From c0f4ec5a3e06c79c3a4629174cf1bfbf0389e668 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Mon, 5 Nov 2018 17:53:31 +0100 Subject: [PATCH] FIX sanitize param $action --- htdocs/accountancy/admin/accountmodel.php | 2 +- htdocs/accountancy/admin/categories_list.php | 2 +- htdocs/accountancy/admin/defaultaccounts.php | 2 +- htdocs/accountancy/admin/export.php | 4 ++-- htdocs/accountancy/admin/fiscalyear_card.php | 2 +- htdocs/accountancy/admin/index.php | 2 +- htdocs/accountancy/admin/journals_list.php | 2 +- htdocs/accountancy/admin/productaccount.php | 2 +- htdocs/accountancy/bookkeeping/balance.php | 2 +- htdocs/accountancy/bookkeeping/list.php | 6 +++--- htdocs/accountancy/bookkeeping/listbyaccount.php | 2 +- htdocs/accountancy/customer/card.php | 2 +- htdocs/accountancy/expensereport/card.php | 2 +- htdocs/accountancy/supplier/card.php | 2 +- htdocs/adherents/admin/adherent_extrafields.php | 2 +- .../admin/adherent_type_extrafields.php | 2 +- htdocs/adherents/admin/website.php | 2 +- htdocs/admin/agenda_extrafields.php | 2 +- htdocs/admin/bank.php | 2 +- htdocs/admin/bank_extrafields.php | 2 +- htdocs/admin/dav.php | 2 +- htdocs/admin/emailcollector_card.php | 4 +++- htdocs/admin/expedition_extrafields.php | 2 +- htdocs/admin/expeditiondet_extrafields.php | 2 +- htdocs/admin/expensereport_extrafields.php | 2 +- htdocs/admin/livraison_extrafields.php | 2 +- htdocs/admin/livraisondet_extrafields.php | 2 +- htdocs/admin/loan.php | 2 +- htdocs/admin/multicurrency.php | 2 +- htdocs/admin/oauth.php | 2 +- htdocs/admin/order_extrafields.php | 2 +- htdocs/admin/orderdet_extrafields.php | 2 +- htdocs/admin/resource.php | 2 +- htdocs/admin/resource_extrafields.php | 2 +- htdocs/admin/salaries.php | 2 +- htdocs/admin/supplier_invoice.php | 2 +- htdocs/admin/supplier_order.php | 2 +- htdocs/admin/supplierinvoice_extrafields.php | 2 +- htdocs/admin/supplierinvoicedet_extrafields.php | 2 +- htdocs/admin/supplierorder_extrafields.php | 2 +- htdocs/admin/supplierorderdet_extrafields.php | 2 +- htdocs/admin/ticket.php | 2 +- htdocs/admin/ticket_extrafields.php | 2 +- htdocs/admin/tools/listevents.php | 2 +- htdocs/admin/tools/listsessions.php | 2 +- htdocs/admin/workflow.php | 2 +- htdocs/asset/admin/assets_extrafields.php | 2 +- htdocs/asset/admin/assets_type_extrafields.php | 2 +- htdocs/asset/admin/setup.php | 2 +- htdocs/asset/card.php | 2 +- htdocs/asset/note.php | 2 +- .../categories/admin/categorie_extrafields.php | 2 +- htdocs/comm/action/document.php | 2 +- htdocs/comm/admin/propal_extrafields.php | 2 +- htdocs/comm/admin/propaldet_extrafields.php | 2 +- htdocs/comm/index.php | 2 +- htdocs/comm/propal/card.php | 2 +- htdocs/commande/card.php | 2 +- htdocs/compta/bank/document.php | 2 +- htdocs/compta/bank/releve.php | 2 +- htdocs/compta/bank/various_payment/card.php | 2 +- .../facture/admin/facture_cust_extrafields.php | 2 +- .../admin/facture_rec_cust_extrafields.php | 2 +- .../admin/facturedet_cust_extrafields.php | 2 +- .../admin/facturedet_rec_cust_extrafields.php | 2 +- htdocs/compta/facture/card.php | 2 +- htdocs/compta/index.php | 2 +- htdocs/compta/paiement/cheque/card.php | 2 +- htdocs/compta/paiement_charge.php | 2 +- htdocs/contrat/admin/contract_extrafields.php | 2 +- htdocs/contrat/admin/contractdet_extrafields.php | 2 +- htdocs/core/ajax/selectobject.php | 2 +- htdocs/core/lib/functions.lib.php | 5 +++-- .../core/modules/oauth/github_oauthcallback.php | 2 +- .../core/modules/oauth/google_oauthcallback.php | 2 +- .../modules/oauth/stripetest_oauthcallback.php | 2 +- htdocs/core/tpl/commonfields_add.tpl.php | 4 ++-- htdocs/datapolicy/admin/setup.php | 2 +- htdocs/datapolicy/admin/setupmail.php | 2 +- htdocs/datapolicy/public/index.php | 2 +- htdocs/don/admin/donation_extrafields.php | 2 +- .../class/emailcollector.class.php | 16 ++++++++-------- htdocs/exports/export.php | 2 +- htdocs/fichinter/admin/fichinter_extrafields.php | 2 +- .../fichinter/admin/fichinterdet_extrafields.php | 2 +- htdocs/fichinter/card-rec.php | 2 +- htdocs/fourn/commande/contact.php | 2 +- htdocs/fourn/commande/orderstoinvoice.php | 2 +- htdocs/holiday/card.php | 2 +- htdocs/hrm/admin/admin_hrm.php | 2 +- htdocs/langs/en_US/admin.lang | 1 + htdocs/livraison/card.php | 2 +- htdocs/modulebuilder/admin/setup.php | 2 +- htdocs/modulebuilder/template/admin/about.php | 2 +- htdocs/modulebuilder/template/admin/setup.php | 2 +- htdocs/modulebuilder/template/mymoduleindex.php | 2 +- .../modulebuilder/template/myobject_agenda.php | 2 +- htdocs/modulebuilder/template/myobject_card.php | 2 +- htdocs/modulebuilder/template/myobject_note.php | 2 +- htdocs/product/admin/dynamic_prices.php | 2 +- htdocs/product/admin/product_extrafields.php | 2 +- htdocs/product/admin/product_lot_extrafields.php | 2 +- htdocs/product/ajax/products.php | 2 +- htdocs/product/dynamic_price/editor.php | 2 +- htdocs/product/fournisseurs.php | 2 +- htdocs/product/inventory/card.php | 2 +- htdocs/product/price.php | 2 +- htdocs/projet/admin/project_extrafields.php | 2 +- htdocs/projet/admin/project_task_extrafields.php | 2 +- htdocs/projet/ajax/projects.php | 2 +- htdocs/projet/tasks.php | 2 +- htdocs/public/ticket/create_ticket.php | 2 +- htdocs/public/ticket/index.php | 2 +- htdocs/public/ticket/list.php | 2 +- htdocs/public/ticket/view.php | 2 +- htdocs/societe/admin/contact_extrafields.php | 2 +- htdocs/societe/admin/societe_extrafields.php | 2 +- htdocs/societe/ajax/company.php | 2 +- htdocs/societe/price.php | 2 +- .../admin/supplier_proposal_extrafields.php | 2 +- .../admin/supplier_proposaldet_extrafields.php | 2 +- htdocs/supplier_proposal/card.php | 2 +- htdocs/supplier_proposal/contact.php | 2 +- htdocs/takepos/admin/about.php | 2 +- htdocs/ticket/card.php | 2 +- htdocs/ticket/history.php | 2 +- htdocs/ticket/index.php | 2 +- htdocs/ticket/new.php | 2 +- htdocs/user/admin/group_extrafields.php | 2 +- htdocs/user/admin/user_extrafields.php | 2 +- htdocs/user/group/card.php | 2 +- htdocs/user/group/ldap.php | 2 +- htdocs/user/group/perms.php | 2 +- htdocs/user/passwordforgotten.php | 2 +- htdocs/user/perms.php | 2 +- htdocs/website/websiteaccount_card.php | 2 +- 136 files changed, 151 insertions(+), 147 deletions(-) diff --git a/htdocs/accountancy/admin/accountmodel.php b/htdocs/accountancy/admin/accountmodel.php index d3843763732..245220e0d4d 100644 --- a/htdocs/accountancy/admin/accountmodel.php +++ b/htdocs/accountancy/admin/accountmodel.php @@ -44,7 +44,7 @@ if (! empty($conf->accounting->enabled)) require_once DOL_DOCUMENT_ROOT . '/core // Load translation files required by the page $langs->loadLangs(array("errors","admin","companies","resource","holiday","compta","accountancy","hrm")); -$action=GETPOST('action','alpha')?GETPOST('action','alpha'):'view'; +$action=GETPOST('action','aZ09')?GETPOST('action','aZ09'):'view'; $confirm=GETPOST('confirm','alpha'); $id=31; $rowid=GETPOST('rowid','alpha'); diff --git a/htdocs/accountancy/admin/categories_list.php b/htdocs/accountancy/admin/categories_list.php index 9f6b0bf14fe..1f10403f798 100644 --- a/htdocs/accountancy/admin/categories_list.php +++ b/htdocs/accountancy/admin/categories_list.php @@ -34,7 +34,7 @@ require_once DOL_DOCUMENT_ROOT.'/core/class/html.formaccounting.class.php'; // Load translation files required by the page $langs->loadLangs(array("errors","admin","companies","resource","holiday","accountancy","hrm")); -$action=GETPOST('action','alpha')?GETPOST('action','alpha'):'view'; +$action=GETPOST('action','aZ09')?GETPOST('action','aZ09'):'view'; $confirm=GETPOST('confirm','alpha'); $id=32; $rowid=GETPOST('rowid','alpha'); diff --git a/htdocs/accountancy/admin/defaultaccounts.php b/htdocs/accountancy/admin/defaultaccounts.php index 31fc04fa745..6de48b58cd5 100644 --- a/htdocs/accountancy/admin/defaultaccounts.php +++ b/htdocs/accountancy/admin/defaultaccounts.php @@ -43,7 +43,7 @@ if (empty($user->rights->accounting->chartofaccount)) accessforbidden(); } -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $list_account_main = array ( diff --git a/htdocs/accountancy/admin/export.php b/htdocs/accountancy/admin/export.php index eccb9b0c06f..f8309cf6ce5 100644 --- a/htdocs/accountancy/admin/export.php +++ b/htdocs/accountancy/admin/export.php @@ -41,8 +41,8 @@ if (empty($user->rights->accounting->chartofaccount)) accessforbidden(); } -$action = GETPOST('action', 'alpha'); - +$action = GETPOST('action', 'aZ09'); +aZ09 // Parameters ACCOUNTING_EXPORT_* $main_option = array ( 'ACCOUNTING_EXPORT_PREFIX_SPEC', diff --git a/htdocs/accountancy/admin/fiscalyear_card.php b/htdocs/accountancy/admin/fiscalyear_card.php index 05c7a3fd174..297a3026b02 100644 --- a/htdocs/accountancy/admin/fiscalyear_card.php +++ b/htdocs/accountancy/admin/fiscalyear_card.php @@ -38,7 +38,7 @@ if (empty($user->rights->accounting->fiscalyear)) $error = 0; -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $confirm = GETPOST('confirm', 'alpha'); $id = GETPOST('id', 'int'); diff --git a/htdocs/accountancy/admin/index.php b/htdocs/accountancy/admin/index.php index a17ee45ae4d..60a81df9a56 100644 --- a/htdocs/accountancy/admin/index.php +++ b/htdocs/accountancy/admin/index.php @@ -41,7 +41,7 @@ if (empty($user->rights->accounting->chartofaccount)) accessforbidden(); } -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); // Parameters ACCOUNTING_* and others $list = array ( diff --git a/htdocs/accountancy/admin/journals_list.php b/htdocs/accountancy/admin/journals_list.php index 3511ae431ec..49745676eb3 100644 --- a/htdocs/accountancy/admin/journals_list.php +++ b/htdocs/accountancy/admin/journals_list.php @@ -34,7 +34,7 @@ require_once DOL_DOCUMENT_ROOT.'/accountancy/class/accountingjournal.class.php'; // Load translation files required by the page $langs->loadLangs(array("admin","compta","accountancy")); -$action=GETPOST('action','alpha')?GETPOST('action','alpha'):'view'; +$action=GETPOST('action','aZ09')?GETPOST('action','aZ09'):'view'; $confirm=GETPOST('confirm','alpha'); $id=35; $rowid=GETPOST('rowid','alpha'); diff --git a/htdocs/accountancy/admin/productaccount.php b/htdocs/accountancy/admin/productaccount.php index a84e2f6fcab..246d3752f56 100644 --- a/htdocs/accountancy/admin/productaccount.php +++ b/htdocs/accountancy/admin/productaccount.php @@ -45,7 +45,7 @@ if (! $user->rights->accounting->bind->write) accessforbidden(); // search & action GETPOST -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $codeventil_buy = GETPOST('codeventil_buy', 'array'); $codeventil_sell = GETPOST('codeventil_sell', 'array'); $chk_prod = GETPOST('chk_prod', 'array'); diff --git a/htdocs/accountancy/bookkeeping/balance.php b/htdocs/accountancy/bookkeeping/balance.php index 9b9598074cb..e807d1acced 100644 --- a/htdocs/accountancy/bookkeeping/balance.php +++ b/htdocs/accountancy/bookkeeping/balance.php @@ -41,7 +41,7 @@ $langs->loadLangs(array("accountancy")); $page = GETPOST("page"); $sortorder = GETPOST("sortorder", 'alpha'); $sortfield = GETPOST("sortfield", 'alpha'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); if (GETPOST("exportcsv",'alpha')) $action = 'export_csv'; // Load variable for pagination diff --git a/htdocs/accountancy/bookkeeping/list.php b/htdocs/accountancy/bookkeeping/list.php index 46575c21143..5613e42b4c4 100644 --- a/htdocs/accountancy/bookkeeping/list.php +++ b/htdocs/accountancy/bookkeeping/list.php @@ -36,10 +36,10 @@ require_once DOL_DOCUMENT_ROOT . '/core/lib/date.lib.php'; // Load translation files required by the page $langs->loadLangs(array("accountancy")); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $search_mvt_num = GETPOST('search_mvt_num', 'int'); -$search_doc_type = GETPOST("search_doc_type"); -$search_doc_ref = GETPOST("search_doc_ref"); +$search_doc_type = GETPOST("search_doc_type", 'alpha'); +$search_doc_ref = GETPOST("search_doc_ref", 'alpha'); $search_date_start = dol_mktime(0, 0, 0, GETPOST('search_date_startmonth', 'int'), GETPOST('search_date_startday', 'int'), GETPOST('search_date_startyear', 'int')); $search_date_end = dol_mktime(0, 0, 0, GETPOST('search_date_endmonth', 'int'), GETPOST('search_date_endday', 'int'), GETPOST('search_date_endyear', 'int')); $search_doc_date = dol_mktime(0, 0, 0, GETPOST('doc_datemonth', 'int'), GETPOST('doc_dateday', 'int'), GETPOST('doc_dateyear', 'int')); diff --git a/htdocs/accountancy/bookkeeping/listbyaccount.php b/htdocs/accountancy/bookkeeping/listbyaccount.php index c5726901e2e..16ee0883676 100644 --- a/htdocs/accountancy/bookkeeping/listbyaccount.php +++ b/htdocs/accountancy/bookkeeping/listbyaccount.php @@ -40,7 +40,7 @@ $langs->loadLangs(array("accountancy")); $page = GETPOST("page"); $sortorder = GETPOST("sortorder"); $sortfield = GETPOST("sortfield"); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $search_date_start = dol_mktime(0, 0, 0, GETPOST('search_date_startmonth', 'int'), GETPOST('search_date_startday', 'int'), GETPOST('search_date_startyear', 'int')); $search_date_end = dol_mktime(0, 0, 0, GETPOST('search_date_endmonth', 'int'), GETPOST('search_date_endday', 'int'), GETPOST('search_date_endyear', 'int')); $search_doc_date = dol_mktime(0, 0, 0, GETPOST('doc_datemonth', 'int'), GETPOST('doc_dateday', 'int'), GETPOST('doc_dateyear', 'int')); diff --git a/htdocs/accountancy/customer/card.php b/htdocs/accountancy/customer/card.php index 677bc627c80..f56e02f601c 100644 --- a/htdocs/accountancy/customer/card.php +++ b/htdocs/accountancy/customer/card.php @@ -30,7 +30,7 @@ require_once DOL_DOCUMENT_ROOT . '/core/class/html.formaccounting.class.php'; // Load translation files required by the page $langs->loadLangs(array("bills","accountancy")); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $cancel = GETPOST('cancel', 'alpha'); $backtopage = GETPOST('backtopage', 'alpha'); diff --git a/htdocs/accountancy/expensereport/card.php b/htdocs/accountancy/expensereport/card.php index b245e2539a7..da73db896fe 100644 --- a/htdocs/accountancy/expensereport/card.php +++ b/htdocs/accountancy/expensereport/card.php @@ -34,7 +34,7 @@ require_once DOL_DOCUMENT_ROOT . '/core/class/html.formaccounting.class.php'; // Load translation files required by the page $langs->loadLangs(array("bills","accountancy","trips")); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $cancel = GETPOST('cancel', 'alpha'); $backtopage = GETPOST('backtopage', 'alpha'); diff --git a/htdocs/accountancy/supplier/card.php b/htdocs/accountancy/supplier/card.php index 439b8625342..4b3122a04c6 100644 --- a/htdocs/accountancy/supplier/card.php +++ b/htdocs/accountancy/supplier/card.php @@ -34,7 +34,7 @@ require_once DOL_DOCUMENT_ROOT . '/core/class/html.formaccounting.class.php'; // Load translation files required by the page $langs->loadLangs(array("bills","accountancy")); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $cancel = GETPOST('cancel', 'alpha'); $backtopage = GETPOST('backtopage', 'alpha'); diff --git a/htdocs/adherents/admin/adherent_extrafields.php b/htdocs/adherents/admin/adherent_extrafields.php index 0ec1968ab34..cd3234643fa 100644 --- a/htdocs/adherents/admin/adherent_extrafields.php +++ b/htdocs/adherents/admin/adherent_extrafields.php @@ -39,7 +39,7 @@ $tmptype2label=ExtraFields::$type2label; $type2label=array(''); foreach ($tmptype2label as $key => $val) $type2label[$key]=$langs->transnoentitiesnoconv($val); -$action=GETPOST('action', 'alpha'); +$action=GETPOST('action', 'aZ09'); $attrname=GETPOST('attrname', 'alpha'); $elementtype='adherent'; //Must be the $table_element of the class that manage extrafield diff --git a/htdocs/adherents/admin/adherent_type_extrafields.php b/htdocs/adherents/admin/adherent_type_extrafields.php index 3a5226d00f4..0ab0f55a82e 100644 --- a/htdocs/adherents/admin/adherent_type_extrafields.php +++ b/htdocs/adherents/admin/adherent_type_extrafields.php @@ -42,7 +42,7 @@ $tmptype2label=ExtraFields::$type2label; $type2label=array(''); foreach ($tmptype2label as $key => $val) $type2label[$key]=$langs->transnoentitiesnoconv($val); -$action=GETPOST('action', 'alpha'); +$action=GETPOST('action', 'aZ09'); $attrname=GETPOST('attrname', 'alpha'); $elementtype='adherent_type'; //Must be the $table_element of the class that manage extrafield diff --git a/htdocs/adherents/admin/website.php b/htdocs/adherents/admin/website.php index 91df8e59ea5..c6e2d282e25 100644 --- a/htdocs/adherents/admin/website.php +++ b/htdocs/adherents/admin/website.php @@ -34,7 +34,7 @@ require_once DOL_DOCUMENT_ROOT.'/adherents/class/adherent_type.class.php'; // Load translation files required by the page $langs->loadLangs(array("admin","members")); -$action=GETPOST('action', 'alpha'); +$action=GETPOST('action', 'aZ09'); if (! $user->admin) accessforbidden(); diff --git a/htdocs/admin/agenda_extrafields.php b/htdocs/admin/agenda_extrafields.php index 887fba847e4..5c573be7fe9 100644 --- a/htdocs/admin/agenda_extrafields.php +++ b/htdocs/admin/agenda_extrafields.php @@ -45,7 +45,7 @@ $tmptype2label=ExtraFields::$type2label; $type2label=array(''); foreach ($tmptype2label as $key => $val) $type2label[$key]=$langs->transnoentitiesnoconv($val); -$action=GETPOST('action', 'alpha'); +$action=GETPOST('action', 'aZ09'); $attrname=GETPOST('attrname', 'alpha'); $elementtype='actioncomm'; //Must be the $table_element of the class that manage extrafield diff --git a/htdocs/admin/bank.php b/htdocs/admin/bank.php index 497d4748da8..3f9d2080d9c 100644 --- a/htdocs/admin/bank.php +++ b/htdocs/admin/bank.php @@ -37,7 +37,7 @@ $langs->loadLangs(array("admin","companies","bills","other","banks")); if (!$user->admin) accessforbidden(); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $value = GETPOST('value', 'alpha'); $label = GETPOST('label', 'alpha'); $scandir = GETPOST('scan_dir', 'alpha'); diff --git a/htdocs/admin/bank_extrafields.php b/htdocs/admin/bank_extrafields.php index 3b95c158f27..906111e5f9e 100644 --- a/htdocs/admin/bank_extrafields.php +++ b/htdocs/admin/bank_extrafields.php @@ -41,7 +41,7 @@ $tmptype2label=ExtraFields::$type2label; $type2label=array(''); foreach ($tmptype2label as $key => $val) $type2label[$key]=$langs->transnoentitiesnoconv($val); -$action=GETPOST('action', 'alpha'); +$action=GETPOST('action', 'aZ09'); $attrname=GETPOST('attrname', 'alpha'); $elementtype='bank_account'; //Must be the $element of the class that manage extrafield diff --git a/htdocs/admin/dav.php b/htdocs/admin/dav.php index e882a56e2b8..330c3c00f6a 100644 --- a/htdocs/admin/dav.php +++ b/htdocs/admin/dav.php @@ -32,7 +32,7 @@ if (!$user->admin) accessforbidden(); // Parameters -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $backtopage = GETPOST('backtopage', 'alpha'); $arrayofparameters=array( diff --git a/htdocs/admin/emailcollector_card.php b/htdocs/admin/emailcollector_card.php index b0bff70585e..db85f2f35eb 100644 --- a/htdocs/admin/emailcollector_card.php +++ b/htdocs/admin/emailcollector_card.php @@ -41,7 +41,7 @@ $langs->loadLangs(array("admin", "other")); // Get parameters $id = GETPOST('id', 'int'); $ref = GETPOST('ref', 'alpha'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $confirm = GETPOST('confirm', 'alpha'); $cancel = GETPOST('cancel', 'aZ09'); $contextpage= GETPOST('contextpage','aZ')?GETPOST('contextpage','aZ'):'myobjectcard'; // To manage different context of search @@ -145,6 +145,8 @@ if ($action == 'create') { print ''."\n"; + //unset($fields[]); + // Common attributes include DOL_DOCUMENT_ROOT . '/core/tpl/commonfields_add.tpl.php'; diff --git a/htdocs/admin/expedition_extrafields.php b/htdocs/admin/expedition_extrafields.php index b7c8ddffa71..8e2782e2e14 100644 --- a/htdocs/admin/expedition_extrafields.php +++ b/htdocs/admin/expedition_extrafields.php @@ -47,7 +47,7 @@ $tmptype2label=ExtraFields::$type2label; $type2label=array(''); foreach ($tmptype2label as $key => $val) $type2label[$key]=$langs->transnoentitiesnoconv($val); -$action=GETPOST('action', 'alpha'); +$action=GETPOST('action', 'aZ09'); $attrname=GETPOST('attrname', 'alpha'); $elementtype='expedition'; //Must be the $table_element of the class that manage extrafield diff --git a/htdocs/admin/expeditiondet_extrafields.php b/htdocs/admin/expeditiondet_extrafields.php index cc5a9bddfa5..3480c537c44 100644 --- a/htdocs/admin/expeditiondet_extrafields.php +++ b/htdocs/admin/expeditiondet_extrafields.php @@ -48,7 +48,7 @@ $tmptype2label=ExtraFields::$type2label; $type2label=array(''); foreach ($tmptype2label as $key => $val) $type2label[$key]=$langs->transnoentitiesnoconv($val); -$action=GETPOST('action', 'alpha'); +$action=GETPOST('action', 'aZ09'); $attrname=GETPOST('attrname', 'alpha'); $elementtype='expeditiondet'; //Must be the $table_element of the class that manage extrafield diff --git a/htdocs/admin/expensereport_extrafields.php b/htdocs/admin/expensereport_extrafields.php index 3fedf935405..ad3dc4732a2 100644 --- a/htdocs/admin/expensereport_extrafields.php +++ b/htdocs/admin/expensereport_extrafields.php @@ -44,7 +44,7 @@ $tmptype2label=ExtraFields::$type2label; $type2label=array(''); foreach ($tmptype2label as $key => $val) $type2label[$key]=$langs->transnoentitiesnoconv($val); -$action=GETPOST('action', 'alpha'); +$action=GETPOST('action', 'aZ09'); $attrname=GETPOST('attrname', 'alpha'); $elementtype='expensereport'; //Must be the $table_element of the class that manage extrafield diff --git a/htdocs/admin/livraison_extrafields.php b/htdocs/admin/livraison_extrafields.php index 55fe6f10362..2fced5d7a42 100644 --- a/htdocs/admin/livraison_extrafields.php +++ b/htdocs/admin/livraison_extrafields.php @@ -47,7 +47,7 @@ $tmptype2label=ExtraFields::$type2label; $type2label=array(''); foreach ($tmptype2label as $key => $val) $type2label[$key]=$langs->transnoentitiesnoconv($val); -$action=GETPOST('action', 'alpha'); +$action=GETPOST('action', 'aZ09'); $attrname=GETPOST('attrname', 'alpha'); $elementtype='livraison'; //Must be the $table_element of the class that manage extrafield diff --git a/htdocs/admin/livraisondet_extrafields.php b/htdocs/admin/livraisondet_extrafields.php index e70b4f2d09b..3788730579f 100644 --- a/htdocs/admin/livraisondet_extrafields.php +++ b/htdocs/admin/livraisondet_extrafields.php @@ -48,7 +48,7 @@ $tmptype2label=ExtraFields::$type2label; $type2label=array(''); foreach ($tmptype2label as $key => $val) $type2label[$key]=$langs->transnoentitiesnoconv($val); -$action=GETPOST('action', 'alpha'); +$action=GETPOST('action', 'aZ09'); $attrname=GETPOST('attrname', 'alpha'); $elementtype='livraisondet'; //Must be the $table_element of the class that manage extrafield diff --git a/htdocs/admin/loan.php b/htdocs/admin/loan.php index 419f6efbee9..a4677e46702 100644 --- a/htdocs/admin/loan.php +++ b/htdocs/admin/loan.php @@ -35,7 +35,7 @@ $langs->loadLangs(array('admin', 'loan')); if (!$user->admin) accessforbidden(); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); // Other parameters LOAN_* $list = array ( diff --git a/htdocs/admin/multicurrency.php b/htdocs/admin/multicurrency.php index 9843c6a4fb0..08d1b110233 100644 --- a/htdocs/admin/multicurrency.php +++ b/htdocs/admin/multicurrency.php @@ -38,7 +38,7 @@ if (! $user->admin) { } // Parameters -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); /* diff --git a/htdocs/admin/oauth.php b/htdocs/admin/oauth.php index 16827306bda..2405f662de6 100644 --- a/htdocs/admin/oauth.php +++ b/htdocs/admin/oauth.php @@ -40,7 +40,7 @@ $langs->loadLangs(array('admin', 'oauth')); if (!$user->admin) accessforbidden(); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); /* diff --git a/htdocs/admin/order_extrafields.php b/htdocs/admin/order_extrafields.php index 828bb13384f..6c4745baa69 100644 --- a/htdocs/admin/order_extrafields.php +++ b/htdocs/admin/order_extrafields.php @@ -45,7 +45,7 @@ $tmptype2label=ExtraFields::$type2label; $type2label=array(''); foreach ($tmptype2label as $key => $val) $type2label[$key]=$langs->transnoentitiesnoconv($val); -$action=GETPOST('action', 'alpha'); +$action=GETPOST('action', 'aZ09'); $attrname=GETPOST('attrname', 'alpha'); $elementtype='commande'; //Must be the $table_element of the class that manage extrafield diff --git a/htdocs/admin/orderdet_extrafields.php b/htdocs/admin/orderdet_extrafields.php index 929e49c4ab3..b7954931968 100644 --- a/htdocs/admin/orderdet_extrafields.php +++ b/htdocs/admin/orderdet_extrafields.php @@ -46,7 +46,7 @@ $tmptype2label=ExtraFields::$type2label; $type2label=array(''); foreach ($tmptype2label as $key => $val) $type2label[$key]=$langs->transnoentitiesnoconv($val); -$action=GETPOST('action', 'alpha'); +$action=GETPOST('action', 'aZ09'); $attrname=GETPOST('attrname', 'alpha'); $elementtype='commandedet'; //Must be the $table_element of the class that manage extrafield diff --git a/htdocs/admin/resource.php b/htdocs/admin/resource.php index 566e57e587b..781af5679d3 100644 --- a/htdocs/admin/resource.php +++ b/htdocs/admin/resource.php @@ -37,7 +37,7 @@ $langs->loadLangs(array("admin","resource")); if (!$user->admin) accessforbidden(); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); /* diff --git a/htdocs/admin/resource_extrafields.php b/htdocs/admin/resource_extrafields.php index b8ea860ac25..ef6eb54c0c1 100644 --- a/htdocs/admin/resource_extrafields.php +++ b/htdocs/admin/resource_extrafields.php @@ -44,7 +44,7 @@ $tmptype2label=ExtraFields::$type2label; $type2label=array(''); foreach ($tmptype2label as $key => $val) $type2label[$key]=$langs->transnoentitiesnoconv($val); -$action=GETPOST('action', 'alpha'); +$action=GETPOST('action', 'aZ09'); $attrname=GETPOST('attrname', 'alpha'); $elementtype='resource'; //Must be the $table_element of the class that manage extrafield diff --git a/htdocs/admin/salaries.php b/htdocs/admin/salaries.php index a68a4bda5a6..7bc037e6bba 100644 --- a/htdocs/admin/salaries.php +++ b/htdocs/admin/salaries.php @@ -35,7 +35,7 @@ $langs->loadLangs(array('admin', 'salaries')); if (!$user->admin) accessforbidden(); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); // Other parameters SALARIES_* $list = array ( diff --git a/htdocs/admin/supplier_invoice.php b/htdocs/admin/supplier_invoice.php index 3db96ddd8a4..426429b9071 100644 --- a/htdocs/admin/supplier_invoice.php +++ b/htdocs/admin/supplier_invoice.php @@ -42,7 +42,7 @@ accessforbidden(); $type=GETPOST('type', 'alpha'); $value=GETPOST('value', 'alpha'); -$action=GETPOST('action', 'alpha'); +$action=GETPOST('action', 'aZ09'); $scandir = GETPOST('scan_dir','alpha'); $specimenthirdparty=new Societe($db); diff --git a/htdocs/admin/supplier_order.php b/htdocs/admin/supplier_order.php index 72050867dfa..5b5c070964e 100644 --- a/htdocs/admin/supplier_order.php +++ b/htdocs/admin/supplier_order.php @@ -43,7 +43,7 @@ accessforbidden(); $type=GETPOST('type', 'alpha'); $value=GETPOST('value', 'alpha'); $label = GETPOST('label','alpha'); -$action=GETPOST('action', 'alpha'); +$action=GETPOST('action', 'aZ09'); $scandir = GETPOST('scan_dir','alpha'); $specimenthirdparty=new Societe($db); diff --git a/htdocs/admin/supplierinvoice_extrafields.php b/htdocs/admin/supplierinvoice_extrafields.php index bbda698a778..0a6f43a66d7 100644 --- a/htdocs/admin/supplierinvoice_extrafields.php +++ b/htdocs/admin/supplierinvoice_extrafields.php @@ -45,7 +45,7 @@ $tmptype2label=ExtraFields::$type2label; $type2label=array(''); foreach ($tmptype2label as $key => $val) $type2label[$key]=$langs->transnoentitiesnoconv($val); -$action=GETPOST('action', 'alpha'); +$action=GETPOST('action', 'aZ09'); $attrname=GETPOST('attrname', 'alpha'); $elementtype='facture_fourn'; //Must be the $table_element of the class that manage extrafield diff --git a/htdocs/admin/supplierinvoicedet_extrafields.php b/htdocs/admin/supplierinvoicedet_extrafields.php index cdf128871fd..94855870c24 100644 --- a/htdocs/admin/supplierinvoicedet_extrafields.php +++ b/htdocs/admin/supplierinvoicedet_extrafields.php @@ -47,7 +47,7 @@ $tmptype2label=ExtraFields::$type2label; $type2label=array(''); foreach ($tmptype2label as $key => $val) $type2label[$key]=$langs->transnoentitiesnoconv($val); -$action=GETPOST('action', 'alpha'); +$action=GETPOST('action', 'aZ09'); $attrname=GETPOST('attrname', 'alpha'); $elementtype='facture_fourn_det'; //Must be the $table_element of the class that manage extrafield diff --git a/htdocs/admin/supplierorder_extrafields.php b/htdocs/admin/supplierorder_extrafields.php index 640b6375c57..8922d380169 100644 --- a/htdocs/admin/supplierorder_extrafields.php +++ b/htdocs/admin/supplierorder_extrafields.php @@ -45,7 +45,7 @@ $tmptype2label=ExtraFields::$type2label; $type2label=array(''); foreach ($tmptype2label as $key => $val) $type2label[$key]=$langs->transnoentitiesnoconv($val); -$action=GETPOST('action', 'alpha'); +$action=GETPOST('action', 'aZ09'); $attrname=GETPOST('attrname', 'alpha'); $elementtype='commande_fournisseur'; //Must be the $table_element of the class that manage extrafield diff --git a/htdocs/admin/supplierorderdet_extrafields.php b/htdocs/admin/supplierorderdet_extrafields.php index 65fe0537ba7..9b6c993e3cb 100644 --- a/htdocs/admin/supplierorderdet_extrafields.php +++ b/htdocs/admin/supplierorderdet_extrafields.php @@ -46,7 +46,7 @@ $tmptype2label=ExtraFields::$type2label; $type2label=array(''); foreach ($tmptype2label as $key => $val) $type2label[$key]=$langs->transnoentitiesnoconv($val); -$action=GETPOST('action', 'alpha'); +$action=GETPOST('action', 'aZ09'); $attrname=GETPOST('attrname', 'alpha'); $elementtype='commande_fournisseurdet'; //Must be the $table_element of the class that manage extrafield diff --git a/htdocs/admin/ticket.php b/htdocs/admin/ticket.php index 5cf72b302c9..478f1082a96 100644 --- a/htdocs/admin/ticket.php +++ b/htdocs/admin/ticket.php @@ -37,7 +37,7 @@ if (!$user->admin) { // Parameters $value = GETPOST('value', 'alpha'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $label = GETPOST('label', 'alpha'); $scandir = GETPOST('scandir', 'alpha'); $type = 'ticket'; diff --git a/htdocs/admin/ticket_extrafields.php b/htdocs/admin/ticket_extrafields.php index 6fa70808ec8..cebc505b51d 100644 --- a/htdocs/admin/ticket_extrafields.php +++ b/htdocs/admin/ticket_extrafields.php @@ -39,7 +39,7 @@ foreach ($tmptype2label as $key => $val) { $type2label[$key] = $langs->trans($val); } -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $attrname = GETPOST('attrname', 'alpha'); $elementtype = 'ticket'; //Must be the $table_element of the class that manage extrafield diff --git a/htdocs/admin/tools/listevents.php b/htdocs/admin/tools/listevents.php index 9afe7c5fcb3..e6bde52379b 100644 --- a/htdocs/admin/tools/listevents.php +++ b/htdocs/admin/tools/listevents.php @@ -31,7 +31,7 @@ require_once DOL_DOCUMENT_ROOT.'/core/lib/date.lib.php'; if (! $user->admin) accessforbidden(); -$action=GETPOST('action', 'alpha'); +$action=GETPOST('action', 'aZ09'); $confirm=GETPOST('confirm','alpha'); // Security check diff --git a/htdocs/admin/tools/listsessions.php b/htdocs/admin/tools/listsessions.php index 8ddc1d65525..79e6bc1abba 100644 --- a/htdocs/admin/tools/listsessions.php +++ b/htdocs/admin/tools/listsessions.php @@ -31,7 +31,7 @@ $langs->loadLangs(array("companies","install","users","other")); if (! $user->admin) accessforbidden(); -$action=GETPOST('action', 'alpha'); +$action=GETPOST('action', 'aZ09'); $confirm=GETPOST('confirm', 'alpha'); // Security check diff --git a/htdocs/admin/workflow.php b/htdocs/admin/workflow.php index 24a39ce827a..760ccc8a5c3 100644 --- a/htdocs/admin/workflow.php +++ b/htdocs/admin/workflow.php @@ -32,7 +32,7 @@ $langs->loadLangs(array("admin","workflow","propal","workflow","orders","supplie if (! $user->admin) accessforbidden(); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); /* * Actions diff --git a/htdocs/asset/admin/assets_extrafields.php b/htdocs/asset/admin/assets_extrafields.php index f220d5cb849..ea8f015184c 100644 --- a/htdocs/asset/admin/assets_extrafields.php +++ b/htdocs/asset/admin/assets_extrafields.php @@ -37,7 +37,7 @@ $tmptype2label=ExtraFields::$type2label; $type2label=array(''); foreach ($tmptype2label as $key => $val) $type2label[$key]=$langs->transnoentitiesnoconv($val); -$action=GETPOST('action', 'alpha'); +$action=GETPOST('action', 'aZ09'); $attrname=GETPOST('attrname', 'alpha'); $elementtype='don'; //Must be the $table_element of the class that manage extrafield diff --git a/htdocs/asset/admin/assets_type_extrafields.php b/htdocs/asset/admin/assets_type_extrafields.php index a791078f37b..56ce8e81102 100644 --- a/htdocs/asset/admin/assets_type_extrafields.php +++ b/htdocs/asset/admin/assets_type_extrafields.php @@ -36,7 +36,7 @@ $tmptype2label=ExtraFields::$type2label; $type2label=array(''); foreach ($tmptype2label as $key => $val) $type2label[$key]=$langs->transnoentitiesnoconv($val); -$action=GETPOST('action', 'alpha'); +$action=GETPOST('action', 'aZ09'); $attrname=GETPOST('attrname', 'alpha'); $elementtype='adherent_type'; //Must be the $table_element of the class that manage extrafield diff --git a/htdocs/asset/admin/setup.php b/htdocs/asset/admin/setup.php index 57738309abd..dc6e03fe267 100644 --- a/htdocs/asset/admin/setup.php +++ b/htdocs/asset/admin/setup.php @@ -35,7 +35,7 @@ $langs->loadLangs(array("admin", "assets")); if (! $user->admin) accessforbidden(); // Parameters -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $backtopage = GETPOST('backtopage', 'alpha'); $arrayofparameters=array('FIXEDASSETS_MYPARAM1'=>array('css'=>'minwidth200'), 'FIXEDASSETS_MYPARAM2'=>array('css'=>'minwidth500')); diff --git a/htdocs/asset/card.php b/htdocs/asset/card.php index 4f7061aed20..624543a0660 100644 --- a/htdocs/asset/card.php +++ b/htdocs/asset/card.php @@ -34,7 +34,7 @@ $langs->loadLangs(array("asset")); // Get parameters $id = GETPOST('id', 'int'); $ref = GETPOST('ref', 'alpha'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $cancel = GETPOST('cancel', 'aZ09'); $backtopage = GETPOST('backtopage', 'alpha'); diff --git a/htdocs/asset/note.php b/htdocs/asset/note.php index f76c6ea028f..a4595f266fe 100644 --- a/htdocs/asset/note.php +++ b/htdocs/asset/note.php @@ -32,7 +32,7 @@ $langs->loadLangs(array("asset","companies")); // Get parameters $id = GETPOST('id', 'int'); $ref = GETPOST('ref', 'alpha'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $cancel = GETPOST('cancel', 'aZ09'); $backtopage = GETPOST('backtopage', 'alpha'); diff --git a/htdocs/categories/admin/categorie_extrafields.php b/htdocs/categories/admin/categorie_extrafields.php index abea3f41eeb..a0bd11eb807 100644 --- a/htdocs/categories/admin/categorie_extrafields.php +++ b/htdocs/categories/admin/categorie_extrafields.php @@ -39,7 +39,7 @@ $tmptype2label=ExtraFields::$type2label; $type2label=array(''); foreach ($tmptype2label as $key => $val) $type2label[$key]=$langs->transnoentitiesnoconv($val); -$action=GETPOST('action', 'alpha'); +$action=GETPOST('action', 'aZ09'); $attrname=GETPOST('attrname', 'alpha'); $elementtype='categorie'; //Must be the $element of the class that manage extrafield diff --git a/htdocs/comm/action/document.php b/htdocs/comm/action/document.php index a5998e220f7..d6879c7a3d9 100644 --- a/htdocs/comm/action/document.php +++ b/htdocs/comm/action/document.php @@ -40,7 +40,7 @@ if (! empty($conf->projet->enabled)) require_once DOL_DOCUMENT_ROOT.'/projet/cla $langs->loadLangs(array('companies', 'commercial', 'other', 'bills')); $id = GETPOST('id', 'int'); -$action=GETPOST('action', 'alpha'); +$action=GETPOST('action', 'aZ09'); $confirm = GETPOST('confirm', 'alpha'); // Security check diff --git a/htdocs/comm/admin/propal_extrafields.php b/htdocs/comm/admin/propal_extrafields.php index becfabc949c..714a330ce05 100644 --- a/htdocs/comm/admin/propal_extrafields.php +++ b/htdocs/comm/admin/propal_extrafields.php @@ -39,7 +39,7 @@ $tmptype2label=ExtraFields::$type2label; $type2label=array(''); foreach ($tmptype2label as $key => $val) $type2label[$key]=$langs->transnoentitiesnoconv($val); -$action=GETPOST('action', 'alpha'); +$action=GETPOST('action', 'aZ09'); $attrname=GETPOST('attrname', 'alpha'); $elementtype='propal'; //Must be the $table_element of the class that manage extrafield diff --git a/htdocs/comm/admin/propaldet_extrafields.php b/htdocs/comm/admin/propaldet_extrafields.php index 7172c0e5b7c..f7508005f59 100644 --- a/htdocs/comm/admin/propaldet_extrafields.php +++ b/htdocs/comm/admin/propaldet_extrafields.php @@ -46,7 +46,7 @@ $tmptype2label=ExtraFields::$type2label; $type2label=array(''); foreach ($tmptype2label as $key => $val) $type2label[$key]=$langs->transnoentitiesnoconv($val); -$action=GETPOST('action', 'alpha'); +$action=GETPOST('action', 'aZ09'); $attrname=GETPOST('attrname', 'alpha'); $elementtype='propaldet'; //Must be the $table_element of the class that manage extrafield diff --git a/htdocs/comm/index.php b/htdocs/comm/index.php index cb384408e91..7467985d34a 100644 --- a/htdocs/comm/index.php +++ b/htdocs/comm/index.php @@ -40,7 +40,7 @@ if (! $user->rights->societe->lire) accessforbidden(); // Load translation files required by the page $langs->loadLangs(array("commercial", "propal")); -$action=GETPOST('action', 'alpha'); +$action=GETPOST('action', 'aZ09'); $bid=GETPOST('bid', 'int'); // Securite acces client diff --git a/htdocs/comm/propal/card.php b/htdocs/comm/propal/card.php index f07a5cdfac8..fe6946fc111 100644 --- a/htdocs/comm/propal/card.php +++ b/htdocs/comm/propal/card.php @@ -68,7 +68,7 @@ $error = 0; $id = GETPOST('id', 'int'); $ref = GETPOST('ref', 'alpha'); $socid = GETPOST('socid', 'int'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $cancel = GETPOST('cancel', 'alpha'); $origin = GETPOST('origin', 'alpha'); $originid = GETPOST('originid', 'int'); diff --git a/htdocs/commande/card.php b/htdocs/commande/card.php index f468bd4b146..17cbe9d670f 100644 --- a/htdocs/commande/card.php +++ b/htdocs/commande/card.php @@ -66,7 +66,7 @@ if (! empty($conf->productbatch->enabled)) $langs->load("productbatch"); $id = (GETPOST('id', 'int') ? GETPOST('id', 'int') : GETPOST('orderid', 'int')); $ref = GETPOST('ref', 'alpha'); $socid = GETPOST('socid', 'int'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $cancel = GETPOST('cancel', 'alpha'); $confirm = GETPOST('confirm', 'alpha'); $lineid = GETPOST('lineid', 'int'); diff --git a/htdocs/compta/bank/document.php b/htdocs/compta/bank/document.php index f908b68b35c..4f73a9972a4 100644 --- a/htdocs/compta/bank/document.php +++ b/htdocs/compta/bank/document.php @@ -36,7 +36,7 @@ $langs->loadLangs(array('banks', 'companies', 'other')); $id = (GETPOST('id', 'int') ? GETPOST('id', 'int') : GETPOST('account', 'int')); $ref = GETPOST('ref', 'alpha'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $confirm = GETPOST('confirm', 'alpha'); $mesg = ''; diff --git a/htdocs/compta/bank/releve.php b/htdocs/compta/bank/releve.php index 3f1bede8e20..5dad19a9b45 100644 --- a/htdocs/compta/bank/releve.php +++ b/htdocs/compta/bank/releve.php @@ -44,7 +44,7 @@ require_once DOL_DOCUMENT_ROOT.'/core/lib/functions.lib.php'; // Load translation files required by the page $langs->loadLangs(array("banks","categories","companies","bills","trips")); -$action=GETPOST('action', 'alpha'); +$action=GETPOST('action', 'aZ09'); $id=GETPOST('account','int'); $ref=GETPOST('ref','alpha'); $dvid=GETPOST('dvid','alpha'); diff --git a/htdocs/compta/bank/various_payment/card.php b/htdocs/compta/bank/various_payment/card.php index 0f417777417..bfa0eb71615 100644 --- a/htdocs/compta/bank/various_payment/card.php +++ b/htdocs/compta/bank/various_payment/card.php @@ -41,7 +41,7 @@ $langs->loadLangs(array("compta", "banks", "bills", "users", "accountancy")); // Get parameters $id = GETPOST('id', 'int'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $cancel = GETPOST('cancel', 'aZ09'); $backtopage = GETPOST('backtopage', 'alpha'); diff --git a/htdocs/compta/facture/admin/facture_cust_extrafields.php b/htdocs/compta/facture/admin/facture_cust_extrafields.php index 1fe26e82a54..b284d5a906b 100644 --- a/htdocs/compta/facture/admin/facture_cust_extrafields.php +++ b/htdocs/compta/facture/admin/facture_cust_extrafields.php @@ -40,7 +40,7 @@ $tmptype2label=ExtraFields::$type2label; $type2label=array(''); foreach ($tmptype2label as $key => $val) $type2label[$key]=$langs->transnoentitiesnoconv($val); -$action=GETPOST('action', 'alpha'); +$action=GETPOST('action', 'aZ09'); $attrname=GETPOST('attrname', 'alpha'); $elementtype='facture'; //Must be the $table_element of the class that manage extrafield diff --git a/htdocs/compta/facture/admin/facture_rec_cust_extrafields.php b/htdocs/compta/facture/admin/facture_rec_cust_extrafields.php index 23c0d79a33c..1b9da2c5536 100644 --- a/htdocs/compta/facture/admin/facture_rec_cust_extrafields.php +++ b/htdocs/compta/facture/admin/facture_rec_cust_extrafields.php @@ -41,7 +41,7 @@ $tmptype2label=ExtraFields::$type2label; $type2label=array(''); foreach ($tmptype2label as $key => $val) $type2label[$key]=$langs->transnoentitiesnoconv($val); -$action=GETPOST('action', 'alpha'); +$action=GETPOST('action', 'aZ09'); $attrname=GETPOST('attrname', 'alpha'); $elementtype='facture_rec'; //Must be the $table_element of the class that manage extrafield diff --git a/htdocs/compta/facture/admin/facturedet_cust_extrafields.php b/htdocs/compta/facture/admin/facturedet_cust_extrafields.php index 0947f788719..bbd79ad6153 100644 --- a/htdocs/compta/facture/admin/facturedet_cust_extrafields.php +++ b/htdocs/compta/facture/admin/facturedet_cust_extrafields.php @@ -41,7 +41,7 @@ $tmptype2label=ExtraFields::$type2label; $type2label=array(''); foreach ($tmptype2label as $key => $val) $type2label[$key]=$langs->transnoentitiesnoconv($val); -$action=GETPOST('action', 'alpha'); +$action=GETPOST('action', 'aZ09'); $attrname=GETPOST('attrname', 'alpha'); $elementtype='facturedet'; //Must be the $table_element of the class that manage extrafield diff --git a/htdocs/compta/facture/admin/facturedet_rec_cust_extrafields.php b/htdocs/compta/facture/admin/facturedet_rec_cust_extrafields.php index 46d9ed28335..049b44f6b10 100644 --- a/htdocs/compta/facture/admin/facturedet_rec_cust_extrafields.php +++ b/htdocs/compta/facture/admin/facturedet_rec_cust_extrafields.php @@ -41,7 +41,7 @@ $tmptype2label=ExtraFields::$type2label; $type2label=array(''); foreach ($tmptype2label as $key => $val) $type2label[$key]=$langs->transnoentitiesnoconv($val); -$action=GETPOST('action', 'alpha'); +$action=GETPOST('action', 'aZ09'); $attrname=GETPOST('attrname', 'alpha'); $elementtype='facturedet_rec'; //Must be the $table_element of the class that manage extrafield diff --git a/htdocs/compta/facture/card.php b/htdocs/compta/facture/card.php index 7366a091056..6bbaf318de8 100644 --- a/htdocs/compta/facture/card.php +++ b/htdocs/compta/facture/card.php @@ -75,7 +75,7 @@ $projectid = (GETPOST('projectid','int') ? GETPOST('projectid', 'int') : 0); $id = (GETPOST('id', 'int') ? GETPOST('id', 'int') : GETPOST('facid', 'int')); // For backward compatibility $ref = GETPOST('ref', 'alpha'); $socid = GETPOST('socid', 'int'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $confirm = GETPOST('confirm', 'alpha'); $cancel = GETPOST('cancel', 'alpha'); $lineid = GETPOST('lineid', 'int'); diff --git a/htdocs/compta/index.php b/htdocs/compta/index.php index 692849d2fa6..45a0b452dd9 100644 --- a/htdocs/compta/index.php +++ b/htdocs/compta/index.php @@ -50,7 +50,7 @@ $langs->loadLangs(array('compta', 'bills')); if (! empty($conf->commande->enabled)) $langs->load("orders"); -$action=GETPOST('action', 'alpha'); +$action=GETPOST('action', 'aZ09'); $bid=GETPOST('bid', 'int'); // Security check diff --git a/htdocs/compta/paiement/cheque/card.php b/htdocs/compta/paiement/cheque/card.php index 9f42ef9b16c..10276132e69 100644 --- a/htdocs/compta/paiement/cheque/card.php +++ b/htdocs/compta/paiement/cheque/card.php @@ -38,7 +38,7 @@ $langs->loadLangs(array('banks', 'categories', 'bills', 'companies', 'compta')); $id =GETPOST('id','int'); $ref=GETPOST('ref', 'alpha'); -$action=GETPOST('action', 'alpha'); +$action=GETPOST('action', 'aZ09'); $confirm=GETPOST('confirm', 'alpha'); // Security check diff --git a/htdocs/compta/paiement_charge.php b/htdocs/compta/paiement_charge.php index 38cee6b8434..bc36a5bd163 100644 --- a/htdocs/compta/paiement_charge.php +++ b/htdocs/compta/paiement_charge.php @@ -31,7 +31,7 @@ require_once DOL_DOCUMENT_ROOT.'/compta/bank/class/account.class.php'; $langs->load("bills"); $chid=GETPOST("id", 'int'); -$action=GETPOST('action', 'alpha'); +$action=GETPOST('action', 'aZ09'); $amounts = array(); // Security check diff --git a/htdocs/contrat/admin/contract_extrafields.php b/htdocs/contrat/admin/contract_extrafields.php index d19c91e0bf2..b3ddec32c43 100644 --- a/htdocs/contrat/admin/contract_extrafields.php +++ b/htdocs/contrat/admin/contract_extrafields.php @@ -42,7 +42,7 @@ $tmptype2label=ExtraFields::$type2label; $type2label=array(''); foreach ($tmptype2label as $key => $val) $type2label[$key]=$langs->transnoentitiesnoconv($val); -$action=GETPOST('action', 'alpha'); +$action=GETPOST('action', 'aZ09'); $attrname=GETPOST('attrname', 'alpha'); $elementtype='contrat'; //Must be the $element of the class that manage extrafield diff --git a/htdocs/contrat/admin/contractdet_extrafields.php b/htdocs/contrat/admin/contractdet_extrafields.php index af2585eaf3a..fadfdfb72a6 100644 --- a/htdocs/contrat/admin/contractdet_extrafields.php +++ b/htdocs/contrat/admin/contractdet_extrafields.php @@ -42,7 +42,7 @@ $tmptype2label=ExtraFields::$type2label; $type2label=array(''); foreach ($tmptype2label as $key => $val) $type2label[$key]=$langs->transnoentitiesnoconv($val); -$action=GETPOST('action', 'alpha'); +$action=GETPOST('action', 'aZ09'); $attrname=GETPOST('attrname', 'alpha'); $elementtype='contratdet'; //Must be the $element of the class that manage extrafield diff --git a/htdocs/core/ajax/selectobject.php b/htdocs/core/ajax/selectobject.php index 0c52c490512..23baabe4bed 100644 --- a/htdocs/core/ajax/selectobject.php +++ b/htdocs/core/ajax/selectobject.php @@ -33,7 +33,7 @@ $objectdesc=GETPOST('objectdesc', 'alpha'); $htmlname=GETPOST('htmlname', 'aZ09'); $sqlfilter=GETPOST('sqlfilter', 'alpha'); $outjson=(GETPOST('outjson', 'int') ? GETPOST('outjson', 'int') : 0); -$action=GETPOST('action', 'alpha'); +$action=GETPOST('action', 'aZ09'); $id=GETPOST('id', 'int'); diff --git a/htdocs/core/lib/functions.lib.php b/htdocs/core/lib/functions.lib.php index 1210e4da56e..e7c0cfe2f7e 100644 --- a/htdocs/core/lib/functions.lib.php +++ b/htdocs/core/lib/functions.lib.php @@ -6811,18 +6811,19 @@ function dol_getIdFromCode($db, $key, $tablename, $fieldkey='code', $fieldid='id * Verify if condition in string is ok or not * * @param string $strRights String with condition to check - * @return boolean True or False. Return true if strRights is '' + * @return boolean True or False. Return True if strRights is '' */ function verifCond($strRights) { global $user,$conf,$langs; - global $leftmenu; + global $action,$leftmenu; global $rights; // To export to dol_eval function //print $strRights."
\n"; $rights = true; if ($strRights != '') { + $action = preg_replace('/[a-zA-Z0-9_') //$tab_rights = explode('&&', $strRights); //$i = 0; //while (($i < count($tab_rights)) && ($rights == true)) { diff --git a/htdocs/core/modules/oauth/github_oauthcallback.php b/htdocs/core/modules/oauth/github_oauthcallback.php index 052964eca66..23108f74365 100644 --- a/htdocs/core/modules/oauth/github_oauthcallback.php +++ b/htdocs/core/modules/oauth/github_oauthcallback.php @@ -35,7 +35,7 @@ $urlwithroot=$urlwithouturlroot.DOL_URL_ROOT; // This is to use external domain -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $backtourl = GETPOST('backtourl', 'alpha'); diff --git a/htdocs/core/modules/oauth/google_oauthcallback.php b/htdocs/core/modules/oauth/google_oauthcallback.php index b63aca5bdf6..67a0a2f36f0 100644 --- a/htdocs/core/modules/oauth/google_oauthcallback.php +++ b/htdocs/core/modules/oauth/google_oauthcallback.php @@ -35,7 +35,7 @@ $urlwithroot=$urlwithouturlroot.DOL_URL_ROOT; // This is to use external domain -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $backtourl = GETPOST('backtourl', 'alpha'); diff --git a/htdocs/core/modules/oauth/stripetest_oauthcallback.php b/htdocs/core/modules/oauth/stripetest_oauthcallback.php index 3a663cd7162..6a4c7bfda2a 100644 --- a/htdocs/core/modules/oauth/stripetest_oauthcallback.php +++ b/htdocs/core/modules/oauth/stripetest_oauthcallback.php @@ -35,7 +35,7 @@ $urlwithroot=$urlwithouturlroot.DOL_URL_ROOT; // This is to use external domain -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $backtourl = GETPOST('backtourl', 'alpha'); diff --git a/htdocs/core/tpl/commonfields_add.tpl.php b/htdocs/core/tpl/commonfields_add.tpl.php index 0ea4e6fa03b..1e85f1ef833 100644 --- a/htdocs/core/tpl/commonfields_add.tpl.php +++ b/htdocs/core/tpl/commonfields_add.tpl.php @@ -40,8 +40,8 @@ foreach($object->fields as $key => $val) // Discard if extrafield is a hidden field on form if (abs($val['visible']) != 1) continue; - if (array_key_exists('enabled', $val) && isset($val['enabled']) && ! $val['enabled']) continue; // We don't want this field - + if (array_key_exists('enabled', $val) && isset($val['enabled']) && ! verifCond($val['enabled'])) continue; // We don't want this field + var_dump($val['enabled']); print ''; print ' array('type'=>'varchar(128)', 'label'=>'User', 'visible'=>1, 'enabled'=>1, 'position'=>101, 'notnull'=>1, 'index'=>1, 'comment'=>"IMAP login",), - 'password' => array('type'=>'password', 'label'=>'Password', 'visible'=>-1, 'enabled'=>1, 'position'=>102, 'notnull'=>1, 'comment'=>"IMAP password",), + 'ref' =>array('type'=>'varchar(128)', 'label'=>'Ref', 'enabled'=>1, 'visible'=>1, 'notnull'=>1, 'showoncombobox'=>1, 'index'=>1, 'position'=>10, 'searchall'=>1, 'help'=>'Example: MyCollector1'), + 'label' => array('type'=>'varchar(255)', 'label'=>'Label', 'visible'=>1, 'enabled'=>1, 'position'=>30, 'notnull'=>-1, 'searchall'=>1, 'help'=>'Example: My Email collector'), + 'description' => array('type'=>'text', 'label'=>'Description', 'visible'=>-1, 'enabled'=>1, 'position'=>60, 'notnull'=>-1), + 'host' => array('type'=>'varchar(255)', 'label'=>'EMailHost', 'visible'=>1, 'enabled'=>1, 'position'=>100, 'notnull'=>1, 'searchall'=>1, 'comment'=>"IMAP server", 'help'=>'Example: imap.gmail.com'), + 'user' => array('type'=>'varchar(128)', 'label'=>'User', 'visible'=>1, 'enabled'=>1, 'position'=>101, 'notnull'=>1, 'index'=>1, 'comment'=>"IMAP login", 'help'=>'Example: myacount@gmail.com'), + 'password' => array('type'=>'password', 'label'=>'Password', 'visible'=>-1, 'enabled'=>1, 'position'=>102, 'notnull'=>1, 'comment'=>"IMAP password"), 'source_directory' => array('type'=>'varchar(255)', 'label'=>'MailboxSourceDirectory', 'visible'=>-1, 'enabled'=>1, 'position'=>103, 'notnull'=>1, 'default' => 'Inbox'), //'filter' => array('type'=>'text', 'label'=>'Filter', 'visible'=>1, 'enabled'=>1, 'position'=>105), //'actiontodo' => array('type'=>'varchar(255)', 'label'=>'ActionToDo', 'visible'=>1, 'enabled'=>1, 'position'=>106), 'target_directory' => array('type'=>'varchar(255)', 'label'=>'MailboxTargetDirectory', 'visible'=>1, 'enabled'=>1, 'position'=>110, 'notnull'=>0, 'comment'=>"Where to store messages once processed"), - 'datelastresult' => array('type'=>'datetime', 'label'=>'DateLastResult', 'visible'=>-2, 'enabled'=>1, 'position'=>121, 'notnull'=>-1,), - 'lastresult' => array('type'=>'varchar(255)', 'label'=>'LastResult', 'visible'=>1, 'enabled'=>1, 'position'=>122, 'notnull'=>-1,), + 'datelastresult' => array('type'=>'datetime', 'label'=>'DateLastResult', 'visible'=>1, 'enabled'=>'$action != "create"', 'position'=>121, 'notnull'=>-1,), + 'lastresult' => array('type'=>'varchar(255)', 'label'=>'LastResult', 'visible'=>1, 'enabled'=>'$action != "create"', 'position'=>122, 'notnull'=>-1,), 'note_public' => array('type'=>'html', 'label'=>'NotePublic', 'visible'=>0, 'enabled'=>1, 'position'=>61, 'notnull'=>-1,), 'note_private' => array('type'=>'html', 'label'=>'NotePrivate', 'visible'=>0, 'enabled'=>1, 'position'=>62, 'notnull'=>-1,), 'date_creation' => array('type'=>'datetime', 'label'=>'DateCreation', 'visible'=>-2, 'enabled'=>1, 'position'=>500, 'notnull'=>1,), diff --git a/htdocs/exports/export.php b/htdocs/exports/export.php index f0060ffd029..f8816dabbf0 100644 --- a/htdocs/exports/export.php +++ b/htdocs/exports/export.php @@ -124,7 +124,7 @@ $entitytolang = array( $array_selected=isset($_SESSION["export_selected_fields"])?$_SESSION["export_selected_fields"]:array(); $array_filtervalue=isset($_SESSION["export_filtered_fields"])?$_SESSION["export_filtered_fields"]:array(); $datatoexport=GETPOST("datatoexport"); -$action=GETPOST('action', 'alpha'); +$action=GETPOST('action', 'aZ09'); $confirm=GETPOST('confirm', 'alpha'); $step=GETPOST("step")?GETPOST("step"):1; $export_name=GETPOST("export_name"); diff --git a/htdocs/fichinter/admin/fichinter_extrafields.php b/htdocs/fichinter/admin/fichinter_extrafields.php index bcda9b4847b..c82fa3a0bdc 100644 --- a/htdocs/fichinter/admin/fichinter_extrafields.php +++ b/htdocs/fichinter/admin/fichinter_extrafields.php @@ -41,7 +41,7 @@ $tmptype2label=ExtraFields::$type2label; $type2label=array(''); foreach ($tmptype2label as $key => $val) $type2label[$key]=$langs->transnoentitiesnoconv($val); -$action=GETPOST('action', 'alpha'); +$action=GETPOST('action', 'aZ09'); $attrname=GETPOST('attrname', 'alpha'); $elementtype='fichinter'; //Must be the $element of the class that manage extrafield diff --git a/htdocs/fichinter/admin/fichinterdet_extrafields.php b/htdocs/fichinter/admin/fichinterdet_extrafields.php index 8046ef41a18..bcdfb484fdd 100644 --- a/htdocs/fichinter/admin/fichinterdet_extrafields.php +++ b/htdocs/fichinter/admin/fichinterdet_extrafields.php @@ -41,7 +41,7 @@ $tmptype2label=ExtraFields::$type2label; $type2label=array(''); foreach ($tmptype2label as $key => $val) $type2label[$key]=$langs->transnoentitiesnoconv($val); -$action=GETPOST('action', 'alpha'); +$action=GETPOST('action', 'aZ09'); $attrname=GETPOST('attrname', 'alpha'); $elementtype='fichinterdet'; //Must be the $element of the class that manage extrafield diff --git a/htdocs/fichinter/card-rec.php b/htdocs/fichinter/card-rec.php index 4b8aa9bb43d..c53c9ed8688 100644 --- a/htdocs/fichinter/card-rec.php +++ b/htdocs/fichinter/card-rec.php @@ -51,7 +51,7 @@ $langs->loadLangs(array("interventions","admin","compta","bills")); // Security check $id=(GETPOST('fichinterid', 'int')?GETPOST('fichinterid', 'int'):GETPOST('id', 'int')); -$action=GETPOST('action', 'alpha'); +$action=GETPOST('action', 'aZ09'); if ($user->societe_id) $socid=$user->societe_id; $objecttype = 'fichinter_rec'; if ($action == "create" || $action == "add") $objecttype = ''; diff --git a/htdocs/fourn/commande/contact.php b/htdocs/fourn/commande/contact.php index c69c92ead29..77d40736e50 100644 --- a/htdocs/fourn/commande/contact.php +++ b/htdocs/fourn/commande/contact.php @@ -38,7 +38,7 @@ $langs->loadLangs(array("facture","orders","sendings","companies")); $id = GETPOST('id', 'int'); $ref = GETPOST('ref', 'alpha'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); // Security check if ($user->societe_id) $socid=$user->societe_id; diff --git a/htdocs/fourn/commande/orderstoinvoice.php b/htdocs/fourn/commande/orderstoinvoice.php index 5456627384e..a6b22c52766 100644 --- a/htdocs/fourn/commande/orderstoinvoice.php +++ b/htdocs/fourn/commande/orderstoinvoice.php @@ -49,7 +49,7 @@ if (! $user->rights->fournisseur->facture->creer) $id = (GETPOST('id') ? GETPOST('id', 'int') : GETPOST("facid")); // For backward compatibility $ref = GETPOST('ref', 'alpha'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $confirm = GETPOST('confirm', 'alpha'); $sref = GETPOST('sref'); $sref_client = GETPOST('sref_client'); diff --git a/htdocs/holiday/card.php b/htdocs/holiday/card.php index a1bf6e3fa6a..a16ed1a1115 100644 --- a/htdocs/holiday/card.php +++ b/htdocs/holiday/card.php @@ -39,7 +39,7 @@ require_once DOL_DOCUMENT_ROOT.'/core/lib/holiday.lib.php'; require_once DOL_DOCUMENT_ROOT.'/holiday/common.inc.php'; // Get parameters -$action=GETPOST('action', 'alpha'); +$action=GETPOST('action', 'aZ09'); $id=GETPOST('id', 'int'); $ref=GETPOST('ref', 'alpha'); $fuserid = (GETPOST('fuserid','int')?GETPOST('fuserid','int'):$user->id); diff --git a/htdocs/hrm/admin/admin_hrm.php b/htdocs/hrm/admin/admin_hrm.php index c61480347bb..3c3f3123f3e 100644 --- a/htdocs/hrm/admin/admin_hrm.php +++ b/htdocs/hrm/admin/admin_hrm.php @@ -30,7 +30,7 @@ $langs->loadLangs(array('admin', 'hrm')); if (! $user->admin) accessforbidden(); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); // Other parameters HRM_* $list = array ( diff --git a/htdocs/langs/en_US/admin.lang b/htdocs/langs/en_US/admin.lang index 5f8af37833c..72d87a358a9 100644 --- a/htdocs/langs/en_US/admin.lang +++ b/htdocs/langs/en_US/admin.lang @@ -1820,6 +1820,7 @@ EMailHost=Host of email IMAP server MailboxSourceDirectory=Mailbox source directory MailboxTargetDirectory=Mailbox target directory CollectNow=Collect now +DateLastResult=Date last collect LastResult=Last result ##### Resource #### ResourceSetup=Configuration du module Resource diff --git a/htdocs/livraison/card.php b/htdocs/livraison/card.php index 06b9d6e5682..4cf7b3ef411 100644 --- a/htdocs/livraison/card.php +++ b/htdocs/livraison/card.php @@ -50,7 +50,7 @@ $langs->loadLangs(array("sendings","bills",'deliveries','orders')); if (!empty($conf->incoterm->enabled)) $langs->load('incoterm'); -$action=GETPOST('action', 'alpha'); +$action=GETPOST('action', 'aZ09'); $confirm=GETPOST('confirm', 'alpha'); $backtopage=GETPOST('backtopage','alpha'); diff --git a/htdocs/modulebuilder/admin/setup.php b/htdocs/modulebuilder/admin/setup.php index 6ca9bfe2a1e..00baa0f42d4 100644 --- a/htdocs/modulebuilder/admin/setup.php +++ b/htdocs/modulebuilder/admin/setup.php @@ -29,7 +29,7 @@ $langs->loadLangs(array("admin", "other", "modulebuilder")); if (!$user->admin || empty($conf->modulebuilder->enabled)) accessforbidden(); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $backtopage = GETPOST('backtopage', 'alpha'); /* diff --git a/htdocs/modulebuilder/template/admin/about.php b/htdocs/modulebuilder/template/admin/about.php index e580c6c7457..1ddcd3126d8 100644 --- a/htdocs/modulebuilder/template/admin/about.php +++ b/htdocs/modulebuilder/template/admin/about.php @@ -48,7 +48,7 @@ $langs->loadLangs(array("errors","admin","mymodule@mymodule")); if (! $user->admin) accessforbidden(); // Parameters -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $backtopage = GETPOST('backtopage', 'alpha'); diff --git a/htdocs/modulebuilder/template/admin/setup.php b/htdocs/modulebuilder/template/admin/setup.php index 6e0be4d0011..06600d3918e 100644 --- a/htdocs/modulebuilder/template/admin/setup.php +++ b/htdocs/modulebuilder/template/admin/setup.php @@ -50,7 +50,7 @@ $langs->loadLangs(array("admin", "mymodule@mymodule")); if (! $user->admin) accessforbidden(); // Parameters -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $backtopage = GETPOST('backtopage', 'alpha'); $arrayofparameters=array( diff --git a/htdocs/modulebuilder/template/mymoduleindex.php b/htdocs/modulebuilder/template/mymoduleindex.php index b2b9356217e..969882902c8 100644 --- a/htdocs/modulebuilder/template/mymoduleindex.php +++ b/htdocs/modulebuilder/template/mymoduleindex.php @@ -44,7 +44,7 @@ require_once DOL_DOCUMENT_ROOT.'/core/class/html.formfile.class.php'; // Load translation files required by the page $langs->loadLangs(array("mymodule@mymodule")); -$action=GETPOST('action', 'alpha'); +$action=GETPOST('action', 'aZ09'); // Securite acces client diff --git a/htdocs/modulebuilder/template/myobject_agenda.php b/htdocs/modulebuilder/template/myobject_agenda.php index 9c6c9265592..c7ea9b9db2e 100644 --- a/htdocs/modulebuilder/template/myobject_agenda.php +++ b/htdocs/modulebuilder/template/myobject_agenda.php @@ -50,7 +50,7 @@ $langs->loadLangs(array("mymodule@mymodule","other")); // Get parameters $id = GETPOST('id', 'int'); $ref = GETPOST('ref', 'alpha'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $cancel = GETPOST('cancel', 'aZ09'); $backtopage = GETPOST('backtopage', 'alpha'); diff --git a/htdocs/modulebuilder/template/myobject_card.php b/htdocs/modulebuilder/template/myobject_card.php index 2fd970a33a4..63d1664e1ff 100644 --- a/htdocs/modulebuilder/template/myobject_card.php +++ b/htdocs/modulebuilder/template/myobject_card.php @@ -68,7 +68,7 @@ $langs->loadLangs(array("mymodule@mymodule","other")); // Get parameters $id = GETPOST('id', 'int'); $ref = GETPOST('ref', 'alpha'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $confirm = GETPOST('confirm', 'alpha'); $cancel = GETPOST('cancel', 'aZ09'); $contextpage= GETPOST('contextpage','aZ')?GETPOST('contextpage','aZ'):'myobjectcard'; // To manage different context of search diff --git a/htdocs/modulebuilder/template/myobject_note.php b/htdocs/modulebuilder/template/myobject_note.php index 876c5e105a6..c579f735a46 100644 --- a/htdocs/modulebuilder/template/myobject_note.php +++ b/htdocs/modulebuilder/template/myobject_note.php @@ -46,7 +46,7 @@ $langs->loadLangs(array("mymodule@mymodule","companies")); // Get parameters $id = GETPOST('id', 'int'); $ref = GETPOST('ref', 'alpha'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $cancel = GETPOST('cancel', 'aZ09'); $backtopage = GETPOST('backtopage', 'alpha'); diff --git a/htdocs/product/admin/dynamic_prices.php b/htdocs/product/admin/dynamic_prices.php index 4f40c85e2a9..49b2f49aff8 100644 --- a/htdocs/product/admin/dynamic_prices.php +++ b/htdocs/product/admin/dynamic_prices.php @@ -31,7 +31,7 @@ require_once DOL_DOCUMENT_ROOT.'/product/dynamic_price/class/price_global_variab $langs->load("products"); $id = GETPOST('id', 'int'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $save = GETPOST('save', 'alpha'); $cancel = GETPOST('cancel', 'alpha'); $selection = GETPOST('selection', 'int'); diff --git a/htdocs/product/admin/product_extrafields.php b/htdocs/product/admin/product_extrafields.php index 82eafd230d7..342c468bbec 100644 --- a/htdocs/product/admin/product_extrafields.php +++ b/htdocs/product/admin/product_extrafields.php @@ -40,7 +40,7 @@ $tmptype2label=ExtraFields::$type2label; $type2label=array(''); foreach ($tmptype2label as $key => $val) $type2label[$key]=$langs->transnoentitiesnoconv($val); -$action=GETPOST('action', 'alpha'); +$action=GETPOST('action', 'aZ09'); $attrname=GETPOST('attrname', 'alpha'); $elementtype='product'; //Must be the $element of the class that manage extrafield diff --git a/htdocs/product/admin/product_lot_extrafields.php b/htdocs/product/admin/product_lot_extrafields.php index 8e57daf7491..a7b076850ff 100644 --- a/htdocs/product/admin/product_lot_extrafields.php +++ b/htdocs/product/admin/product_lot_extrafields.php @@ -40,7 +40,7 @@ $tmptype2label=ExtraFields::$type2label; $type2label=array(''); foreach ($tmptype2label as $key => $val) $type2label[$key]=$langs->transnoentitiesnoconv($val); -$action=GETPOST('action', 'alpha'); +$action=GETPOST('action', 'aZ09'); $attrname=GETPOST('attrname', 'alpha'); $elementtype='product_lot'; //Must be the $element of the class that manage extrafield diff --git a/htdocs/product/ajax/products.php b/htdocs/product/ajax/products.php index cce0f4254a0..61903819fff 100644 --- a/htdocs/product/ajax/products.php +++ b/htdocs/product/ajax/products.php @@ -39,7 +39,7 @@ $mode = GETPOST('mode', 'int'); $status = ((GETPOST('status', 'int') >= 0) ? GETPOST('status', 'int') : - 1); $outjson = (GETPOST('outjson', 'int') ? GETPOST('outjson', 'int') : 0); $price_level = GETPOST('price_level', 'int'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $id = GETPOST('id', 'int'); $price_by_qty_rowid = GETPOST('pbq', 'int'); $finished = GETPOST('finished', 'int'); diff --git a/htdocs/product/dynamic_price/editor.php b/htdocs/product/dynamic_price/editor.php index baa738c20c5..8227fd7a37f 100644 --- a/htdocs/product/dynamic_price/editor.php +++ b/htdocs/product/dynamic_price/editor.php @@ -33,7 +33,7 @@ $langs->loadLangs(array('products', 'accountancy')); //"Back" translation is on $id = GETPOST('id', 'int'); $eid = GETPOST('eid', 'int'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $title = GETPOST('expression_title', 'alpha'); $expression = GETPOST('expression'); $tab = GETPOST('tab', 'alpha'); diff --git a/htdocs/product/fournisseurs.php b/htdocs/product/fournisseurs.php index 7ad740eab0a..e15320932b4 100644 --- a/htdocs/product/fournisseurs.php +++ b/htdocs/product/fournisseurs.php @@ -43,7 +43,7 @@ $langs->loadLangs(array('products', 'suppliers', 'bills', 'margins')); $id = GETPOST('id', 'int'); $ref = GETPOST('ref', 'alpha'); $rowid=GETPOST('rowid','int'); -$action=GETPOST('action', 'alpha'); +$action=GETPOST('action', 'aZ09'); $cancel=GETPOST('cancel', 'alpha'); $contextpage=GETPOST('contextpage','aZ')?GETPOST('contextpage','aZ'):'pricesuppliercard'; diff --git a/htdocs/product/inventory/card.php b/htdocs/product/inventory/card.php index 2784e3c303b..75662a8111b 100644 --- a/htdocs/product/inventory/card.php +++ b/htdocs/product/inventory/card.php @@ -32,7 +32,7 @@ $langs->loadLangs(array("stocks","other")); // Get parameters $id = GETPOST('id', 'int'); $ref = GETPOST('ref', 'alpha'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $confirm = GETPOST('confirm', 'alpha'); $cancel = GETPOST('cancel', 'aZ09'); $backtopage = GETPOST('backtopage', 'alpha'); diff --git a/htdocs/product/price.php b/htdocs/product/price.php index 561e6663b42..6e1ccb28991 100644 --- a/htdocs/product/price.php +++ b/htdocs/product/price.php @@ -52,7 +52,7 @@ $mesg=''; $error=0; $errors=array(); $id = GETPOST('id', 'int'); $ref = GETPOST('ref', 'alpha'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $cancel = GETPOST('cancel', 'alpha'); $eid = GETPOST('eid', 'int'); diff --git a/htdocs/projet/admin/project_extrafields.php b/htdocs/projet/admin/project_extrafields.php index 15ccd50bf76..e2719d4ca7c 100644 --- a/htdocs/projet/admin/project_extrafields.php +++ b/htdocs/projet/admin/project_extrafields.php @@ -40,7 +40,7 @@ $tmptype2label=ExtraFields::$type2label; $type2label=array(''); foreach ($tmptype2label as $key => $val) $type2label[$key]=$langs->transnoentitiesnoconv($val); -$action=GETPOST('action', 'alpha'); +$action=GETPOST('action', 'aZ09'); $attrname=GETPOST('attrname', 'alpha'); $elementtype='projet'; //Must be the $table_element of the class that manage extrafield diff --git a/htdocs/projet/admin/project_task_extrafields.php b/htdocs/projet/admin/project_task_extrafields.php index 90729840035..720a54db4c7 100644 --- a/htdocs/projet/admin/project_task_extrafields.php +++ b/htdocs/projet/admin/project_task_extrafields.php @@ -41,7 +41,7 @@ $tmptype2label=ExtraFields::$type2label; $type2label=array(''); foreach ($tmptype2label as $key => $val) $type2label[$key]=$langs->transnoentitiesnoconv($val); -$action=GETPOST('action', 'alpha'); +$action=GETPOST('action', 'aZ09'); $attrname=GETPOST('attrname', 'alpha'); $elementtype='projet_task'; diff --git a/htdocs/projet/ajax/projects.php b/htdocs/projet/ajax/projects.php index f2417df5353..2abd6535875 100644 --- a/htdocs/projet/ajax/projects.php +++ b/htdocs/projet/ajax/projects.php @@ -35,7 +35,7 @@ require '../../main.inc.php'; $htmlname=GETPOST('htmlname','alpha'); $socid=GETPOST('socid','int'); -$action=GETPOST('action', 'alpha'); +$action=GETPOST('action', 'aZ09'); $id=GETPOST('id', 'int'); $discard_closed =GETPOST('discardclosed','int'); diff --git a/htdocs/projet/tasks.php b/htdocs/projet/tasks.php index 31f860dbf9b..4c6cda8ba12 100644 --- a/htdocs/projet/tasks.php +++ b/htdocs/projet/tasks.php @@ -38,7 +38,7 @@ $langs->loadLangs(array("users", "projects")); $id = GETPOST('id', 'int'); $ref = GETPOST('ref', 'alpha'); $taskref = GETPOST('taskref', 'alpha'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $backtopage=GETPOST('backtopage','alpha'); $cancel=GETPOST('cancel','alpha'); diff --git a/htdocs/public/ticket/create_ticket.php b/htdocs/public/ticket/create_ticket.php index d451d96d011..98f183f159d 100644 --- a/htdocs/public/ticket/create_ticket.php +++ b/htdocs/public/ticket/create_ticket.php @@ -43,7 +43,7 @@ $langs->loadLangs(array('companies', 'other', 'mails', 'ticket')); $id = GETPOST('id', 'int'); $msg_id = GETPOST('msg_id', 'int'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $object = new Ticket($db); diff --git a/htdocs/public/ticket/index.php b/htdocs/public/ticket/index.php index 52b3b843fa1..561cf166d6b 100644 --- a/htdocs/public/ticket/index.php +++ b/htdocs/public/ticket/index.php @@ -43,7 +43,7 @@ $langs->loadLangs(array('companies', 'other', 'ticket', 'errors')); // Get parameters $track_id = GETPOST('track_id', 'alpha'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); /*************************************************** * VIEW diff --git a/htdocs/public/ticket/list.php b/htdocs/public/ticket/list.php index 5ab17fedba2..0d67e983143 100644 --- a/htdocs/public/ticket/list.php +++ b/htdocs/public/ticket/list.php @@ -44,7 +44,7 @@ $langs->loadLangs(array("companies","other","ticket")); // Get parameters $track_id = GETPOST('track_id', 'alpha'); -$action = GETPOST('action', 'alpha', 3); +$action = GETPOST('action', 'aZ09'); $email = GETPOST('email', 'alpha'); if (GETPOST('btn_view_ticket_list')) { diff --git a/htdocs/public/ticket/view.php b/htdocs/public/ticket/view.php index b5288b97a25..af4585622dd 100644 --- a/htdocs/public/ticket/view.php +++ b/htdocs/public/ticket/view.php @@ -45,7 +45,7 @@ $langs->loadLangs(array("companies","other","ticket")); // Get parameters $track_id = GETPOST('track_id', 'alpha'); -$action = GETPOST('action', 'alpha', 3); +$action = GETPOST('action', 'aZ09'); $email = GETPOST('email', 'alpha'); if (GETPOST('btn_view_ticket')) { diff --git a/htdocs/societe/admin/contact_extrafields.php b/htdocs/societe/admin/contact_extrafields.php index 5eaba3c1cb1..06c37517eeb 100644 --- a/htdocs/societe/admin/contact_extrafields.php +++ b/htdocs/societe/admin/contact_extrafields.php @@ -38,7 +38,7 @@ $tmptype2label=ExtraFields::$type2label; $type2label=array(''); foreach ($tmptype2label as $key => $val) $type2label[$key]=$langs->transnoentitiesnoconv($val); -$action=GETPOST('action', 'alpha'); +$action=GETPOST('action', 'aZ09'); $attrname=GETPOST('attrname', 'alpha'); $elementtype='socpeople'; //Must be the $element of the class that manage extrafield diff --git a/htdocs/societe/admin/societe_extrafields.php b/htdocs/societe/admin/societe_extrafields.php index 0835df13e22..42ec3d274c2 100644 --- a/htdocs/societe/admin/societe_extrafields.php +++ b/htdocs/societe/admin/societe_extrafields.php @@ -38,7 +38,7 @@ $tmptype2label=ExtraFields::$type2label; $type2label=array(''); foreach ($tmptype2label as $key => $val) $type2label[$key]=$langs->transnoentitiesnoconv($val); -$action=GETPOST('action', 'alpha'); +$action=GETPOST('action', 'aZ09'); $attrname=GETPOST('attrname', 'alpha'); $elementtype='societe'; //Must be the $element of the class that manage extrafield diff --git a/htdocs/societe/ajax/company.php b/htdocs/societe/ajax/company.php index d62c8a445d6..5470e6315f1 100644 --- a/htdocs/societe/ajax/company.php +++ b/htdocs/societe/ajax/company.php @@ -34,7 +34,7 @@ require '../../main.inc.php'; $htmlname=GETPOST('htmlname','alpha'); $filter=GETPOST('filter','alpha'); $outjson=(GETPOST('outjson','int') ? GETPOST('outjson','int') : 0); -$action=GETPOST('action', 'alpha'); +$action=GETPOST('action', 'aZ09'); $id=GETPOST('id', 'int'); $showtype=GETPOST('showtype','int'); diff --git a/htdocs/societe/price.php b/htdocs/societe/price.php index a9b280a3f47..5522f7f1cb2 100644 --- a/htdocs/societe/price.php +++ b/htdocs/societe/price.php @@ -40,7 +40,7 @@ if (! empty($conf->global->PRODUIT_CUSTOMER_PRICES)) { $langs->loadLangs(array("products", "companies", "bills")); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $search_prod = GETPOST('search_prod','alpha'); $cancel = GETPOST('cancel','alpha'); diff --git a/htdocs/supplier_proposal/admin/supplier_proposal_extrafields.php b/htdocs/supplier_proposal/admin/supplier_proposal_extrafields.php index 24ae20848f1..08c6f8e557e 100644 --- a/htdocs/supplier_proposal/admin/supplier_proposal_extrafields.php +++ b/htdocs/supplier_proposal/admin/supplier_proposal_extrafields.php @@ -33,7 +33,7 @@ $tmptype2label=ExtraFields::$type2label; $type2label=array(''); foreach ($tmptype2label as $key => $val) $type2label[$key]=$langs->transnoentitiesnoconv($val); -$action=GETPOST('action', 'alpha'); +$action=GETPOST('action', 'aZ09'); $attrname=GETPOST('attrname', 'alpha'); $elementtype='supplier_proposal'; //Must be the $table_element of the class that manage extrafield diff --git a/htdocs/supplier_proposal/admin/supplier_proposaldet_extrafields.php b/htdocs/supplier_proposal/admin/supplier_proposaldet_extrafields.php index 7d153a78cdc..c5be8e9ec22 100644 --- a/htdocs/supplier_proposal/admin/supplier_proposaldet_extrafields.php +++ b/htdocs/supplier_proposal/admin/supplier_proposaldet_extrafields.php @@ -40,7 +40,7 @@ $tmptype2label=ExtraFields::$type2label; $type2label=array(''); foreach ($tmptype2label as $key => $val) $type2label[$key]=$langs->transnoentitiesnoconv($val); -$action=GETPOST('action', 'alpha'); +$action=GETPOST('action', 'aZ09'); $attrname=GETPOST('attrname', 'alpha'); $elementtype='supplier_proposaldet'; //Must be the $table_element of the class that manage extrafield diff --git a/htdocs/supplier_proposal/card.php b/htdocs/supplier_proposal/card.php index 248165727cf..b6523ca39e5 100644 --- a/htdocs/supplier_proposal/card.php +++ b/htdocs/supplier_proposal/card.php @@ -57,7 +57,7 @@ $error = 0; $id = GETPOST('id', 'int'); $ref = GETPOST('ref', 'alpha'); $socid = GETPOST('socid', 'int'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $origin = GETPOST('origin', 'alpha'); $originid = GETPOST('originid', 'int'); $confirm = GETPOST('confirm', 'alpha'); diff --git a/htdocs/supplier_proposal/contact.php b/htdocs/supplier_proposal/contact.php index 881fae4d1a7..68e2d8a9a04 100644 --- a/htdocs/supplier_proposal/contact.php +++ b/htdocs/supplier_proposal/contact.php @@ -36,7 +36,7 @@ $langs->loadLangs(array("propal","facture","orders","sendings","companies")); $id = GETPOST('id', 'int'); $ref = GETPOST('ref', 'alpha'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); // Security check if ($user->societe_id) $socid=$user->societe_id; diff --git a/htdocs/takepos/admin/about.php b/htdocs/takepos/admin/about.php index 27b5e51b03b..0f01b89c2b7 100644 --- a/htdocs/takepos/admin/about.php +++ b/htdocs/takepos/admin/about.php @@ -36,7 +36,7 @@ if (! $user->admin) { } // Parameters -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $backtopage = GETPOST('backtopage', 'alpha'); diff --git a/htdocs/ticket/card.php b/htdocs/ticket/card.php index c4718c395b3..ef78b5eff45 100644 --- a/htdocs/ticket/card.php +++ b/htdocs/ticket/card.php @@ -49,7 +49,7 @@ $id = GETPOST('id', 'int'); $track_id = GETPOST('track_id', 'alpha', 3); $ref = GETPOST('ref', 'alpha'); $projectid = GETPOST('projectid', 'int'); -$action = GETPOST('action', 'alpha', 3); +$action = GETPOST('action', 'aZ09'); // Initialize technical object to manage hooks of ticket. Note that conf->hooks_modules contains array array $hookmanager->initHooks(array('ticketcard','globalcard')); diff --git a/htdocs/ticket/history.php b/htdocs/ticket/history.php index c840f3aa1a8..7efe7562a03 100644 --- a/htdocs/ticket/history.php +++ b/htdocs/ticket/history.php @@ -40,7 +40,7 @@ $langs->loadLangs(array('companies', 'other', 'ticket')); $id = GETPOST('id', 'int'); $track_id = GETPOST('track_id', 'alpha', 3); $ref = GETPOST('ref', 'alpha'); -$action = GETPOST('action', 'alpha', 3); +$action = GETPOST('action', 'aZ09'); // Security check if (!$user->rights->ticket->read) { diff --git a/htdocs/ticket/index.php b/htdocs/ticket/index.php index 1f01e335a7c..086ea63bc0e 100644 --- a/htdocs/ticket/index.php +++ b/htdocs/ticket/index.php @@ -35,7 +35,7 @@ $HEIGHT = DolGraph::getDefaultGraphSizeForStats('height'); $id = GETPOST('id', 'int'); $msg_id = GETPOST('msg_id', 'int'); -$action = GETPOST('action', 'alpha', 3); +$action = GETPOST('action', 'aZ09'); if ($user->societe_id) { $socid = $user->societe_id; diff --git a/htdocs/ticket/new.php b/htdocs/ticket/new.php index 8f33d87c804..267e3e63847 100644 --- a/htdocs/ticket/new.php +++ b/htdocs/ticket/new.php @@ -37,7 +37,7 @@ $contactid = GETPOST('contactid', 'int'); $msg_id = GETPOST('msg_id', 'int'); $notifyTiers = GETPOST("notify_tiers_at_create", 'alpha'); -$action = GETPOST('action', 'alpha', 3); +$action = GETPOST('action', 'aZ09'); // Protection if external user if (!$user->rights->ticket->read || !$user->rights->ticket->write) { diff --git a/htdocs/user/admin/group_extrafields.php b/htdocs/user/admin/group_extrafields.php index 48e2b4091d6..4d83be42e28 100644 --- a/htdocs/user/admin/group_extrafields.php +++ b/htdocs/user/admin/group_extrafields.php @@ -40,7 +40,7 @@ $tmptype2label=ExtraFields::$type2label; $type2label=array(''); foreach ($tmptype2label as $key => $val) $type2label[$key]=$langs->transnoentitiesnoconv($val); -$action=GETPOST('action', 'alpha'); +$action=GETPOST('action', 'aZ09'); $attrname=GETPOST('attrname', 'alpha'); $elementtype='usergroup'; //Must be the $table_element of the class that manage extrafield diff --git a/htdocs/user/admin/user_extrafields.php b/htdocs/user/admin/user_extrafields.php index 81dc7c290c1..0367bbafce2 100644 --- a/htdocs/user/admin/user_extrafields.php +++ b/htdocs/user/admin/user_extrafields.php @@ -39,7 +39,7 @@ $tmptype2label=ExtraFields::$type2label; $type2label=array(''); foreach ($tmptype2label as $key => $val) $type2label[$key]=$langs->transnoentitiesnoconv($val); -$action=GETPOST('action', 'alpha'); +$action=GETPOST('action', 'aZ09'); $attrname=GETPOST('attrname', 'alpha'); $elementtype='user'; //Must be the $table_element of the class that manage extrafield diff --git a/htdocs/user/group/card.php b/htdocs/user/group/card.php index 44eef8dfc1f..d67125f181f 100644 --- a/htdocs/user/group/card.php +++ b/htdocs/user/group/card.php @@ -46,7 +46,7 @@ if (! empty($conf->global->MAIN_USE_ADVANCED_PERMS)) $langs->loadLangs(array('users', 'other')); $id = GETPOST('id', 'int'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $cancel = GETPOST('cancel', 'aZ09'); $confirm = GETPOST('confirm', 'alpha'); $contextpage=GETPOST('contextpage','aZ')?GETPOST('contextpage','aZ'):'groupcard'; // To manage different context of search diff --git a/htdocs/user/group/ldap.php b/htdocs/user/group/ldap.php index 5bc6130a2b6..8663266f4c7 100644 --- a/htdocs/user/group/ldap.php +++ b/htdocs/user/group/ldap.php @@ -45,7 +45,7 @@ if (! empty($conf->global->MAIN_USE_ADVANCED_PERMS)) } $id = GETPOST('id', 'int'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $socid=0; if ($user->societe_id > 0) $socid = $user->societe_id; diff --git a/htdocs/user/group/perms.php b/htdocs/user/group/perms.php index 4b4b181cdc8..31773072d40 100644 --- a/htdocs/user/group/perms.php +++ b/htdocs/user/group/perms.php @@ -33,7 +33,7 @@ require_once DOL_DOCUMENT_ROOT.'/core/lib/functions2.lib.php'; $langs->loadLangs(array('users', 'admin')); $id=GETPOST('id','int'); -$action=GETPOST('action', 'alpha'); +$action=GETPOST('action', 'aZ09'); $confirm=GETPOST('confirm', 'alpha'); $module=GETPOST('module', 'alpha'); $rights=GETPOST('rights', 'int'); diff --git a/htdocs/user/passwordforgotten.php b/htdocs/user/passwordforgotten.php index 26555d6f59e..d60e14c6fcf 100644 --- a/htdocs/user/passwordforgotten.php +++ b/htdocs/user/passwordforgotten.php @@ -41,7 +41,7 @@ if (! empty($conf->global->MAIN_SECURITY_DISABLEFORGETPASSLINK)) exit; } -$action=GETPOST('action', 'alpha'); +$action=GETPOST('action', 'aZ09'); $mode=$dolibarr_main_authentication; if (! $mode) $mode='http'; diff --git a/htdocs/user/perms.php b/htdocs/user/perms.php index 8b7599f3707..ed1c8d20d79 100644 --- a/htdocs/user/perms.php +++ b/htdocs/user/perms.php @@ -34,7 +34,7 @@ require_once DOL_DOCUMENT_ROOT.'/core/lib/admin.lib.php'; $langs->loadLangs(array('users', 'admin')); $id=GETPOST('id', 'int'); -$action=GETPOST('action', 'alpha'); +$action=GETPOST('action', 'aZ09'); $confirm=GETPOST('confirm', 'alpha'); $module=GETPOST('module', 'alpha'); $rights=GETPOST('rights', 'int'); diff --git a/htdocs/website/websiteaccount_card.php b/htdocs/website/websiteaccount_card.php index 49965b9009a..6c33de77e32 100644 --- a/htdocs/website/websiteaccount_card.php +++ b/htdocs/website/websiteaccount_card.php @@ -34,7 +34,7 @@ $langs->loadLangs(array("website","other")); // Get parameters $id = GETPOST('id', 'int'); $ref = GETPOST('ref', 'alpha'); -$action = GETPOST('action', 'alpha'); +$action = GETPOST('action', 'aZ09'); $confirm = GETPOST('confirm', 'alpha'); $cancel = GETPOST('cancel', 'aZ09'); $backtopage = GETPOST('backtopage', 'alpha');