From d222a78c6238fcb7b48badf35f087e8220526b5b Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@users.sourceforge.net>
Date: Wed, 22 Jul 2009 17:13:59 +0000
Subject: [PATCH] Fix: Removed urldecode used on superglobal _GET and _POST and
 _REQUEST... since they are already decoded by PHP.

---
 htdocs/admin/modules.php                       |  2 +-
 htdocs/bookmarks/fiche.php                     |  4 ++--
 htdocs/comm/propal.php                         |  4 ++--
 htdocs/commande/fiche.php                      |  2 +-
 htdocs/compta/facture.php                      |  2 +-
 htdocs/compta/prelevement/liste.php            | 18 +++++++++---------
 htdocs/contrat/fiche.php                       |  2 +-
 htdocs/fourn/commande/fiche.php                |  2 +-
 .../pdf/pdf_expedition_merou.modules.php       |  6 +++---
 9 files changed, 21 insertions(+), 21 deletions(-)

diff --git a/htdocs/admin/modules.php b/htdocs/admin/modules.php
index b8dcad1cf8d..e4d3c5ce545 100644
--- a/htdocs/admin/modules.php
+++ b/htdocs/admin/modules.php
@@ -30,7 +30,7 @@ require("./pre.inc.php");
 require_once(DOL_DOCUMENT_ROOT."/lib/admin.lib.php");
 
 $mode=isset($_GET["mode"])?$_GET["mode"]:(isset($_SESSION['mode'])?$_SESSION['mode']:0);
-$mesg=isset($_GET["mesg"])?urldecode($_GET["mesg"]):"";
+$mesg=isset($_GET["mesg"])?$_GET["mesg"]:"";
 
 if (!$user->admin)
     accessforbidden();
diff --git a/htdocs/bookmarks/fiche.php b/htdocs/bookmarks/fiche.php
index 2f2198bf696..ed55e4a4959 100644
--- a/htdocs/bookmarks/fiche.php
+++ b/htdocs/bookmarks/fiche.php
@@ -45,7 +45,7 @@ if ($action == 'add' || $action == 'addproduct' || $action == 'update')
 {
 	if ($_POST["cancel"])
 	{
-		$urlsource=(! empty($_REQUEST["urlsource"]))?urldecode($_REQUEST["urlsource"]):((! empty($url))?urldecode($url):DOL_URL_ROOT.'/bookmarks/liste.php');
+		$urlsource=(! empty($_REQUEST["urlsource"]))?$_REQUEST["urlsource"]:((! empty($url))?$url:DOL_URL_ROOT.'/bookmarks/liste.php');
         header("Location: ".$urlsource);
         exit;
 	}
@@ -71,7 +71,7 @@ if ($action == 'add' || $action == 'addproduct' || $action == 'update')
 
         if ($res > 0)
         {
-			$urlsource=isset($_REQUEST["urlsource"])?urldecode($_REQUEST["urlsource"]):DOL_URL_ROOT.'/bookmarks/liste.php';
+			$urlsource=isset($_REQUEST["urlsource"])?$_REQUEST["urlsource"]:DOL_URL_ROOT.'/bookmarks/liste.php';
             header("Location: ".$urlsource);
             exit;
         }
diff --git a/htdocs/comm/propal.php b/htdocs/comm/propal.php
index 1bc8c10f283..409c0892d96 100644
--- a/htdocs/comm/propal.php
+++ b/htdocs/comm/propal.php
@@ -47,11 +47,11 @@ require_once(DOL_DOCUMENT_ROOT.'/propal.class.php');
 require_once(DOL_DOCUMENT_ROOT.'/actioncomm.class.php');
 
 $sall=isset($_GET["sall"])?$_GET["sall"]:$_POST["sall"];
-if (isset($_GET["msg"])) { $mesg=urldecode($_GET["mesg"]); }
+if (isset($_GET["msg"])) { $mesg=$_GET["mesg"]; }
 $year=isset($_GET["year"])?$_GET["year"]:"";
 $month=isset($_GET["month"])?$_GET["month"]:"";
 $socid=isset($_GET['socid'])?$_GET['socid']:$_POST['socid'];
-$mesg=isset($_GET['mesg'])?urldecode($_GET['mesg']):'';
+$mesg=isset($_GET['mesg'])?$_GET['mesg']:'';
 
 // Security check
 $module='propale';
diff --git a/htdocs/commande/fiche.php b/htdocs/commande/fiche.php
index c468d48cdc9..5095c8f9778 100644
--- a/htdocs/commande/fiche.php
+++ b/htdocs/commande/fiche.php
@@ -681,7 +681,7 @@ if ($_REQUEST['action'] == 'remove_file')
 	if ($com->fetch($id))
 	{
 		$upload_dir = $conf->commande->dir_output . "/";
-		$file = $upload_dir . '/' . urldecode($_GET['file']);
+		$file = $upload_dir . '/' . $_GET['file'];
 		dol_delete_file($file);
 		$mesg = '<div class="ok">'.$langs->trans("FileWasRemoved").'</div>';
 	}
diff --git a/htdocs/compta/facture.php b/htdocs/compta/facture.php
index 967c399d5b1..8e41ce3b1e5 100644
--- a/htdocs/compta/facture.php
+++ b/htdocs/compta/facture.php
@@ -48,7 +48,7 @@ $langs->load('products');
 $langs->load('main');
 
 $sall=isset($_GET['sall'])?trim($_GET['sall']):trim($_POST['sall']);
-$mesg=isset($_GET['mesg'])?urldecode($_GET['mesg']):'';
+$mesg=isset($_GET['mesg'])?$_GET['mesg']:'';
 $projetid=isset($_GET['projetid'])?$_GET['projetid']:0;
 
 // Security check
diff --git a/htdocs/compta/prelevement/liste.php b/htdocs/compta/prelevement/liste.php
index 628e3d4a00a..7616f9a877c 100644
--- a/htdocs/compta/prelevement/liste.php
+++ b/htdocs/compta/prelevement/liste.php
@@ -76,7 +76,7 @@ if ($_GET["search_code"])
 
 if ($_GET["search_societe"])
 {
-  $sel =urldecode($_GET["search_societe"]);
+  $sel = $_GET["search_societe"];
   $sql .= " AND s.nom LIKE '%".$sel."%'";
 }
 
@@ -88,7 +88,7 @@ if ($result)
 {
   $num = $db->num_rows($result);
   $i = 0;
-  
+
   $urladd = "&amp;statut=".$_GET["statut"];
   $urladd .= "&amp;search_bon=".$_GET["search_bon"];
 
@@ -109,12 +109,12 @@ if ($result)
 
   print '<form action="liste.php" method="GET">';
   print '<tr class="liste_titre">';
-  print '<td class="liste_titre"><input type="text" class="flat" name="search_ligne" value="'. $_GET["search_ligne"].'" size="6"></td>'; 
-  print '<td class="liste_titre"><input type="text" class="flat" name="search_bon" value="'. $_GET["search_bon"].'" size="8"></td>'; 
-  print '<td class="liste_titre"><input type="text" class="flat" name="search_societe" value="'. $_GET["search_societe"].'" size="12"></td>'; 
+  print '<td class="liste_titre"><input type="text" class="flat" name="search_ligne" value="'. $_GET["search_ligne"].'" size="6"></td>';
+  print '<td class="liste_titre"><input type="text" class="flat" name="search_bon" value="'. $_GET["search_bon"].'" size="8"></td>';
+  print '<td class="liste_titre"><input type="text" class="flat" name="search_societe" value="'. $_GET["search_societe"].'" size="12"></td>';
   print '<td class="liste_titre">&nbsp;</td>';
   print '<td class="liste_titre">&nbsp;</td>';
-  print '<td class="liste_titre" align="center"><input type="text" class="flat" name="search_code" value="'. $_GET["search_code"].'" size="8"></td>'; 
+  print '<td class="liste_titre" align="center"><input type="text" class="flat" name="search_code" value="'. $_GET["search_code"].'" size="8"></td>';
   print '<td class="liste_titre" align="right"><input type="image" class="liste_titre" src="'.DOL_URL_ROOT.'/theme/'.$conf->theme.'/img/search.png" name="button_search" alt="'.$langs->trans("Search").'"></td>';
   print '</tr>';
   print '</form>';
@@ -123,7 +123,7 @@ if ($result)
 
   while ($i < min($num,$conf->liste_limit))
     {
-      $obj = $db->fetch_object($result);	
+      $obj = $db->fetch_object($result);
 
       $var=!$var;
 
@@ -142,14 +142,14 @@ if ($result)
       print '<td align="right">'.price($obj->amount)."</td>\n";
       print '<td align="center"><a href="fiche.php?id='.$obj->rowid.'">'.$obj->code_client."</a></td>\n";
       print '<td>&nbsp;</td>';
-      
+
       print "</tr>\n";
       $i++;
     }
   print "</table>";
   $db->free($result);
 }
-else 
+else
 {
   dol_print_error($db);
 }
diff --git a/htdocs/contrat/fiche.php b/htdocs/contrat/fiche.php
index c52e58ae791..0512b69036c 100644
--- a/htdocs/contrat/fiche.php
+++ b/htdocs/contrat/fiche.php
@@ -55,7 +55,7 @@ if ($_REQUEST["action"] == 'confirm_active' && $_REQUEST["confirm"] == 'yes' &&
 {
     $contrat = new Contrat($db);
     $contrat->fetch($_GET["id"]);
-    $result = $contrat->active_line($user, $_GET["ligne"], $_GET["date"], $_GET["dateend"], urldecode($_GET["comment"]));
+    $result = $contrat->active_line($user, $_GET["ligne"], $_GET["date"], $_GET["dateend"], $_GET["comment"]);
 
     if ($result > 0)
     {
diff --git a/htdocs/fourn/commande/fiche.php b/htdocs/fourn/commande/fiche.php
index 1c35593de5d..b67b57141f8 100644
--- a/htdocs/fourn/commande/fiche.php
+++ b/htdocs/fourn/commande/fiche.php
@@ -426,7 +426,7 @@ if ($action=='remove_file')
 	if ($commande->fetch($id))
 	{
 		$upload_dir =	$conf->commande->dir_output	. "/";
-		$file =	$upload_dir	. '/' .	urldecode($_GET['file']);
+		$file =	$upload_dir	. '/' .	$_GET['file'];
 		dol_delete_file($file);
 		$mesg	= '<div	class="ok">'.$langs->trans("FileWasRemoved").'</div>';
 	}
diff --git a/htdocs/includes/modules/expedition/pdf/pdf_expedition_merou.modules.php b/htdocs/includes/modules/expedition/pdf/pdf_expedition_merou.modules.php
index 2c79709b81f..60ba0a87909 100644
--- a/htdocs/includes/modules/expedition/pdf/pdf_expedition_merou.modules.php
+++ b/htdocs/includes/modules/expedition/pdf/pdf_expedition_merou.modules.php
@@ -483,7 +483,7 @@ Class pdf_expedition_merou extends ModelePdfExpedition
 		$Out=split("\n",$outputlangs->convToOutputCharset($this->expediteur->adresse));
 		for ($i=0;$i<count($Out);$i++) {
 			$pdf->SetXY($blExpX,$Yoff+$blSocY);
-			$pdf->MultiCell($blW,5,urldecode($Out[$i]),  0, 'L');
+			$pdf->MultiCell($blW,5,$Out[$i],  0, 'L');
 			$blSocY+=3;
 		}
 		$pdf->SetXY($blExpX,$Yoff+$blSocY);
@@ -528,10 +528,10 @@ Class pdf_expedition_merou extends ModelePdfExpedition
 		else if (!empty($object->fk_delivery_address))
 		{
 			$object->fetch_adresse_livraison($object->fk_delivery_address);
-			
+
 			// Customer name
 			$carac_client_name=$outputlangs->convToOutputCharset($object->deliveryaddress->nom);
-			
+
 			// Customer properties
 			$carac_client.="\n".$outputlangs->convToOutputCharset($object->deliveryaddress->address);
 			$carac_client.="\n".$outputlangs->convToOutputCharset($object->deliveryaddress->cp) . " " . $outputlangs->convToOutputCharset($object->deliveryaddress->ville)."\n";