From ce1f8289a42be7704ab2b15a4aaab3c453104bd5 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Mon, 29 Mar 2021 15:07:23 +0200 Subject: [PATCH] FIX #yogosha5746 --- htdocs/comm/propal/card.php | 2 +- htdocs/comm/propal/contact.php | 2 +- htdocs/commande/card.php | 2 +- htdocs/commande/contact.php | 4 ++-- htdocs/compta/facture/card.php | 2 +- htdocs/compta/facture/contact.php | 2 +- htdocs/contrat/card.php | 24 ++++++++++--------- htdocs/contrat/contact.php | 4 ++-- htdocs/core/class/commonobject.class.php | 2 +- .../conferenceorbooth_contact.php | 2 +- htdocs/expedition/contact.php | 2 +- htdocs/fourn/commande/card.php | 4 ++-- htdocs/fourn/commande/contact.php | 4 ++-- htdocs/fourn/facture/card.php | 4 ++-- htdocs/fourn/facture/contact.php | 4 ++-- .../template/myobject_contact.php | 2 +- htdocs/projet/tasks/contact.php | 4 ++-- htdocs/reception/contact.php | 2 +- htdocs/societe/societecontact.php | 4 ++-- htdocs/supplier_proposal/contact.php | 2 +- 20 files changed, 40 insertions(+), 38 deletions(-) diff --git a/htdocs/comm/propal/card.php b/htdocs/comm/propal/card.php index cecb4fff28a..3844373328d 100644 --- a/htdocs/comm/propal/card.php +++ b/htdocs/comm/propal/card.php @@ -1387,7 +1387,7 @@ if (empty($reshook)) { } elseif ($action == 'swapstatut') { // Toggle the status of a contact if ($object->fetch($id) > 0) { - $result = $object->swapContactStatus(GETPOST('ligne')); + $result = $object->swapContactStatus(GETPOST('ligne', 'int')); } else { dol_print_error($db); } diff --git a/htdocs/comm/propal/contact.php b/htdocs/comm/propal/contact.php index 60d3836cfcb..3bbe232be6e 100644 --- a/htdocs/comm/propal/contact.php +++ b/htdocs/comm/propal/contact.php @@ -93,7 +93,7 @@ if ($action == 'addcontact' && $user->rights->propale->creer) { } elseif ($action == 'swapstatut' && $user->rights->propale->creer) { // Toggle the status of a contact if ($object->id > 0) { - $result = $object->swapContactStatus(GETPOST('ligne')); + $result = $object->swapContactStatus(GETPOST('ligne', 'int')); } } elseif ($action == 'deletecontact' && $user->rights->propale->creer) { // Deletes a contact diff --git a/htdocs/commande/card.php b/htdocs/commande/card.php index a46e7df6b75..8e0dc91756c 100644 --- a/htdocs/commande/card.php +++ b/htdocs/commande/card.php @@ -1370,7 +1370,7 @@ if (empty($reshook)) { } elseif ($action == 'swapstatut') { // bascule du statut d'un contact if ($object->id > 0) { - $result = $object->swapContactStatus(GETPOST('ligne')); + $result = $object->swapContactStatus(GETPOST('ligne', 'int')); } else { dol_print_error($db); } diff --git a/htdocs/commande/contact.php b/htdocs/commande/contact.php index 0a576707e73..5e11c5cb030 100644 --- a/htdocs/commande/contact.php +++ b/htdocs/commande/contact.php @@ -75,14 +75,14 @@ if ($action == 'addcontact' && $user->rights->commande->creer) { } elseif ($action == 'swapstatut' && $user->rights->commande->creer) { // bascule du statut d'un contact if ($object->fetch($id)) { - $result = $object->swapContactStatus(GETPOST('ligne')); + $result = $object->swapContactStatus(GETPOST('ligne', 'int')); } else { dol_print_error($db); } } elseif ($action == 'deletecontact' && $user->rights->commande->creer) { // Efface un contact $object->fetch($id); - $result = $object->delete_contact($_GET["lineid"]); + $result = $object->delete_contact(GETPOST("lineid", 'int')); if ($result >= 0) { header("Location: ".$_SERVER['PHP_SELF']."?id=".$object->id); diff --git a/htdocs/compta/facture/card.php b/htdocs/compta/facture/card.php index 35f4a3cb140..417ecfeb2e2 100644 --- a/htdocs/compta/facture/card.php +++ b/htdocs/compta/facture/card.php @@ -2773,7 +2773,7 @@ if (empty($reshook)) { } elseif ($action == 'swapstatut') { // bascule du statut d'un contact if ($object->fetch($id)) { - $result = $object->swapContactStatus(GETPOST('ligne')); + $result = $object->swapContactStatus(GETPOST('ligne', 'int')); } else { dol_print_error($db); } diff --git a/htdocs/compta/facture/contact.php b/htdocs/compta/facture/contact.php index 19e76b15c5c..2105e197e1f 100644 --- a/htdocs/compta/facture/contact.php +++ b/htdocs/compta/facture/contact.php @@ -82,7 +82,7 @@ if ($action == 'addcontact' && $user->rights->facture->creer) { } } elseif ($action == 'swapstatut' && $user->rights->facture->creer) { // Toggle the status of a contact - $result = $object->swapContactStatus(GETPOST('ligne')); + $result = $object->swapContactStatus(GETPOST('ligne', 'int')); } elseif ($action == 'deletecontact' && $user->rights->facture->creer) { // Deletes a contact $result = $object->delete_contact($lineid); diff --git a/htdocs/contrat/card.php b/htdocs/contrat/card.php index 88627ca0698..5c0ad2747ba 100644 --- a/htdocs/contrat/card.php +++ b/htdocs/contrat/card.php @@ -54,6 +54,8 @@ $langs->loadLangs(array("contracts", "orders", "companies", "bills", "products", $action = GETPOST('action', 'aZ09'); $confirm = GETPOST('confirm', 'alpha'); +$cancel = GETPOST('cancel', 'alpha'); + $socid = GETPOST('socid', 'int'); $id = GETPOST('id', 'int'); $ref = GETPOST('ref', 'alpha'); @@ -113,7 +115,7 @@ if (empty($reshook)) { include DOL_DOCUMENT_ROOT.'/core/actions_dellink.inc.php'; // Must be include, not include_once if ($action == 'confirm_active' && $confirm == 'yes' && $user->rights->contrat->activer) { - $result = $object->active_line($user, GETPOST('ligne'), GETPOST('date'), GETPOST('dateend'), GETPOST('comment')); + $result = $object->active_line($user, GETPOST('ligne', 'int'), GETPOST('date'), GETPOST('dateend'), GETPOST('comment')); if ($result > 0) { header("Location: ".$_SERVER['PHP_SELF']."?id=".$object->id); @@ -127,7 +129,7 @@ if (empty($reshook)) { setEventMessages($langs->trans("ErrorFieldRequired", $langs->transnoentitiesnoconv("DateEnd")), null, 'errors'); } if (!$error) { - $result = $object->close_line($user, GETPOST('ligne'), GETPOST('dateend'), urldecode(GETPOST('comment'))); + $result = $object->close_line($user, GETPOST('ligne', 'int'), GETPOST('dateend'), urldecode(GETPOST('comment'))); if ($result > 0) { header("Location: ".$_SERVER['PHP_SELF']."?id=".$object->id); exit; @@ -931,10 +933,10 @@ if (empty($reshook)) { } } elseif ($action == 'swapstatut') { // bascule du statut d'un contact - $result = $object->swapContactStatus(GETPOST('ligne')); + $result = $object->swapContactStatus(GETPOST('ligne', 'int')); } elseif ($action == 'deletecontact') { // Efface un contact - $result = $object->delete_contact(GETPOST('lineid')); + $result = $object->delete_contact(GETPOST('lineid', 'int')); if ($result >= 0) { header("Location: ".$_SERVER['PHP_SELF']."?id=".$object->id); @@ -1747,25 +1749,25 @@ if ($action == 'create') { 'text' => $langs->trans("ConfirmMoveToAnotherContractQuestion"), array('type' => 'select', 'name' => 'newcid', 'values' => $arraycontractid)); - print $form->formconfirm($_SERVER["PHP_SELF"]."?id=".$object->id."&lineid=".GETPOST('rowid'), $langs->trans("MoveToAnotherContract"), $langs->trans("ConfirmMoveToAnotherContract"), "confirm_move", $formquestion); + print $form->formconfirm($_SERVER["PHP_SELF"]."?id=".$object->id."&lineid=".GETPOST('rowid', 'int'), $langs->trans("MoveToAnotherContract"), $langs->trans("ConfirmMoveToAnotherContract"), "confirm_move", $formquestion); print '
'; } /* * Confirmation de la validation activation */ - if ($action == 'active' && !$_REQUEST["cancel"] && $user->rights->contrat->activer && $object->lines[$cursorline - 1]->id == GETPOST('ligne')) { + if ($action == 'active' && !$cancel && $user->rights->contrat->activer && $object->lines[$cursorline - 1]->id == GETPOST('ligne', 'int')) { $dateactstart = dol_mktime(12, 0, 0, GETPOST('remonth'), GETPOST('reday'), GETPOST('reyear')); $dateactend = dol_mktime(12, 0, 0, GETPOST('endmonth'), GETPOST('endday'), GETPOST('endyear')); $comment = GETPOST('comment', 'alpha'); - print $form->formconfirm($_SERVER["PHP_SELF"]."?id=".$object->id."&ligne=".GETPOST('ligne')."&date=".$dateactstart."&dateend=".$dateactend."&comment=".urlencode($comment), $langs->trans("ActivateService"), $langs->trans("ConfirmActivateService", dol_print_date($dateactstart, "%A %d %B %Y")), "confirm_active", '', 0, 1); + print $form->formconfirm($_SERVER["PHP_SELF"]."?id=".$object->id."&ligne=".GETPOST('ligne', 'int')."&date=".$dateactstart."&dateend=".$dateactend."&comment=".urlencode($comment), $langs->trans("ActivateService"), $langs->trans("ConfirmActivateService", dol_print_date($dateactstart, "%A %d %B %Y")), "confirm_active", '', 0, 1); print '
'; } /* * Confirmation de la validation fermeture */ - if ($action == 'closeline' && !$_REQUEST["cancel"] && $user->rights->contrat->activer && $object->lines[$cursorline - 1]->id == GETPOST('ligne')) { + if ($action == 'closeline' && !$cancel && $user->rights->contrat->activer && $object->lines[$cursorline - 1]->id == GETPOST('ligne', 'int')) { $dateactstart = dol_mktime(12, 0, 0, GETPOST('remonth'), GETPOST('reday'), GETPOST('reyear')); $dateactend = dol_mktime(12, 0, 0, GETPOST('endmonth'), GETPOST('endday'), GETPOST('endyear')); $comment = GETPOST('comment', 'alpha'); @@ -1843,8 +1845,8 @@ if ($action == 'create') { } // Form to activate line - if ($user->rights->contrat->activer && $action == 'activateline' && $object->lines[$cursorline - 1]->id == GETPOST('ligne')) { - print '
'; + if ($user->rights->contrat->activer && $action == 'activateline' && $object->lines[$cursorline - 1]->id == GETPOST('ligne', 'int')) { + print ''; print ''; print ''; @@ -1893,7 +1895,7 @@ if ($action == 'create') { print ''; } - if ($user->rights->contrat->activer && $action == 'unactivateline' && $object->lines[$cursorline - 1]->id == GETPOST('ligne')) { + if ($user->rights->contrat->activer && $action == 'unactivateline' && $object->lines[$cursorline - 1]->id == GETPOST('ligne', 'int')) { /** * Disable a contract line */ diff --git a/htdocs/contrat/contact.php b/htdocs/contrat/contact.php index 35b7268109b..3d0be4d9552 100644 --- a/htdocs/contrat/contact.php +++ b/htdocs/contrat/contact.php @@ -85,7 +85,7 @@ if ($action == 'addcontact' && $user->rights->contrat->creer) { // bascule du statut d'un contact if ($action == 'swapstatut' && $user->rights->contrat->creer) { if ($object->fetch($id)) { - $result = $object->swapContactStatus(GETPOST('ligne')); + $result = $object->swapContactStatus(GETPOST('ligne', 'int')); } else { dol_print_error($db, $object->error); } @@ -94,7 +94,7 @@ if ($action == 'swapstatut' && $user->rights->contrat->creer) { // Delete contact if ($action == 'deletecontact' && $user->rights->contrat->creer) { $object->fetch($id); - $result = $object->delete_contact($_GET["lineid"]); + $result = $object->delete_contact(GETPOST("lineid", 'int')); if ($result >= 0) { header("Location: ".$_SERVER['PHP_SELF']."?id=".$object->id); diff --git a/htdocs/core/class/commonobject.class.php b/htdocs/core/class/commonobject.class.php index 8fa0ad9c8a5..ffe1706ee03 100644 --- a/htdocs/core/class/commonobject.class.php +++ b/htdocs/core/class/commonobject.class.php @@ -1338,7 +1338,7 @@ abstract class CommonObject $sql = "SELECT ec.datecreate, ec.statut, ec.fk_socpeople, ec.fk_c_type_contact,"; $sql .= " tc.code, tc.libelle"; $sql .= " FROM (".MAIN_DB_PREFIX."element_contact as ec, ".MAIN_DB_PREFIX."c_type_contact as tc)"; - $sql .= " WHERE ec.rowid =".$rowid; + $sql .= " WHERE ec.rowid =".((int) $rowid); $sql .= " AND ec.fk_c_type_contact=tc.rowid"; $sql .= " AND tc.element = '".$this->db->escape($this->element)."'"; diff --git a/htdocs/eventorganization/conferenceorbooth_contact.php b/htdocs/eventorganization/conferenceorbooth_contact.php index d42cc78adcb..d93c76576a6 100644 --- a/htdocs/eventorganization/conferenceorbooth_contact.php +++ b/htdocs/eventorganization/conferenceorbooth_contact.php @@ -110,7 +110,7 @@ if ($action == 'addcontact' && $permission) { // Add a new contact } } elseif ($action == 'swapstatut' && $permission) { // Toggle the status of a contact - $result = $object->swapContactStatus(GETPOST('ligne')); + $result = $object->swapContactStatus(GETPOST('ligne', 'int')); } elseif ($action == 'deletecontact' && $permission) { // Deletes a contact $result = $object->delete_contact($lineid); diff --git a/htdocs/expedition/contact.php b/htdocs/expedition/contact.php index 174b97b4a7e..d1bcab57412 100644 --- a/htdocs/expedition/contact.php +++ b/htdocs/expedition/contact.php @@ -96,7 +96,7 @@ if ($action == 'addcontact' && $user->rights->expedition->creer) { } } elseif ($action == 'swapstatut' && $user->rights->expedition->creer) { // bascule du statut d'un contact - $result = $objectsrc->swapContactStatus(GETPOST('ligne')); + $result = $objectsrc->swapContactStatus(GETPOST('ligne', 'int')); } elseif ($action == 'deletecontact' && $user->rights->expedition->creer) { // Efface un contact $result = $objectsrc->delete_contact(GETPOST("lineid")); diff --git a/htdocs/fourn/commande/card.php b/htdocs/fourn/commande/card.php index 6def24cf64b..f178a2d4ea1 100644 --- a/htdocs/fourn/commande/card.php +++ b/htdocs/fourn/commande/card.php @@ -1436,10 +1436,10 @@ if (empty($reshook)) { } } elseif ($action == 'swapstatut' && $object->id > 0) { // bascule du statut d'un contact - $result = $object->swapContactStatus(GETPOST('ligne')); + $result = $object->swapContactStatus(GETPOST('ligne', 'int')); } elseif ($action == 'deletecontact' && $object->id > 0) { // Efface un contact - $result = $object->delete_contact($_GET["lineid"]); + $result = $object->delete_contact(GETPOST("lineid", 'int')); if ($result >= 0) { header("Location: ".$_SERVER['PHP_SELF']."?id=".$object->id); diff --git a/htdocs/fourn/commande/contact.php b/htdocs/fourn/commande/contact.php index ae2e8bab481..2ff1c97e3e5 100644 --- a/htdocs/fourn/commande/contact.php +++ b/htdocs/fourn/commande/contact.php @@ -76,14 +76,14 @@ if ($action == 'addcontact' && $user->rights->fournisseur->commande->creer) { } elseif ($action == 'swapstatut' && $user->rights->fournisseur->commande->creer) { // Toggle the status of a contact if ($object->fetch($id)) { - $result = $object->swapContactStatus(GETPOST('ligne')); + $result = $object->swapContactStatus(GETPOST('ligne', 'int')); } else { dol_print_error($db); } } elseif ($action == 'deletecontact' && $user->rights->fournisseur->commande->creer) { // Deleting a contact $object->fetch($id); - $result = $object->delete_contact($_GET["lineid"]); + $result = $object->delete_contact(GETPOST("lineid", 'int')); if ($result >= 0) { header("Location: ".$_SERVER['PHP_SELF']."?id=".$object->id); diff --git a/htdocs/fourn/facture/card.php b/htdocs/fourn/facture/card.php index 0312c851de3..a033be48f08 100644 --- a/htdocs/fourn/facture/card.php +++ b/htdocs/fourn/facture/card.php @@ -1588,14 +1588,14 @@ if (empty($reshook)) { } elseif ($action == 'swapstatut') { // bascule du statut d'un contact if ($object->fetch($id)) { - $result = $object->swapContactStatus(GETPOST('ligne')); + $result = $object->swapContactStatus(GETPOST('ligne', 'int')); } else { dol_print_error($db); } } elseif ($action == 'deletecontact') { // Efface un contact $object->fetch($id); - $result = $object->delete_contact($_GET["lineid"]); + $result = $object->delete_contact(GETPOST("lineid", 'int')); if ($result >= 0) { header("Location: ".$_SERVER['PHP_SELF']."?id=".$object->id); diff --git a/htdocs/fourn/facture/contact.php b/htdocs/fourn/facture/contact.php index 4f450bca3c4..1284ee293be 100644 --- a/htdocs/fourn/facture/contact.php +++ b/htdocs/fourn/facture/contact.php @@ -76,14 +76,14 @@ if ($action == 'addcontact' && $user->rights->fournisseur->facture->creer) { } elseif ($action == 'swapstatut' && $user->rights->fournisseur->facture->creer) { // bascule du statut d'un contact if ($object->fetch($id)) { - $result = $object->swapContactStatus(GETPOST('ligne')); + $result = $object->swapContactStatus(GETPOST('ligne', 'int')); } else { dol_print_error($db); } } elseif ($action == 'deletecontact' && $user->rights->fournisseur->facture->creer) { // Efface un contact $object->fetch($id); - $result = $object->delete_contact($_GET["lineid"]); + $result = $object->delete_contact(GETPOST("lineid", 'int')); if ($result >= 0) { header("Location: ".$_SERVER['PHP_SELF']."?id=".$object->id); diff --git a/htdocs/modulebuilder/template/myobject_contact.php b/htdocs/modulebuilder/template/myobject_contact.php index 6d6345d9b99..4817efe5e9b 100644 --- a/htdocs/modulebuilder/template/myobject_contact.php +++ b/htdocs/modulebuilder/template/myobject_contact.php @@ -107,7 +107,7 @@ if ($action == 'addcontact' && $permission) { } } elseif ($action == 'swapstatut' && $permission) { // Toggle the status of a contact - $result = $object->swapContactStatus(GETPOST('ligne')); + $result = $object->swapContactStatus(GETPOST('ligne', 'int')); } elseif ($action == 'deletecontact' && $permission) { // Deletes a contact $result = $object->delete_contact($lineid); diff --git a/htdocs/projet/tasks/contact.php b/htdocs/projet/tasks/contact.php index c6a7fcb3b45..3aa5c3b8830 100644 --- a/htdocs/projet/tasks/contact.php +++ b/htdocs/projet/tasks/contact.php @@ -104,7 +104,7 @@ if ($action == 'addcontact' && $user->rights->projet->creer) { // bascule du statut d'un contact if ($action == 'swapstatut' && $user->rights->projet->creer) { if ($object->fetch($id, $ref)) { - $result = $object->swapContactStatus(GETPOST('ligne')); + $result = $object->swapContactStatus(GETPOST('ligne', 'int')); } else { dol_print_error($db); } @@ -113,7 +113,7 @@ if ($action == 'swapstatut' && $user->rights->projet->creer) { // Efface un contact if ($action == 'deleteline' && $user->rights->projet->creer) { $object->fetch($id, $ref); - $result = $object->delete_contact($_GET["lineid"]); + $result = $object->delete_contact(GETPOST("lineid", 'int')); if ($result >= 0) { header("Location: ".$_SERVER["PHP_SELF"]."?id=".$object->id.($withproject ? '&withproject=1' : '')); diff --git a/htdocs/reception/contact.php b/htdocs/reception/contact.php index f925388f0b6..58e046ec0bb 100644 --- a/htdocs/reception/contact.php +++ b/htdocs/reception/contact.php @@ -107,7 +107,7 @@ if ($action == 'addcontact' && $user->rights->reception->creer) { } } elseif ($action == 'swapstatut' && $user->rights->reception->creer) { // bascule du statut d'un contact - $result = $objectsrc->swapContactStatus(GETPOST('ligne')); + $result = $objectsrc->swapContactStatus(GETPOST('ligne', 'int')); } elseif ($action == 'deletecontact' && $user->rights->reception->creer) { // Efface un contact $result = $objectsrc->delete_contact(GETPOST("lineid")); diff --git a/htdocs/societe/societecontact.php b/htdocs/societe/societecontact.php index 449fd9d7811..c37f61e4fe2 100644 --- a/htdocs/societe/societecontact.php +++ b/htdocs/societe/societecontact.php @@ -95,14 +95,14 @@ if ($action == 'addcontact' && $user->rights->societe->creer) { } elseif ($action == 'swapstatut' && $user->rights->societe->creer) { // bascule du statut d'un contact if ($object->fetch($id)) { - $result = $object->swapContactStatus(GETPOST('ligne')); + $result = $object->swapContactStatus(GETPOST('ligne', 'int')); } else { dol_print_error($db); } } elseif ($action == 'deletecontact' && $user->rights->societe->creer) { // Efface un contact $object->fetch($id); - $result = $object->delete_contact($_GET["lineid"]); + $result = $object->delete_contact(GETPOST("lineid", 'int')); if ($result >= 0) { header("Location: ".$_SERVER['PHP_SELF']."?id=".$object->id); diff --git a/htdocs/supplier_proposal/contact.php b/htdocs/supplier_proposal/contact.php index d106ce0506f..f50b422d887 100644 --- a/htdocs/supplier_proposal/contact.php +++ b/htdocs/supplier_proposal/contact.php @@ -75,7 +75,7 @@ if ($action == 'addcontact' && $permissiontoedit) { } elseif ($action == 'swapstatut' && $permissiontoedit) { // Toggle the status of a contact if ($object->fetch($id)) { - $result = $object->swapContactStatus(GETPOST('ligne')); + $result = $object->swapContactStatus(GETPOST('ligne', 'int')); } else { dol_print_error($db); }