From d61f61ab45204ab43dac16302abd1fdac3f04c49 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Tue, 30 Mar 2021 03:55:17 +0200 Subject: [PATCH] Clean $_GET --- htdocs/admin/dict.php | 4 ++-- htdocs/cashdesk/affContenu.php | 2 +- htdocs/comm/remise.php | 2 +- htdocs/compta/bank/card.php | 10 +++++----- htdocs/compta/payment_sc/card.php | 2 +- htdocs/compta/payment_vat/card.php | 4 ++-- htdocs/don/card.php | 2 +- htdocs/expensereport/card.php | 2 +- htdocs/opensurvey/results.php | 2 +- htdocs/product/fournisseurs.php | 6 +++--- htdocs/product/stock/class/entrepot.class.php | 2 +- htdocs/product/stock/fiche-valo.php | 12 ++++-------- htdocs/projet/activity/perday.php | 2 +- htdocs/projet/activity/permonth.php | 2 +- htdocs/projet/activity/perweek.php | 2 +- htdocs/projet/tasks/comment.php | 4 ++-- htdocs/projet/tasks/task.php | 4 ++-- htdocs/salaries/payment_salary/card.php | 2 +- htdocs/societe/ajaxcompanies.php | 8 ++++---- 19 files changed, 35 insertions(+), 39 deletions(-) diff --git a/htdocs/admin/dict.php b/htdocs/admin/dict.php index 9d05ad00377..0f2601f0349 100644 --- a/htdocs/admin/dict.php +++ b/htdocs/admin/dict.php @@ -1915,10 +1915,10 @@ if ($id) { $showfield = 0; } elseif ($fieldlist[$field] == 'unicode') { $valuetoshow = $langs->getCurrencySymbol($obj->code, 1); - } elseif ($fieldlist[$field] == 'label' && $tabname[$_GET["id"]] == MAIN_DB_PREFIX.'c_units') { + } elseif ($fieldlist[$field] == 'label' && $tabname[GETPOST("id", 'int')] == MAIN_DB_PREFIX.'c_units') { $langs->load("products"); $valuetoshow = $langs->trans($obj->{$fieldlist[$field]}); - } elseif ($fieldlist[$field] == 'short_label' && $tabname[$_GET["id"]] == MAIN_DB_PREFIX.'c_units') { + } elseif ($fieldlist[$field] == 'short_label' && $tabname[GETPOST("id", 'int')] == MAIN_DB_PREFIX.'c_units') { $langs->load("products"); $valuetoshow = $langs->trans($obj->{$fieldlist[$field]}); } elseif (($fieldlist[$field] == 'unit') && ($tabname[$id] == MAIN_DB_PREFIX.'c_paper_format')) { diff --git a/htdocs/cashdesk/affContenu.php b/htdocs/cashdesk/affContenu.php index 7d9af18913e..d8e31f3b9c9 100644 --- a/htdocs/cashdesk/affContenu.php +++ b/htdocs/cashdesk/affContenu.php @@ -26,7 +26,7 @@ require_once 'class/Facturation.class.php'; // Si nouvelle vente, reinitialisation des donnees (destruction de l'objet et vidage de la table contenant la liste des articles) -if ($_GET['id'] == 'NOUV') { +if (GETPOST('id', 'int') == 'NOUV') { unset($_SESSION['serObjFacturation']); unset($_SESSION['poscart']); } diff --git a/htdocs/comm/remise.php b/htdocs/comm/remise.php index 93876fdde96..f9cec9d11c1 100644 --- a/htdocs/comm/remise.php +++ b/htdocs/comm/remise.php @@ -66,7 +66,7 @@ if (GETPOST('action', 'aZ09') == 'setremise') { header("Location: ".$backtopage); exit; } else { - header("Location: remise.php?id=".$_GET["id"]); + header("Location: remise.php?id=".GETPOST("id", 'int')); exit; } } else { diff --git a/htdocs/compta/bank/card.php b/htdocs/compta/bank/card.php index 33d4bc37aed..48335d38964 100644 --- a/htdocs/compta/bank/card.php +++ b/htdocs/compta/bank/card.php @@ -570,13 +570,13 @@ if ($action == 'create') { /* */ /* ************************************************************************** */ - if (($_GET["id"] || $_GET["ref"]) && $action != 'edit') { + if ((GETPOST("id", 'int') || GETPOST("ref")) && $action != 'edit') { $object = new Account($db); - if ($_GET["id"]) { - $object->fetch($_GET["id"]); + if (GETPOST("id", 'int')) { + $object->fetch(GETPOST("id", 'int')); } - if ($_GET["ref"]) { - $object->fetch(0, $_GET["ref"]); + if (GETPOST("ref")) { + $object->fetch(0, GETPOST("ref")); $_GET["id"] = $object->id; } diff --git a/htdocs/compta/payment_sc/card.php b/htdocs/compta/payment_sc/card.php index c3640c1a760..c75974077c3 100644 --- a/htdocs/compta/payment_sc/card.php +++ b/htdocs/compta/payment_sc/card.php @@ -242,7 +242,7 @@ if (! empty($conf->global->BILL_ADD_PAYMENT_VALIDATION)) { if ($user->rights->facture->paiement) { - print ''.$langs->trans('Valid').''; + print ''.$langs->trans('Valid').''; } } } diff --git a/htdocs/compta/payment_vat/card.php b/htdocs/compta/payment_vat/card.php index b671492c346..1b615bcbb8d 100644 --- a/htdocs/compta/payment_vat/card.php +++ b/htdocs/compta/payment_vat/card.php @@ -298,7 +298,7 @@ if (! empty($conf->global->BILL_ADD_PAYMENT_VALIDATION)) { if ($user->rights->facture->paiement) { - print ''.$langs->trans('Valid').''; + print ''.$langs->trans('Valid').''; } } } @@ -307,7 +307,7 @@ if (! empty($conf->global->BILL_ADD_PAYMENT_VALIDATION)) if ($action == '') { if ($user->rights->tax->charges->supprimer) { if (!$disable_delete) { - print ''.$langs->trans('Delete').''; + print ''.$langs->trans('Delete').''; } else { print ''.$langs->trans('Delete').''; } diff --git a/htdocs/don/card.php b/htdocs/don/card.php index 64dcf07cf8c..1dfade00bec 100644 --- a/htdocs/don/card.php +++ b/htdocs/don/card.php @@ -275,7 +275,7 @@ include DOL_DOCUMENT_ROOT.'/core/actions_builddoc.inc.php'; // Remove file in doc form /*if ($action == 'remove_file') { - $object = new Don($db, 0, $_GET['id']); + $object = new Don($db, 0, GETPOST('id', 'int')); if ($object->fetch($id)) { require_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php'; diff --git a/htdocs/expensereport/card.php b/htdocs/expensereport/card.php index c356ed708b2..a4c565bc1be 100644 --- a/htdocs/expensereport/card.php +++ b/htdocs/expensereport/card.php @@ -1191,7 +1191,7 @@ if (empty($reshook)) { } $object->update_totaux_del($object_ligne->total_ht, $object_ligne->total_tva); - header("Location: ".$_SERVER["PHP_SELF"]."?id=".$_GET['id']); + header("Location: ".$_SERVER["PHP_SELF"]."?id=".GETPOST('id', 'int')); exit; } else { setEventMessages($object->error, $object->errors, 'errors'); diff --git a/htdocs/opensurvey/results.php b/htdocs/opensurvey/results.php index 25bd65a77fe..0cf9cff7932 100644 --- a/htdocs/opensurvey/results.php +++ b/htdocs/opensurvey/results.php @@ -53,7 +53,7 @@ $nblines = $object->fetch_lines(); // Return to the results if (GETPOST('retoursondage')) { - header('Location: results.php?id='.$_GET['id']); + header('Location: results.php?id='.GETPOST('id', 'int')); exit; } diff --git a/htdocs/product/fournisseurs.php b/htdocs/product/fournisseurs.php index 77659142744..ff18c361ff9 100644 --- a/htdocs/product/fournisseurs.php +++ b/htdocs/product/fournisseurs.php @@ -62,9 +62,9 @@ $extrafields = new ExtraFields($db); // If socid provided by ajax company selector if (!empty($_REQUEST['search_fourn_id'])) { - $_GET['id_fourn'] = $_GET['search_fourn_id']; - $_POST['id_fourn'] = $_POST['search_fourn_id']; - $_REQUEST['id_fourn'] = $_REQUEST['search_fourn_id']; + $_GET['id_fourn'] = GETPOST('search_fourn_id', 'int'); + $_POST['id_fourn'] = GETPOST('search_fourn_id', 'int'); + $_REQUEST['id_fourn'] = GETPOST('search_fourn_id', 'int'); } // Security check diff --git a/htdocs/product/stock/class/entrepot.class.php b/htdocs/product/stock/class/entrepot.class.php index 30dba05e417..327c428e9c9 100644 --- a/htdocs/product/stock/class/entrepot.class.php +++ b/htdocs/product/stock/class/entrepot.class.php @@ -436,7 +436,7 @@ class Entrepot extends CommonObject $sql .= " model_pdf, import_key"; $sql .= " FROM ".MAIN_DB_PREFIX."entrepot"; if ($id) { - $sql .= " WHERE rowid = '".$id."'"; + $sql .= " WHERE rowid = ".((int) $id); } else { $sql .= " WHERE entity = ".$conf->entity; if ($ref) { diff --git a/htdocs/product/stock/fiche-valo.php b/htdocs/product/stock/fiche-valo.php index 34380efbe7a..a2a15a34e53 100644 --- a/htdocs/product/stock/fiche-valo.php +++ b/htdocs/product/stock/fiche-valo.php @@ -28,7 +28,8 @@ require_once DOL_DOCUMENT_ROOT.'/core/lib/stock.lib.php'; // Load translation files required by the page $langs->loadLangs(array('products', 'stocks', 'companies')); -$mesg = ''; + +$id = GETPOST('id', 'int'); // Security check $result = restrictedArea($user, 'stock'); @@ -43,18 +44,13 @@ $form = new Form($db); $help_url = 'EN:Module_Stocks_En|FR:Module_Stock|ES:Módulo_Stocks'; llxHeader("", $langs->trans("WarehouseCard"), $help_url); -if ($_GET["id"]) { - if ($mesg) { - print $mesg; - } - +if ($id > 0) { $entrepot = new Entrepot($db); - $result = $entrepot->fetch($_GET["id"]); + $result = $entrepot->fetch($id); if ($result < 0) { dol_print_error($db); } - $head = stock_prepare_head($entrepot); print dol_get_fiche_head($head, 'value', $langs->trans("Warehouse"), 0, 'stock'); diff --git a/htdocs/projet/activity/perday.php b/htdocs/projet/activity/perday.php index 5b30d77ca21..fc5ea53e98a 100644 --- a/htdocs/projet/activity/perday.php +++ b/htdocs/projet/activity/perday.php @@ -50,7 +50,7 @@ if ($mode == 'mine') { $mine = 1; } -$projectid = isset($_GET["id"]) ? GETPOST("id", "int", 1) : GETPOST("projectid", "int"); +$projectid = GETPOSTISSET("id") ? GETPOST("id", "int", 1) : GETPOST("projectid", "int"); $hookmanager->initHooks(array('timesheetperdaycard')); diff --git a/htdocs/projet/activity/permonth.php b/htdocs/projet/activity/permonth.php index 7f40ab1c9a1..5fd76694c34 100644 --- a/htdocs/projet/activity/permonth.php +++ b/htdocs/projet/activity/permonth.php @@ -48,7 +48,7 @@ if ($mode == 'mine') { $mine = 1; } -$projectid = isset($_GET["id"]) ? GETPOST("id", "int", 1) : GETPOST("projectid", "int"); +$projectid = GETPOSTISSET("id") ? GETPOST("id", "int", 1) : GETPOST("projectid", "int"); // Security check $socid = 0; diff --git a/htdocs/projet/activity/perweek.php b/htdocs/projet/activity/perweek.php index b6cd2c04f10..4201fca41b6 100644 --- a/htdocs/projet/activity/perweek.php +++ b/htdocs/projet/activity/perweek.php @@ -50,7 +50,7 @@ if ($mode == 'mine') { $mine = 1; } -$projectid = isset($_GET["id"]) ? GETPOST("id", "int", 1) : GETPOST("projectid", "int"); +$projectid = GETPOSTISSET("id") ? GETPOST("id", "int", 1) : GETPOST("projectid", "int"); $hookmanager->initHooks(array('timesheetperweekcard')); diff --git a/htdocs/projet/tasks/comment.php b/htdocs/projet/tasks/comment.php index c0ebc6850cc..aaa8bd0cd89 100644 --- a/htdocs/projet/tasks/comment.php +++ b/htdocs/projet/tasks/comment.php @@ -284,14 +284,14 @@ if ($id > 0 || !empty($ref)) { print dol_get_fiche_head($head, 'task_comment', $langs->trans("Task"), -1, 'projecttask'); if ($action == 'delete') { - print $form->formconfirm($_SERVER["PHP_SELF"]."?id=".$_GET["id"].'&withproject='.$withproject, $langs->trans("DeleteATask"), $langs->trans("ConfirmDeleteATask"), "confirm_delete"); + print $form->formconfirm($_SERVER["PHP_SELF"]."?id=".GETPOST("id", "int").'&withproject='.$withproject, $langs->trans("DeleteATask"), $langs->trans("ConfirmDeleteATask"), "confirm_delete"); } if (!GETPOST('withproject') || empty($projectstatic->id)) { $projectsListId = $projectstatic->getProjectsAuthorizedForUser($user, 0, 1); $object->next_prev_filter = " fk_projet IN (".$db->sanitize($projectsListId).")"; } else { - $object->next_prev_filter = " fk_projet = ".$projectstatic->id; + $object->next_prev_filter = " fk_projet = ".((int) $projectstatic->id); } $morehtmlref = ''; diff --git a/htdocs/projet/tasks/task.php b/htdocs/projet/tasks/task.php index 0f6b67a0482..780d387512e 100644 --- a/htdocs/projet/tasks/task.php +++ b/htdocs/projet/tasks/task.php @@ -474,14 +474,14 @@ if ($id > 0 || !empty($ref)) { print dol_get_fiche_head($head, 'task_task', $langs->trans("Task"), -1, 'projecttask', 0, '', 'reposition'); if ($action == 'delete') { - print $form->formconfirm($_SERVER["PHP_SELF"]."?id=".$_GET["id"].'&withproject='.$withproject, $langs->trans("DeleteATask"), $langs->trans("ConfirmDeleteATask"), "confirm_delete"); + print $form->formconfirm($_SERVER["PHP_SELF"]."?id=".GETPOST("id", 'int').'&withproject='.$withproject, $langs->trans("DeleteATask"), $langs->trans("ConfirmDeleteATask"), "confirm_delete"); } if (!GETPOST('withproject') || empty($projectstatic->id)) { $projectsListId = $projectstatic->getProjectsAuthorizedForUser($user, 0, 1); $object->next_prev_filter = " fk_projet IN (".$db->sanitize($projectsListId).")"; } else { - $object->next_prev_filter = " fk_projet = ".$projectstatic->id; + $object->next_prev_filter = " fk_projet = ".((int) $projectstatic->id); } $morehtmlref = ''; diff --git a/htdocs/salaries/payment_salary/card.php b/htdocs/salaries/payment_salary/card.php index c6d1fd7d07f..51f80b23efd 100644 --- a/htdocs/salaries/payment_salary/card.php +++ b/htdocs/salaries/payment_salary/card.php @@ -255,7 +255,7 @@ print '
'; if ($action == '') { if ($user->rights->salaries->delete) { if (!$disable_delete) { - print ''.$langs->trans('Delete').''; + print ''.$langs->trans('Delete').''; } else { print ''.$langs->trans('Delete').''; } diff --git a/htdocs/societe/ajaxcompanies.php b/htdocs/societe/ajaxcompanies.php index 3221aafff55..28b105df9a0 100644 --- a/htdocs/societe/ajaxcompanies.php +++ b/htdocs/societe/ajaxcompanies.php @@ -66,12 +66,12 @@ if (GETPOST('newcompany') || GETPOST('socid', 'int') || GETPOST('id_fourn')) { $return_arr = array(); // Define filter on text typed - $socid = $_GET['newcompany'] ? $_GET['newcompany'] : ''; + $socid = GETPOST('newcompany'); if (!$socid) { - $socid = $_GET['socid'] ? $_GET['socid'] : ''; + $socid = GETPOST('socid', 'int'); } if (!$socid) { - $socid = $_GET['id_fourn'] ? $_GET['id_fourn'] : ''; + $socid = GETPOST('id_fourn', 'int'); } $sql = "SELECT rowid, nom"; @@ -90,7 +90,7 @@ if (GETPOST('newcompany') || GETPOST('socid', 'int') || GETPOST('id_fourn')) { $sql .= " OR code_fournisseur LIKE '%".$db->escape($socid)."%'"; } if (!empty($conf->global->SOCIETE_ALLOW_SEARCH_ON_ROWID)) { - $sql .= " OR rowid = '".$db->escape($socid)."'"; + $sql .= " OR rowid = ".((int) $socid); } $sql .= ")"; }