diff --git a/htdocs/bookmarks/bookmarks.lib.php b/htdocs/bookmarks/bookmarks.lib.php index f8daff1cd14..8eef3396eaa 100644 --- a/htdocs/bookmarks/bookmarks.lib.php +++ b/htdocs/bookmarks/bookmarks.lib.php @@ -36,28 +36,39 @@ function printDropdownBookmarksList() $langs->load("bookmarks"); + $authorized_var=array('limit','optioncss','contextpage'); $url = $_SERVER["PHP_SELF"]; - + $url_param=array(); if (!empty($_SERVER["QUERY_STRING"])) { - $url .= (dol_escape_htmltag($_SERVER["QUERY_STRING"]) ? '?'.dol_escape_htmltag($_SERVER["QUERY_STRING"]) : ''); - } else { - global $sortfield, $sortorder; - $tmpurl = ''; - // No urlencode, all param $url will be urlencoded later - if ($sortfield) { - $tmpurl .= ($tmpurl ? '&' : '').'sortfield='.urlencode($sortfield); - } - if ($sortorder) { - $tmpurl .= ($tmpurl ? '&' : '').'sortorder='.urlencode($sortorder); - } - if (is_array($_POST)) { - foreach ($_POST as $key => $val) { - if (preg_match('/^search_/', $key) && $val != '') { - $tmpurl .= ($tmpurl ? '&' : '').http_build_query(array($key => $val)); + if (is_array($_GET)) { + foreach ($_GET as $key => $val) { + if ($val != '') { + $url_param[$key]=http_build_query(array(dol_escape_htmltag($key) => dol_escape_htmltag($val))); } } } - $url .= ($tmpurl ? '?'.$tmpurl : ''); + } + global $sortfield, $sortorder; + $tmpurl = ''; + // No urlencode, all param $url will be urlencoded later + if ($sortfield) { + $tmpurl .= ($tmpurl ? '&' : '').'sortfield='.urlencode($sortfield); + } + if ($sortorder) { + $tmpurl .= ($tmpurl ? '&' : '').'sortorder='.urlencode($sortorder); + } + if (is_array($_POST)) { + foreach ($_POST as $key => $val) { + if ((preg_match('/^search_/', $key) || in_array($key, $authorized_var)) + && $val != '' + && !array_key_exists($key, $url_param)) { + $url_param[$key]=http_build_query(array(dol_escape_htmltag($key) => dol_escape_htmltag($val))); + } + } + } + $url .= ($tmpurl ? '?'.$tmpurl : ''); + if (!empty($url_param)) { + $url .= '&'.implode('&', $url_param); } $searchForm = ''."\n";