Clean $_GET
This commit is contained in:
Laurent Destailleur
parent
fb84608586
commit
d61f61ab45
@ -1915,10 +1915,10 @@ if ($id) {
|
||||
$showfield = 0;
|
||||
} elseif ($fieldlist[$field] == 'unicode') {
|
||||
$valuetoshow = $langs->getCurrencySymbol($obj->code, 1);
|
||||
} elseif ($fieldlist[$field] == 'label' && $tabname[$_GET["id"]] == MAIN_DB_PREFIX.'c_units') {
|
||||
} elseif ($fieldlist[$field] == 'label' && $tabname[GETPOST("id", 'int')] == MAIN_DB_PREFIX.'c_units') {
|
||||
$langs->load("products");
|
||||
$valuetoshow = $langs->trans($obj->{$fieldlist[$field]});
|
||||
} elseif ($fieldlist[$field] == 'short_label' && $tabname[$_GET["id"]] == MAIN_DB_PREFIX.'c_units') {
|
||||
} elseif ($fieldlist[$field] == 'short_label' && $tabname[GETPOST("id", 'int')] == MAIN_DB_PREFIX.'c_units') {
|
||||
$langs->load("products");
|
||||
$valuetoshow = $langs->trans($obj->{$fieldlist[$field]});
|
||||
} elseif (($fieldlist[$field] == 'unit') && ($tabname[$id] == MAIN_DB_PREFIX.'c_paper_format')) {
|
||||
|
||||
@ -26,7 +26,7 @@
|
||||
require_once 'class/Facturation.class.php';
|
||||
|
||||
// Si nouvelle vente, reinitialisation des donnees (destruction de l'objet et vidage de la table contenant la liste des articles)
|
||||
if ($_GET['id'] == 'NOUV') {
|
||||
if (GETPOST('id', 'int') == 'NOUV') {
|
||||
unset($_SESSION['serObjFacturation']);
|
||||
unset($_SESSION['poscart']);
|
||||
}
|
||||
|
||||
@ -66,7 +66,7 @@ if (GETPOST('action', 'aZ09') == 'setremise') {
|
||||
header("Location: ".$backtopage);
|
||||
exit;
|
||||
} else {
|
||||
header("Location: remise.php?id=".$_GET["id"]);
|
||||
header("Location: remise.php?id=".GETPOST("id", 'int'));
|
||||
exit;
|
||||
}
|
||||
} else {
|
||||
|
||||
@ -570,13 +570,13 @@ if ($action == 'create') {
|
||||
/* */
|
||||
/* ************************************************************************** */
|
||||
|
||||
if (($_GET["id"] || $_GET["ref"]) && $action != 'edit') {
|
||||
if ((GETPOST("id", 'int') || GETPOST("ref")) && $action != 'edit') {
|
||||
$object = new Account($db);
|
||||
if ($_GET["id"]) {
|
||||
$object->fetch($_GET["id"]);
|
||||
if (GETPOST("id", 'int')) {
|
||||
$object->fetch(GETPOST("id", 'int'));
|
||||
}
|
||||
if ($_GET["ref"]) {
|
||||
$object->fetch(0, $_GET["ref"]);
|
||||
if (GETPOST("ref")) {
|
||||
$object->fetch(0, GETPOST("ref"));
|
||||
$_GET["id"] = $object->id;
|
||||
}
|
||||
|
||||
|
||||
@ -242,7 +242,7 @@ if (! empty($conf->global->BILL_ADD_PAYMENT_VALIDATION))
|
||||
{
|
||||
if ($user->rights->facture->paiement)
|
||||
{
|
||||
print '<a class="butAction" href="card.php?id='.$_GET['id'].'&facid='.$objp->facid.'&action=valide">'.$langs->trans('Valid').'</a>';
|
||||
print '<a class="butAction" href="card.php?id='.GETPOST('id', 'int').'&facid='.$objp->facid.'&action=valide">'.$langs->trans('Valid').'</a>';
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@ -298,7 +298,7 @@ if (! empty($conf->global->BILL_ADD_PAYMENT_VALIDATION))
|
||||
{
|
||||
if ($user->rights->facture->paiement)
|
||||
{
|
||||
print '<a class="butAction" href="card.php?id='.$_GET['id'].'&facid='.$objp->facid.'&action=valide">'.$langs->trans('Valid').'</a>';
|
||||
print '<a class="butAction" href="card.php?id='.GETPOST('id', 'int').'&facid='.$objp->facid.'&action=valide">'.$langs->trans('Valid').'</a>';
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -307,7 +307,7 @@ if (! empty($conf->global->BILL_ADD_PAYMENT_VALIDATION))
|
||||
if ($action == '') {
|
||||
if ($user->rights->tax->charges->supprimer) {
|
||||
if (!$disable_delete) {
|
||||
print '<a class="butActionDelete" href="card.php?id='.$_GET['id'].'&action=delete">'.$langs->trans('Delete').'</a>';
|
||||
print '<a class="butActionDelete" href="card.php?id='.GETPOST('id', 'int').'&action=delete&token='.newToken().'">'.$langs->trans('Delete').'</a>';
|
||||
} else {
|
||||
print '<a class="butActionRefused classfortooltip" href="#" title="'.dol_escape_htmltag($langs->trans("CantRemovePaymentVATPaid")).'">'.$langs->trans('Delete').'</a>';
|
||||
}
|
||||
|
||||
@ -275,7 +275,7 @@ include DOL_DOCUMENT_ROOT.'/core/actions_builddoc.inc.php';
|
||||
// Remove file in doc form
|
||||
/*if ($action == 'remove_file')
|
||||
{
|
||||
$object = new Don($db, 0, $_GET['id']);
|
||||
$object = new Don($db, 0, GETPOST('id', 'int'));
|
||||
if ($object->fetch($id))
|
||||
{
|
||||
require_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php';
|
||||
|
||||
@ -1191,7 +1191,7 @@ if (empty($reshook)) {
|
||||
}
|
||||
|
||||
$object->update_totaux_del($object_ligne->total_ht, $object_ligne->total_tva);
|
||||
header("Location: ".$_SERVER["PHP_SELF"]."?id=".$_GET['id']);
|
||||
header("Location: ".$_SERVER["PHP_SELF"]."?id=".GETPOST('id', 'int'));
|
||||
exit;
|
||||
} else {
|
||||
setEventMessages($object->error, $object->errors, 'errors');
|
||||
|
||||
@ -53,7 +53,7 @@ $nblines = $object->fetch_lines();
|
||||
|
||||
// Return to the results
|
||||
if (GETPOST('retoursondage')) {
|
||||
header('Location: results.php?id='.$_GET['id']);
|
||||
header('Location: results.php?id='.GETPOST('id', 'int'));
|
||||
exit;
|
||||
}
|
||||
|
||||
|
||||
@ -62,9 +62,9 @@ $extrafields = new ExtraFields($db);
|
||||
|
||||
// If socid provided by ajax company selector
|
||||
if (!empty($_REQUEST['search_fourn_id'])) {
|
||||
$_GET['id_fourn'] = $_GET['search_fourn_id'];
|
||||
$_POST['id_fourn'] = $_POST['search_fourn_id'];
|
||||
$_REQUEST['id_fourn'] = $_REQUEST['search_fourn_id'];
|
||||
$_GET['id_fourn'] = GETPOST('search_fourn_id', 'int');
|
||||
$_POST['id_fourn'] = GETPOST('search_fourn_id', 'int');
|
||||
$_REQUEST['id_fourn'] = GETPOST('search_fourn_id', 'int');
|
||||
}
|
||||
|
||||
// Security check
|
||||
|
||||
@ -436,7 +436,7 @@ class Entrepot extends CommonObject
|
||||
$sql .= " model_pdf, import_key";
|
||||
$sql .= " FROM ".MAIN_DB_PREFIX."entrepot";
|
||||
if ($id) {
|
||||
$sql .= " WHERE rowid = '".$id."'";
|
||||
$sql .= " WHERE rowid = ".((int) $id);
|
||||
} else {
|
||||
$sql .= " WHERE entity = ".$conf->entity;
|
||||
if ($ref) {
|
||||
|
||||
@ -28,7 +28,8 @@ require_once DOL_DOCUMENT_ROOT.'/core/lib/stock.lib.php';
|
||||
|
||||
// Load translation files required by the page
|
||||
$langs->loadLangs(array('products', 'stocks', 'companies'));
|
||||
$mesg = '';
|
||||
|
||||
$id = GETPOST('id', 'int');
|
||||
|
||||
// Security check
|
||||
$result = restrictedArea($user, 'stock');
|
||||
@ -43,18 +44,13 @@ $form = new Form($db);
|
||||
$help_url = 'EN:Module_Stocks_En|FR:Module_Stock|ES:Módulo_Stocks';
|
||||
llxHeader("", $langs->trans("WarehouseCard"), $help_url);
|
||||
|
||||
if ($_GET["id"]) {
|
||||
if ($mesg) {
|
||||
print $mesg;
|
||||
}
|
||||
|
||||
if ($id > 0) {
|
||||
$entrepot = new Entrepot($db);
|
||||
$result = $entrepot->fetch($_GET["id"]);
|
||||
$result = $entrepot->fetch($id);
|
||||
if ($result < 0) {
|
||||
dol_print_error($db);
|
||||
}
|
||||
|
||||
|
||||
$head = stock_prepare_head($entrepot);
|
||||
|
||||
print dol_get_fiche_head($head, 'value', $langs->trans("Warehouse"), 0, 'stock');
|
||||
|
||||
@ -50,7 +50,7 @@ if ($mode == 'mine') {
|
||||
$mine = 1;
|
||||
}
|
||||
|
||||
$projectid = isset($_GET["id"]) ? GETPOST("id", "int", 1) : GETPOST("projectid", "int");
|
||||
$projectid = GETPOSTISSET("id") ? GETPOST("id", "int", 1) : GETPOST("projectid", "int");
|
||||
|
||||
$hookmanager->initHooks(array('timesheetperdaycard'));
|
||||
|
||||
|
||||
@ -48,7 +48,7 @@ if ($mode == 'mine') {
|
||||
$mine = 1;
|
||||
}
|
||||
|
||||
$projectid = isset($_GET["id"]) ? GETPOST("id", "int", 1) : GETPOST("projectid", "int");
|
||||
$projectid = GETPOSTISSET("id") ? GETPOST("id", "int", 1) : GETPOST("projectid", "int");
|
||||
|
||||
// Security check
|
||||
$socid = 0;
|
||||
|
||||
@ -50,7 +50,7 @@ if ($mode == 'mine') {
|
||||
$mine = 1;
|
||||
}
|
||||
|
||||
$projectid = isset($_GET["id"]) ? GETPOST("id", "int", 1) : GETPOST("projectid", "int");
|
||||
$projectid = GETPOSTISSET("id") ? GETPOST("id", "int", 1) : GETPOST("projectid", "int");
|
||||
|
||||
$hookmanager->initHooks(array('timesheetperweekcard'));
|
||||
|
||||
|
||||
@ -284,14 +284,14 @@ if ($id > 0 || !empty($ref)) {
|
||||
print dol_get_fiche_head($head, 'task_comment', $langs->trans("Task"), -1, 'projecttask');
|
||||
|
||||
if ($action == 'delete') {
|
||||
print $form->formconfirm($_SERVER["PHP_SELF"]."?id=".$_GET["id"].'&withproject='.$withproject, $langs->trans("DeleteATask"), $langs->trans("ConfirmDeleteATask"), "confirm_delete");
|
||||
print $form->formconfirm($_SERVER["PHP_SELF"]."?id=".GETPOST("id", "int").'&withproject='.$withproject, $langs->trans("DeleteATask"), $langs->trans("ConfirmDeleteATask"), "confirm_delete");
|
||||
}
|
||||
|
||||
if (!GETPOST('withproject') || empty($projectstatic->id)) {
|
||||
$projectsListId = $projectstatic->getProjectsAuthorizedForUser($user, 0, 1);
|
||||
$object->next_prev_filter = " fk_projet IN (".$db->sanitize($projectsListId).")";
|
||||
} else {
|
||||
$object->next_prev_filter = " fk_projet = ".$projectstatic->id;
|
||||
$object->next_prev_filter = " fk_projet = ".((int) $projectstatic->id);
|
||||
}
|
||||
|
||||
$morehtmlref = '';
|
||||
|
||||
@ -474,14 +474,14 @@ if ($id > 0 || !empty($ref)) {
|
||||
print dol_get_fiche_head($head, 'task_task', $langs->trans("Task"), -1, 'projecttask', 0, '', 'reposition');
|
||||
|
||||
if ($action == 'delete') {
|
||||
print $form->formconfirm($_SERVER["PHP_SELF"]."?id=".$_GET["id"].'&withproject='.$withproject, $langs->trans("DeleteATask"), $langs->trans("ConfirmDeleteATask"), "confirm_delete");
|
||||
print $form->formconfirm($_SERVER["PHP_SELF"]."?id=".GETPOST("id", 'int').'&withproject='.$withproject, $langs->trans("DeleteATask"), $langs->trans("ConfirmDeleteATask"), "confirm_delete");
|
||||
}
|
||||
|
||||
if (!GETPOST('withproject') || empty($projectstatic->id)) {
|
||||
$projectsListId = $projectstatic->getProjectsAuthorizedForUser($user, 0, 1);
|
||||
$object->next_prev_filter = " fk_projet IN (".$db->sanitize($projectsListId).")";
|
||||
} else {
|
||||
$object->next_prev_filter = " fk_projet = ".$projectstatic->id;
|
||||
$object->next_prev_filter = " fk_projet = ".((int) $projectstatic->id);
|
||||
}
|
||||
|
||||
$morehtmlref = '';
|
||||
|
||||
@ -255,7 +255,7 @@ print '<div class="tabsAction">';
|
||||
if ($action == '') {
|
||||
if ($user->rights->salaries->delete) {
|
||||
if (!$disable_delete) {
|
||||
print '<a class="butActionDelete" href="card.php?id='.$_GET['id'].'&action=delete">'.$langs->trans('Delete').'</a>';
|
||||
print '<a class="butActionDelete" href="card.php?id='.GETPOST('id', 'int').'&action=delete&token='.newToken().'">'.$langs->trans('Delete').'</a>';
|
||||
} else {
|
||||
print '<a class="butActionRefused classfortooltip" href="#" title="'.dol_escape_htmltag($langs->trans("CantRemovePaymentSalaryPaid")).'">'.$langs->trans('Delete').'</a>';
|
||||
}
|
||||
|
||||
@ -66,12 +66,12 @@ if (GETPOST('newcompany') || GETPOST('socid', 'int') || GETPOST('id_fourn')) {
|
||||
$return_arr = array();
|
||||
|
||||
// Define filter on text typed
|
||||
$socid = $_GET['newcompany'] ? $_GET['newcompany'] : '';
|
||||
$socid = GETPOST('newcompany');
|
||||
if (!$socid) {
|
||||
$socid = $_GET['socid'] ? $_GET['socid'] : '';
|
||||
$socid = GETPOST('socid', 'int');
|
||||
}
|
||||
if (!$socid) {
|
||||
$socid = $_GET['id_fourn'] ? $_GET['id_fourn'] : '';
|
||||
$socid = GETPOST('id_fourn', 'int');
|
||||
}
|
||||
|
||||
$sql = "SELECT rowid, nom";
|
||||
@ -90,7 +90,7 @@ if (GETPOST('newcompany') || GETPOST('socid', 'int') || GETPOST('id_fourn')) {
|
||||
$sql .= " OR code_fournisseur LIKE '%".$db->escape($socid)."%'";
|
||||
}
|
||||
if (!empty($conf->global->SOCIETE_ALLOW_SEARCH_ON_ROWID)) {
|
||||
$sql .= " OR rowid = '".$db->escape($socid)."'";
|
||||
$sql .= " OR rowid = ".((int) $socid);
|
||||
}
|
||||
$sql .= ")";
|
||||
}
|
||||
|
||||
Loading…
Reference in New Issue
Block a user