('printername', 'alpha'); $printerid = GETPOST('printerid', 'int'); $parameter = GETPOST('parameter', 'alpha'); -$template = GETPOST('template', 'nohtml'); +$template = GETPOST('template', 'alphanohtml'); $templatename = GETPOST('templatename', 'alpha'); $templateid = GETPOST('templateid', 'int'); diff --git a/htdocs/admin/ticket_public.php b/htdocs/admin/ticket_public.php index 621eceb50a3..1a4e3342cd0 100644 --- a/htdocs/admin/ticket_public.php +++ b/htdocs/admin/ticket_public.php @@ -89,7 +89,7 @@ if ($action == 'setTICKET_ENABLE_PUBLIC_INTERFACE') { } } - $topic_interface = GETPOST('TICKET_PUBLIC_INTERFACE_TOPIC', 'nohtml'); + $topic_interface = GETPOST('TICKET_PUBLIC_INTERFACE_TOPIC', 'alphanohtml'); if (!empty($topic_interface)) { $res = dolibarr_set_const($db, 'TICKET_PUBLIC_INTERFACE_TOPIC', $topic_interface, 'chaine', 0, '', $conf->entity); } else { diff --git a/htdocs/compta/bank/card.php b/htdocs/compta/bank/card.php index c08cf54ab4e..4ff73b2947c 100644 --- a/htdocs/compta/bank/card.php +++ b/htdocs/compta/bank/card.php @@ -125,11 +125,11 @@ if (empty($reshook)) { $object->cle_rib = trim(GETPOST("cle_rib")); $object->bic = trim(GETPOST("bic")); $object->iban = trim(GETPOST("iban")); - $object->domiciliation = trim(GETPOST("domiciliation", "nohtml")); + $object->domiciliation = trim(GETPOST("domiciliation", "alphanohtml")); $object->pti_in_ctti = empty(GETPOST("pti_in_ctti")) ? 0 : 1; $object->proprio = trim(GETPOST("proprio", 'alphanohtml')); - $object->owner_address = trim(GETPOST("owner_address", 'nohtml')); + $object->owner_address = trim(GETPOST("owner_address", 'alphanohtml')); $object->ics = trim(GETPOST("ics", 'alpha')); $object->ics_transfer = trim(GETPOST("ics_transfer", 'alpha')); @@ -226,11 +226,11 @@ if (empty($reshook)) { $object->cle_rib = trim(GETPOST("cle_rib")); $object->bic = trim(GETPOST("bic")); $object->iban = trim(GETPOST("iban")); - $object->domiciliation = trim(GETPOST("domiciliation", "nohtml")); + $object->domiciliation = trim(GETPOST("domiciliation", "alphanohtml")); $object->pti_in_ctti = empty(GETPOST("pti_in_ctti")) ? 0 : 1; $object->proprio = trim(GETPOST("proprio", 'alphanohtml')); - $object->owner_address = trim(GETPOST("owner_address", 'nohtml')); + $object->owner_address = trim(GETPOST("owner_address", 'alphanohtml')); $object->ics = trim(GETPOST("ics", 'alpha')); $object->ics_transfer = trim(GETPOST("ics_transfer", 'alpha')); diff --git a/htdocs/compta/facture/card-rec.php b/htdocs/compta/facture/card-rec.php index 39b8c16614d..e8346a11896 100644 --- a/htdocs/compta/facture/card-rec.php +++ b/htdocs/compta/facture/card-rec.php @@ -201,12 +201,12 @@ if (empty($reshook)) { } if (!$error) { - $object->titre = GETPOST('title', 'nohtml'); // deprecated - $object->title = GETPOST('title', 'nohtml'); + $object->titre = GETPOST('title', 'alphanohtml'); // deprecated + $object->title = GETPOST('title', 'alphanohtml'); $object->note_private = GETPOST('note_private', 'restricthtml'); $object->note_public = GETPOST('note_public', 'restricthtml'); - $object->model_pdf = GETPOST('modelpdf', 'alpha'); - $object->usenewprice = GETPOST('usenewprice', 'alpha'); + $object->model_pdf = GETPOST('modelpdf', 'alphanohtml'); + $object->usenewprice = GETPOST('usenewprice', 'alphanohtml'); $object->mode_reglement_id = GETPOST('mode_reglement_id', 'int'); $object->cond_reglement_id = GETPOST('cond_reglement_id', 'int'); diff --git a/htdocs/contact/card.php b/htdocs/contact/card.php index 30189680bc7..09d46d02b13 100644 --- a/htdocs/contact/card.php +++ b/htdocs/contact/card.php @@ -1039,7 +1039,7 @@ if (is_object($objcanvas) && $objcanvas->displayCanvasExists($action)) { print ''; print ''; print '
'; - print ''; + print ''; print '
'; if ($conf->use_javascript_ajax) { print ''.$langs->trans('CopyAddressFromSoc').'
'; diff --git a/htdocs/core/lib/functions.lib.php b/htdocs/core/lib/functions.lib.php index 44dcf0a57d0..ab6882e28a2 100644 --- a/htdocs/core/lib/functions.lib.php +++ b/htdocs/core/lib/functions.lib.php @@ -6634,12 +6634,18 @@ function dol_string_nohtmltag($stringtoclean, $removelinefeed = 1, $pagecodeto = if ($strip_tags) { $temp = strip_tags($temp); } else { - $temp = str_replace('<>', '', $temp); // No reason to have this into a text, except if value is to try bypass the next html cleaning - $pattern = "/<[^<>]+>/"; - // Example of $temp: 0000-021 - $temp = preg_replace($pattern, "", $temp); // pass 1 - $temp after pass 1: 0000-021 - $temp = preg_replace($pattern, "", $temp); // pass 2 - $temp after pass 2: 0000-021 // Remove '<' into remainging, so remove non closing html tags like '0000-021 + // pass 1 - $temp after pass 1: 0000-021 + // pass 2 - $temp after pass 2: 0000-021 + $tempbis = str_replace('<>', '', $temp); // No reason to have this into a text, except if value is to try bypass the next html cleaning + $tempbis = preg_replace($pattern, '', $tempbis); + } while ($tempbis != $temp); + $temp = $tempbis; + + // Remove '<' into remaining, so remove non closing html tags like 'titre = GETPOST('title', 'nohtml'); // deprecated - $object->title = GETPOST('title', 'nohtml'); + $object->titre = GETPOST('title', 'alphanohtml'); // deprecated + $object->title = GETPOST('title', 'alphanohtml'); $object->fk_project = GETPOST('projectid', 'int'); - $object->ref_supplier = GETPOST('ref_supplier', 'nohtml'); + $object->ref_supplier = GETPOST('ref_supplier', 'alphanohtml'); $object->note_private = GETPOST('note_private', 'restricthtml'); $object->note_public = GETPOST('note_public', 'restricthtml'); diff --git a/htdocs/fourn/facture/card.php b/htdocs/fourn/facture/card.php index f9250d255ca..4ad8555ba24 100644 --- a/htdocs/fourn/facture/card.php +++ b/htdocs/fourn/facture/card.php @@ -747,10 +747,10 @@ if (empty($reshook)) { $result = $object->fetch(GETPOST('fac_replacement', 'int')); $object->fetch_thirdparty(); - $object->ref = GETPOST('ref', 'nohtml'); + $object->ref = GETPOST('ref', 'alphanohtml'); $object->ref_supplier = GETPOST('ref_supplier', 'alpha'); $object->socid = GETPOST('socid', 'int'); - $object->libelle = GETPOST('label', 'nohtml'); + $object->libelle = GETPOST('label', 'alphanohtml'); $object->date = $dateinvoice; $object->date_echeance = $datedue; $object->note_public = GETPOST('note_public', 'restricthtml'); @@ -812,11 +812,11 @@ if (empty($reshook)) { $tmpproject = GETPOST('projectid', 'int'); // Creation facture - $object->ref = GETPOST('ref', 'nohtml'); - $object->ref_supplier = GETPOST('ref_supplier', 'nohtml'); + $object->ref = GETPOST('ref', 'alphanohtml'); + $object->ref_supplier = GETPOST('ref_supplier', 'alphanohtml'); $object->socid = GETPOST('socid', 'int'); - $object->libelle = GETPOST('label', 'nohtml'); - $object->label = GETPOST('label', 'nohtml'); + $object->libelle = GETPOST('label', 'alphanohtml'); + $object->label = GETPOST('label', 'alphanohtml'); $object->date = $dateinvoice; $object->date_echeance = $datedue; $object->note_public = GETPOST('note_public', 'restricthtml'); @@ -903,13 +903,13 @@ if (empty($reshook)) { if (!$error) { $object->socid = GETPOST('socid', 'int'); - $object->type = GETPOST('type'); - $object->ref = GETPOST('ref'); + $object->type = GETPOST('type', 'alphanohtml'); + $object->ref = GETPOST('ref', 'alphanohtml'); $object->date = $dateinvoice; $object->note_public = trim(GETPOST('note_public', 'restricthtml')); $object->note_private = trim(GETPOST('note_private', 'restricthtml')); - $object->ref_supplier = GETPOST('ref_supplier', 'nohtml'); - $object->model_pdf = GETPOST('model'); + $object->ref_supplier = GETPOST('ref_supplier', 'alphanohtml'); + $object->model_pdf = GETPOST('model', 'alphanohtml'); $object->fk_project = GETPOST('projectid', 'int'); $object->cond_reglement_id = (GETPOST('type') == 3 ? 1 : GETPOST('cond_reglement_id')); $object->mode_reglement_id = GETPOST('mode_reglement_id', 'int'); @@ -962,12 +962,12 @@ if (empty($reshook)) { // Creation invoice $object->socid = GETPOST('socid', 'int'); - $object->type = GETPOST('type'); - $object->ref = GETPOST('ref', 'nohtml'); - $object->ref_supplier = GETPOST('ref_supplier', 'nohtml'); + $object->type = GETPOST('type', 'alphanohtml'); + $object->ref = GETPOST('ref', 'alphanohtml'); + $object->ref_supplier = GETPOST('ref_supplier', 'alphanohtml'); $object->socid = GETPOST('socid', 'int'); - $object->libelle = GETPOST('label', 'nohtml'); // deprecated - $object->label = GETPOST('label', 'nohtml'); + $object->libelle = GETPOST('label', 'alphanohtml'); // deprecated + $object->label = GETPOST('label', 'alphanohtml'); $object->date = $dateinvoice; $object->date_echeance = $datedue; $object->note_public = GETPOST('note_public', 'restricthtml'); diff --git a/htdocs/imports/import.php b/htdocs/imports/import.php index ab7bbd95266..c625b97e6a6 100644 --- a/htdocs/imports/import.php +++ b/htdocs/imports/import.php @@ -139,8 +139,8 @@ $importmodelid = GETPOST('importmodelid', 'int'); $excludefirstline = (GETPOST('excludefirstline') ? GETPOST('excludefirstline') : 2); $endatlinenb = (GETPOST('endatlinenb') ? GETPOST('endatlinenb') : ''); $updatekeys = (GETPOST('updatekeys', 'array') ? GETPOST('updatekeys', 'array') : array()); -$separator = (GETPOST('separator', 'nohtml') ? GETPOST('separator', 'nohtml', 3) : ''); -$enclosure = (GETPOST('enclosure', 'nohtml') ? GETPOST('enclosure', 'nohtml') : '"'); +$separator = (GETPOST('separator', 'alphanohtml') ? GETPOST('separator', 'alphanohtml', 3) : ''); +$enclosure = (GETPOST('enclosure', 'nohtml') ? GETPOST('enclosure', 'nohtml') : '"'); // We must use 'nohtml' and not 'alphanohtml' because we must accept " $separator_used = str_replace('\t', "\t", $separator); $objimport = new Import($db); diff --git a/htdocs/modulebuilder/admin/setup.php b/htdocs/modulebuilder/admin/setup.php index 08791b8324a..da2cff7eff4 100644 --- a/htdocs/modulebuilder/admin/setup.php +++ b/htdocs/modulebuilder/admin/setup.php @@ -40,13 +40,13 @@ $backtopage = GETPOST('backtopage', 'alpha'); if ($action == "update") { $res1 = dolibarr_set_const($db, 'MODULEBUILDER_SPECIFIC_README', GETPOST('MODULEBUILDER_SPECIFIC_README', 'restricthtml'), 'chaine', 0, '', $conf->entity); - $res2 = dolibarr_set_const($db, 'MODULEBUILDER_ASCIIDOCTOR', GETPOST('MODULEBUILDER_ASCIIDOCTOR', 'nohtml'), 'chaine', 0, '', $conf->entity); - $res3 = dolibarr_set_const($db, 'MODULEBUILDER_ASCIIDOCTORPDF', GETPOST('MODULEBUILDER_ASCIIDOCTORPDF', 'nohtml'), 'chaine', 0, '', $conf->entity); - $res4 = dolibarr_set_const($db, 'MODULEBUILDER_SPECIFIC_EDITOR_NAME', GETPOST('MODULEBUILDER_SPECIFIC_EDITOR_NAME', 'nohtml'), 'chaine', 0, '', $conf->entity); - $res5 = dolibarr_set_const($db, 'MODULEBUILDER_SPECIFIC_EDITOR_URL', GETPOST('MODULEBUILDER_SPECIFIC_EDITOR_URL', 'nohtml'), 'chaine', 0, '', $conf->entity); - $res6 = dolibarr_set_const($db, 'MODULEBUILDER_SPECIFIC_FAMILY', GETPOST('MODULEBUILDER_SPECIFIC_FAMILY', 'nohtml'), 'chaine', 0, '', $conf->entity); + $res2 = dolibarr_set_const($db, 'MODULEBUILDER_ASCIIDOCTOR', GETPOST('MODULEBUILDER_ASCIIDOCTOR', 'alphanohtml'), 'chaine', 0, '', $conf->entity); + $res3 = dolibarr_set_const($db, 'MODULEBUILDER_ASCIIDOCTORPDF', GETPOST('MODULEBUILDER_ASCIIDOCTORPDF', 'alphanohtml'), 'chaine', 0, '', $conf->entity); + $res4 = dolibarr_set_const($db, 'MODULEBUILDER_SPECIFIC_EDITOR_NAME', GETPOST('MODULEBUILDER_SPECIFIC_EDITOR_NAME', 'alphanohtml'), 'chaine', 0, '', $conf->entity); + $res5 = dolibarr_set_const($db, 'MODULEBUILDER_SPECIFIC_EDITOR_URL', GETPOST('MODULEBUILDER_SPECIFIC_EDITOR_URL', 'alphanohtml'), 'chaine', 0, '', $conf->entity); + $res6 = dolibarr_set_const($db, 'MODULEBUILDER_SPECIFIC_FAMILY', GETPOST('MODULEBUILDER_SPECIFIC_FAMILY', 'alphanohtml'), 'chaine', 0, '', $conf->entity); $res7 = dolibarr_set_const($db, 'MODULEBUILDER_SPECIFIC_AUTHOR', GETPOST('MODULEBUILDER_SPECIFIC_AUTHOR', 'html'), 'chaine', 0, '', $conf->entity); - $res8 = dolibarr_set_const($db, 'MODULEBUILDER_SPECIFIC_VERSION', GETPOST('MODULEBUILDER_SPECIFIC_VERSION', 'nohtml'), 'chaine', 0, '', $conf->entity); + $res8 = dolibarr_set_const($db, 'MODULEBUILDER_SPECIFIC_VERSION', GETPOST('MODULEBUILDER_SPECIFIC_VERSION', 'alphanohtml'), 'chaine', 0, '', $conf->entity); if ($res1 < 0 || $res2 < 0 || $res3 < 0 || $res4 < 0 || $res5 < 0 || $res6 < 0 || $res7 < 0 || $res8 < 0) { setEventMessages('ErrorFailedToSaveDate', null, 'errors'); $db->rollback(); diff --git a/htdocs/opensurvey/results.php b/htdocs/opensurvey/results.php index eda16dec32c..d726152eaa4 100644 --- a/htdocs/opensurvey/results.php +++ b/htdocs/opensurvey/results.php @@ -75,7 +75,7 @@ if (GETPOST("boutonp") || GETPOST("boutonp.x") || GETPOST("boutonp_x")) { // bo } } - $nom = substr(GETPOST("nom", 'nohtml'), 0, 64); + $nom = substr(GETPOST("nom", 'alphanohtml'), 0, 64); // Check if vote already exists $sql = 'SELECT id_users, nom as name'; diff --git a/htdocs/product/fournisseurs.php b/htdocs/product/fournisseurs.php index 88ebb387850..96ce57c5bbe 100644 --- a/htdocs/product/fournisseurs.php +++ b/htdocs/product/fournisseurs.php @@ -192,7 +192,7 @@ if (empty($reshook)) { if (empty($ref_fourn_old)) { $ref_fourn_old = $ref_fourn; } - $quantity = price2num(GETPOST("qty", 'nohtml'), 'MS'); + $quantity = price2num(GETPOST("qty", 'alphanohtml'), 'MS'); $remise_percent = price2num(GETPOST('remise_percent', 'alpha')); $npr = preg_match('/\*/', GETPOST('tva_tx', 'alpha')) ? 1 : 0; @@ -555,7 +555,7 @@ if ($id > 0 || $ref) { print ''; print ''.$langs->trans("QtyMin").''; print ''; - $quantity = GETPOSTISSET('qty') ? price2num(GETPOST('qty', 'nohtml'), 'MS') : "1"; + $quantity = GETPOSTISSET('qty') ? price2num(GETPOST('qty', 'alphanohtml'), 'MS') : "1"; if ($rowid) { print ''; print $object->fourn_qty; @@ -577,7 +577,7 @@ if ($id > 0 || $ref) { print ''.$form->textwithpicto($langs->trans("PackagingForThisProduct"), $langs->trans("PackagingForThisProductDesc")).''; print ''; - $packaging = GETPOSTISSET('packaging') ? price2num(GETPOST('packaging', 'nohtml'), 'MS') : ((empty($rowid)) ? "1" : price2num($object->packaging, 'MS')); + $packaging = GETPOSTISSET('packaging') ? price2num(GETPOST('packaging', 'alphanohtml'), 'MS') : ((empty($rowid)) ? "1" : price2num($object->packaging, 'MS')); print ''; // Units diff --git a/htdocs/public/eventorganization/attendee_new.php b/htdocs/public/eventorganization/attendee_new.php index 40e082c6f2e..661ae6accfe 100644 --- a/htdocs/public/eventorganization/attendee_new.php +++ b/htdocs/public/eventorganization/attendee_new.php @@ -67,7 +67,7 @@ $action = GETPOST('action', 'aZ09'); $email = GETPOST("email"); $societe = GETPOST("societe"); $emailcompany = GETPOST("emailcompany"); -$note_public = GETPOST('note_public', "nohtml"); +$note_public = GETPOST('note_public', "restricthtml"); // Getting id from Post and decoding it $type = GETPOST('type', 'aZ09'); diff --git a/htdocs/public/members/new.php b/htdocs/public/members/new.php index 7a27ae14b62..31f1fa9f952 100644 --- a/htdocs/public/members/new.php +++ b/htdocs/public/members/new.php @@ -563,8 +563,8 @@ print 'global->ADHERENT_LOGIN_NOT_REQUIRED)) { print ''.$langs->trans("Login").' *'."\n"; - print ''.$langs->trans("Password").' *'."\n"; - print ''.$langs->trans("PasswordAgain").' *'."\n"; + print ''.$langs->trans("Password").' *'."\n"; + print ''.$langs->trans("PasswordAgain").' *'."\n"; } // Gender print ''.$langs->trans("Gender").''; diff --git a/htdocs/public/opensurvey/studs.php b/htdocs/public/opensurvey/studs.php index 02ee2df87e2..acf1fb01b56 100644 --- a/htdocs/public/opensurvey/studs.php +++ b/htdocs/public/opensurvey/studs.php @@ -112,7 +112,7 @@ if (GETPOST("boutonp") || GETPOST("boutonp.x") || GETPOST("boutonp_x")) { // bo } //Si le nom est bien entré - if (GETPOST('nom', 'nohtml')) { + if (GETPOST('nom', 'alphanohtml')) { $nouveauchoix = ''; for ($i = 0; $i < $nbcolonnes; $i++) { if (GETPOSTISSET("choix$i") && GETPOST("choix$i") == '1') { @@ -124,7 +124,7 @@ if (GETPOST("boutonp") || GETPOST("boutonp.x") || GETPOST("boutonp_x")) { // bo } } - $nom = substr(GETPOST("nom", 'nohtml'), 0, 64); + $nom = substr(GETPOST("nom", 'alphanohtml'), 0, 64); // Check if vote already exists $sql = 'SELECT id_users, nom as name'; diff --git a/htdocs/ticket/class/ticket.class.php b/htdocs/ticket/class/ticket.class.php index e1314f369a0..6bc194fed21 100644 --- a/htdocs/ticket/class/ticket.class.php +++ b/htdocs/ticket/class/ticket.class.php @@ -2594,7 +2594,7 @@ class Ticket extends CommonObject if (is_array($internal_contacts) && count($internal_contacts) > 0) { // altairis: set default subject $label_title = empty($conf->global->MAIN_APPLICATION_TITLE) ? $mysoc->name : $conf->global->MAIN_APPLICATION_TITLE; - $subject = GETPOST('subject', 'nohtml') ? GETPOST('subject', 'nohtml') : '['.$label_title.'- ticket #'.$object->track_id.'] '.$langs->trans('TicketNewMessage'); + $subject = GETPOST('subject', 'alphanohtml') ? GETPOST('subject', 'alphanohtml') : '['.$label_title.'- ticket #'.$object->track_id.'] '.$langs->trans('TicketNewMessage'); $message_intro = $langs->trans('TicketNotificationEmailBody', "#".$object->id); $message_signature = GETPOST('mail_signature') ? GETPOST('mail_signature') : $conf->global->TICKET_MESSAGE_MAIL_SIGNATURE; diff --git a/htdocs/user/card.php b/htdocs/user/card.php index ce91f4ce726..36807533a66 100644 --- a/htdocs/user/card.php +++ b/htdocs/user/card.php @@ -997,11 +997,11 @@ if ($action == 'create' || $action == 'adduserldap') { } if (preg_match('/dolibarr/', $dolibarr_main_authentication)) { if (!empty($ldap_pass)) { // For very old system comaptibilty. Now clear password can't be viewed from LDAP read - $valuetoshow .= ($valuetoshow ? ', ' : '').''; // Dolibarr password is preffiled with LDAP known password + $valuetoshow .= ($valuetoshow ? ', ' : '').''; // Dolibarr password is preffiled with LDAP known password $valuetoshow .= preg_replace('/./i', '*', $ldap_pass); } else { // We do not use a field password but a field text to show new password to use. - $valuetoshow .= ($valuetoshow ? ', ' : '').''; + $valuetoshow .= ($valuetoshow ? ', ' : '').''; } } @@ -2348,7 +2348,7 @@ if ($action == 'create' || $action == 'adduserldap') { } if (preg_match('/dolibarr/', $dolibarr_main_authentication)) { if ($caneditpassword) { - $valuetoshow .= ($valuetoshow ? (' '.$langs->trans("or").' ') : '').''; + $valuetoshow .= ($valuetoshow ? (' '.$langs->trans("or").' ') : '').''; } else { $valuetoshow .= ($valuetoshow ? (' '.$langs->trans("or").' ') : '').preg_replace('/./i', '*', $object->pass); } diff --git a/htdocs/user/clicktodial.php b/htdocs/user/clicktodial.php index 2207e3358ae..0dd38cc057b 100644 --- a/htdocs/user/clicktodial.php +++ b/htdocs/user/clicktodial.php @@ -139,7 +139,7 @@ if ($id > 0) { print 'ClickToDial '.$langs->trans("Password").''; print ''; - print ''; + print ''; print "\n"; print ''; diff --git a/htdocs/user/group/card.php b/htdocs/user/group/card.php index fa9a438e350..1acfa858663 100644 --- a/htdocs/user/group/card.php +++ b/htdocs/user/group/card.php @@ -122,11 +122,11 @@ if (empty($reshook)) { // Action add group if ($action == 'add') { if ($caneditperms) { - if (!GETPOST("nom", "nohtml")) { + if (!GETPOST("nom", "alphanohtml")) { setEventMessages($langs->trans("NameNotDefined"), null, 'errors'); $action = "create"; // Go back to create page } else { - $object->name = GETPOST("nom", 'nohtml'); + $object->name = GETPOST("nom", 'alphanohtml'); $object->note = dol_htmlcleanlastbr(trim(GETPOST("note", 'restricthtml'))); // Fill array 'array_options' with data from add form @@ -206,7 +206,7 @@ if (empty($reshook)) { $object->oldcopy = clone $object; - $object->name = GETPOST("nom", 'nohtml'); + $object->name = GETPOST("nom", 'alphanohtml'); $object->note = dol_htmlcleanlastbr(trim(GETPOST("note", 'restricthtml'))); // Fill array 'array_options' with data from add form diff --git a/htdocs/website/index.php b/htdocs/website/index.php index 164f327a52d..0a58c0bcf44 100644 --- a/htdocs/website/index.php +++ b/htdocs/website/index.php @@ -3323,7 +3323,7 @@ if ($action == 'editcss') { // Clean the php htaccesscontent file to remove php code and get only html part $htaccesscontent = preg_replace('/<\?php \/\/ BEGIN PHP[^\?]*END PHP \?>\n*/ims', '', $htaccesscontent); } else { - $htaccesscontent = GETPOST('WEBSITE_HTACCESS', 'nohtml'); + $htaccesscontent = GETPOST('WEBSITE_HTACCESS', 'nohtml'); // We must use 'nohtml' and not 'alphanohtml' because we must accept " } if (!trim($htaccesscontent)) { $htaccesscontent .= "# Order allow,deny\n";