Merge pull request #142 from simnandez/develop

Fix: Sanitize data
2012-03-29 08:43:54 -07:00 · 2012-03-29 08:43:54 -07:00 · d8ea1526b3
commit d8ea1526b3
parent 6a2d990a33 78e2d85e66
7 changed files with 56 additions and 46 deletions
--- a/htdocs/admin/agenda.php
+++ b/htdocs/admin/agenda.php
@ -1,7 +1,7 @@
 <?php
 /* Copyright (C) 2008-2010	Laurent Destailleur <eldy@users.sourceforge.net>
 * Copyright (C) 2011		Regis Houssin		<regis@dolibarr.fr>
- * Copyright (C) 2011 	    Juanjo Menent		<jmenent@2byte.es>
+ * Copyright (C) 2011-2012  Juanjo Menent		<jmenent@2byte.es>
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
@ -33,7 +33,8 @@ if (!$user->admin)
 $langs->load("admin");
 $langs->load("other");

-$action=$_POST["action"];
+$action = GETPOST('action','alpha');
+$cancel = GETPOST('cancel','alpha');

 // Get list of triggers available
 $sql = "SELECT a.rowid, a.code, a.label, a.elementtype";
@ -66,7 +67,7 @@ else
 /*
 *	Actions
 */
-if ($action == "save" && empty($_POST["cancel"]))
+if ($action == "save" && empty($cancel))
 {
    $i=0;

@ -76,7 +77,7 @@ if ($action == "save" && empty($_POST["cancel"]))
 	{
 		$param='MAIN_AGENDA_ACTIONAUTO_'.$trigger['code'];
 		//print "param=".$param." - ".$_POST[$param];
-		if (! empty($_POST[$param])) $res = dolibarr_set_const($db,$param,$_POST[$param],'chaine',0,'',$conf->entity);
+		if (GETPOST($param,'alpha')) $res = dolibarr_set_const($db,$param,GETPOST($param,'alpha'),'chaine',0,'',$conf->entity);
 		else $res = dolibarr_del_const($db,$param,$conf->entity);
 		if (! $res > 0) $error++;
 	}
@ -141,7 +142,7 @@ if (! empty($triggers))
 			print '<td align="right" width="40">';
 			$key='MAIN_AGENDA_ACTIONAUTO_'.$trigger['code'];
 			$value=$conf->global->$key;
-			print '<input '.$bc[$var].' type="checkbox" name="'.$key.'" value="1"'.((($_GET["action"]=='selectall'||$value) && $_GET["action"]!="selectnone")?' checked="checked"':'').'>';
+			print '<input '.$bc[$var].' type="checkbox" name="'.$key.'" value="1"'.((($action=='selectall'||$value) && $action!="selectnone")?' checked="checked"':'').'>';
 			print '</td></tr>'."\n";
 		}
 	}
--- a/htdocs/admin/agenda_extsites.php
+++ b/htdocs/admin/agenda_extsites.php
@ -1,6 +1,6 @@
 <?php
 /* Copyright (C) 2008-2011 Laurent Destailleur  <eldy@users.sourceforge.net>
- * Copyright (C) 2011 	   Juanjo Menent        <jmenent@2byte.es>
+ * Copyright (C) 2011-2012 Juanjo Menent        <jmenent@2byte.es>
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
@ -37,8 +37,8 @@ $langs->load("admin");
 $langs->load("other");

 $def = array();
-$actiontest=GETPOST("test");
-$actionsave=GETPOST("save");
+$actiontest=GETPOST('test','alpha');
+$actionsave=GETPOST('save','alpha');

 if (empty($conf->global->AGENDA_EXT_NB)) $conf->global->AGENDA_EXT_NB=5;
 $MAXAGENDA=empty($conf->global->AGENDA_EXT_NB)?5:$conf->global->AGENDA_EXT_NB;
@ -53,7 +53,7 @@ if ($actionsave)
 {
    $db->begin();

-    $disableext=GETPOST("AGENDA_DISABLE_EXT");
+    $disableext=GETPOST('AGENDA_DISABLE_EXT','alpha');
    if ($disableext) $disableext=0; else $disableext=1;
 	$res=dolibarr_set_const($db,'AGENDA_DISABLE_EXT',$disableext,'chaine',0);

@ -63,20 +63,20 @@ if ($actionsave)
 	// Save agendas
 	while ($i <= $MAXAGENDA)
 	{
-		$color=trim(GETPOST("agenda_ext_color".$i));
+		$color=trim(GETPOST('agenda_ext_color'.$i,'alpha'));
 		if ($color=='-1') $color='';

 		//print 'color='.$color;
-		$res=dolibarr_set_const($db,'AGENDA_EXT_NAME'.$i,trim(GETPOST("agenda_ext_name".$i)),'chaine',0);
+		$res=dolibarr_set_const($db,'AGENDA_EXT_NAME'.$i,trim(GETPOST('agenda_ext_name'.$i),'alpha'),'chaine',0);
 		if (! $res > 0) $error++;
-		$res=dolibarr_set_const($db,'AGENDA_EXT_SRC'.$i,trim(GETPOST("agenda_ext_src".$i)),'chaine',0);
+		$res=dolibarr_set_const($db,'AGENDA_EXT_SRC'.$i,trim(GETPOST('agenda_ext_src'.$i,'alpha')),'chaine',0);
 		if (! $res > 0) $error++;
 		$res=dolibarr_set_const($db,'AGENDA_EXT_COLOR'.$i,$color,'chaine',0);
 		if (! $res > 0) $error++;
 		$i++;
 	}
 	// Save nb of agenda
-	$res=dolibarr_set_const($db,'AGENDA_EXT_NB',trim(GETPOST("AGENDA_EXT_NB")),'chaine',0);
+	$res=dolibarr_set_const($db,'AGENDA_EXT_NB',trim(GETPOST('AGENDA_EXT_NB','alpha')),'chaine',0);
 	if (! $res > 0) $error++;
 	if (empty($conf->global->AGENDA_EXT_NB)) $conf->global->AGENDA_EXT_NB=5;
 	$MAXAGENDA=empty($conf->global->AGENDA_EXT_NB)?5:$conf->global->AGENDA_EXT_NB;
@ -119,7 +119,7 @@ dol_fiche_head($head, 'extsites', $langs->trans("Agenda"));

 print '<form name="extsitesconfig" action="'.$_SERVER["PHP_SELF"].'" method="post">';

-$selectedvalue=(GETPOST("AGENDA_DISABLE_AGENDA"))?GETPOST("AGENDA_DISABLE_EXT"):$conf->global->AGENDA_DISABLE_EXT;
+$selectedvalue=(GETPOST('AGENDA_DISABLE_AGENDA','alpha'))?GETPOST('AGENDA_DISABLE_EXT','alpha'):$conf->global->AGENDA_DISABLE_EXT;
 if ($selectedvalue==1) $selectedvalue=0; else $selectedvalue=1;
 print $langs->trans("ExtSitesEnableThisTool").' '.$form->selectyesno("AGENDA_DISABLE_EXT",$selectedvalue,1).'<br><br>';

--- a/htdocs/admin/agenda_xcal.php
+++ b/htdocs/admin/agenda_xcal.php
@ -1,5 +1,6 @@
 <?php
-/* Copyright (C) 2008-2010 Laurent Destailleur  <eldy@users.sourceforge.net>
+/* Copyright (C) 2008-2010 	Laurent Destailleur <eldy@users.sourceforge.net>
+ * Copyright (C) 2012		Juanjo Menent		<jmenent@2byte.es>
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
@ -34,7 +35,7 @@ $langs->load("other");
 $langs->load("agenda");

 $def = array();
-$actionsave=$_POST["save"];
+$actionsave=GETPOST('save','alpha');

 // Sauvegardes parametres
 if ($actionsave)
@ -43,9 +44,9 @@ if ($actionsave)

    $db->begin();

-    $i+=dolibarr_set_const($db,'MAIN_AGENDA_XCAL_EXPORTKEY',trim($_POST["MAIN_AGENDA_XCAL_EXPORTKEY"]),'chaine',0,'',$conf->entity);
-    $i+=dolibarr_set_const($db,'MAIN_AGENDA_EXPORT_PAST_DELAY',trim($_POST["MAIN_AGENDA_EXPORT_PAST_DELAY"]),'chaine',0,'',$conf->entity);
-    $i+=dolibarr_set_const($db,'MAIN_AGENDA_EXPORT_CACHE',trim($_POST["MAIN_AGENDA_EXPORT_CACHE"]),'chaine',0,'',$conf->entity);
+    $i+=dolibarr_set_const($db,'MAIN_AGENDA_XCAL_EXPORTKEY',trim(GETPOST('MAIN_AGENDA_XCAL_EXPORTKEY','alpha')),'chaine',0,'',$conf->entity);
+    $i+=dolibarr_set_const($db,'MAIN_AGENDA_EXPORT_PAST_DELAY',trim(GETPOST('MAIN_AGENDA_EXPORT_PAST_DELAY','alpha')),'chaine',0,'',$conf->entity);
+    $i+=dolibarr_set_const($db,'MAIN_AGENDA_EXPORT_CACHE',trim(GETPOST('MAIN_AGENDA_EXPORT_CACHE','alpha')),'chaine',0,'',$conf->entity);

    if ($i >= 3)
    {
@ -94,19 +95,19 @@ print "</tr>";

 print "<tr class=\"impair\">";
 print '<td class="fieldrequired">'.$langs->trans("PasswordTogetVCalExport")."</td>";
-print "<td><input type=\"text\" class=\"flat\" name=\"MAIN_AGENDA_XCAL_EXPORTKEY\" value=\"". ($_POST["MAIN_AGENDA_XCAL_EXPORTKEY"]?$_POST["MAIN_AGENDA_XCAL_EXPORTKEY"]:$conf->global->MAIN_AGENDA_XCAL_EXPORTKEY) . "\" size=\"40\"></td>";
+print "<td><input type=\"text\" class=\"flat\" name=\"MAIN_AGENDA_XCAL_EXPORTKEY\" value=\"". (GETPOST('MAIN_AGENDA_XCAL_EXPORTKEY','alpha')?GETPOST('MAIN_AGENDA_XCAL_EXPORTKEY','alpha'):$conf->global->MAIN_AGENDA_XCAL_EXPORTKEY) . "\" size=\"40\"></td>";
 print "<td>&nbsp;</td>";
 print "</tr>";

 print "<tr class=\"pair\">";
 print "<td>".$langs->trans("PastDelayVCalExport")."</td>";
-print "<td><input type=\"text\" class=\"flat\" name=\"MAIN_AGENDA_EXPORT_PAST_DELAY\" value=\"". ($_POST["MAIN_AGENDA_EXPORT_PAST_DELAY"]?$_POST["MAIN_AGENDA_EXPORT_PAST_DELAY"]:$conf->global->MAIN_AGENDA_EXPORT_PAST_DELAY) . "\" size=\"10\"> ".$langs->trans("days")."</td>";
+print "<td><input type=\"text\" class=\"flat\" name=\"MAIN_AGENDA_EXPORT_PAST_DELAY\" value=\"". (GETPOST('MAIN_AGENDA_EXPORT_PAST_DELAY','alpha')?GETPOST('MAIN_AGENDA_EXPORT_PAST_DELAY','alpha'):$conf->global->MAIN_AGENDA_EXPORT_PAST_DELAY) . "\" size=\"10\"> ".$langs->trans("days")."</td>";
 print "<td>&nbsp;</td>";
 print "</tr>";

 print "<tr class=\"impair\">";
 print "<td>".$langs->trans("UseACacheDelay")."</td>";
-print "<td><input type=\"text\" class=\"flat\" name=\"MAIN_AGENDA_EXPORT_CACHE\" value=\"". ($_POST["MAIN_AGENDA_EXPORT_CACHE"]?$_POST["MAIN_AGENDA_EXPORT_CACHE"]:$conf->global->MAIN_AGENDA_EXPORT_CACHE) . "\" size=\"10\"></td>";
+print "<td><input type=\"text\" class=\"flat\" name=\"MAIN_AGENDA_EXPORT_CACHE\" value=\"". (GETPOST('MAIN_AGENDA_EXPORT_CACHE','alpha')?GETPOST('MAIN_AGENDA_EXPORT_CACHE','alpha'):$conf->global->MAIN_AGENDA_EXPORT_CACHE) . "\" size=\"10\"></td>";
 print "<td>&nbsp;</td>";
 print "</tr>";

--- a/htdocs/admin/project.php
+++ b/htdocs/admin/project.php
@ -1,7 +1,7 @@
 <?php
-/* Copyright (C) 2010 Regis Houssin        <regis@dolibarr.fr>
- * Copyright (C) 2011 Laurent Destailleur  <eldy@users.sourceforge.net>
- * Copyright (C) 2011 Juanjo Menent		   <jmenent@2byte.es>
+/* Copyright (C) 2010 		Regis Houssin		<regis@dolibarr.fr>
+ * Copyright (C) 2011 		Laurent Destailleur	<eldy@users.sourceforge.net>
+ * Copyright (C) 2011-2012 	Juanjo Menent		<jmenent@2byte.es>
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
@ -35,8 +35,8 @@ $langs->load("projects");
 if (!$user->admin)
 accessforbidden();

-$value=GETPOST('value');
-$action=GETPOST('action');
+$value=GETPOST('value','action');
+$action=GETPOST('action','action');


 /*
@ -45,8 +45,9 @@ $action=GETPOST('action');

 if ($action == 'updateMask')
 {
-	$maskconstproject=GETPOST("maskconstproject");
-	$maskproject=GETPOST("maskproject");
+	$maskconstproject=GETPOST('maskconstproject','alpha');
+	$maskproject=GETPOST('maskproject','alpha');
+	
 	if ($maskconstproject)  $res = dolibarr_set_const($db,$maskconstproject,$maskproject,'chaine',0,'',$conf->entity);

 	if (! $res > 0) $error++;
@ -63,7 +64,7 @@ if ($action == 'updateMask')

 if ($action == 'specimen')
 {
-	$modele=GETPOST("module");
+	$modele=GETPOST('module','alpha');

 	$project = new Project($db);
 	$project->initAsSpecimen();
@ -98,8 +99,8 @@ if ($action == 'specimen')

 if ($action == 'set')
 {
-	$label = GETPOST("label");
-	$scandir = GETPOST("scandir");
+	$label = GETPOST('label','alpha');
+	$scandir = GETPOST('scandir','alpha');

 	$type='project';
    $sql = "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity, libelle, description)";
@ -125,8 +126,8 @@ if ($action == 'del')

 if ($action == 'setdoc')
 {
-	$label = GETPOST("label");
-	$scandir = GETPOST("scandir");
+	$label = GETPOST('label','alpha');
+	$scandir = GETPOST('scandir','alpha');

 	$db->begin();

@ -164,7 +165,7 @@ if ($action == 'setmod')
 	// TODO Verifier si module numerotation choisi peut etre active
 	// par appel methode canBeActivated

-	dolibarr_set_const($db, "PROJECT_ADDON",$_GET["value"],'chaine',0,'',$conf->entity);
+	dolibarr_set_const($db, "PROJECT_ADDON",GETPOST('value','alpha'),'chaine',0,'',$conf->entity);
 }

 /*
--- a/htdocs/admin/stock.php
+++ b/htdocs/admin/stock.php
@ -2,6 +2,7 @@
 /* Copyright (C) 2006      Rodolphe Quiedeville <rodolphe@quiedeville.org>
 * Copyright (C) 2008-2010 Laurent Destailleur  <eldy@users.sourceforge.net>
 * Copyright (C) 2005-2009 Regis Houssin        <regis@dolibarr.fr>
+ * Copyright (C) 2012      Juanjo Menent		<jmenent@2byte.es>
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
@ -31,7 +32,7 @@ $langs->load("stocks");
 // Securit check
 if (!$user->admin) accessforbidden();

-$action = GETPOST("action");
+$action = GETPOST('action','alpha');


 /*
@ -41,7 +42,7 @@ $action = GETPOST("action");
 if ($action == 'STOCK_USERSTOCK_AUTOCREATE')
 {
 	$db->begin();
-	$res = dolibarr_set_const($db, "STOCK_USERSTOCK_AUTOCREATE", GETPOST("STOCK_USERSTOCK_AUTOCREATE"),'chaine',0,'',$conf->entity);
+	$res = dolibarr_set_const($db, "STOCK_USERSTOCK_AUTOCREATE", GETPOST('STOCK_USERSTOCK_AUTOCREATE','alpha'),'chaine',0,'',$conf->entity);
 }
 // Mode of stock decrease
 if ($action == 'STOCK_CALCULATE_ON_BILL'
@ -52,9 +53,9 @@ if ($action == 'STOCK_CALCULATE_ON_BILL'
 	$res=dolibarr_set_const($db, "STOCK_CALCULATE_ON_BILL", '','chaine',0,'',$conf->entity);
 	$res=dolibarr_set_const($db, "STOCK_CALCULATE_ON_VALIDATE_ORDER", '','chaine',0,'',$conf->entity);
 	$res=dolibarr_set_const($db, "STOCK_CALCULATE_ON_SHIPMENT", '','chaine',0,'',$conf->entity);
-	if ($action == 'STOCK_CALCULATE_ON_BILL')           $res=dolibarr_set_const($db, "STOCK_CALCULATE_ON_BILL", GETPOST("STOCK_CALCULATE_ON_BILL"),'chaine',0,'',$conf->entity);
-	if ($action == 'STOCK_CALCULATE_ON_VALIDATE_ORDER') $res=dolibarr_set_const($db, "STOCK_CALCULATE_ON_VALIDATE_ORDER", GETPOST("STOCK_CALCULATE_ON_VALIDATE_ORDER"),'chaine',0,'',$conf->entity);
-	if ($action == 'STOCK_CALCULATE_ON_SHIPMENT')       $res=dolibarr_set_const($db, "STOCK_CALCULATE_ON_SHIPMENT", GETPOST("STOCK_CALCULATE_ON_SHIPMENT"),'chaine',0,'',$conf->entity);
+	if ($action == 'STOCK_CALCULATE_ON_BILL')           $res=dolibarr_set_const($db, "STOCK_CALCULATE_ON_BILL", GETPOST('STOCK_CALCULATE_ON_BILL','alpha'),'chaine',0,'',$conf->entity);
+	if ($action == 'STOCK_CALCULATE_ON_VALIDATE_ORDER') $res=dolibarr_set_const($db, "STOCK_CALCULATE_ON_VALIDATE_ORDER", GETPOST('STOCK_CALCULATE_ON_VALIDATE_ORDER','alpha'),'chaine',0,'',$conf->entity);
+	if ($action == 'STOCK_CALCULATE_ON_SHIPMENT')       $res=dolibarr_set_const($db, "STOCK_CALCULATE_ON_SHIPMENT", GETPOST('STOCK_CALCULATE_ON_SHIPMENT','alpha'),'chaine',0,'',$conf->entity);
 }
 // Mode of stock increase
 if ($action == 'STOCK_CALCULATE_ON_SUPPLIER_BILL'
@ -65,9 +66,9 @@ if ($action == 'STOCK_CALCULATE_ON_SUPPLIER_BILL'
 	$res=dolibarr_set_const($db, "STOCK_CALCULATE_ON_SUPPLIER_BILL", '','chaine',0,'',$conf->entity);
 	$res=dolibarr_set_const($db, "STOCK_CALCULATE_ON_SUPPLIER_VALIDATE_ORDER", '','chaine',0,'',$conf->entity);
 	$res=dolibarr_set_const($db, "STOCK_CALCULATE_ON_SUPPLIER_DISPATCH_ORDER", '','chaine',0,'',$conf->entity);
-	if ($action == 'STOCK_CALCULATE_ON_SUPPLIER_BILL')           $res=dolibarr_set_const($db, "STOCK_CALCULATE_ON_SUPPLIER_BILL", GETPOST("STOCK_CALCULATE_ON_SUPPLIER_BILL"),'chaine',0,'',$conf->entity);
-	if ($action == 'STOCK_CALCULATE_ON_SUPPLIER_VALIDATE_ORDER') $res=dolibarr_set_const($db, "STOCK_CALCULATE_ON_SUPPLIER_VALIDATE_ORDER", GETPOST("STOCK_CALCULATE_ON_SUPPLIER_VALIDATE_ORDER"),'chaine',0,'',$conf->entity);
-	if ($action == 'STOCK_CALCULATE_ON_SUPPLIER_DISPATCH_ORDER') $res=dolibarr_set_const($db, "STOCK_CALCULATE_ON_SUPPLIER_DISPATCH_ORDER", GETPOST("STOCK_CALCULATE_ON_SUPPLIER_DISPATCH_ORDER"),'chaine',0,'',$conf->entity);
+	if ($action == 'STOCK_CALCULATE_ON_SUPPLIER_BILL')           $res=dolibarr_set_const($db, "STOCK_CALCULATE_ON_SUPPLIER_BILL", GETPOST('STOCK_CALCULATE_ON_SUPPLIER_BILL','alpha'),'chaine',0,'',$conf->entity);
+	if ($action == 'STOCK_CALCULATE_ON_SUPPLIER_VALIDATE_ORDER') $res=dolibarr_set_const($db, "STOCK_CALCULATE_ON_SUPPLIER_VALIDATE_ORDER", GETPOST('STOCK_CALCULATE_ON_SUPPLIER_VALIDATE_ORDER','alpha'),'chaine',0,'',$conf->entity);
+	if ($action == 'STOCK_CALCULATE_ON_SUPPLIER_DISPATCH_ORDER') $res=dolibarr_set_const($db, "STOCK_CALCULATE_ON_SUPPLIER_DISPATCH_ORDER", GETPOST('STOCK_CALCULATE_ON_SUPPLIER_DISPATCH_ORDER','alpha'),'chaine',0,'',$conf->entity);
 }

 if($action)
--- a/htdocs/langs/ca_ES/agenda.lang
+++ b/htdocs/langs/ca_ES/agenda.lang
@ -10,6 +10,8 @@ LocalAgenda=Calendari local
 AffectedTo=Assignada a
 DoneBy=Realitzat per
 Events=Esdeveniments
+MyEvents=Els meus events
+OtherEvents=Altres events
 ListOfActions=Llista d'esdeveniments
 EventOnFullDay=Esdeveniment per tot el dia
 Location=Localització
@ -63,12 +65,12 @@ AgendaUrlOptions4=<b>logint=%s</b> per a restringir insercions a accions que afe
 AgendaUrlOptions5=<b>logind=%s</b> per a restringir insercions a accions realitzades per l'usuari <b>%s</b>.
 AgendaShowBirthdayEvents=Mostra aniversari dels contactes
 AgendaHideBirthdayEvents=Amaga aniversari dels contacte
-ExtSites=Calendaris externs

 # External Sites ical
+ExportCal=Exportar calendari
 ExtSites=Calendaris externs
 ExtSitesEnableThisTool=Mostrar calendaris externs a l'agenda
 ExtSitesNbOfAgenda=Nombre de calendaris
 AgendaExtNb=Calendari nº %s
 ExtSiteUrlAgenda=Url d'accés a l'arxiu. ical
-ExtSiteNoLabel=Sense descripció
+ExtSiteNoLabel=Sense descripció
--- a/htdocs/langs/es_ES/agenda.lang
+++ b/htdocs/langs/es_ES/agenda.lang
@ -10,6 +10,8 @@ LocalAgenda=Calendario local
 AffectedTo=Asignada a
 DoneBy=Realizado por
 Events=Eventos
+MyEvents=Mis eventos
+OtherEvents=Otros eventos
 ListOfActions=Listado de eventos
 EventOnFullDay=Evento para todo el día
 Location=Localización
@ -63,8 +65,10 @@ AgendaUrlOptions4=<b>logint=%s</b> para restringir inserciones a acciones que af
 AgendaUrlOptions5=<b>logind=%s</b> para restringir inserciones a acciones realizadas por el usuario <b>%s</b>.
 AgendaShowBirthdayEvents=Mostrar cumpleaños de los contactos
 AgendaHideBirthdayEvents=Ocultar cumpleaños de los contactos
+
+# External Sites ical
+ExportCal=Exportar calendario
 ExtSites=Calendarios externos
-# External Sites ical=
 ExtSitesEnableThisTool=Mostrar calendarios externos en la agenda
 ExtSitesNbOfAgenda=Número de calendarios
 AgendaExtNb=Calendario nº %s