lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Maxi clean of code

Browse Source
This commit is contained in:
Laurent Destailleur 2020-09-18 01:29:17 +02:00
parent fa1d14fc7d
commit c4b5f5a249
109 changed files with 276 additions and 277 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
htdocs/adherents/admin/adherent_emails.php
View File

@ -83,9 +83,9 @@ if ($action == 'update' || $action == 'add') {
$constlineid = GETPOST('rowid', 'int');
$constname = GETPOST('constname', 'alpha');
$constvalue = (GETPOSTISSET('constvalue_'.$constname) ? GETPOST('constvalue_'.$constname, 'alpha') : GETPOST('constvalue'));
$constvalue = (GETPOSTISSET('constvalue_'.$constname) ? GETPOST('constvalue_'.$constname, 'alphanohtml') : GETPOST('constvalue'));
$consttype = (GETPOSTISSET('consttype_'.$constname) ? GETPOST('consttype_'.$constname, 'alphanohtml') : GETPOST('consttype'));
$constnote = (GETPOSTISSET('constnote_'.$constname) ? GETPOST('constnote_'.$constname, 'none') : GETPOST('constnote'));
$constnote = (GETPOSTISSET('constnote_'.$constname) ? GETPOST('constnote_'.$constname, 'restricthtml') : GETPOST('constnote'));
$typetouse = empty($oldtypetonewone[$consttype]) ? $consttype : $oldtypetonewone[$consttype];
$constvalue = preg_replace('/:member$/', '', $constvalue);

1
htdocs/adherents/card.php
View File

@ -407,7 +407,6 @@ if (empty($reshook)) {
$login = GETPOST("member_login", 'alphanohtml');
$pass = GETPOST("password", 'alpha');
$photo = GETPOST("photo", 'alpha');
//$comment=GETPOST("comment",'none');
$morphy = GETPOST("morphy", 'alphanohtml');
$public = GETPOST("public", 'alphanohtml');

4
htdocs/adherents/type.php
View File

@ -66,8 +66,8 @@ $subscription = GETPOST("subscription", "int");
$duration_value = GETPOST('duration_value', 'int');
$duration_unit = GETPOST('duration_unit', 'alpha');
$vote = GETPOST("vote", "int");
$comment = GETPOST("comment", 'none');
$mail_valid = GETPOST("mail_valid", 'none');
$comment = GETPOST("comment", 'restricthtml');
$mail_valid = GETPOST("mail_valid", 'restricthtml');
// Security check
$result = restrictedArea($user, 'adherent', $rowid, 'adherent_type');

4
htdocs/admin/accountant.php
View File

@ -62,7 +62,7 @@ if (($action == 'update' && !GETPOST("cancel", 'alpha'))
dolibarr_set_const($db, "MAIN_INFO_ACCOUNTANT_MAIL", GETPOST("mail", 'alpha'), 'chaine', 0, '', $conf->entity);
dolibarr_set_const($db, "MAIN_INFO_ACCOUNTANT_WEB", GETPOST("web", 'alpha'), 'chaine', 0, '', $conf->entity);
dolibarr_set_const($db, "MAIN_INFO_ACCOUNTANT_CODE", GETPOST("code", 'nohtml'), 'chaine', 0, '', $conf->entity);
dolibarr_set_const($db, "MAIN_INFO_ACCOUNTANT_NOTE", GETPOST("note", 'none'), 'chaine', 0, '', $conf->entity);
dolibarr_set_const($db, "MAIN_INFO_ACCOUNTANT_NOTE", GETPOST("note", 'restricthtml'), 'chaine', 0, '', $conf->entity);
if ($action != 'updateedit' && !$error)
{
@ -164,7 +164,7 @@ print '<input name="code" id="code" class="minwidth100" value="'.($conf->global-
// Note
print '<tr class="oddeven"><td class="tdtop"><label for="note">'.$langs->trans("Note").'</label></td><td>';
print '<textarea class="flat quatrevingtpercent" name="note" id="note" rows="'.ROWS_5.'">'.(GETPOST('note', 'none') ? GETPOST('note', 'none') : $conf->global->MAIN_INFO_ACCOUNTANT_NOTE).'</textarea></td></tr>';
print '<textarea class="flat quatrevingtpercent" name="note" id="note" rows="'.ROWS_5.'">'.(GETPOSTISSET('note') ? GETPOST('note', 'restricthtml') : $conf->global->MAIN_INFO_ACCOUNTANT_NOTE).'</textarea></td></tr>';
print '</td></tr>';
print '</table>';

2
htdocs/admin/bom.php
View File

@ -151,7 +151,7 @@ elseif ($action == 'setdoc')
}
} elseif ($action == 'set_BOM_FREE_TEXT')
{
$freetext = GETPOST("BOM_FREE_TEXT", 'none'); // No alpha here, we want exact string
$freetext = GETPOST("BOM_FREE_TEXT", 'restricthtml'); // No alpha here, we want exact string
$res = dolibarr_set_const($db, "BOM_FREE_TEXT", $freetext, 'chaine', 0, '', $conf->entity);

2
htdocs/admin/chequereceipts.php
View File

@ -72,7 +72,7 @@ if ($action == 'setmod')
if ($action == 'set_BANK_CHEQUERECEIPT_FREE_TEXT')
{
$freetext = GETPOST('BANK_CHEQUERECEIPT_FREE_TEXT', 'none'); // No alpha here, we want exact string
$freetext = GETPOST('BANK_CHEQUERECEIPT_FREE_TEXT', 'restricthtml'); // No alpha here, we want exact string
$res = dolibarr_set_const($db, "BANK_CHEQUERECEIPT_FREE_TEXT", $freetext, 'chaine', 0, '', $conf->entity);

2
htdocs/admin/commande.php
View File

@ -160,7 +160,7 @@ elseif ($action == 'setdoc')
}
} elseif ($action == 'set_ORDER_FREE_TEXT')
{
$freetext = GETPOST("ORDER_FREE_TEXT", 'none'); // No alpha here, we want exact string
$freetext = GETPOST("ORDER_FREE_TEXT", 'restricthtml'); // No alpha here, we want exact string
$res = dolibarr_set_const($db, "ORDER_FREE_TEXT", $freetext, 'chaine', 0, '', $conf->entity);

4
htdocs/admin/company.php
View File

@ -100,7 +100,7 @@ if (($action == 'update' && !GETPOST("cancel", 'alpha'))
dolibarr_set_const($db, "MAIN_INFO_SOCIETE_FAX", GETPOST("fax", 'alphanohtml'), 'chaine', 0, '', $conf->entity);
dolibarr_set_const($db, "MAIN_INFO_SOCIETE_MAIL", GETPOST("mail", 'alphanohtml'), 'chaine', 0, '', $conf->entity);
dolibarr_set_const($db, "MAIN_INFO_SOCIETE_WEB", GETPOST("web", 'alphanohtml'), 'chaine', 0, '', $conf->entity);
dolibarr_set_const($db, "MAIN_INFO_SOCIETE_NOTE", GETPOST("note", 'none'), 'chaine', 0, '', $conf->entity);
dolibarr_set_const($db, "MAIN_INFO_SOCIETE_NOTE", GETPOST("note", 'restricthtml'), 'chaine', 0, '', $conf->entity);
dolibarr_set_const($db, "MAIN_INFO_SOCIETE_GENCOD", GETPOST("barcode", 'alphanohtml'), 'chaine', 0, '', $conf->entity);
$dirforimage = $conf->mycompany->dir_output.'/logos/';
@ -524,7 +524,7 @@ print '</td></tr>';
// Note
print '<tr class="oddeven"><td class="tdtop"><label for="note">'.$langs->trans("Note").'</label></td><td>';
print '<textarea class="flat quatrevingtpercent" name="note" id="note" rows="'.ROWS_5.'">'.(GETPOST('note', 'none') ? GETPOST('note', 'none') : $conf->global->MAIN_INFO_SOCIETE_NOTE).'</textarea></td></tr>';
print '<textarea class="flat quatrevingtpercent" name="note" id="note" rows="'.ROWS_5.'">'.(GETPOSTISSET('note') ? GETPOST('note', 'restricthtml') : $conf->global->MAIN_INFO_SOCIETE_NOTE).'</textarea></td></tr>';
print '</td></tr>';
print '</table>';

2
htdocs/admin/const.php
View File

@ -41,7 +41,7 @@ $delete = GETPOST('delete', 'none'); // Do not use alpha here
$debug = GETPOST('debug', 'int');
$consts = GETPOST('const', 'array');
$constname = GETPOST('constname', 'alphanohtml');
$constvalue = GETPOST('constvalue', 'none'); // We shoul dbe able to send everything here
$constvalue = GETPOST('constvalue', 'restricthtml'); // We should be able to send everything here
$constnote = GETPOST('constnote', 'alpha');
// Load variable for pagination

2
htdocs/admin/contract.php
View File

@ -143,7 +143,7 @@ elseif ($action == 'setdoc')
dolibarr_set_const($db, "CONTRACT_ADDON", $value, 'chaine', 0, '', $conf->entity);
} elseif ($action == 'set_other')
{
$freetext = GETPOST('CONTRACT_FREE_TEXT', 'none'); // No alpha here, we want exact string
$freetext = GETPOST('CONTRACT_FREE_TEXT', 'restricthtml'); // No alpha here, we want exact string
$res1 = dolibarr_set_const($db, "CONTRACT_FREE_TEXT", $freetext, 'chaine', 0, '', $conf->entity);
$draft = GETPOST('CONTRACT_DRAFT_WATERMARK', 'alpha');

2
htdocs/admin/defaultvalues.php
View File

@ -61,7 +61,7 @@ $defaulturl = preg_replace('/^\//', '', $defaulturl);
$urlpage = GETPOST('urlpage', 'alphanohtml');
$key = GETPOST('key', 'alphanohtml');
$value = GETPOST('value', 'none');
$value = GETPOST('value', 'restricthtml');
// Initialize technical object to manage hooks of page. Note that conf->hooks_modules contains array of hook context
$hookmanager->initHooks(array('admindefaultvalues', 'globaladmin'));

4
htdocs/admin/emailcollector_card.php
View File

@ -148,7 +148,7 @@ if (GETPOST('addoperation', 'alpha'))
{
$emailcollectoroperation = new EmailCollectorAction($db);
$emailcollectoroperation->type = GETPOST('operationtype', 'aZ09');
$emailcollectoroperation->actionparam = GETPOST('operationparam', 'none');
$emailcollectoroperation->actionparam = GETPOST('operationparam', 'restricthtml');
$emailcollectoroperation->fk_emailcollector = $object->id;
$emailcollectoroperation->status = 1;
$emailcollectoroperation->position = 50;
@ -168,7 +168,7 @@ if ($action == 'updateoperation')
$emailcollectoroperation = new EmailCollectorAction($db);
$emailcollectoroperation->fetch(GETPOST('rowidoperation2', 'int'));
$emailcollectoroperation->actionparam = GETPOST('operationparam2', 'none');
$emailcollectoroperation->actionparam = GETPOST('operationparam2', 'restricthtml');
$result = $emailcollectoroperation->update($user);

2
htdocs/admin/expedition.php
View File

@ -73,7 +73,7 @@ if ($action == 'updateMask')
}
} elseif ($action == 'set_param')
{
$freetext = GETPOST('SHIPPING_FREE_TEXT', 'none'); // No alpha here, we want exact string
$freetext = GETPOST('SHIPPING_FREE_TEXT', 'restricthtml'); // No alpha here, we want exact string
$res = dolibarr_set_const($db, "SHIPPING_FREE_TEXT", $freetext, 'chaine', 0, '', $conf->entity);
if ($res <= 0)
{

2
htdocs/admin/expensereport.php
View File

@ -152,7 +152,7 @@ elseif ($action == 'setdoc')
{
$db->begin();
$freetext = GETPOST('EXPENSEREPORT_FREE_TEXT', 'none'); // No alpha here, we want exact string
$freetext = GETPOST('EXPENSEREPORT_FREE_TEXT', 'restricthtml'); // No alpha here, we want exact string
$res1 = dolibarr_set_const($db, "EXPENSEREPORT_FREE_TEXT", $freetext, 'chaine', 0, '', $conf->entity);
$draft = GETPOST('EXPENSEREPORT_DRAFT_WATERMARK', 'alpha');

2
htdocs/admin/facture.php
View File

@ -180,7 +180,7 @@ elseif ($action == 'setdoc')
}
} elseif ($action == 'set_INVOICE_FREE_TEXT')
{
$freetext = GETPOST('INVOICE_FREE_TEXT', 'none'); // No alpha here, we want exact string
$freetext = GETPOST('INVOICE_FREE_TEXT', 'restricthtml'); // No alpha here, we want exact string
$res = dolibarr_set_const($db, "INVOICE_FREE_TEXT", $freetext, 'chaine', 0, '', $conf->entity);

2
htdocs/admin/fichinter.php
View File

@ -144,7 +144,7 @@ elseif ($action == 'setdoc')
dolibarr_set_const($db, "FICHEINTER_ADDON", $value, 'chaine', 0, '', $conf->entity);
} elseif ($action == 'set_FICHINTER_FREE_TEXT')
{
$freetext = GETPOST('FICHINTER_FREE_TEXT', 'none'); // No alpha here, we want exact string
$freetext = GETPOST('FICHINTER_FREE_TEXT', 'restricthtml'); // No alpha here, we want exact string
$res = dolibarr_set_const($db, "FICHINTER_FREE_TEXT", $freetext, 'chaine', 0, '', $conf->entity);
if (!$res > 0) $error++;

2
htdocs/admin/holiday.php
View File

@ -145,7 +145,7 @@ elseif ($action == 'setdoc')
dolibarr_set_const($db, "HOLIDAY_ADDON", $value, 'chaine', 0, '', $conf->entity);
} elseif ($action == 'set_other')
{
$freetext = GETPOST('HOLIDAY_FREE_TEXT', 'none'); // No alpha here, we want exact string
$freetext = GETPOST('HOLIDAY_FREE_TEXT', 'restricthtml'); // No alpha here, we want exact string
$res1 = dolibarr_set_const($db, "HOLIDAY_FREE_TEXT", $freetext, 'chaine', 0, '', $conf->entity);
$draft = GETPOST('HOLIDAY_DRAFT_WATERMARK', 'alpha');

4
htdocs/admin/ihm.php
View File

@ -164,8 +164,8 @@ if ($action == 'update')
dolibarr_set_const($db, "MAIN_FIRSTNAME_NAME_POSITION", GETPOST("MAIN_FIRSTNAME_NAME_POSITION", 'aZ09'), 'chaine', 0, '', $conf->entity);
dolibarr_set_const($db, "MAIN_MOTD", dol_htmlcleanlastbr(GETPOST("main_motd", 'none')), 'chaine', 0, '', $conf->entity);
dolibarr_set_const($db, "MAIN_HOME", dol_htmlcleanlastbr(GETPOST("main_home", 'none')), 'chaine', 0, '', $conf->entity);
dolibarr_set_const($db, "MAIN_MOTD", dol_htmlcleanlastbr(GETPOST("main_motd", 'restricthtml')), 'chaine', 0, '', $conf->entity);
dolibarr_set_const($db, "MAIN_HOME", dol_htmlcleanlastbr(GETPOST("main_home", 'restricthtml')), 'chaine', 0, '', $conf->entity);
//dolibarr_set_const($db, "MAIN_BUGTRACK_ENABLELINK", GETPOST('MAIN_BUGTRACK_ENABLELINK', 'aZ09'), 'chaine', 0, '', $conf->entity);
//dolibarr_set_const($db, "MAIN_HELP_DISABLELINK", GETPOST("MAIN_HELP_DISABLELINK", 'aZ09'), 'chaine', 0, '', 0); // Param for all entities

2
htdocs/admin/livraison.php
View File

@ -70,7 +70,7 @@ if ($action == 'updateMask')
if ($action == 'set_DELIVERY_FREE_TEXT')
{
$free = GETPOST('DELIVERY_FREE_TEXT', 'none'); // No alpha here, we want exact string
$free = GETPOST('DELIVERY_FREE_TEXT', 'restricthtml'); // No alpha here, we want exact string
$res = dolibarr_set_const($db, "DELIVERY_FREE_TEXT", $free, 'chaine', 0, '', $conf->entity);
if (!$res > 0) $error++;

2
htdocs/admin/mrp.php
View File

@ -152,7 +152,7 @@ elseif ($action == 'setdoc')
}
} elseif ($action == 'set_MRP_MO_FREE_TEXT')
{
$freetext = GETPOST("MRP_MO_FREE_TEXT", 'none'); // No alpha here, we want exact string
$freetext = GETPOST("MRP_MO_FREE_TEXT", 'restricthtml'); // No alpha here, we want exact string
$res = dolibarr_set_const($db, "MRP_MO_FREE_TEXT", $freetext, 'chaine', 0, '', $conf->entity);

2
htdocs/admin/notification.php
View File

@ -95,7 +95,7 @@ if ($action == 'setvalue' && $user->admin)
{
$db->begin();
$result = dolibarr_set_const($db, "NOTIFICATION_EMAIL_FROM", GETPOST("email_from", "none"), 'chaine', 0, '', $conf->entity);
$result = dolibarr_set_const($db, "NOTIFICATION_EMAIL_FROM", GETPOST("email_from", "restricthtml"), 'chaine', 0, '', $conf->entity);
if ($result < 0) $error++;

2
htdocs/admin/payment.php
View File

@ -68,7 +68,7 @@ if ($action == 'setmod')
if ($action == 'setparams')
{
$freetext = GETPOST('FACTURE_PAYMENTS_ON_DIFFERENT_THIRDPARTIES_BILLS', 'none'); // No alpha here, we want exact string
$freetext = GETPOST('FACTURE_PAYMENTS_ON_DIFFERENT_THIRDPARTIES_BILLS', 'restricthtml'); // No alpha here, we want exact string
$res = dolibarr_set_const($db, "FACTURE_PAYMENTS_ON_DIFFERENT_THIRDPARTIES_BILLS", $freetext, 'chaine', 0, '', $conf->entity);
if (!$res > 0) $error++;

2
htdocs/admin/propal.php
View File

@ -130,7 +130,7 @@ if ($action == 'updateMask') {
setEventMessages($langs->trans("Error"), null, 'errors');
}
} elseif ($action == 'set_PROPOSAL_FREE_TEXT') {
$freetext = GETPOST('PROPOSAL_FREE_TEXT', 'none'); // No alpha here, we want exact string
$freetext = GETPOST('PROPOSAL_FREE_TEXT', 'restricthtml'); // No alpha here, we want exact string
$res = dolibarr_set_const($db, "PROPOSAL_FREE_TEXT", $freetext, 'chaine', 0, '', $conf->entity);

2
htdocs/admin/reception_setup.php
View File

@ -76,7 +76,7 @@ if ($action == 'updateMask')
}
} elseif ($action == 'set_param')
{
$freetext = GETPOST('RECEPTION_FREE_TEXT', 'none'); // No alpha here, we want exact string
$freetext = GETPOST('RECEPTION_FREE_TEXT', 'restricthtml'); // No alpha here, we want exact string
$res = dolibarr_set_const($db, "RECEPTION_FREE_TEXT", $freetext, 'chaine', 0, '', $conf->entity);
if ($res <= 0)
{

4
htdocs/admin/security_file.php
View File

@ -52,8 +52,8 @@ if (GETPOST('sendit') && !empty($conf->global->MAIN_UPLOAD_DOC))
if ($action == 'updateform')
{
$antivircommand = GETPOST('MAIN_ANTIVIRUS_COMMAND', 'none'); // Use GETPOST none because we must accept ". Example c:\Progra~1\ClamWin\bin\clamscan.exe
$antivirparam = GETPOST('MAIN_ANTIVIRUS_PARAM', 'none'); // Use GETPOST none because we must accept ". Example --database="C:\Program Files (x86)\ClamWin\lib"
$antivircommand = GETPOST('MAIN_ANTIVIRUS_COMMAND', 'restricthtml'); // Use GETPOST restricthtml because we must accept ". Example c:\Progra~1\ClamWin\bin\clamscan.exe
$antivirparam = GETPOST('MAIN_ANTIVIRUS_PARAM', 'restricthtml'); // Use GETPOST restricthtml because we must accept ". Example --database="C:\Program Files (x86)\ClamWin\lib"
$antivircommand = dol_string_nospecial($antivircommand, '', array("|", ";", "<", ">", "&")); // Sanitize command
$antivirparam = dol_string_nospecial($antivirparam, '', array("|", ";", "<", ">", "&")); // Sanitize params

2
htdocs/admin/supplier_invoice.php
View File

@ -167,7 +167,7 @@ if ($action == 'addcat')
if ($action == 'set_SUPPLIER_INVOICE_FREE_TEXT')
{
$freetext = GETPOST('SUPPLIER_INVOICE_FREE_TEXT', 'none'); // No alpha here, we want exact string
$freetext = GETPOST('SUPPLIER_INVOICE_FREE_TEXT', 'restricthtml'); // No alpha here, we want exact string
$res = dolibarr_set_const($db, "SUPPLIER_INVOICE_FREE_TEXT", $freetext, 'chaine', 0, '', $conf->entity);

2
htdocs/admin/supplier_order.php
View File

@ -154,7 +154,7 @@ elseif ($action == 'setdoc')
$fourn->CreateCategory($user, GETPOST('cat', 'alphanohtml'));
} elseif ($action == 'set_SUPPLIER_ORDER_OTHER')
{
$freetext = GETPOST('SUPPLIER_ORDER_FREE_TEXT', 'none'); // No alpha here, we want exact string
$freetext = GETPOST('SUPPLIER_ORDER_FREE_TEXT', 'restricthtml'); // No alpha here, we want exact string
$doubleapproval = GETPOST('SUPPLIER_ORDER_3_STEPS_TO_BE_APPROVED', 'alpha');
$doubleapproval = price2num($doubleapproval);

2
htdocs/admin/supplier_proposal.php
View File

@ -123,7 +123,7 @@ if ($action == 'set_SUPPLIER_PROPOSAL_DRAFT_WATERMARK')
if ($action == 'set_SUPPLIER_PROPOSAL_FREE_TEXT')
{
$freetext = GETPOST('SUPPLIER_PROPOSAL_FREE_TEXT', 'none'); // No alpha here, we want exact string
$freetext = GETPOST('SUPPLIER_PROPOSAL_FREE_TEXT', 'restricthtml'); // No alpha here, we want exact string
$res = dolibarr_set_const($db, "SUPPLIER_PROPOSAL_FREE_TEXT", $freetext, 'chaine', 0, '', $conf->entity);

4
htdocs/admin/tools/listevents.php
View File

@ -60,8 +60,8 @@ $search_code = GETPOST("search_code", "alpha");
$search_ip = GETPOST("search_ip", "alpha");
$search_user = GETPOST("search_user", "alpha");
$search_desc = GETPOST("search_desc", "alpha");
$search_ua = GETPOST("search_ua", "none");
$search_prefix_session = GETPOST("search_prefix_session", "none");
$search_ua = GETPOST("search_ua", "restricthtml");
$search_prefix_session = GETPOST("search_prefix_session", "restricthtml");
if (GETPOST("date_startmonth") == '' || GETPOST("date_startmonth") > 0) $date_start = dol_mktime(0, 0, 0, GETPOST("date_startmonth"), GETPOST("date_startday"), GETPOST("date_startyear"));
else $date_start = -1;

2
htdocs/admin/translation.php
View File

@ -37,7 +37,7 @@ $action = GETPOST('action', 'aZ09');
$langcode = GETPOST('langcode', 'alphanohtml');
$transkey = GETPOST('transkey', 'alphanohtml');
$transvalue = GETPOST('transvalue', 'none');
$transvalue = GETPOST('transvalue', 'restricthtml');
$mode = GETPOST('mode', 'aZ09') ?GETPOST('mode', 'aZ09') : 'searchkey';

4
htdocs/categories/traduction.php
View File

@ -85,7 +85,7 @@ $cancel != $langs->trans("Cancel") &&
// check parameters
$forcelangprod = GETPOST('forcelangprod', 'alpha');
$libelle = GETPOST('libelle', 'alpha');
$desc = GETPOST('desc', 'none');
$desc = GETPOST('desc', 'restricthtml');
if (empty($forcelangprod)) {
$error++;
@ -338,7 +338,7 @@ if ($action == 'add' && ($user->rights->produit->creer || $user->rights->service
print '<tr><td class="fieldrequired">'.$langs->trans('Label').'</td>';
print '<td><input name="libelle" class="minwidth200 maxwidth300" value="'.GETPOST('libelle', 'alpha').'"></td></tr>';
print '<tr><td>'.$langs->trans('Description').'</td><td>';
$doleditor = new DolEditor('desc', GETPOST('desc', 'none'), '', 160, 'dolibarr_notes', '', false, true, $conf->global->FCKEDITOR_ENABLE_PRODUCTDESC, ROWS_3, '90%');
$doleditor = new DolEditor('desc', GETPOST('desc', 'restricthtml'), '', 160, 'dolibarr_notes', '', false, true, $conf->global->FCKEDITOR_ENABLE_PRODUCTDESC, ROWS_3, '90%');
$doleditor->Create();
print '</td></tr>';

8
htdocs/comm/action/card.php
View File

@ -326,7 +326,7 @@ if (empty($reshook) && $action == 'add')
if (GETPOST("doneby") > 0) $object->userdoneid = GETPOST("doneby", "int");
}
$object->note_private = trim(GETPOST("note", "none"));
$object->note_private = trim(GETPOST("note", "restricthtml"));
if (isset($_POST["contactid"])) $object->contact = $contact;
@ -499,7 +499,7 @@ if (empty($reshook) && $action == 'update')
$object->contact_id = key($object->socpeopleassigned);
}
$object->fk_project = GETPOST("projectid", 'int');
$object->note_private = trim(GETPOST("note", "none"));
$object->note_private = trim(GETPOST("note", "restricthtml"));
$object->fk_element = GETPOST("fk_element", "int");
$object->elementtype = GETPOST("elementtype", "alphanohtml");
@ -1172,7 +1172,7 @@ if ($action == 'create')
// Description
print '<tr><td class="tdtop">'.$langs->trans("Description").'</td><td>';
require_once DOL_DOCUMENT_ROOT.'/core/class/doleditor.class.php';
$doleditor = new DolEditor('note', (GETPOSTISSET('note') ? GETPOST('note', 'none') : $object->note_private), '', 120, 'dolibarr_notes', 'In', true, true, $conf->fckeditor->enabled, ROWS_4, '90%');
$doleditor = new DolEditor('note', (GETPOSTISSET('note') ? GETPOST('note', 'restricthtml') : $object->note_private), '', 120, 'dolibarr_notes', 'In', true, true, $conf->fckeditor->enabled, ROWS_4, '90%');
$doleditor->Create();
print '</td></tr>';
@ -1303,7 +1303,7 @@ if ($id > 0)
$object->contact_id = GETPOST("contactid", 'int');
$object->fk_project = GETPOST("projectid", 'int');
$object_private = GETPOST("note", 'none');
$object_private = GETPOST("note", 'restricthtml');
}
if ($result2 < 0 || $result3 < 0 || $result4 < 0 || $result5 < 0)

6
htdocs/comm/action/index.php
View File

@ -118,13 +118,13 @@ if ($action == 'default') // When action is default, we want a calendar view and
{
$action = (($defaultview != 'show_list') ? $defaultview : 'show_month');
}
if (GETPOST('viewcal', 'none') && GETPOST('action', 'alpha') != 'show_day' && GETPOST('action', 'alpha') != 'show_week') {
if (GETPOST('viewcal', 'restricthtml') && GETPOST('action', 'alpha') != 'show_day' && GETPOST('action', 'alpha') != 'show_week') {
$action = 'show_month'; $day = '';
} // View by month
if (GETPOST('viewweek', 'none') || GETPOST('action', 'alpha') == 'show_week') {
if (GETPOST('viewweek', 'restricthtml') || GETPOST('action', 'alpha') == 'show_week') {
$action = 'show_week'; $week = ($week ? $week : date("W")); $day = ($day ? $day : date("d"));
} // View by week
if (GETPOST('viewday', 'none') || GETPOST('action', 'alpha') == 'show_day') {
if (GETPOST('viewday', 'restricthtml') || GETPOST('action', 'alpha') == 'show_day') {
$action = 'show_day'; $day = ($day ? $day : date("d"));
} // View by day

2
htdocs/comm/card.php
View File

@ -203,7 +203,7 @@ if (empty($reshook))
$object->oldcopy = dol_clone($object);
// Fill array 'array_options' with data from update form
$ret = $extrafields->setOptionalsFromPost(null, $object, GETPOST('attribute', 'none'));
$ret = $extrafields->setOptionalsFromPost(null, $object, GETPOST('attribute', 'restricthtml'));
if ($ret < 0) $error++;
if (!$error)
{

2
htdocs/comm/mailing/card.php
View File

@ -738,7 +738,7 @@ if ($action == 'create')
print '<div style="padding-top: 10px">';
// Editeur wysiwyg
require_once DOL_DOCUMENT_ROOT.'/core/class/doleditor.class.php';
$doleditor = new DolEditor('bodyemail', GETPOST('bodyemail', 'none'), '', 600, 'dolibarr_mailings', '', true, true, $conf->global->FCKEDITOR_ENABLE_MAILING, 20, '90%');
$doleditor = new DolEditor('bodyemail', GETPOST('bodyemail', 'restricthtml'), '', 600, 'dolibarr_mailings', '', true, true, $conf->global->FCKEDITOR_ENABLE_MAILING, 20, '90%');
$doleditor->Create();
print '</div>';

20
htdocs/comm/propal/card.php
View File

@ -355,8 +355,8 @@ if (empty($reshook))
$object->fk_project = GETPOST('projectid', 'int');
$object->model_pdf = GETPOST('model');
$object->author = $user->id; // deprecated
$object->note_private = GETPOST('note_private', 'none');
$object->note_public = GETPOST('note_public', 'none');
$object->note_private = GETPOST('note_private', 'restricthtml');
$object->note_public = GETPOST('note_public', 'restricthtml');
$object->statut = Propal::STATUS_DRAFT;
$object->fk_incoterms = GETPOST('incoterm_id', 'int');
$object->location_incoterms = GETPOST('location_incoterms', 'alpha');
@ -383,8 +383,8 @@ if (empty($reshook))
$object->fk_project = GETPOST('projectid', 'int');
$object->model_pdf = GETPOST('model');
$object->author = $user->id; // deprecated
$object->note_private = GETPOST('note_private', 'none');
$object->note_public = GETPOST('note_public', 'none');
$object->note_private = GETPOST('note_private', 'restricthtml');
$object->note_public = GETPOST('note_public', 'restricthtml');
$object->fk_incoterms = GETPOST('incoterm_id', 'int');
$object->location_incoterms = GETPOST('location_incoterms', 'alpha');
@ -627,7 +627,7 @@ if (empty($reshook))
{
$db->begin();
$result = $object->cloture($user, GETPOST('statut', 'int'), GETPOST('note_private', 'none'));
$result = $object->cloture($user, GETPOST('statut', 'int'), GETPOST('note_private', 'restricthtml'));
if ($result < 0)
{
setEventMessages($object->error, $object->errors, 'errors');
@ -792,9 +792,9 @@ if (empty($reshook))
} elseif ($action == 'addline' && $usercancreate) { // Add line
// Set if we used free entry or predefined product
$predef = '';
$product_desc = (GETPOST('dp_desc', 'none') ?GETPOST('dp_desc', 'none') : '');
$price_ht = GETPOST('price_ht');
$price_ht_devise = GETPOST('multicurrency_price_ht');
$product_desc = (GETPOSTISSET('dp_desc') ?GETPOST('dp_desc', 'restricthtml') : '');
$price_ht = price2num(GETPOST('price_ht'));
$price_ht_devise = price2num(GETPOST('multicurrency_price_ht'));
$prod_entry_mode = GETPOST('prod_entry_mode');
if ($prod_entry_mode == 'free')
{
@ -1152,7 +1152,7 @@ if (empty($reshook))
$info_bits |= 0x01;
// Clean parameters
$description = dol_htmlcleanlastbr(GETPOST('product_desc', 'none'));
$description = dol_htmlcleanlastbr(GETPOST('product_desc', 'restricthtml'));
// Define vat_rate
$vat_rate = (GETPOST('tva_tx') ? GETPOST('tva_tx') : 0);
@ -1316,7 +1316,7 @@ if (empty($reshook))
$object->oldcopy = dol_clone($object);
// Fill array 'array_options' with data from update form
$ret = $extrafields->setOptionalsFromPost(null, $object, GETPOST('attribute', 'none'));
$ret = $extrafields->setOptionalsFromPost(null, $object, GETPOST('attribute', 'restricthtml'));
if ($ret < 0) $error++;
if (!$error)
{

8
htdocs/commande/card.php
View File

@ -263,8 +263,8 @@ if (empty($reshook))
$db->begin();
$object->date_commande = $datecommande;
$object->note_private = GETPOST('note_private', 'none');
$object->note_public = GETPOST('note_public', 'none');
$object->note_private = GETPOST('note_private', 'restricthtml');
$object->note_public = GETPOST('note_public', 'restricthtml');
$object->source = GETPOST('source_id');
$object->fk_project = GETPOST('projectid', 'int');
$object->ref_client = GETPOST('ref_client', 'alpha');
@ -992,7 +992,7 @@ if (empty($reshook))
$date_end = '';
$date_start = dol_mktime(GETPOST('date_starthour'), GETPOST('date_startmin'), GETPOST('date_startsec'), GETPOST('date_startmonth'), GETPOST('date_startday'), GETPOST('date_startyear'));
$date_end = dol_mktime(GETPOST('date_endhour'), GETPOST('date_endmin'), GETPOST('date_endsec'), GETPOST('date_endmonth'), GETPOST('date_endday'), GETPOST('date_endyear'));
$description = dol_htmlcleanlastbr(GETPOST('product_desc', 'none'));
$description = dol_htmlcleanlastbr(GETPOST('product_desc', 'restricthtml'));
$pu_ht = GETPOST('price_ht');
$vat_rate = (GETPOST('tva_tx') ?GETPOST('tva_tx') : 0);
$pu_ht_devise = GETPOST('multicurrency_subprice');
@ -1256,7 +1256,7 @@ if (empty($reshook))
$object->oldcopy = dol_clone($object);
// Fill array 'array_options' with data from update form
$ret = $extrafields->setOptionalsFromPost(null, $object, GETPOST('attribute', 'none'));
$ret = $extrafields->setOptionalsFromPost(null, $object, GETPOST('attribute', 'restricthtml'));
if ($ret < 0) $error++;
if (!$error)

4
htdocs/compta/bank/card.php
View File

@ -115,7 +115,7 @@ if ($action == 'add')
$object->min_allowed = GETPOST("account_min_allowed", 'int');
$object->min_desired = GETPOST("account_min_desired", 'int');
$object->comment = trim(GETPOST("account_comment", 'none'));
$object->comment = trim(GETPOST("account_comment", 'restricthtml'));
$object->fk_user_author = $user->id;
@ -213,7 +213,7 @@ if ($action == 'update')
$object->min_allowed = GETPOST("account_min_allowed", 'int');
$object->min_desired = GETPOST("account_min_desired", 'int');
$object->comment = trim(GETPOST("account_comment", 'none'));
$object->comment = trim(GETPOST("account_comment", 'restricthtml'));
if ($conf->global->MAIN_BANK_ACCOUNTANCY_CODE_ALWAYS_REQUIRED && empty($object->account_number))
{

4
htdocs/compta/bank/various_payment/card.php
View File

@ -107,8 +107,8 @@ if (empty($reshook))
$object->datev = $datev;
$object->datep = $datep;
$object->amount = price2num(GETPOST("amount", 'alpha'));
$object->label = GETPOST("label", 'none');
$object->note = GETPOST("note", 'none');
$object->label = GETPOST("label", 'restricthtml');
$object->note = GETPOST("note", 'restricthtml');
$object->type_payment = GETPOST("paymenttype", 'int') > 0 ? GETPOST("paymenttype", "int") : 0;
$object->num_payment = GETPOST("num_payment", 'alpha');
$object->fk_user_author = $user->id;

12
htdocs/compta/facture/card-rec.php
View File

@ -190,8 +190,8 @@ if (empty($reshook))
{
$object->titre = GETPOST('titre', 'nohtml'); // deprecated
$object->title = GETPOST('titre', 'nohtml');
$object->note_private = GETPOST('note_private', 'none');
$object->note_public = GETPOST('note_public', 'none');
$object->note_private = GETPOST('note_private', 'restricthtml');
$object->note_public = GETPOST('note_public', 'restricthtml');
$object->model_pdf = GETPOST('modelpdf', 'alpha');
$object->usenewprice = GETPOST('usenewprice', 'alpha');
@ -405,7 +405,7 @@ if (empty($reshook))
$object->oldcopy = dol_clone($object);
// Fill array 'array_options' with data from update form
$ret = $extrafields->setOptionalsFromPost(null, $object, GETPOST('attribute', 'none'));
$ret = $extrafields->setOptionalsFromPost(null, $object, GETPOST('attribute', 'restricthtml'));
if ($ret < 0) $error++;
if (!$error)
@ -713,7 +713,7 @@ if (empty($reshook))
$date_end = '';
//$date_start = dol_mktime(GETPOST('date_starthour'), GETPOST('date_startmin'), GETPOST('date_startsec'), GETPOST('date_startmonth'), GETPOST('date_startday'), GETPOST('date_startyear'));
//$date_end = dol_mktime(GETPOST('date_endhour'), GETPOST('date_endmin'), GETPOST('date_endsec'), GETPOST('date_endmonth'), GETPOST('date_endday'), GETPOST('date_endyear'));
$description = dol_htmlcleanlastbr(GETPOST('product_desc', 'none') ? GETPOST('product_desc', 'none') : GETPOST('desc', 'none'));
$description = dol_htmlcleanlastbr(GETPOST('product_desc', 'restricthtml') ? GETPOST('product_desc', 'restricthtml') : GETPOST('desc', 'restricthtml'));
$pu_ht = GETPOST('price_ht');
$vat_rate = (GETPOST('tva_tx') ? GETPOST('tva_tx') : 0);
$qty = GETPOST('qty');
@ -964,8 +964,8 @@ if ($action == 'create')
print '<tr><td class="titlefieldcreate">'.$langs->trans("Customer").'</td><td>'.$object->thirdparty->getNomUrl(1, 'customer').'</td>';
print '</tr>';
$note_public = GETPOST('note_public', 'none') ?GETPOST('note_public', 'none') : $object->note_public;
$note_private = GETPOST('note_private', 'none') ?GETPOST('note_private', 'none') : $object->note_private;
$note_public = GETPOSTISSET('note_public') ? GETPOST('note_public', 'restricthtml') : $object->note_public;
$note_private = GETPOSTISSET('note_private') ? GETPOST('note_private', 'restricthtml') : $object->note_private;
// Help of substitution key
$substitutionarray = getCommonSubstitutionArray($langs, 2, null, $object);

92
htdocs/compta/facture/card.php
View File

@ -746,8 +746,8 @@ if (empty($reshook))
elseif ($action == 'confirm_paid_partially' && $confirm == 'yes' && $usercanissuepayment)
{
$object->fetch($id);
$close_code = GETPOST("close_code", 'none');
$close_note = GETPOST("close_note", 'none');
$close_code = GETPOST("close_code", 'restricthtml');
$close_note = GETPOST("close_note", 'restricthtml');
if ($close_code) {
$result = $object->set_paid($user, $close_code, $close_note);
if ($result < 0) setEventMessages($object->error, $object->errors, 'errors');
@ -757,8 +757,8 @@ if (empty($reshook))
} // Classify "abandoned"
elseif ($action == 'confirm_canceled' && $confirm == 'yes') {
$object->fetch($id);
$close_code = GETPOST("close_code", 'none');
$close_note = GETPOST("close_note", 'none');
$close_code = GETPOST("close_code", 'restricthtml');
$close_note = GETPOST("close_note", 'restricthtml');
if ($close_code) {
$result = $object->set_canceled($user, $close_code, $close_note);
if ($result < 0) setEventMessages($object->error, $object->errors, 'errors');
@ -987,7 +987,7 @@ if (empty($reshook))
$object->date = $dateinvoice;
$object->date_pointoftax = $date_pointoftax;
$object->note_public = trim(GETPOST('note_public', 'none'));
$object->note_public = trim(GETPOST('note_public', 'restricthtml'));
// We do not copy the private note
$object->ref_client = $_POST['ref_client'];
$object->ref_int = $_POST['ref_int'];
@ -1041,20 +1041,19 @@ if (empty($reshook))
$object->entity = $originentity;
}
$object->socid = GETPOST('socid', 'int');
$object->ref = $_POST['ref'];
$object->ref = GETPOST('ref');
$object->date = $dateinvoice;
$object->date_pointoftax = $date_pointoftax;
$object->note_public = trim(GETPOST('note_public', 'none'));
$object->note_public = trim(GETPOST('note_public', 'restricthtml'));
// We do not copy the private note
$object->ref_client = $_POST['ref_client'];
$object->ref_int = $_POST['ref_int'];
$object->model_pdf = $_POST['model'];
$object->fk_project = $_POST['projectid'];
$object->ref_client = GETPOST('ref_client');
$object->model_pdf = GETPOST('model');
$object->fk_project = GETPOST('projectid', 'int');
$object->cond_reglement_id = 0;
$object->mode_reglement_id = $_POST['mode_reglement_id'];
$object->mode_reglement_id = GETPOST('mode_reglement_id');
$object->fk_account = GETPOST('fk_account', 'int');
$object->remise_absolue = $_POST['remise_absolue'];
$object->remise_percent = $_POST['remise_percent'];
$object->remise_absolue = GETPOST('remise_absolue');
$object->remise_percent = GETPOST('remise_percent');
$object->fk_incoterms = GETPOST('incoterm_id', 'int');
$object->location_incoterms = GETPOST('location_incoterms', 'alpha');
$object->multicurrency_code = GETPOST('multicurrency_code', 'alpha');
@ -1256,22 +1255,21 @@ if (empty($reshook))
if (!$error)
{
$object->socid = GETPOST('socid', 'int');
$object->type = $_POST['type'];
$object->ref = $_POST['ref'];
$object->type = GETPOST('type');
$object->ref = GETPOST('ref');
$object->date = $dateinvoice;
$object->date_pointoftax = $date_pointoftax;
$object->note_public = trim(GETPOST('note_public', 'none'));
$object->note_private = trim(GETPOST('note_private', 'none'));
$object->ref_client = $_POST['ref_client'];
$object->ref_int = $_POST['ref_int'];
$object->model_pdf = $_POST['model'];
$object->fk_project = $_POST['projectid'];
$object->cond_reglement_id = ($_POST['type'] == 3 ? 1 : $_POST['cond_reglement_id']);
$object->mode_reglement_id = $_POST['mode_reglement_id'];
$object->note_public = trim(GETPOST('note_public', 'restricthtml'));
$object->note_private = trim(GETPOST('note_private', 'restricthtml'));
$object->ref_client = GETPOST('ref_client');
$object->model_pdf = GETPOST('model');
$object->fk_project = GETPOST('projectid', 'int');
$object->cond_reglement_id = (GETPOST('type') == 3 ? 1 : GETPOST('cond_reglement_id'));
$object->mode_reglement_id = GETPOST('mode_reglement_id', 'int');
$object->fk_account = GETPOST('fk_account', 'int');
$object->amount = $_POST['amount'];
$object->remise_absolue = $_POST['remise_absolue'];
$object->remise_percent = $_POST['remise_percent'];
$object->amount = price2num(GETPOST('amount'));
$object->remise_absolue = GETPOST('remise_absolue');
$object->remise_percent = GETPOST('remise_percent');
$object->fk_incoterms = GETPOST('incoterm_id', 'int');
$object->location_incoterms = GETPOST('location_incoterms', 'alpha');
$object->multicurrency_code = GETPOST('multicurrency_code', 'alpha');
@ -1309,21 +1307,20 @@ if (empty($reshook))
// Si facture standard
$object->socid = GETPOST('socid', 'int');
$object->type = GETPOST('type');
$object->ref = $_POST['ref'];
$object->ref = GETPOST('ref');
$object->date = $dateinvoice;
$object->date_pointoftax = $date_pointoftax;
$object->note_public = trim(GETPOST('note_public', 'none'));
$object->note_private = trim(GETPOST('note_private', 'none'));
$object->ref_client = $_POST['ref_client'];
$object->ref_int = $_POST['ref_int'];
$object->model_pdf = $_POST['model'];
$object->fk_project = $_POST['projectid'];
$object->cond_reglement_id = ($_POST['type'] == 3 ? 1 : $_POST['cond_reglement_id']);
$object->mode_reglement_id = $_POST['mode_reglement_id'];
$object->note_public = trim(GETPOST('note_public', 'restricthtml'));
$object->note_private = trim(GETPOST('note_private', 'restricthtml'));
$object->ref_client = GETPOST('ref_client');
$object->model_pdf = GETPOST('model');
$object->fk_project = GETPOST('projectid');
$object->cond_reglement_id = (GETPOST('type') == 3 ? 1 : GETPOST('cond_reglement_id');
$object->mode_reglement_id = GETPOST('mode_reglement_id');
$object->fk_account = GETPOST('fk_account', 'int');
$object->amount = $_POST['amount'];
$object->remise_absolue = $_POST['remise_absolue'];
$object->remise_percent = $_POST['remise_percent'];
$object->amount = price2num(GETPOST('amount'));
$object->remise_absolue = GETPOST('remise_absolue');
$object->remise_percent = GETPOST('remise_percent');
$object->fk_incoterms = GETPOST('incoterm_id', 'int');
$object->location_incoterms = GETPOST('location_incoterms', 'alpha');
$object->multicurrency_code = GETPOST('multicurrency_code', 'alpha');
@ -1801,11 +1798,10 @@ if (empty($reshook))
$object->fetch_thirdparty();
$object->date = $datefacture;
$object->date_pointoftax = $date_pointoftax;
$object->note_public = trim(GETPOST('note_public', 'none'));
$object->note = trim(GETPOST('note', 'none'));
$object->note_private = trim(GETPOST('note', 'none'));
$object->note_public = trim(GETPOST('note_public', 'restricthtml'));
$object->note = trim(GETPOST('note', 'restricthtml'));
$object->note_private = trim(GETPOST('note', 'restricthtml'));
$object->ref_client = GETPOST('ref_client', 'alpha');
$object->ref_int = GETPOST('ref_int', 'alpha');
$object->model_pdf = GETPOST('model', 'alpha');
$object->fk_project = GETPOST('projectid', 'int');
$object->cond_reglement_id = GETPOST('cond_reglement_id', 'int');
@ -1883,9 +1879,9 @@ if (empty($reshook))
// Set if we used free entry or predefined product
$predef = '';
$product_desc = (GETPOST('dp_desc', 'none') ?GETPOST('dp_desc', 'none') : '');
$price_ht = GETPOST('price_ht');
$price_ht_devise = GETPOST('multicurrency_price_ht');
$product_desc = (GETPOST('dp_desc', 'none') ?GETPOST('dp_desc', 'restricthtml') : '');
$price_ht = price2num(GETPOST('price_ht'));
$price_ht_devise = price2num(GETPOST('multicurrency_price_ht'));
$prod_entry_mode = GETPOST('prod_entry_mode', 'alpha');
if ($prod_entry_mode == 'free')
{
@ -2204,7 +2200,7 @@ if (empty($reshook))
$date_end = '';
$date_start = dol_mktime(GETPOST('date_starthour'), GETPOST('date_startmin'), GETPOST('date_startsec'), GETPOST('date_startmonth'), GETPOST('date_startday'), GETPOST('date_startyear'));
$date_end = dol_mktime(GETPOST('date_endhour'), GETPOST('date_endmin'), GETPOST('date_endsec'), GETPOST('date_endmonth'), GETPOST('date_endday'), GETPOST('date_endyear'));
$description = dol_htmlcleanlastbr(GETPOST('product_desc', 'none') ? GETPOST('product_desc', 'none') : GETPOST('desc', 'none'));
$description = dol_htmlcleanlastbr(GETPOST('product_desc', 'restricthtml') ? GETPOST('product_desc', 'restricthtml') : GETPOST('desc', 'restricthtml'));
$pu_ht = GETPOST('price_ht');
$vat_rate = (GETPOST('tva_tx') ? GETPOST('tva_tx') : 0);
$qty = GETPOST('qty');
@ -2629,7 +2625,7 @@ if (empty($reshook))
$object->oldcopy = dol_clone($object);
// Fill array 'array_options' with data from add form
$ret = $extrafields->setOptionalsFromPost(null, $object, GETPOST('attribute', 'none'));
$ret = $extrafields->setOptionalsFromPost(null, $object, GETPOST('attribute', 'restricthtml'));
if ($ret < 0) $error++;
if (!$error)

4
htdocs/compta/facture/class/facture.class.php
View File

@ -481,8 +481,8 @@ class Facture extends CommonInvoice
// Fields coming from GUI (priority on template). TODO Value of template should be used as default value on GUI so we can use here always value from GUI
$this->fk_project = GETPOST('projectid', 'int') > 0 ? ((int) GETPOST('projectid', 'int')) : $_facrec->fk_project;
$this->note_public = GETPOST('note_public', 'none') ? GETPOST('note_public', 'none') : $_facrec->note_public;
$this->note_private = GETPOST('note_private', 'none') ? GETPOST('note_private', 'none') : $_facrec->note_private;
$this->note_public = GETPOST('note_public', 'none') ? GETPOST('note_public', 'restricthtml') : $_facrec->note_public;
$this->note_private = GETPOST('note_private', 'none') ? GETPOST('note_private', 'restricthtml') : $_facrec->note_private;
$this->modelpdf = GETPOST('model', 'alpha') ? GETPOST('model', 'alpha') : $_facrec->modelpdf;
$this->cond_reglement_id = GETPOST('cond_reglement_id', 'int') > 0 ? ((int) GETPOST('cond_reglement_id', 'int')) : $_facrec->cond_reglement_id;
$this->mode_reglement_id = GETPOST('mode_reglement_id', 'int') > 0 ? ((int) GETPOST('mode_reglement_id', 'int')) : $_facrec->mode_reglement_id;

2
htdocs/compta/paiement.php
View File

@ -524,7 +524,7 @@ if ($action == 'create' || $action == 'confirm_paiement' || $action == 'add_paie
// Comments
print '<tr><td>'.$langs->trans('Comments').'</td>';
print '<td class="tdtop">';
print '<textarea name="comment" wrap="soft" class="quatrevingtpercent" rows="'.ROWS_3.'">'.GETPOST('comment', 'none').'</textarea></td></tr>';
print '<textarea name="comment" wrap="soft" class="quatrevingtpercent" rows="'.ROWS_3.'">'.GETPOST('comment', 'restricthtml').'</textarea></td></tr>';
print '</table>';

2
htdocs/compta/paiement/card.php
View File

@ -60,7 +60,7 @@ if ($action == 'setnote' && $user->rights->facture->paiement)
$db->begin();
$object->fetch($id);
$result = $object->update_note(GETPOST('note', 'none'));
$result = $object->update_note(GETPOST('note', 'restricthtml'));
if ($result > 0)
{
$db->commit();

4
htdocs/compta/paiement_charge.php
View File

@ -112,8 +112,8 @@ if ($action == 'add_payment' || ($action == 'confirm_paiement' && $confirm == 'y
$paiement->amounts = $amounts; // Tableau de montant
$paiement->paiementtype = GETPOST("paiementtype", 'alphanohtml');
$paiement->num_payment = GETPOST("num_payment", 'alphanohtml');
$paiement->note = GETPOST("note", 'none');
$paiement->note_private = GETPOST("note", 'none');
$paiement->note = GETPOST("note", 'restricthtml');
$paiement->note_private = GETPOST("note", 'restricthtml');
if (!$error)
{

2
htdocs/compta/tva/card.php
View File

@ -98,7 +98,7 @@ if ($action == 'add' && $_POST["cancel"] <> $langs->trans("Cancel"))
}
$object->amount = $amount;
$object->label = GETPOST("label", 'alpha');
$object->note = GETPOST("note", 'none');
$object->note = GETPOST("note", 'restricthtml');
if (empty($object->datep))
{

8
htdocs/contact/card.php
View File

@ -207,8 +207,8 @@ if (empty($reshook))
$object->phone_mobile = GETPOST("phone_mobile", 'alpha');
$object->fax = GETPOST("fax", 'alpha');
$object->priv = GETPOST("priv", 'int');
$object->note_public = GETPOST("note_public", 'none');
$object->note_private = GETPOST("note_private", 'none');
$object->note_public = GETPOST("note_public", 'restricthtml');
$object->note_private = GETPOST("note_private", 'restricthtml');
$object->roles = GETPOST("roles", 'array');
$object->statut = 1; //Defult status to Actif
@ -395,8 +395,8 @@ if (empty($reshook))
$object->phone_mobile = GETPOST("phone_mobile", 'alpha');
$object->fax = GETPOST("fax", 'alpha');
$object->priv = GETPOST("priv", 'int');
$object->note_public = GETPOST("note_public", 'none');
$object->note_private = GETPOST("note_private", 'none');
$object->note_public = GETPOST("note_public", 'restricthtml');
$object->note_private = GETPOST("note_private", 'restricthtml');
$object->roles = GETPOST("roles", 'array');
// Fill array 'array_options' with data from add form

4
htdocs/contrat/card.php
View File

@ -665,7 +665,7 @@ if (empty($reshook))
$fk_unit = GETPOST('unit', 'alpha');
$objectline->description = GETPOST('product_desc', 'none');
$objectline->description = GETPOST('product_desc', 'restricthtml');
$objectline->price_ht = GETPOST('elprice');
$objectline->subprice = GETPOST('elprice');
$objectline->qty = GETPOST('elqty');
@ -811,7 +811,7 @@ if (empty($reshook))
$object->oldcopy = dol_clone($object);
// Fill array 'array_options' with data from update form
$ret = $extrafields->setOptionalsFromPost(null, $object, GETPOST('attribute', 'none'));
$ret = $extrafields->setOptionalsFromPost(null, $object, GETPOST('attribute', 'restricthtml'));
if ($ret < 0) $error++;
if (!$error) {

8
htdocs/core/actions_addupdatedelete.inc.php
View File

@ -64,7 +64,7 @@ if ($action == 'add' && !empty($permissiontoadd))
// Set value to insert
if (in_array($object->fields[$key]['type'], array('text', 'html'))) {
$value = GETPOST($key, 'none');
$value = GETPOST($key, 'restricthtml');
} elseif ($object->fields[$key]['type'] == 'date') {
$value = dol_mktime(12, 0, 0, GETPOST($key.'month', 'int'), GETPOST($key.'day', 'int'), GETPOST($key.'year', 'int'));
} elseif ($object->fields[$key]['type'] == 'datetime') {
@ -72,7 +72,7 @@ if ($action == 'add' && !empty($permissiontoadd))
} elseif ($object->fields[$key]['type'] == 'duration') {
$value = 60 * 60 * GETPOST($key.'hour', 'int') + 60 * GETPOST($key.'min', 'int');
} elseif (preg_match('/^(integer|price|real|double)/', $object->fields[$key]['type'])) {
$value = price2num(GETPOST($key, 'none')); // To fix decimal separator according to lang setup
$value = price2num(GETPOST($key, 'alphanohtml')); // To fix decimal separator according to lang setup
} elseif ($object->fields[$key]['type'] == 'boolean') {
$value = (GETPOST($key) == 'on' ? 1 : 0);
} else {
@ -142,7 +142,7 @@ if ($action == 'update' && !empty($permissiontoadd))
// Set value to update
if (in_array($object->fields[$key]['type'], array('text', 'html'))) {
$value = GETPOST($key, 'none');
$value = GETPOST($key, 'restricthtml');
} elseif ($object->fields[$key]['type'] == 'date') {
$value = dol_mktime(12, 0, 0, GETPOST($key.'month'), GETPOST($key.'day'), GETPOST($key.'year'));
} elseif ($object->fields[$key]['type'] == 'datetime') {
@ -154,7 +154,7 @@ if ($action == 'update' && !empty($permissiontoadd))
$value = '';
}
} elseif (preg_match('/^(integer|price|real|double)/', $object->fields[$key]['type'])) {
$value = price2num(GETPOST($key, 'none')); // To fix decimal separator according to lang setup
$value = price2num(GETPOST($key, 'alphanohtml')); // To fix decimal separator according to lang setup
} elseif ($object->fields[$key]['type'] == 'boolean') {
$value = ((GETPOST($key, 'aZ09') == 'on' || GETPOST($key, 'aZ09') == '1') ? 1 : 0);
} else {

2
htdocs/core/actions_changeselectedfields.inc.php
View File

@ -28,7 +28,7 @@
// $object must be defined (object is loaded in this file with fetch)
// Save selection
if (GETPOST('formfilteraction', 'none') == 'listafterchangingselectedfields')
if (GETPOST('formfilteraction', 'alphanohtml') == 'listafterchangingselectedfields')
{
$tabparam = array();

4
htdocs/core/actions_comments.inc.php
View File

@ -35,7 +35,7 @@ $comment = new Comment($db);
if ($action == 'addcomment')
{
$description = GETPOST('comment_description', 'none');
$description = GETPOST('comment_description', 'restricthtml');
if (!empty($description))
{
$comment->description = $description;
@ -59,7 +59,7 @@ if ($action === 'updatecomment')
{
if ($comment->fetch($idcomment) >= 0)
{
$comment->description = GETPOST('comment_description', 'none');
$comment->description = GETPOST('comment_description', 'restricthtml');
if ($comment->update($user) > 0)
{
setEventMessages($langs->trans("CommentAdded"), null, 'mesgs');

2
htdocs/core/actions_linkedfiles.inc.php
View File

@ -63,7 +63,7 @@ if (GETPOST('sendit', 'alpha') && !empty($conf->global->MAIN_UPLOAD_DOC))
}
}
}
} elseif (GETPOST('linkit', 'none') && !empty($conf->global->MAIN_UPLOAD_DOC))
} elseif (GETPOST('linkit', 'restricthtml') && !empty($conf->global->MAIN_UPLOAD_DOC))
{
$link = GETPOST('link', 'alpha');
if ($link)

6
htdocs/core/actions_massactions.inc.php
View File

@ -141,7 +141,7 @@ if (!$error && $massaction == 'confirm_presend')
$massaction = 'presend';
}
if (!GETPOST('subject', 'none'))
if (!GETPOST('subject', 'restricthtml'))
{
$error++;
setEventMessages($langs->trans("ErrorFieldRequired", $langs->transnoentitiesnoconv("MailTopic")), null, 'warnings');
@ -376,8 +376,8 @@ if (!$error && $massaction == 'confirm_presend')
}
$replyto = $from;
$subject = GETPOST('subject', 'none');
$message = GETPOST('message', 'none');
$subject = GETPOST('subject', 'restricthtml');
$message = GETPOST('message', 'restricthtml');
$sendtobcc = GETPOST('sendtoccc');
if ($objectclass == 'Propal') $sendtobcc .= (empty($conf->global->MAIN_MAIL_AUTOCOPY_PROPOSAL_TO) ? '' : (($sendtobcc ? ", " : "").$conf->global->MAIN_MAIL_AUTOCOPY_PROPOSAL_TO));

4
htdocs/core/actions_sendmails.inc.php
View File

@ -300,8 +300,8 @@ if (($action == 'send' || $action == 'relance') && !$_POST['addfile'] && !$_POST
}
$replyto = dol_string_nospecial($_POST['replytoname'], ' ', array(",")).' <'.$_POST['replytomail'].'>';
$message = GETPOST('message', 'none');
$subject = GETPOST('subject', 'none');
$message = GETPOST('message', 'restricthtml');
$subject = GETPOST('subject', 'restricthtml');
// Make a change into HTML code to allow to include images from medias directory with an external reabable URL.
// <img alt="" src="/dolibarr_dev/htdocs/viewimage.php?modulepart=medias&amp;entity=1&amp;file=image/ldestailleur_166x166.jpg" style="height:166px; width:166px" />

4
htdocs/core/actions_setnotes.inc.php
View File

@ -33,7 +33,7 @@ if ($action == 'setnote_public' && !empty($permissionnote) && !GETPOST('cancel',
if (empty($action) || !is_object($object) || empty($id)) dol_print_error('', 'Include of actions_setnotes.inc.php was done but required variable was not set before');
if (empty($object->id)) $object->fetch($id); // Fetch may not be already done
$result_update = $object->update_note(dol_html_entity_decode(GETPOST('note_public', 'none'), ENT_QUOTES, 'UTF-8', 1), '_public');
$result_update = $object->update_note(dol_html_entity_decode(GETPOST('note_public', 'restricthtml'), ENT_QUOTES, 'UTF-8', 1), '_public');
if ($result_update < 0) setEventMessages($object->error, $object->errors, 'errors');
elseif (in_array($object->table_element, array('supplier_proposal', 'propal', 'commande_fournisseur', 'commande', 'facture_fourn', 'facture')))
@ -63,6 +63,6 @@ if ($action == 'setnote_public' && !empty($permissionnote) && !GETPOST('cancel',
// Set public note
if (empty($action) || !is_object($object) || empty($id)) dol_print_error('', 'Include of actions_setnotes.inc.php was done but required variable was not set before');
if (empty($object->id)) $object->fetch($id); // Fetch may not be already done
$result = $object->update_note(dol_html_entity_decode(GETPOST('note_private', 'none'), ENT_QUOTES), '_private');
$result = $object->update_note(dol_html_entity_decode(GETPOST('note_private', 'restricthtml'), ENT_QUOTES), '_private');
if ($result < 0) setEventMessages($object->error, $object->errors, 'errors');
}

2
htdocs/core/ajax/selectsearchbox.php
View File

@ -48,7 +48,7 @@ include_once DOL_DOCUMENT_ROOT.'/core/lib/json.lib.php';
//global $hookmanager;
$hookmanager->initHooks(array('searchform'));
$search_boxvalue = GETPOST('q', 'none');
$search_boxvalue = GETPOST('q', 'restricthtml');
$arrayresult = array();

8
htdocs/core/class/commonobject.class.php
View File

@ -6690,7 +6690,9 @@ abstract class CommonObject
break;
case "create":
case "edit":
$getposttemp = GETPOST($keyprefix.'options_'.$key.$keysuffix, 'none'); // GETPOST can get value from GET, POST or setup of default values.
$check = 'restricthtml';
// TODO Use check = 'alphahtml' or 'int' for some types
$getposttemp = GETPOST($keyprefix.'options_'.$key.$keysuffix, $check); // GETPOST can get value from GET, POST or setup of default values.
// GETPOST("options_" . $key) can be 'abc' or array(0=>'abc')
if (is_array($getposttemp) || $getposttemp != '' || GETPOSTISSET($keyprefix.'options_'.$key.$keysuffix))
{
@ -6765,7 +6767,7 @@ abstract class CommonObject
// HTML, select, integer and text add default value
if (in_array($extrafields->attributes[$this->table_element]['type'][$key], array('html', 'text', 'select', 'int')))
{
if ($action == 'create') $value = GETPOSTISSET($keyprefix.'options_'.$key.$keysuffix) ? GETPOST($keyprefix.'options_'.$key.$keysuffix, 'none', 3) : $extrafields->attributes[$this->table_element]['default'][$key];
if ($action == 'create') $value = GETPOSTISSET($keyprefix.'options_'.$key.$keysuffix) ? GETPOST($keyprefix.'options_'.$key.$keysuffix, 'restricthtml', 3) : $extrafields->attributes[$this->table_element]['default'][$key];
else $value = $this->array_options['options_'.$key];
}
@ -6775,7 +6777,7 @@ abstract class CommonObject
$out .= '<tr '.($html_id ? 'id="'.$html_id.'" ' : '').$csstyle.' class="'.$class.$this->element.'_extras_'.$key.' trextrafields_collapse'.$extrafields_collapse_num.'" '.$domData.' >';
$out .= '<td class="';
//$out .= "titlefield";
//if (GETPOST('action', 'none') == 'create') $out.='create';
//if (GETPOST('action', 'restricthtml') == 'create') $out.='create';
// BUG #11554 : For public page, use red dot for required fields, instead of bold label
$tpl_context = isset($params["tpl_context"]) ? $params["tpl_context"] : "none";
if ($tpl_context == "public") { // Public page : red dot instead of fieldrequired characters

10
htdocs/core/class/html.formmail.class.php
View File

@ -675,7 +675,7 @@ class FormMail extends Form
{
$tmparray[$key] = dol_htmlentities($tmparray[$key], null, 'UTF-8', true);
}
$withtoselected = GETPOST("receiver", 'none'); // Array of selected value
$withtoselected = GETPOST("receiver", 'restricthtml'); // Array of selected value
if (empty($withtoselected) && count($tmparray) == 1 && GETPOST('action', 'aZ09') == 'presend')
{
$withtoselected = array_keys($tmparray);
@ -699,7 +699,7 @@ class FormMail extends Form
{
$tmparray[$key] = dol_htmlentities($tmparray[$key], null, 'UTF-8', true);
}
$withtoselected = GETPOST("receiveruser", 'none'); // Array of selected value
$withtoselected = GETPOST("receiveruser", 'restricthtml'); // Array of selected value
if (empty($withtoselected) && count($tmparray) == 1 && GETPOST('action', 'aZ09') == 'presend')
{
$withtoselected = array_keys($tmparray);
@ -763,7 +763,7 @@ class FormMail extends Form
{
$tmparray[$key] = dol_htmlentities($tmparray[$key], null, 'UTF-8', true);
}
$withtoselected = GETPOST("receiverccuser", 'none'); // Array of selected value
$withtoselected = GETPOST("receiverccuser", 'restricthtml'); // Array of selected value
if (empty($withtoselected) && count($tmparray) == 1 && GETPOST('action', 'aZ09') == 'presend')
{
$withtoselected = array_keys($tmparray);
@ -886,7 +886,7 @@ class FormMail extends Form
// Message
if (!empty($this->withbody))
{
$defaultmessage = GETPOST('message', 'none');
$defaultmessage = GETPOST('message', 'restricthtml');
if (!GETPOST('modelselected', 'alpha') || GETPOST('modelmailselected') != '-1')
{
if ($arraydefaultmessage && $arraydefaultmessage->content) {
@ -1144,7 +1144,7 @@ class FormMail extends Form
{
global $conf, $langs, $form;
$defaulttopic = GETPOST('subject', 'none');
$defaulttopic = GETPOST('subject', 'restricthtml');
if (!GETPOST('modelselected', 'alpha') || GETPOST('modelmailselected') != '-1') {
if ($arraydefaultmessage && $arraydefaultmessage->topic) {
$defaulttopic = $arraydefaultmessage->topic;

2
htdocs/core/class/html.formticket.class.php
View File

@ -231,7 +231,7 @@ class FormTicket
}
// MESSAGE
$msg = GETPOSTISSET('message') ? GETPOST('message', 'none') : '';
$msg = GETPOSTISSET('message') ? GETPOST('message', 'restricthtml') : '';
print '<tr><td><label for="message"><span class="fieldrequired">'.$langs->trans("Message").'</span></label></td><td>';
// If public form, display more information

2
htdocs/core/tpl/admin_extrafields_add.tpl.php
View File

@ -181,7 +181,7 @@ $langs->load("modulebuilder");
<tr><td class="titlefield"><?php echo $langs->trans("LanguageFile"); ?></td><td class="valeur"><input type="text" id="langfile" name="langfile" class="minwidth200" value="<?php echo dol_escape_htmltag(GETPOST('langfile', 'alpha')); ?>"></td></tr>
<!-- Computed Value -->
<?php if (empty($conf->global->MAIN_STORE_COMPUTED_EXTRAFIELDS)) { ?>
<tr class="extra_computed_value"><td><?php echo $form->textwithpicto($langs->trans("ComputedFormula"), $langs->trans("ComputedFormulaDesc"), 1, 'help', '', 0, 2, 'tooltipcompute'); ?></td><td class="valeur"><input id="computed_value" type="text" name="computed_value" class="quatrevingtpercent" value="<?php echo (GETPOST('computed_value', 'none') ?GETPOST('computed_value', 'none') : ''); ?>"></td></tr>
<tr class="extra_computed_value"><td><?php echo $form->textwithpicto($langs->trans("ComputedFormula"), $langs->trans("ComputedFormulaDesc"), 1, 'help', '', 0, 2, 'tooltipcompute'); ?></td><td class="valeur"><input id="computed_value" type="text" name="computed_value" class="quatrevingtpercent" value="<?php echo (GETPOSTISSET('computed_value') ? GETPOST('computed_value', 'none') : ''); ?>"></td></tr>
<?php } else { ?>
<tr class="extra_computed_value"><td><?php echo $form->textwithpicto($langs->trans("ComputedFormula"), $langs->trans("ComputedFormulaDesc")).$form->textwithpicto($langs->trans("Computedpersistent"), $langs->trans("ComputedpersistentDesc"), 1, 'warning'); ?></td><td class="valeur"><input id="computed_value" class="quatrevingtpercent" type="text" name="computed_value" value="<?php echo dol_escape_htmltag($computed); ?>"></td></tr>
<?php } ?>

2
htdocs/core/tpl/commonfields_add.tpl.php
View File

@ -54,7 +54,7 @@ foreach ($object->fields as $key => $val)
print '</td>';
print '<td>';
if (in_array($val['type'], array('int', 'integer'))) $value = GETPOST($key, 'int');
elseif ($val['type'] == 'text' || $val['type'] == 'html') $value = GETPOST($key, 'none');
elseif ($val['type'] == 'text' || $val['type'] == 'html') $value = GETPOST($key, 'restricthtml');
else $value = GETPOST($key, 'alpha');
if ($val['noteditable']) print $object->showOutputField($val, $key, $value, '', '', '', 0);
else print $object->showInputField($val, $key, $value, '', '', '', 0);

2
htdocs/core/tpl/commonfields_edit.tpl.php
View File

@ -52,7 +52,7 @@ foreach ($object->fields as $key => $val)
print '</td>';
print '<td>';
if (in_array($val['type'], array('int', 'integer'))) $value = GETPOSTISSET($key) ?GETPOST($key, 'int') : $object->$key;
elseif ($val['type'] == 'text' || $val['type'] == 'html') $value = GETPOSTISSET($key) ?GETPOST($key, 'none') : $object->$key;
elseif ($val['type'] == 'text' || $val['type'] == 'html') $value = GETPOSTISSET($key) ?GETPOST($key, 'restricthtml') : $object->$key;
else $value = GETPOSTISSET($key) ?GETPOST($key, 'alpha') : $object->$key;
//var_dump($val.' '.$key.' '.$value);
if ($val['noteditable']) print $object->showOutputField($val, $key, $value, '', '', '', 0);

2
htdocs/core/tpl/extrafields_view.tpl.php
View File

@ -176,7 +176,7 @@ if (empty($reshook) && is_array($extrafields->attributes[$object->table_element]
}
//TODO Improve element and rights detection
if ($action == 'edit_extras' && $permok && GETPOST('attribute', 'none') == $tmpkeyextra)
if ($action == 'edit_extras' && $permok && GETPOST('attribute', 'restricthtml') == $tmpkeyextra)
{
$fieldid = 'id';
if ($object->table_element == 'societe') $fieldid = 'socid';

2
htdocs/core/tpl/objectline_create.tpl.php
View File

@ -306,7 +306,7 @@ if ($nolinesbefore) {
if (!empty($conf->global->MAIN_INPUT_DESC_HEIGHT)) $nbrows = $conf->global->MAIN_INPUT_DESC_HEIGHT;
$toolbarname = 'dolibarr_details';
if (!empty($conf->global->FCKEDITOR_ENABLE_DETAILS_FULL)) $toolbarname = 'dolibarr_notes';
$doleditor = new DolEditor('dp_desc', GETPOST('dp_desc', 'none'), '', (empty($conf->global->MAIN_DOLEDITOR_HEIGHT) ? 100 : $conf->global->MAIN_DOLEDITOR_HEIGHT), $toolbarname, '', false, true, $enabled, $nbrows, '98%');
$doleditor = new DolEditor('dp_desc', GETPOST('dp_desc', 'restricthtml'), '', (empty($conf->global->MAIN_DOLEDITOR_HEIGHT) ? 100 : $conf->global->MAIN_DOLEDITOR_HEIGHT), $toolbarname, '', false, true, $enabled, $nbrows, '98%');
$doleditor->Create();
// Show autofill date for recurring invoices
if (!empty($conf->service->enabled) && $object->element == 'facturerec')

2
htdocs/don/admin/donation.php
View File

@ -130,7 +130,7 @@ if ($action == 'set_DONATION_ACCOUNTINGACCOUNT')
if ($action == 'set_DONATION_MESSAGE')
{
$freemessage = GETPOST('DONATION_MESSAGE', 'none'); // No alpha here, we want exact string
$freemessage = GETPOST('DONATION_MESSAGE', 'restricthtml'); // No alpha here, we want exact string
$res = dolibarr_set_const($db, "DONATION_MESSAGE", $freemessage, 'chaine', 0, '', $conf->entity);

10
htdocs/don/card.php
View File

@ -113,8 +113,8 @@ if ($action == 'update')
$object->date = $donation_date;
$object->public = GETPOST("public", 'alpha');
$object->fk_project = GETPOST("fk_project", 'alpha');
$object->note_private = GETPOST("note_private", 'none');
$object->note_public = GETPOST("note_public", 'none');
$object->note_private = GETPOST("note_private", 'restricthtml');
$object->note_public = GETPOST("note_public", 'restricthtml');
$object->modepaymentid = GETPOST('modepayment', 'int');
// Fill array 'array_options' with data from add form
@ -166,8 +166,8 @@ if ($action == 'add')
$object->country_id = GETPOST('country_id', 'int');
$object->email = GETPOST('email', 'alpha');
$object->date = $donation_date;
$object->note_private = GETPOST("note_private", 'none');
$object->note_public = GETPOST("note_public", 'none');
$object->note_private = GETPOST("note_private", 'restricthtml');
$object->note_public = GETPOST("note_public", 'restricthtml');
$object->public = GETPOST("public", 'alpha');
$object->fk_project = GETPOST("fk_project", 'alpha');
$object->modepaymentid = GETPOST('modepayment', 'int');
@ -389,7 +389,7 @@ if ($action == 'create')
print "<tr>".'<td>'.$langs->trans("Lastname").'</td><td><input type="text" name="lastname" value="'.dol_escape_htmltag(GETPOST("lastname")).'" class="maxwidth200"></td></tr>';
print "<tr>".'<td>'.$langs->trans("Firstname").'</td><td><input type="text" name="firstname" value="'.dol_escape_htmltag(GETPOST("firstname")).'" class="maxwidth200"></td></tr>';
print "<tr>".'<td>'.$langs->trans("Address").'</td><td>';
print '<textarea name="address" wrap="soft" class="quatrevingtpercent" rows="3">'.dol_escape_htmltag(GETPOST("address", "none"), 0, 1).'</textarea></td></tr>';
print '<textarea name="address" wrap="soft" class="quatrevingtpercent" rows="3">'.dol_escape_htmltag(GETPOST("address", "alphanohtml"), 0, 1).'</textarea></td></tr>';
// Zip / Town
print '<tr><td>'.$langs->trans("Zip").' / '.$langs->trans("Town").'</td><td>';

2
htdocs/don/payment/payment.php
View File

@ -107,7 +107,7 @@ if ($action == 'add_payment')
$payment->amounts = $amounts; // Tableau de montant
$payment->paymenttype = GETPOST("paymenttype", 'int');
$payment->num_payment = GETPOST("num_payment", 'alphanohtml');
$payment->note_public = GETPOST("note_public", 'none');
$payment->note_public = GETPOST("note_public", 'restricthtml');
if (!$error)
{

2
htdocs/ecm/index.php
View File

@ -83,7 +83,7 @@ $error = 0;
//include DOL_DOCUMENT_ROOT.'/core/actions_linkedfiles.inc.php';
// Upload file (code similar but different than actions_linkedfiles.inc.php)
if (GETPOST("sendit", 'none') && !empty($conf->global->MAIN_UPLOAD_DOC))
if (GETPOST("sendit", 'alphanohtml') && !empty($conf->global->MAIN_UPLOAD_DOC))
{
// Define relativepath and upload_dir
$relativepath = '';

6
htdocs/expedition/card.php
View File

@ -164,7 +164,7 @@ if (empty($reshook))
$object->oldcopy = dol_clone($object);
// Fill array 'array_options' with data from update form
$ret = $extrafields->setOptionalsFromPost(null, $object, GETPOST('attribute', 'none'));
$ret = $extrafields->setOptionalsFromPost(null, $object, GETPOST('attribute', 'restricthtml'));
if ($ret < 0) $error++;
if (!$error)
@ -216,8 +216,8 @@ if (empty($reshook))
$object->shipping_method_id = GETPOST('shipping_method_id', 'int');
$object->tracking_number = GETPOST('tracking_number', 'alpha');
$object->ref_int = GETPOST('ref_int', 'alpha');
$object->note_private = GETPOST('note_private', 'none');
$object->note_public = GETPOST('note_public', 'none');
$object->note_private = GETPOST('note_private', 'restricthtml');
$object->note_public = GETPOST('note_public', 'restricthtml');
$object->fk_incoterms = GETPOST('incoterm_id', 'int');
$object->location_incoterms = GETPOST('location_incoterms', 'alpha');

2
htdocs/expedition/shipment.php
View File

@ -190,7 +190,7 @@ if (empty($reshook))
$object->oldcopy = dol_clone($object);
// Fill array 'array_options' with data from update form
$ret = $extrafields->setOptionalsFromPost(null, $object, GETPOST('attribute', 'none'));
$ret = $extrafields->setOptionalsFromPost(null, $object, GETPOST('attribute', 'restricthtml'));
if ($ret < 0) $error++;
if (!$error)

14
htdocs/expensereport/card.php
View File

@ -60,7 +60,7 @@ $date = dol_mktime(0, 0, 0, GETPOST('datemonth', 'int'), GETPOST('dateday', 'int
$fk_project = GETPOST('fk_project', 'int');
$vatrate = GETPOST('vatrate', 'alpha');
$ref = GETPOST("ref", 'alpha');
$comments = GETPOST('comments', 'none');
$comments = GETPOST('comments', 'restricthtml');
$fk_c_type_fees = GETPOST('fk_c_type_fees', 'int');
$socid = GETPOST('socid', 'int') ?GETPOST('socid', 'int') : GETPOST('socid_id', 'int');
@ -227,8 +227,8 @@ if (empty($reshook))
$object->fk_statut = 1;
$object->fk_c_paiement = GETPOST('fk_c_paiement', 'int');
$object->fk_user_validator = GETPOST('fk_user_validator', 'int');
$object->note_public = GETPOST('note_public', 'none');
$object->note_private = GETPOST('note_private', 'none');
$object->note_public = GETPOST('note_public', 'restricthtml');
$object->note_private = GETPOST('note_private', 'restricthtml');
// Fill array 'array_options' with data from add form
if (!$error)
{
@ -280,8 +280,8 @@ if (empty($reshook))
}
$object->fk_c_paiement = GETPOST('fk_c_paiement', 'int');
$object->note_public = GETPOST('note_public', 'none');
$object->note_private = GETPOST('note_private', 'none');
$object->note_public = GETPOST('note_public', 'restricthtml');
$object->note_private = GETPOST('note_private', 'restricthtml');
$object->fk_user_modif = $user->id;
$result = $object->update($user);
@ -299,7 +299,7 @@ if (empty($reshook))
$object->oldcopy = dol_clone($object);
// Fill array 'array_options' with data from update form
$ret = $extrafields->setOptionalsFromPost(null, $object, GETPOST('attribute', 'none'));
$ret = $extrafields->setOptionalsFromPost(null, $object, GETPOST('attribute', 'restricthtml'));
if ($ret < 0) $error++;
if (!$error)
@ -1261,7 +1261,7 @@ if (empty($reshook))
$type_fees_id = GETPOST('fk_c_type_fees', 'int');
$fk_c_exp_tax_cat = GETPOST('fk_c_exp_tax_cat', 'int');
$projet_id = $fk_project;
$comments = GETPOST('comments', 'none');
$comments = GETPOST('comments', 'restricthtml');
$qty = GETPOST('qty', 'int');
$vatrate = GETPOST('vatrate', 'alpha');

2
htdocs/expensereport/payment/payment.php
View File

@ -119,7 +119,7 @@ if ($action == 'add_payment')
$payment->total = $total;
$payment->fk_typepayment = GETPOST("fk_typepayment", 'int');
$payment->num_payment = GETPOST("num_payment", 'alphanothtml');
$payment->note_public = GETPOST("note_public", 'none');
$payment->note_public = GETPOST("note_public", 'restricthtml');
if (!$error)
{

4
htdocs/externalsite/admin/externalsite.php
View File

@ -50,7 +50,7 @@ if ($action == 'update')
$db->begin();
$label = GETPOST('EXTERNALSITE_LABEL', 'alpha');
$exturl = GETPOST('EXTERNALSITE_URL', 'none');
$exturl = GETPOST('EXTERNALSITE_URL', 'restricthtml');
$i += dolibarr_set_const($db, 'EXTERNALSITE_LABEL', trim($label), 'chaine', 0, '', $conf->entity);
$i += dolibarr_set_const($db, 'EXTERNALSITE_URL', trim($exturl), 'chaine', 0, '', $conf->entity);
@ -101,7 +101,7 @@ print "</tr>";
print '<tr class="oddeven">';
print '<td class="fieldrequired">'.$langs->trans("ExternalSiteURL")."</td>";
print '<td><textarea class="flat minwidth500" name="EXTERNALSITE_URL">';
print (GETPOST('EXTERNALSITE_URL', 'none') ?GETPOST('EXTERNALSITE_URL', 'none') : (empty($conf->global->EXTERNALSITE_URL) ? '' : $conf->global->EXTERNALSITE_URL));
print (GETPOST('EXTERNALSITE_URL', 'restricthtml') ?GETPOST('EXTERNALSITE_URL', 'restricthtml') : (empty($conf->global->EXTERNALSITE_URL) ? '' : $conf->global->EXTERNALSITE_URL));
print '</textarea></td>';
print "<td>http://localhost/myurl/";
print "<br>https://wikipedia.org/";

16
htdocs/fichinter/card.php
View File

@ -65,7 +65,7 @@ $confirm = GETPOST('confirm', 'alpha');
$mesg = GETPOST('msg', 'alpha');
$origin = GETPOST('origin', 'alpha');
$originid = (GETPOST('originid', 'int') ?GETPOST('originid', 'int') : GETPOST('origin_id', 'int')); // For backward compatibility
$note_public = GETPOST('note_public', 'none');
$note_public = GETPOST('note_public', 'restricthtml');
$lineid = GETPOST('line_id', 'int');
//PDF
@ -210,8 +210,8 @@ if (empty($reshook))
$object->description = GETPOST('description', 'restricthtml');
$object->ref = $ref;
$object->model_pdf = GETPOST('model', 'alpha');
$object->note_private = GETPOST('note_private', 'none');
$object->note_public = GETPOST('note_public', 'none');
$object->note_private = GETPOST('note_private', 'restricthtml');
$object->note_public = GETPOST('note_public', 'restricthtml');
if ($object->socid > 0)
{
@ -454,7 +454,7 @@ if (empty($reshook))
// Add line
elseif ($action == "addline" && $user->rights->ficheinter->creer)
{
if (!GETPOST('np_desc', 'none') && empty($conf->global->FICHINTER_EMPTY_LINE_DESC))
if (!GETPOST('np_desc', 'restricthtml') && empty($conf->global->FICHINTER_EMPTY_LINE_DESC))
{
$mesg = '<div class="error">'.$langs->trans("ErrorFieldRequired", $langs->transnoentitiesnoconv("Description")).'</div>';
$error++;
@ -473,7 +473,7 @@ if (empty($reshook))
{
$db->begin();
$desc = GETPOST('np_desc', 'none');
$desc = GETPOST('np_desc', 'restricthtml');
$date_intervention = dol_mktime(GETPOST('dihour', 'int'), GETPOST('dimin', 'int'), 0, GETPOST('dimonth', 'int'), GETPOST('diday', 'int'), GETPOST('diyear', 'int'));
$duration = empty($conf->global->FICHINTER_WITHOUT_DURATION) ?convertTime2Seconds(GETPOST('durationhour', 'int'), GETPOST('durationmin', 'int')) : 0;
@ -701,7 +701,7 @@ if (empty($reshook))
$object->oldcopy = dol_clone($object);
// Fill array 'array_options' with data from update form
$ret = $extrafields->setOptionalsFromPost(null, $object, GETPOST('attribute', 'none'));
$ret = $extrafields->setOptionalsFromPost(null, $object, GETPOST('attribute', 'restricthtml'));
if ($ret < 0) $error++;
if (!$error)
@ -830,8 +830,8 @@ if ($action == 'create')
$soc = $objectsrc->thirdparty;
$note_private = (!empty($objectsrc->note) ? $objectsrc->note : (!empty($objectsrc->note_private) ? $objectsrc->note_private : GETPOST('note_private', 'none')));
$note_public = (!empty($objectsrc->note_public) ? $objectsrc->note_public : GETPOST('note_public', 'none'));
$note_private = (!empty($objectsrc->note) ? $objectsrc->note : (!empty($objectsrc->note_private) ? $objectsrc->note_private : GETPOST('note_private', 'restricthtml')));
$note_public = (!empty($objectsrc->note_public) ? $objectsrc->note_public : GETPOST('note_public', 'restricthtml'));
// Object source contacts list
$srccontactslist = $objectsrc->liste_contact(-1, 'external', 1);

2
htdocs/fourn/card.php
View File

@ -118,7 +118,7 @@ if (empty($reshook))
$object->oldcopy = dol_clone($object);
// Fill array 'array_options' with data from update form
$ret = $extrafields->setOptionalsFromPost(null, $object, GETPOST('attribute', 'none'));
$ret = $extrafields->setOptionalsFromPost(null, $object, GETPOST('attribute', 'restricthtml'));
if ($ret < 0) $error++;

10
htdocs/fourn/commande/card.php
View File

@ -1098,7 +1098,7 @@ if (empty($reshook))
$object->oldcopy = dol_clone($object);
// Fill array 'array_options' with data from add form
$ret = $extrafields->setOptionalsFromPost(null, $object, GETPOST('attribute', 'none'));
$ret = $extrafields->setOptionalsFromPost(null, $object, GETPOST('attribute', 'restricthtml'));
if ($ret < 0) $error++;
if (!$error)
@ -1143,8 +1143,8 @@ if (empty($reshook))
$object->cond_reglement_id = GETPOST('cond_reglement_id');
$object->mode_reglement_id = GETPOST('mode_reglement_id');
$object->fk_account = GETPOST('fk_account', 'int');
$object->note_private = GETPOST('note_private', 'none');
$object->note_public = GETPOST('note_public', 'none');
$object->note_private = GETPOST('note_private', 'restricthtml');
$object->note_public = GETPOST('note_public', 'restricthtml');
$object->date_livraison = $datelivraison;
$object->fk_incoterms = GETPOST('incoterm_id', 'int');
$object->location_incoterms = GETPOST('location_incoterms', 'alpha');
@ -1703,7 +1703,7 @@ if ($action == 'create')
print '<tr><td>'.$langs->trans('NotePublic').'</td>';
print '<td>';
$doleditor = new DolEditor('note_public', isset($note_public) ? $note_public : GETPOST('note_public', 'none'), '', 80, 'dolibarr_notes', 'In', 0, false, true, ROWS_3, '90%');
$doleditor = new DolEditor('note_public', isset($note_public) ? $note_public : GETPOST('note_public', 'restricthtml'), '', 80, 'dolibarr_notes', 'In', 0, false, true, ROWS_3, '90%');
print $doleditor->Create(1);
print '</td>';
//print '<textarea name="note_public" wrap="soft" cols="60" rows="'.ROWS_5.'"></textarea>';
@ -1711,7 +1711,7 @@ if ($action == 'create')
print '<tr><td>'.$langs->trans('NotePrivate').'</td>';
print '<td>';
$doleditor = new DolEditor('note_private', isset($note_private) ? $note_private : GETPOST('note_private', 'none'), '', 80, 'dolibarr_notes', 'In', 0, false, true, ROWS_3, '90%');
$doleditor = new DolEditor('note_private', isset($note_private) ? $note_private : GETPOST('note_private', 'restricthtml'), '', 80, 'dolibarr_notes', 'In', 0, false, true, ROWS_3, '90%');
print $doleditor->Create(1);
print '</td>';
//print '<td><textarea name="note_private" wrap="soft" cols="60" rows="'.ROWS_5.'"></textarea></td>';

4
htdocs/fourn/commande/orderstoinvoice.php
View File

@ -163,8 +163,8 @@ if (($action == 'create' || $action == 'add') && !$error) {
$object->label = (GETPOSTISSET('libelle') ? GETPOST('libelle', 'nohtml') : GETPOST('label', 'nohtml'));
$object->date = $datefacture;
$object->date_echeance = $datedue;
$object->note_public = GETPOST('note_public', 'none');
$object->note_private = GETPOST('note_private', 'none');
$object->note_public = GETPOST('note_public', 'restricthtml');
$object->note_private = GETPOST('note_private', 'restricthtml');
$object->cond_reglement_id = GETPOST('cond_reglement_id');
$object->mode_reglement_id = GETPOST('mode_reglement_id');
$projectid = GETPOST('projectid', 'int');

20
htdocs/fourn/facture/card.php
View File

@ -651,8 +651,8 @@ if (empty($reshook))
$object->libelle = GETPOST('label', 'nohtml');
$object->date = $datefacture;
$object->date_echeance = $datedue;
$object->note_public = GETPOST('note_public', 'none');
$object->note_private = GETPOST('note_private', 'none');
$object->note_public = GETPOST('note_public', 'restricthtml');
$object->note_private = GETPOST('note_private', 'restricthtml');
$object->cond_reglement_id = GETPOST('cond_reglement_id');
$object->mode_reglement_id = GETPOST('mode_reglement_id');
$object->fk_account = GETPOST('fk_account', 'int');
@ -716,8 +716,8 @@ if (empty($reshook))
$object->label = GETPOST('label', 'nohtml');
$object->date = $datefacture;
$object->date_echeance = $datedue;
$object->note_public = GETPOST('note_public', 'none');
$object->note_private = GETPOST('note_private', 'none');
$object->note_public = GETPOST('note_public', 'restricthtml');
$object->note_private = GETPOST('note_private', 'restricthtml');
$object->cond_reglement_id = GETPOST('cond_reglement_id');
$object->mode_reglement_id = GETPOST('mode_reglement_id');
$object->fk_account = GETPOST('fk_account', 'int');
@ -828,8 +828,8 @@ if (empty($reshook))
$object->libelle = $_POST['label'];
$object->date = $datefacture;
$object->date_echeance = $datedue;
$object->note_public = GETPOST('note_public', 'none');
$object->note_private = GETPOST('note_private', 'none');
$object->note_public = GETPOST('note_public', 'restricthtml');
$object->note_private = GETPOST('note_private', 'restricthtml');
$object->cond_reglement_id = GETPOST('cond_reglement_id');
$object->mode_reglement_id = GETPOST('mode_reglement_id');
$object->fk_account = GETPOST('fk_account', 'int');
@ -1057,7 +1057,7 @@ if (empty($reshook))
$productsupplier = new ProductFournisseur($db);
if (!empty($conf->global->SUPPLIER_INVOICE_WITH_PREDEFINED_PRICES_ONLY))
{
if (GETPOST('productid') > 0 && $productsupplier->get_buyprice(0, price2num($_POST['qty']), GETPOST('productid'), 'none', GETPOST('socid', 'int')) < 0)
if (GETPOST('productid') > 0 && $productsupplier->get_buyprice(0, price2num(GETPOST('qty')), GETPOST('productid', 'int'), 'restricthtml', GETPOST('socid', 'int')) < 0)
{
setEventMessages($langs->trans("ErrorQtyTooLowForThisSupplier"), null, 'warnings');
}
@ -1534,7 +1534,7 @@ if (empty($reshook))
$object->oldcopy = dol_clone($object);
// Fill array 'array_options' with data from add form
$ret = $extrafields->setOptionalsFromPost(null, $object, GETPOST('attribute', 'none'));
$ret = $extrafields->setOptionalsFromPost(null, $object, GETPOST('attribute', 'restricthtml'));
if ($ret < 0) $error++;
if (!$error)
@ -2056,7 +2056,7 @@ if ($action == 'create')
// Public note
print '<tr><td>'.$langs->trans('NotePublic').'</td>';
print '<td>';
$doleditor = new DolEditor('note_public', (GETPOSTISSET('note_public') ?GETPOST('note_public', 'none') : $note_public), '', 80, 'dolibarr_notes', 'In', 0, false, true, ROWS_3, '90%');
$doleditor = new DolEditor('note_public', (GETPOSTISSET('note_public') ?GETPOST('note_public', 'restricthtml') : $note_public), '', 80, 'dolibarr_notes', 'In', 0, false, true, ROWS_3, '90%');
print $doleditor->Create(1);
print '</td>';
// print '<td><textarea name="note" wrap="soft" cols="60" rows="'.ROWS_5.'"></textarea></td>';
@ -2065,7 +2065,7 @@ if ($action == 'create')
// Private note
print '<tr><td>'.$langs->trans('NotePrivate').'</td>';
print '<td>';
$doleditor = new DolEditor('note_private', (GETPOSTISSET('note_private') ?GETPOST('note_private', 'none') : $note_private), '', 80, 'dolibarr_notes', 'In', 0, false, true, ROWS_3, '90%');
$doleditor = new DolEditor('note_private', (GETPOSTISSET('note_private') ?GETPOST('note_private', 'restricthtml') : $note_private), '', 80, 'dolibarr_notes', 'In', 0, false, true, ROWS_3, '90%');
print $doleditor->Create(1);
print '</td>';
// print '<td><textarea name="note" wrap="soft" cols="60" rows="'.ROWS_5.'"></textarea></td>';

2
htdocs/fourn/paiement/card.php
View File

@ -54,7 +54,7 @@ if ($action == 'setnote' && $user->rights->fournisseur->facture->creer)
$db->begin();
$object->fetch($id);
$result = $object->update_note(GETPOST('note', 'none'));
$result = $object->update_note(GETPOST('note', 'restricthtml'));
if ($result > 0)
{
$db->commit();

2
htdocs/holiday/card.php
View File

@ -486,7 +486,7 @@ if (empty($reshook))
$object->oldcopy = dol_clone($object);
// Fill array 'array_options' with data from update form
$ret = $extrafields->setOptionalsFromPost(null, $object, GETPOST('attribute', 'none'));
$ret = $extrafields->setOptionalsFromPost(null, $object, GETPOST('attribute', 'restricthtml'));
if ($ret < 0) $error++;
if (!$error)

4
htdocs/install/step1.php
View File

@ -55,8 +55,8 @@ $db_user = GETPOST('db_user', 'alpha') ?GETPOST('db_user', 'alpha') : (empty($ar
$db_pass = GETPOST('db_pass', 'none') ?GETPOST('db_pass', 'none') : (empty($argv[12]) ? '' : $argv[12]);
$db_port = GETPOST('db_port', 'int') ?GETPOST('db_port', 'int') : (empty($argv[13]) ? '' : $argv[13]);
$db_prefix = GETPOST('db_prefix', 'aZ09') ?GETPOST('db_prefix', 'aZ09') : (empty($argv[14]) ? '' : $argv[14]);
$db_create_database = GETPOST('db_create_database', 'none') ?GETPOST('db_create_database', 'none') : (empty($argv[15]) ? '' : $argv[15]);
$db_create_user = GETPOST('db_create_user', 'none') ?GETPOST('db_create_user', 'none') : (empty($argv[16]) ? '' : $argv[16]);
$db_create_database = GETPOST('db_create_database', 'alpha') ?GETPOST('db_create_database', 'alpha') : (empty($argv[15]) ? '' : $argv[15]);
$db_create_user = GETPOST('db_create_user', 'alpha') ?GETPOST('db_create_user', 'alpha') : (empty($argv[16]) ? '' : $argv[16]);
// Force https
$main_force_https = ((GETPOST("main_force_https", 'alpha') && (GETPOST("main_force_https", 'alpha') == "on" || GETPOST("main_force_https", 'alpha') == 1)) ? '1' : '0');
// Use alternative directory

2
htdocs/livraison/card.php
View File

@ -189,7 +189,7 @@ if ($action == 'update_extras')
$object->oldcopy = dol_clone($object);
// Fill array 'array_options' with data from update form
$ret = $extrafields->setOptionalsFromPost(null, $object, GETPOST('attribute', 'none'));
$ret = $extrafields->setOptionalsFromPost(null, $object, GETPOST('attribute', 'restricthtml'));
if ($ret < 0) $error++;
if (!$error)

4
htdocs/loan/card.php
View File

@ -129,8 +129,8 @@ if (empty($reshook))
$object->dateend = $dateend;
$object->nbterm = GETPOST('nbterm');
$object->rate = $rate;
$object->note_private = GETPOST('note_private', 'none');
$object->note_public = GETPOST('note_public', 'none');
$object->note_private = GETPOST('note_private', 'restricthtml');
$object->note_public = GETPOST('note_public', 'restricthtml');
$object->fk_project = GETPOST('projectid', 'int');
$object->insurance_amount = GETPOST('insurance_amount', 'int');

4
htdocs/loan/payment/payment.php
View File

@ -160,8 +160,8 @@ if ($action == 'add_payment')
$payment->amount_interest = $pay_amount_insurance;
$payment->paymenttype = GETPOST('paymenttype', 'int');
$payment->num_payment = GETPOST('num_payment');
$payment->note_private = GETPOST('note_private', 'none');
$payment->note_public = GETPOST('note_public', 'none');
$payment->note_private = GETPOST('note_private', 'restricthtml');
$payment->note_public = GETPOST('note_public', 'restricthtml');
if (!$error)
{

2
htdocs/modulebuilder/admin/setup.php
View File

@ -37,7 +37,7 @@ $backtopage = GETPOST('backtopage', 'alpha');
*/
if ($action == "update")
{
$res1 = dolibarr_set_const($db, 'MODULEBUILDER_SPECIFIC_README', GETPOST('MODULEBUILDER_SPECIFIC_README', 'none'), 'chaine', 0, '', $conf->entity);
$res1 = dolibarr_set_const($db, 'MODULEBUILDER_SPECIFIC_README', GETPOST('MODULEBUILDER_SPECIFIC_README', 'restricthtml'), 'chaine', 0, '', $conf->entity);
$res2 = dolibarr_set_const($db, 'MODULEBUILDER_ASCIIDOCTOR', GETPOST('MODULEBUILDER_ASCIIDOCTOR', 'nohtml'), 'chaine', 0, '', $conf->entity);
$res3 = dolibarr_set_const($db, 'MODULEBUILDER_ASCIIDOCTORPDF', GETPOST('MODULEBUILDER_ASCIIDOCTORPDF', 'nohtml'), 'chaine', 0, '', $conf->entity);
$res4 = dolibarr_set_const($db, 'MODULEBUILDER_SPECIFIC_EDITOR_NAME', GETPOST('MODULEBUILDER_SPECIFIC_EDITOR_NAME', 'nohtml'), 'chaine', 0, '', $conf->entity);

4
htdocs/modulebuilder/index.php
View File

@ -1187,7 +1187,7 @@ if ($dirins && $action == 'addproperty' && !empty($module) && !empty($tabobj))
{
$addfieldentry = array(
'name'=>GETPOST('propname', 'aZ09'), 'label'=>GETPOST('proplabel', 'alpha'), 'type'=>GETPOST('proptype', 'alpha'),
'arrayofkeyval'=>GETPOST('proparrayofkeyval', 'none'), // Example json string '{"0":"Draft","1":"Active","-1":"Cancel"}'
'arrayofkeyval'=>GETPOST('proparrayofkeyval', 'restricthtml'), // Example json string '{"0":"Draft","1":"Active","-1":"Cancel"}'
'visible'=>GETPOST('propvisible', 'int'), 'enabled'=>GETPOST('propenabled', 'int'),
'position'=>GETPOST('propposition', 'int'), 'notnull'=>GETPOST('propnotnull', 'int'), 'index'=>GETPOST('propindex', 'int'), 'searchall'=>GETPOST('propsearchall', 'int'),
'isameasure'=>GETPOST('propisameasure', 'int'), 'comment'=>GETPOST('propcomment', 'alpha'), 'help'=>GETPOST('prophelp', 'alpha')
@ -2577,7 +2577,7 @@ if ($module == 'initmodule')
print '<td><input class="text maxwidth75" name="propname" value="'.dol_escape_htmltag(GETPOST('propname', 'alpha')).'"></td>';
print '<td><input class="text maxwidth75" name="proplabel" value="'.dol_escape_htmltag(GETPOST('proplabel', 'alpha')).'"></td>';
print '<td><input class="text maxwidth75" name="proptype" value="'.dol_escape_htmltag(GETPOST('proptype', 'alpha')).'"></td>';
print '<td><input class="text maxwidth75" name="proparrayofkeyval" value="'.dol_escape_htmltag(GETPOST('proparrayofkeyval', 'none')).'"></td>';
print '<td><input class="text maxwidth75" name="proparrayofkeyval" value="'.dol_escape_htmltag(GETPOST('proparrayofkeyval', 'restricthtml')).'"></td>';
print '<td class="center"><input class="text" size="2" name="propnotnull" value="'.dol_escape_htmltag(GETPOST('propnotnull', 'alpha')).'"></td>';
print '<td><input class="text maxwidth50" name="propdefault" value="'.dol_escape_htmltag(GETPOST('propdefault', 'alpha')).'"></td>';
print '<td class="center"><input class="text" size="2" name="propindex" value="'.dol_escape_htmltag(GETPOST('propindex', 'alpha')).'"></td>';

12
htdocs/product/card.php
View File

@ -286,9 +286,9 @@ if (empty($reshook))
$object->barcode_type_coder = $stdobject->barcode_type_coder;
$object->barcode_type_label = $stdobject->barcode_type_label;
$object->description = dol_htmlcleanlastbr(GETPOST('desc', 'none'));
$object->description = dol_htmlcleanlastbr(GETPOST('desc', 'restricthtml'));
$object->url = GETPOST('url');
$object->note_private = dol_htmlcleanlastbr(GETPOST('note_private', 'none'));
$object->note_private = dol_htmlcleanlastbr(GETPOST('note_private', 'restricthtml'));
$object->note = $object->note_private; // deprecated
$object->customcode = GETPOST('customcode', 'alphanohtml');
$object->country_id = GETPOST('country_id', 'int');
@ -389,11 +389,11 @@ if (empty($reshook))
$object->ref = $ref;
$object->label = GETPOST('label', 'alphanohtml');
$object->description = dol_htmlcleanlastbr(GETPOST('desc', 'none'));
$object->description = dol_htmlcleanlastbr(GETPOST('desc', 'restricthtml'));
$object->url = GETPOST('url');
if (!empty($conf->global->MAIN_DISABLE_NOTES_TAB))
{
$object->note_private = dol_htmlcleanlastbr(GETPOST('note_private', 'none'));
$object->note_private = dol_htmlcleanlastbr(GETPOST('note_private', 'restricthtml'));
$object->note = $object->note_private;
}
$object->customcode = GETPOST('customcode', 'alpha');
@ -1029,7 +1029,7 @@ if (is_object($objcanvas) && $objcanvas->displayCanvasExists($action))
// Description (used in invoice, propal...)
print '<tr><td class="tdtop">'.$langs->trans("Description").'</td><td colspan="3">';
$doleditor = new DolEditor('desc', GETPOST('desc', 'none'), '', 160, 'dolibarr_details', '', false, true, $conf->global->FCKEDITOR_ENABLE_PRODUCTDESC, ROWS_4, '90%');
$doleditor = new DolEditor('desc', GETPOST('desc', 'restricthtml'), '', 160, 'dolibarr_details', '', false, true, $conf->global->FCKEDITOR_ENABLE_PRODUCTDESC, ROWS_4, '90%');
$doleditor->Create();
print "</td></tr>";
@ -1178,7 +1178,7 @@ if (is_object($objcanvas) && $objcanvas->displayCanvasExists($action))
print '<tr><td class="tdtop">'.$langs->trans("NoteNotVisibleOnBill").'</td><td colspan="3">';
// We use dolibarr_details as type of DolEditor here, because we must not accept images as description is included into PDF and not accepted by TCPDF.
$doleditor = new DolEditor('note_private', GETPOST('note_private', 'none'), '', 140, 'dolibarr_details', '', false, true, $conf->global->FCKEDITOR_ENABLE_PRODUCTDESC, ROWS_8, '90%');
$doleditor = new DolEditor('note_private', GETPOST('note_private', 'restricthtml'), '', 140, 'dolibarr_details', '', false, true, $conf->global->FCKEDITOR_ENABLE_PRODUCTDESC, ROWS_8, '90%');
$doleditor->Create();
print "</td></tr>";

2
htdocs/product/stock/card.php
View File

@ -197,7 +197,7 @@ if (empty($reshook))
$object->oldcopy = dol_clone($object);
// Fill array 'array_options' with data from update form
$ret = $extrafields->setOptionalsFromPost(null, $object, GETPOST('attribute', 'none'));
$ret = $extrafields->setOptionalsFromPost(null, $object, GETPOST('attribute', 'restricthtml'));
if ($ret < 0) $error++;
if (!$error) {
$result = $object->insertExtraFields();

2
htdocs/product/stock/movement_list.php
View File

@ -193,7 +193,7 @@ if ($action == 'update_extras') {
$tmpwarehouse->oldcopy = dol_clone($tmpwarehouse);
// Fill array 'array_options' with data from update form
$ret = $extrafields->setOptionalsFromPost(null, $tmpwarehouse, GETPOST('attribute', 'none'));
$ret = $extrafields->setOptionalsFromPost(null, $tmpwarehouse, GETPOST('attribute', 'restricthtml'));
if ($ret < 0) $error++;
if (!$error) {
$result = $tmpwarehouse->insertExtraFields();

2
htdocs/product/stock/productlot_card.php
View File

@ -122,7 +122,7 @@ if (empty($reshook))
$object->oldcopy = dol_clone($object);
// Fill array 'array_options' with data from update form
$ret = $extrafields->setOptionalsFromPost(null, $object, GETPOST('attribute', 'none'));
$ret = $extrafields->setOptionalsFromPost(null, $object, GETPOST('attribute', 'restricthtml'));
if ($ret < 0) $error++;
if (!$error)

6
htdocs/projet/card.php
View File

@ -248,7 +248,7 @@ if (empty($reshook))
$old_start_date = $object->date_start;
$object->ref = GETPOST('ref', 'alpha');
$object->title = GETPOST('title', 'none'); // Do not use 'alpha' here, we want field as it is
$object->title = GETPOST('title', 'alphanohtml'); // Do not use 'alpha' here, we want field as it is
$object->statut = GETPOST('status', 'int');
$object->socid = GETPOST('socid', 'int');
$object->description = GETPOST('description', 'restricthtml'); // Do not use 'alpha' here, we want field as it is
@ -529,7 +529,7 @@ if ($action == 'create' && $user->rights->projet->creer)
print '</td></tr>';
// Label
print '<tr><td><span class="fieldrequired">'.$langs->trans("Label").'</span></td><td><input class="minwidth500" type="text" name="title" value="'.dol_escape_htmltag(GETPOST("title", 'none')).'" autofocus></td></tr>';
print '<tr><td><span class="fieldrequired">'.$langs->trans("Label").'</span></td><td><input class="minwidth500" type="text" name="title" value="'.dol_escape_htmltag(GETPOST("title", 'restricthtml')).'" autofocus></td></tr>';
// Usage (opp, task, bill time, ...)
print '<tr><td class="tdtop">';
@ -653,7 +653,7 @@ if ($action == 'create' && $user->rights->projet->creer)
// Description
print '<tr><td class="tdtop">'.$langs->trans("Description").'</td>';
print '<td>';
$doleditor = new DolEditor('description', GETPOST("description", 'none'), '', 90, 'dolibarr_notes', '', false, true, $conf->global->FCKEDITOR_ENABLE_SOCIETE, ROWS_3, '90%');
$doleditor = new DolEditor('description', GETPOST("description", 'restricthtml'), '', 90, 'dolibarr_notes', '', false, true, $conf->global->FCKEDITOR_ENABLE_SOCIETE, ROWS_3, '90%');
$doleditor->Create();
print '</td></tr>';

4
htdocs/public/members/new.php
View File

@ -580,7 +580,7 @@ print '</td></tr>';
print '<tr id="trcompany" class="trcompany"><td>'.$langs->trans("Company").'</td><td><input type="text" name="societe" class="minwidth150" value="'.dol_escape_htmltag(GETPOST('societe')).'"></td></tr>'."\n";
// Address
print '<tr><td>'.$langs->trans("Address").'</td><td>'."\n";
print '<textarea name="address" id="address" wrap="soft" class="quatrevingtpercent" rows="'.ROWS_3.'">'.dol_escape_htmltag(GETPOST('address', 'none'), 0, 1).'</textarea></td></tr>'."\n";
print '<textarea name="address" id="address" wrap="soft" class="quatrevingtpercent" rows="'.ROWS_3.'">'.dol_escape_htmltag(GETPOST('address', 'restricthtml'), 0, 1).'</textarea></td></tr>'."\n";
// Zip / Town
print '<tr><td>'.$langs->trans('Zip').' / '.$langs->trans('Town').'</td><td>';
print $formcompany->select_ziptown(GETPOST('zipcode'), 'zipcode', array('town', 'selectcountry_id', 'state_id'), 6, 1);
@ -636,7 +636,7 @@ include DOL_DOCUMENT_ROOT.'/core/tpl/extrafields_add.tpl.php';
// Comments
print '<tr>';
print '<td class="tdtop">'.$langs->trans("Comments").'</td>';
print '<td class="tdtop"><textarea name="note_private" id="note_private" wrap="soft" class="quatrevingtpercent" rows="'.ROWS_3.'">'.dol_escape_htmltag(GETPOST('note_private', 'none'), 0, 1).'</textarea></td>';
print '<td class="tdtop"><textarea name="note_private" id="note_private" wrap="soft" class="quatrevingtpercent" rows="'.ROWS_3.'">'.dol_escape_htmltag(GETPOST('note_private', 'restricthtml'), 0, 1).'</textarea></td>';
print '</tr>'."\n";
// Add specific fields used by Dolibarr foundation for example

4
htdocs/public/opensurvey/studs.php
View File

@ -66,7 +66,7 @@ if (GETPOST('ajoutcomment', 'alpha'))
$error = 0;
$comment = GETPOST("comment", 'none');
$comment = GETPOST("comment", 'restricthtml');
$comment_user = GETPOST('commentuser', 'nohtml');
if (!$comment)
@ -733,7 +733,7 @@ if ($comments)
if ($object->allow_comments) {
print '<div class="addcomment"><span class="opacitymedium">'.$langs->trans("AddACommentForPoll")."</span><br>\n";
print '<textarea name="comment" rows="'.ROWS_2.'" class="quatrevingtpercent">'.dol_escape_htmltag(GETPOST('comment', 'none'), 0, 1).'</textarea><br>'."\n";
print '<textarea name="comment" rows="'.ROWS_2.'" class="quatrevingtpercent">'.dol_escape_htmltag(GETPOST('comment', 'restricthtml'), 0, 1).'</textarea><br>'."\n";
print $langs->trans("Name").': ';
print '<input type="text" name="commentuser" maxlength="64" value="'.GETPOST('commentuser', 'nohtml').'"> &nbsp; '."\n";
print '<input type="submit" class="button" name="ajoutcomment" value="'.dol_escape_htmltag($langs->trans("AddComment")).'"><br>'."\n";

2
htdocs/public/payment/paymentko.php
View File

@ -251,7 +251,7 @@ $key = 'ONLINE_PAYMENT_MESSAGE_KO';
if (!empty($conf->global->$key)) print $conf->global->$key;
$type = GETPOST('s', 'alpha');
$ref = GETPOST('ref', 'none');
$ref = GETPOST('ref', 'alphanohtml');
$tag = GETPOST('tag', 'alpha');
require_once DOL_DOCUMENT_ROOT.'/core/lib/payments.lib.php';
if ($type || $tag)

8
htdocs/public/ticket/create_ticket.php
View File

@ -114,11 +114,11 @@ if ($action == 'create_ticket' && GETPOST('add', 'alpha')) {
}
}
if (!GETPOST("subject", "none")) {
if (!GETPOST("subject", "restricthtml")) {
$error++;
array_push($object->errors, $langs->trans("ErrorFieldRequired", $langs->transnoentities("Subject")));
$action = '';
} elseif (!GETPOST("message", "none")) {
} elseif (!GETPOST("message", "restricthtml")) {
$error++;
array_push($object->errors, $langs->trans("ErrorFieldRequired", $langs->transnoentities("message")));
$action = '';
@ -136,8 +136,8 @@ if ($action == 'create_ticket' && GETPOST('add', 'alpha')) {
$object->track_id = generate_random_id(16);
$object->subject = GETPOST("subject", "none");
$object->message = GETPOST("message", "none");
$object->subject = GETPOST("subject", "restricthtml");
$object->message = GETPOST("message", "restricthtml");
$object->origin_email = $origin_email;
$object->type_code = GETPOST("type_code", 'aZ09');

7
htdocs/reception/card.php
View File

@ -189,7 +189,7 @@ if (empty($reshook))
$object->oldcopy = dol_clone($object);
// Fill array 'array_options' with data from update form
$ret = $extrafields->setOptionalsFromPost(null, $object, GETPOST('attribute', 'none'));
$ret = $extrafields->setOptionalsFromPost(null, $object, GETPOST('attribute', 'restricthtml'));
if ($ret < 0) $error++;
if (!$error)
@ -246,9 +246,8 @@ if (empty($reshook))
$object->fk_delivery_address = $objectsrc->fk_delivery_address;
$object->shipping_method_id = GETPOST('shipping_method_id', 'int');
$object->tracking_number = GETPOST('tracking_number', 'alpha');
$object->ref_int = GETPOST('ref_int', 'alpha');
$object->note_private = GETPOST('note_private', 'none');
$object->note_public = GETPOST('note_public', 'none');
$object->note_private = GETPOST('note_private', 'restricthtml');
$object->note_public = GETPOST('note_public', 'restricthtml');
$object->fk_incoterms = GETPOST('incoterm_id', 'int');
$object->location_incoterms = GETPOST('location_incoterms', 'alpha');

2
htdocs/recruitment/recruitmentjobposition_card.php
View File

@ -175,7 +175,7 @@ if (empty($reshook))
{
$db->begin();
$result = $object->cloture($user, GETPOST('status', 'int'), GETPOST('note_private', 'none'));
$result = $object->cloture($user, GETPOST('status', 'int'), GETPOST('note_private', 'restricthtml'));
if ($result < 0)
{
setEventMessages($object->error, $object->errors, 'errors');

2
htdocs/salaries/card.php
View File

@ -100,7 +100,7 @@ if ($action == 'add' && empty($cancel))
$object->label = GETPOST("label", 'alphanohtml');
$object->datesp = $datesp;
$object->dateep = $dateep;
$object->note = GETPOST("note", 'none');
$object->note = GETPOST("note", 'restricthtml');
$object->type_payment = ($type_payment > 0 ? $type_payment : 0);
$object->num_payment = GETPOST("num_payment", 'alphanohtml');
$object->fk_user_author = $user->id;

2
htdocs/salaries/list.php
View File

@ -56,7 +56,7 @@ if (!$sortfield) $sortfield = "s.datep,s.rowid";
if (!$sortorder) $sortorder = "DESC,DESC";
$optioncss = GETPOST('optioncss', 'alpha');
$filtre = GETPOST("filtre", 'none');
$filtre = GETPOST("filtre", 'restricthtml');
if (!GETPOST('typeid', 'int'))
{

2
htdocs/societe/card.php
View File

@ -343,7 +343,7 @@ if (empty($reshook))
// Fill array 'array_options' with data from update form
$extrafields->fetch_name_optionals_label($object->table_element);
$ret = $extrafields->setOptionalsFromPost(null, $object, GETPOST('attribute', 'none'));
$ret = $extrafields->setOptionalsFromPost(null, $object, GETPOST('attribute', 'restricthtml'));
if ($ret < 0) $error++;
if (!$error)

Some files were not shown because too many files have changed in this diff Show More