Fix: Removed urldecode used on superglobal _GET and _POST and _REQUEST... since they are already decoded by PHP.
This commit is contained in:
Laurent Destailleur
parent
8906d988ed
commit
d222a78c62
@ -30,7 +30,7 @@ require("./pre.inc.php");
|
||||
require_once(DOL_DOCUMENT_ROOT."/lib/admin.lib.php");
|
||||
|
||||
$mode=isset($_GET["mode"])?$_GET["mode"]:(isset($_SESSION['mode'])?$_SESSION['mode']:0);
|
||||
$mesg=isset($_GET["mesg"])?urldecode($_GET["mesg"]):"";
|
||||
$mesg=isset($_GET["mesg"])?$_GET["mesg"]:"";
|
||||
|
||||
if (!$user->admin)
|
||||
accessforbidden();
|
||||
|
||||
@ -45,7 +45,7 @@ if ($action == 'add' || $action == 'addproduct' || $action == 'update')
|
||||
{
|
||||
if ($_POST["cancel"])
|
||||
{
|
||||
$urlsource=(! empty($_REQUEST["urlsource"]))?urldecode($_REQUEST["urlsource"]):((! empty($url))?urldecode($url):DOL_URL_ROOT.'/bookmarks/liste.php');
|
||||
$urlsource=(! empty($_REQUEST["urlsource"]))?$_REQUEST["urlsource"]:((! empty($url))?$url:DOL_URL_ROOT.'/bookmarks/liste.php');
|
||||
header("Location: ".$urlsource);
|
||||
exit;
|
||||
}
|
||||
@ -71,7 +71,7 @@ if ($action == 'add' || $action == 'addproduct' || $action == 'update')
|
||||
|
||||
if ($res > 0)
|
||||
{
|
||||
$urlsource=isset($_REQUEST["urlsource"])?urldecode($_REQUEST["urlsource"]):DOL_URL_ROOT.'/bookmarks/liste.php';
|
||||
$urlsource=isset($_REQUEST["urlsource"])?$_REQUEST["urlsource"]:DOL_URL_ROOT.'/bookmarks/liste.php';
|
||||
header("Location: ".$urlsource);
|
||||
exit;
|
||||
}
|
||||
|
||||
@ -47,11 +47,11 @@ require_once(DOL_DOCUMENT_ROOT.'/propal.class.php');
|
||||
require_once(DOL_DOCUMENT_ROOT.'/actioncomm.class.php');
|
||||
|
||||
$sall=isset($_GET["sall"])?$_GET["sall"]:$_POST["sall"];
|
||||
if (isset($_GET["msg"])) { $mesg=urldecode($_GET["mesg"]); }
|
||||
if (isset($_GET["msg"])) { $mesg=$_GET["mesg"]; }
|
||||
$year=isset($_GET["year"])?$_GET["year"]:"";
|
||||
$month=isset($_GET["month"])?$_GET["month"]:"";
|
||||
$socid=isset($_GET['socid'])?$_GET['socid']:$_POST['socid'];
|
||||
$mesg=isset($_GET['mesg'])?urldecode($_GET['mesg']):'';
|
||||
$mesg=isset($_GET['mesg'])?$_GET['mesg']:'';
|
||||
|
||||
// Security check
|
||||
$module='propale';
|
||||
|
||||
@ -681,7 +681,7 @@ if ($_REQUEST['action'] == 'remove_file')
|
||||
if ($com->fetch($id))
|
||||
{
|
||||
$upload_dir = $conf->commande->dir_output . "/";
|
||||
$file = $upload_dir . '/' . urldecode($_GET['file']);
|
||||
$file = $upload_dir . '/' . $_GET['file'];
|
||||
dol_delete_file($file);
|
||||
$mesg = '<div class="ok">'.$langs->trans("FileWasRemoved").'</div>';
|
||||
}
|
||||
|
||||
@ -48,7 +48,7 @@ $langs->load('products');
|
||||
$langs->load('main');
|
||||
|
||||
$sall=isset($_GET['sall'])?trim($_GET['sall']):trim($_POST['sall']);
|
||||
$mesg=isset($_GET['mesg'])?urldecode($_GET['mesg']):'';
|
||||
$mesg=isset($_GET['mesg'])?$_GET['mesg']:'';
|
||||
$projetid=isset($_GET['projetid'])?$_GET['projetid']:0;
|
||||
|
||||
// Security check
|
||||
|
||||
@ -76,7 +76,7 @@ if ($_GET["search_code"])
|
||||
|
||||
if ($_GET["search_societe"])
|
||||
{
|
||||
$sel =urldecode($_GET["search_societe"]);
|
||||
$sel = $_GET["search_societe"];
|
||||
$sql .= " AND s.nom LIKE '%".$sel."%'";
|
||||
}
|
||||
|
||||
@ -88,7 +88,7 @@ if ($result)
|
||||
{
|
||||
$num = $db->num_rows($result);
|
||||
$i = 0;
|
||||
|
||||
|
||||
$urladd = "&statut=".$_GET["statut"];
|
||||
$urladd .= "&search_bon=".$_GET["search_bon"];
|
||||
|
||||
@ -109,12 +109,12 @@ if ($result)
|
||||
|
||||
print '<form action="liste.php" method="GET">';
|
||||
print '<tr class="liste_titre">';
|
||||
print '<td class="liste_titre"><input type="text" class="flat" name="search_ligne" value="'. $_GET["search_ligne"].'" size="6"></td>';
|
||||
print '<td class="liste_titre"><input type="text" class="flat" name="search_bon" value="'. $_GET["search_bon"].'" size="8"></td>';
|
||||
print '<td class="liste_titre"><input type="text" class="flat" name="search_societe" value="'. $_GET["search_societe"].'" size="12"></td>';
|
||||
print '<td class="liste_titre"><input type="text" class="flat" name="search_ligne" value="'. $_GET["search_ligne"].'" size="6"></td>';
|
||||
print '<td class="liste_titre"><input type="text" class="flat" name="search_bon" value="'. $_GET["search_bon"].'" size="8"></td>';
|
||||
print '<td class="liste_titre"><input type="text" class="flat" name="search_societe" value="'. $_GET["search_societe"].'" size="12"></td>';
|
||||
print '<td class="liste_titre"> </td>';
|
||||
print '<td class="liste_titre"> </td>';
|
||||
print '<td class="liste_titre" align="center"><input type="text" class="flat" name="search_code" value="'. $_GET["search_code"].'" size="8"></td>';
|
||||
print '<td class="liste_titre" align="center"><input type="text" class="flat" name="search_code" value="'. $_GET["search_code"].'" size="8"></td>';
|
||||
print '<td class="liste_titre" align="right"><input type="image" class="liste_titre" src="'.DOL_URL_ROOT.'/theme/'.$conf->theme.'/img/search.png" name="button_search" alt="'.$langs->trans("Search").'"></td>';
|
||||
print '</tr>';
|
||||
print '</form>';
|
||||
@ -123,7 +123,7 @@ if ($result)
|
||||
|
||||
while ($i < min($num,$conf->liste_limit))
|
||||
{
|
||||
$obj = $db->fetch_object($result);
|
||||
$obj = $db->fetch_object($result);
|
||||
|
||||
$var=!$var;
|
||||
|
||||
@ -142,14 +142,14 @@ if ($result)
|
||||
print '<td align="right">'.price($obj->amount)."</td>\n";
|
||||
print '<td align="center"><a href="fiche.php?id='.$obj->rowid.'">'.$obj->code_client."</a></td>\n";
|
||||
print '<td> </td>';
|
||||
|
||||
|
||||
print "</tr>\n";
|
||||
$i++;
|
||||
}
|
||||
print "</table>";
|
||||
$db->free($result);
|
||||
}
|
||||
else
|
||||
else
|
||||
{
|
||||
dol_print_error($db);
|
||||
}
|
||||
|
||||
@ -55,7 +55,7 @@ if ($_REQUEST["action"] == 'confirm_active' && $_REQUEST["confirm"] == 'yes' &&
|
||||
{
|
||||
$contrat = new Contrat($db);
|
||||
$contrat->fetch($_GET["id"]);
|
||||
$result = $contrat->active_line($user, $_GET["ligne"], $_GET["date"], $_GET["dateend"], urldecode($_GET["comment"]));
|
||||
$result = $contrat->active_line($user, $_GET["ligne"], $_GET["date"], $_GET["dateend"], $_GET["comment"]);
|
||||
|
||||
if ($result > 0)
|
||||
{
|
||||
|
||||
@ -426,7 +426,7 @@ if ($action=='remove_file')
|
||||
if ($commande->fetch($id))
|
||||
{
|
||||
$upload_dir = $conf->commande->dir_output . "/";
|
||||
$file = $upload_dir . '/' . urldecode($_GET['file']);
|
||||
$file = $upload_dir . '/' . $_GET['file'];
|
||||
dol_delete_file($file);
|
||||
$mesg = '<div class="ok">'.$langs->trans("FileWasRemoved").'</div>';
|
||||
}
|
||||
|
||||
@ -483,7 +483,7 @@ Class pdf_expedition_merou extends ModelePdfExpedition
|
||||
$Out=split("\n",$outputlangs->convToOutputCharset($this->expediteur->adresse));
|
||||
for ($i=0;$i<count($Out);$i++) {
|
||||
$pdf->SetXY($blExpX,$Yoff+$blSocY);
|
||||
$pdf->MultiCell($blW,5,urldecode($Out[$i]), 0, 'L');
|
||||
$pdf->MultiCell($blW,5,$Out[$i], 0, 'L');
|
||||
$blSocY+=3;
|
||||
}
|
||||
$pdf->SetXY($blExpX,$Yoff+$blSocY);
|
||||
@ -528,10 +528,10 @@ Class pdf_expedition_merou extends ModelePdfExpedition
|
||||
else if (!empty($object->fk_delivery_address))
|
||||
{
|
||||
$object->fetch_adresse_livraison($object->fk_delivery_address);
|
||||
|
||||
|
||||
// Customer name
|
||||
$carac_client_name=$outputlangs->convToOutputCharset($object->deliveryaddress->nom);
|
||||
|
||||
|
||||
// Customer properties
|
||||
$carac_client.="\n".$outputlangs->convToOutputCharset($object->deliveryaddress->address);
|
||||
$carac_client.="\n".$outputlangs->convToOutputCharset($object->deliveryaddress->cp) . " " . $outputlangs->convToOutputCharset($object->deliveryaddress->ville)."\n";
|
||||
|
||||
Loading…
Reference in New Issue
Block a user