From c7a614bd5032034e8b5315af0cf32e033af19389 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Thu, 4 Jun 2020 17:07:22 +0200 Subject: [PATCH 1/7] Fix clean data --- htdocs/install/mysql/migration/11.0.0-12.0.0.sql | 2 ++ 1 file changed, 2 insertions(+) diff --git a/htdocs/install/mysql/migration/11.0.0-12.0.0.sql b/htdocs/install/mysql/migration/11.0.0-12.0.0.sql index bbf25a40a77..b7ac95b8cea 100644 --- a/htdocs/install/mysql/migration/11.0.0-12.0.0.sql +++ b/htdocs/install/mysql/migration/11.0.0-12.0.0.sql @@ -165,6 +165,8 @@ ALTER TABLE llx_bookmark MODIFY COLUMN url TEXT; ALTER TABLE llx_bookmark ADD UNIQUE uk_bookmark_title (fk_user, entity, title); +ALTER TABLE llx_societe_rib MODIFY COLUMN owner_address varchar(255); +ALTER TABLE llx_societe_rib MODIFY COLUMN default_rib smallint NOT NULL DEFAULT 0; ALTER TABLE llx_societe_rib ADD COLUMN stripe_account varchar(128); From 630525b59c18948cab1fa88e6c91513d668bbf2a Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Fri, 5 Jun 2020 02:22:16 +0200 Subject: [PATCH 2/7] css --- htdocs/admin/translation.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/htdocs/admin/translation.php b/htdocs/admin/translation.php index e509f96c001..05bfe39bb54 100644 --- a/htdocs/admin/translation.php +++ b/htdocs/admin/translation.php @@ -358,9 +358,9 @@ if ($mode == 'overwrite') if ($action == 'edit' && $obj->rowid == GETPOST('rowid', 'int')) { print ''; - print ''; + print ''; print '   '; - print ''; + print ''; } else { From b75700cc0b6cc13e0c2379889c9ab9c2797a39f0 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Fri, 5 Jun 2020 10:27:34 +0200 Subject: [PATCH 3/7] Fix virtualstock activation when MRP module is on --- htdocs/admin/stock.php | 11 +++++++---- htdocs/product/list.php | 7 ++++++- htdocs/product/reassort.php | 7 ++++++- htdocs/product/stock/replenish.php | 9 +++++---- 4 files changed, 24 insertions(+), 10 deletions(-) diff --git a/htdocs/admin/stock.php b/htdocs/admin/stock.php index 43e610c3052..41816d72f7a 100644 --- a/htdocs/admin/stock.php +++ b/htdocs/admin/stock.php @@ -383,10 +383,13 @@ print ''; print '
'; $virtualdiffersfromphysical = 0; -if ( - !empty($conf->global->STOCK_CALCULATE_ON_SHIPMENT) - || !empty($conf->global->STOCK_CALCULATE_ON_SUPPLIER_DISPATCH_ORDER) -) { +if (!empty($conf->global->STOCK_CALCULATE_ON_SHIPMENT) + || !empty($conf->global->STOCK_CALCULATE_ON_SUPPLIER_DISPATCH_ORDER) + || !empty($conf->global->STOCK_CALCULATE_ON_SHIPMENT_CLOSE) + || !empty($conf->global->STOCK_CALCULATE_ON_RECEPTION) + || !empty($conf->global->STOCK_CALCULATE_ON_RECEPTION_CLOSE) + || !empty($conf->mrp->enabled)) +{ $virtualdiffersfromphysical = 1; // According to increase/decrease stock options, virtual and physical stock may differs. } diff --git a/htdocs/product/list.php b/htdocs/product/list.php index 17dd18b567b..57eacb75ed4 100644 --- a/htdocs/product/list.php +++ b/htdocs/product/list.php @@ -129,7 +129,12 @@ else $result = restrictedArea($user, 'produit|service', '', '', '', '', '', $obj // Define virtualdiffersfromphysical $virtualdiffersfromphysical = 0; -if (!empty($conf->global->STOCK_CALCULATE_ON_SHIPMENT) || !empty($conf->global->STOCK_CALCULATE_ON_SUPPLIER_DISPATCH_ORDER) || !empty($conf->global->STOCK_CALCULATE_ON_RECEPTION)) +if (!empty($conf->global->STOCK_CALCULATE_ON_SHIPMENT) + || !empty($conf->global->STOCK_CALCULATE_ON_SUPPLIER_DISPATCH_ORDER) + || !empty($conf->global->STOCK_CALCULATE_ON_SHIPMENT_CLOSE) + || !empty($conf->global->STOCK_CALCULATE_ON_RECEPTION) + || !empty($conf->global->STOCK_CALCULATE_ON_RECEPTION_CLOSE) + || !empty($conf->mrp->enabled)) { $virtualdiffersfromphysical = 1; // According to increase/decrease stock options, virtual and physical stock may differs. } diff --git a/htdocs/product/reassort.php b/htdocs/product/reassort.php index 94d2e80c303..2cbe113fe69 100644 --- a/htdocs/product/reassort.php +++ b/htdocs/product/reassort.php @@ -78,7 +78,12 @@ if (!empty($canvas)) // Define virtualdiffersfromphysical $virtualdiffersfromphysical = 0; -if (!empty($conf->global->STOCK_CALCULATE_ON_SHIPMENT) || !empty($conf->global->STOCK_CALCULATE_ON_SUPPLIER_DISPATCH_ORDER) || !empty($conf->global->STOCK_CALCULATE_ON_RECEPTION)) +if (!empty($conf->global->STOCK_CALCULATE_ON_SHIPMENT) + || !empty($conf->global->STOCK_CALCULATE_ON_SUPPLIER_DISPATCH_ORDER) + || !empty($conf->global->STOCK_CALCULATE_ON_SHIPMENT_CLOSE) + || !empty($conf->global->STOCK_CALCULATE_ON_RECEPTION) + || !empty($conf->global->STOCK_CALCULATE_ON_RECEPTION_CLOSE) + || !empty($conf->mrp->enabled)) { $virtualdiffersfromphysical = 1; // According to increase/decrease stock options, virtual and physical stock may differs. } diff --git a/htdocs/product/stock/replenish.php b/htdocs/product/stock/replenish.php index 97d3871c027..358ca742361 100644 --- a/htdocs/product/stock/replenish.php +++ b/htdocs/product/stock/replenish.php @@ -82,10 +82,11 @@ if (!$sortorder) { // Define virtualdiffersfromphysical $virtualdiffersfromphysical = 0; if (!empty($conf->global->STOCK_CALCULATE_ON_SHIPMENT) -|| !empty($conf->global->STOCK_CALCULATE_ON_SUPPLIER_DISPATCH_ORDER) -|| !empty($conf->global->STOCK_CALCULATE_ON_SHIPMENT_CLOSE) -|| !empty($conf->global->STOCK_CALCULATE_ON_RECEPTION) -|| !empty($conf->global->STOCK_CALCULATE_ON_RECEPTION_CLOSE)) + || !empty($conf->global->STOCK_CALCULATE_ON_SUPPLIER_DISPATCH_ORDER) + || !empty($conf->global->STOCK_CALCULATE_ON_SHIPMENT_CLOSE) + || !empty($conf->global->STOCK_CALCULATE_ON_RECEPTION) + || !empty($conf->global->STOCK_CALCULATE_ON_RECEPTION_CLOSE) + || !empty($conf->mrp->enabled)) { $virtualdiffersfromphysical = 1; // According to increase/decrease stock options, virtual and physical stock may differs. } From d2522483197b12334a4fc1fdd43e2c7e16688ac7 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Fri, 5 Jun 2020 13:41:33 +0200 Subject: [PATCH 4/7] Fix back to link in ECM menu Fix picto in search_page --- ChangeLog | 1 + htdocs/accountancy/index.php | 2 +- htdocs/core/ajax/ajaxdirpreview.php | 2 +- htdocs/core/ajax/selectsearchbox.php | 9 ----- htdocs/core/class/html.formfile.class.php | 13 ++++--- htdocs/core/search_page.php | 4 ++- htdocs/core/tpl/filemanager.tpl.php | 2 +- htdocs/ecm/file_card.php | 8 +++-- htdocs/ecm/index.php | 4 +-- htdocs/ecm/search.php | 44 ++++++++--------------- htdocs/langs/en_US/main.lang | 1 + htdocs/theme/eldy/global.inc.php | 12 ++++--- 12 files changed, 48 insertions(+), 54 deletions(-) diff --git a/ChangeLog b/ChangeLog index c4bc005a94d..1d6e2e39b45 100644 --- a/ChangeLog +++ b/ChangeLog @@ -19,6 +19,7 @@ NEW: Accountancy - Add possibility to manage a short alternative label for accou NEW: Accountancy - General ledger - Add an option to search not reconciled lines NEW: Add accountancy code of thirdparty in contact and supplier export NEW: support webp image format +NEW: Add checkbox "overwrite if exists" into ECM/DMS module NEW: add a link to notes in members list NEW: add a parameter to group same products in TakePOS NEW: add a parameter to sort product by label in TakePOS diff --git a/htdocs/accountancy/index.php b/htdocs/accountancy/index.php index 56cf674505b..f44b5bc72f8 100644 --- a/htdocs/accountancy/index.php +++ b/htdocs/accountancy/index.php @@ -245,7 +245,7 @@ else { print load_fiche_titre($langs->trans("AccountancyArea"), '', 'accountancy'); - print $langs->trans("Module10Desc")."
\n"; + print ''.$langs->trans("Module10Desc")."
\n"; } // End of page diff --git a/htdocs/core/ajax/ajaxdirpreview.php b/htdocs/core/ajax/ajaxdirpreview.php index 32d4f8d3bfa..5b656786c8f 100644 --- a/htdocs/core/ajax/ajaxdirpreview.php +++ b/htdocs/core/ajax/ajaxdirpreview.php @@ -332,7 +332,7 @@ if ($type == 'directory') // When we show list of files for ECM files, $filearray contains file list, and directory is defined with modulepart + section into $param // When we show list of files for a directory, $filearray ciontains file list, and directory is defined with modulepart + $relativepath - //var_dump("title=".$title." modulepart=".$modulepart." useinecm=".$useinecm." perm=".$perm." relativepath=".$relativepath." param=".$param." url=".$url); + //var_dump("section=".$section." title=".$title." modulepart=".$modulepart." useinecm=".$useinecm." perm=".$perm." relativepath=".$relativepath." param=".$param." url=".$url); $formfile->list_of_documents($filearray, '', $modulepart, $param, 1, $relativepath, $perm, $useinecm, $textifempty, $maxlengthname, $title, $url, 0, $perm); } } diff --git a/htdocs/core/ajax/selectsearchbox.php b/htdocs/core/ajax/selectsearchbox.php index 31a95d1e02c..03acbde80fa 100644 --- a/htdocs/core/ajax/selectsearchbox.php +++ b/htdocs/core/ajax/selectsearchbox.php @@ -146,15 +146,6 @@ if (!empty($conf->holiday->enabled) && empty($conf->global->MAIN_SEARCHFORM_HOLI $arrayresult['searchintoleaves'] = array('position'=>220, 'img'=>'object_holiday', 'label'=>$langs->trans("SearchIntoLeaves", $search_boxvalue), 'text'=>img_picto('', 'object_holiday').' '.$langs->trans("SearchIntoLeaves", $search_boxvalue), 'url'=>DOL_URL_ROOT.'/holiday/list.php?mainmenu=hrm'.($search_boxvalue ? '&sall='.urlencode($search_boxvalue) : '')); } - -/* Do we really need this. We already have a select for users, and we should be able to filter into user list on employee flag -if (! empty($conf->hrm->enabled) && ! empty($conf->global->MAIN_SEARCHFORM_EMPLOYEE) && $user->rights->hrm->employee->read) -{ - $langs->load("hrm"); - $searchform.=printSearchForm(DOL_URL_ROOT.'/hrm/employee/list.php', DOL_URL_ROOT.'/hrm/employee/list.php', $langs->trans("Employees"), 'employee', 'search_all', 'M', 'searchleftemployee', img_object('','user')); -} -*/ - // Execute hook addSearchEntry $parameters = array('search_boxvalue'=>$search_boxvalue, 'arrayresult'=>$arrayresult); $reshook = $hookmanager->executeHooks('addSearchEntry', $parameters); diff --git a/htdocs/core/class/html.formfile.class.php b/htdocs/core/class/html.formfile.class.php index 7251db1476e..3eeaea46858 100644 --- a/htdocs/core/class/html.formfile.class.php +++ b/htdocs/core/class/html.formfile.class.php @@ -168,7 +168,8 @@ class FormFile } $out .= 'global->MAIN_DISABLE_MULTIPLE_FILEUPLOAD) || $conf->browser->layout != 'classic') ? ' name="userfile"' : ' name="userfile[]" multiple'); + //$out .= ((!empty($conf->global->MAIN_DISABLE_MULTIPLE_FILEUPLOAD) || $conf->browser->layout != 'classic') ? ' name="userfile"' : ' name="userfile[]" multiple'); + $out .= ((!empty($conf->global->MAIN_DISABLE_MULTIPLE_FILEUPLOAD)) ? ' name="userfile"' : ' name="userfile[]" multiple'); $out .= (empty($conf->global->MAIN_UPLOAD_DOC) || empty($perm) ? ' disabled' : ''); $out .= (!empty($accept) ? ' accept="'.$accept.'"' : ' accept=""'); $out .= (!empty($capture) ? ' capture="capture"' : ''); @@ -1310,7 +1311,7 @@ class FormFile { if ($useinecm == 5 || $useinecm == 6) { - $smallfile = getImageFileNameForSize($file['name'], ''); // There is no thumb for ECM module and Media filemanager, so we use true image + $smallfile = getImageFileNameForSize($file['name'], ''); // There is no thumb for ECM module and Media filemanager, so we use true image. TODO Change this it is slow on image dir. } else { @@ -1376,10 +1377,14 @@ class FormFile // Delete or view link // ($param must start with &) print ''; - if ($useinecm == 1 || $useinecm == 5) // ECM manual tree + if ($useinecm == 1 || $useinecm == 5) // ECM manual tree only { - print ''.img_edit('default', 0, 'class="paddingrightonly"').''; + // $section is inside $param + $newparam.=preg_replace('/&file=.*$/', '', $param); // We don't need param file= + $backtopage = DOL_URL_ROOT.'/ecm/index.php?§ion_dir='.urlencode($relativepath).$newparam; + print ''.img_edit('default', 0, 'class="paddingrightonly"').''; } + if (empty($useinecm) || $useinecm == 2 || $useinecm == 6) // 6=Media file manager { $newmodulepart = $modulepart; diff --git a/htdocs/core/search_page.php b/htdocs/core/search_page.php index 119d7ff9a41..0268eef2259 100644 --- a/htdocs/core/search_page.php +++ b/htdocs/core/search_page.php @@ -79,6 +79,7 @@ else { $usedbyinclude = 1; // Used into next include $showtitlebefore = GETPOST('showtitlebefore', 'int'); + $arrayresult = array(); include DOL_DOCUMENT_ROOT.'/core/ajax/selectsearchbox.php'; $i = 0; @@ -95,7 +96,8 @@ else $accesskey = $val['label'][0]; $accesskeyalreadyassigned[$accesskey] = $accesskey; } - $searchform .= printSearchForm($urlaction, $urlaction, $val['label'], 'minwidth200', $keysearch, $accesskey, $key, img_picto('', $val['img'], '', 0, 1), $showtitlebefore, ($i > 0 ? 0 : 1)); + + $searchform .= printSearchForm($urlaction, $urlaction, $val['label'], 'minwidth200', $keysearch, $accesskey, $key, $val['img'], $showtitlebefore, ($i > 0 ? 0 : 1)); $i++; } diff --git a/htdocs/core/tpl/filemanager.tpl.php b/htdocs/core/tpl/filemanager.tpl.php index db72ea7d74a..fa8add900b1 100644 --- a/htdocs/core/tpl/filemanager.tpl.php +++ b/htdocs/core/tpl/filemanager.tpl.php @@ -133,7 +133,7 @@ print ''; // Start left area -// Confirmation de la suppression d'une ligne categorie +// Ask confirmation of deletion of directory if ($action == 'delete_section') { print $form->formconfirm($_SERVER["PHP_SELF"].'?section='.$section, $langs->trans('DeleteSection'), $langs->trans('ConfirmDeleteSection', $ecmdir->label), 'confirm_deletesection', '', '', 1); diff --git a/htdocs/ecm/file_card.php b/htdocs/ecm/file_card.php index 63fdedbab6d..e0c9398f9f2 100644 --- a/htdocs/ecm/file_card.php +++ b/htdocs/ecm/file_card.php @@ -33,6 +33,7 @@ $langs->loadLangs(array('ecm', 'companies', 'other', 'users', 'orders', 'propal' $action = GETPOST('action', 'aZ09'); $cancel = GETPOST('cancel', 'alpha'); +$backtopage = GETPOST('backtopage', 'alpha'); if (!$user->rights->ecm->setup) accessforbidden(); @@ -282,10 +283,13 @@ $s = img_picto('', 'object_dir').' '.$l if ($action == 'edit') $s .= ''; else $s .= $urlfiletoshow; -$morehtml = ''; +$linkback = ''; +if ($backtopage) { + $linkback = ''.$langs->trans("BackToTree").''; +} $object->ref = ''; // Force to hide ref -dol_banner_tab($object, '', $morehtml, 0, '', '', $s); +dol_banner_tab($object, '', $linkback, 0, '', '', $s); print '
'; diff --git a/htdocs/ecm/index.php b/htdocs/ecm/index.php index 2c533e483c6..c6a47bdfd42 100644 --- a/htdocs/ecm/index.php +++ b/htdocs/ecm/index.php @@ -57,7 +57,7 @@ if (!$sortorder) $sortorder = "ASC"; if (!$sortfield) $sortfield = "fullname"; $ecmdir = new EcmDirectory($db); -if ($section) +if ($section > 0) { $result = $ecmdir->fetch($section); if (!$result > 0) @@ -170,7 +170,7 @@ if ($action == 'add' && $user->rights->ecm->setup) } // Remove directory -if ($action == 'confirm_deletesection' && GETPOST('confirm') == 'yes') +if ($action == 'confirm_deletesection' && GETPOST('confirm', 'alpha') == 'yes') { $result = $ecmdir->delete($user); setEventMessages($langs->trans("ECMSectionWasRemoved", $ecmdir->label), null, 'mesgs'); diff --git a/htdocs/ecm/search.php b/htdocs/ecm/search.php index e125824a8c8..d996f2400ee 100644 --- a/htdocs/ecm/search.php +++ b/htdocs/ecm/search.php @@ -75,21 +75,17 @@ if (!empty($section)) } -/******************************************************************* - * ACTIONS - * - * Put here all code to do according to value of "action" parameter - ********************************************************************/ +/* + * Actions + */ + +// None - - -/******************************************************************* - * PAGE - * - * Put here all code to do according to value of "action" parameter - ********************************************************************/ +/* + * View + */ llxHeader(); @@ -138,10 +134,10 @@ print ''; print ''; print ""; print ''; -print "'; -print "'; -print "'; -print "'; +print ''; +print ''; +print ''; +print ''; print "
'.$langs->trans("ECMSearchByKeywords").'
".$langs->trans("Ref").':
".$langs->trans("Title").':
".$langs->trans("Keyword").':
'.$langs->trans("Ref").':
'.$langs->trans("Title").':
'.$langs->trans("Keyword").':
"; //print $langs->trans("ECMSectionManualDesc"); @@ -158,21 +154,16 @@ $butshown = 0; foreach ($sectionauto as $sectioncur) { if (!$sectioncur['test']) continue; - //if ($butshown % 2 == 0) - print ''; + print ''; print "".$sectioncur['label'].':'; print ''; print ''; print ''; - //if ($butshown % 2 == 1) - print ''; + print ''; $butshown++; } -//if ($butshown % 2 == 1) -// print '  '; print ''; print ""; @@ -192,11 +183,6 @@ $param = '&section='.$section; $textifempty = ($section ? $langs->trans("NoFileFound") : $langs->trans("ECMSelectASection")); $formfile->list_of_documents($filearray, '', 'ecm', $param, 1, $relativepath, $user->rights->ecm->upload, 1, $textifempty); -// print ''; - -// print '
'; - - print ''; diff --git a/htdocs/langs/en_US/main.lang b/htdocs/langs/en_US/main.lang index 532edcb6a67..105d5c83bec 100644 --- a/htdocs/langs/en_US/main.lang +++ b/htdocs/langs/en_US/main.lang @@ -664,6 +664,7 @@ Owner=Owner FollowingConstantsWillBeSubstituted=The following constants will be replaced with the corresponding value. Refresh=Refresh BackToList=Back to list +BackToTree=Back to tree GoBack=Go back CanBeModifiedIfOk=Can be modified if valid CanBeModifiedIfKo=Can be modified if not valid diff --git a/htdocs/theme/eldy/global.inc.php b/htdocs/theme/eldy/global.inc.php index 0ec69d4934a..b3383a1d72c 100644 --- a/htdocs/theme/eldy/global.inc.php +++ b/htdocs/theme/eldy/global.inc.php @@ -419,8 +419,8 @@ hr { border: 0; border-top: 1px solid #ccc; } .tabBar hr { margin-top: 20px; margin-bottom: 17px; } .button:not(.bordertransp):not(.buttonpayment), .buttonDelete:not(.bordertransp):not(.buttonpayment) { - margin-bottom: 0; - margin-top: 0; + margin-bottom: 3px; + margin-top: 3px; margin-left: 5px; margin-right: 5px; font-family: ; @@ -1158,6 +1158,10 @@ table[summary="list_of_modules"] .fa-cog { width: calc(100% - 30px) !important; display: inline-block; } + + /*img.photoref, div.photoref { + box-shadow: 0px 0px 8px rgba(0, 0, 0, 0.2); + }*/ } /* Force values for small screen 570 */ @@ -1270,9 +1274,9 @@ table[summary="list_of_modules"] .fa-cog { padding-bottom: 5px; } img.photoref, div.photoref { - border: none; + border: 1px solid rgba(0, 0, 0, 0.2); + box-shadow: none; -webkit-box-shadow: none; - box-shadow: none; padding: 4px; height: 20px; width: 20px; From ca3f62e4ac1fc320459a416b87900ee6ae0def59 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Fri, 5 Jun 2020 17:47:52 +0200 Subject: [PATCH 5/7] Doc repair Row size too large --- htdocs/install/mysql/migration/repair.sql | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/htdocs/install/mysql/migration/repair.sql b/htdocs/install/mysql/migration/repair.sql index b21429a4d1b..7977227caf5 100644 --- a/htdocs/install/mysql/migration/repair.sql +++ b/htdocs/install/mysql/migration/repair.sql @@ -519,3 +519,7 @@ UPDATE llx_facturedet SET situation_percent = 100 WHERE situation_percent IS NUL -- update llx_societe set code_compta_fournisseur = concat('401', substr(code_fournisseur, 3, 2),substr(code_fournisseur, 8, 5)) where fournisseur in (1,2,3) and code_fournisseur is not null; +-- To fix a table with error "ERROR 1118 (42000): Row size too large. The maximum row size for the used table type, not counting BLOBs, is 8126. This includes storage overhead, check the manual. You have to change some columns to TEXT or BLOBs" +--ALTER TABLE llx_tablename ROW_FORMAT=DYNAMIC; + + From 2344435416fe44ebb59ce760a51c04d036240694 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Fri, 5 Jun 2020 23:10:55 +0200 Subject: [PATCH 6/7] Fix XSS CWE-ID CWE-79 --- htdocs/adherents/card.php | 115 +++++++++++++++++++------------------- htdocs/product/card.php | 14 ++--- htdocs/societe/card.php | 106 +++++++++++++++++------------------ htdocs/ticket/card.php | 18 +++--- 4 files changed, 125 insertions(+), 128 deletions(-) diff --git a/htdocs/adherents/card.php b/htdocs/adherents/card.php index 7d24b330d3e..21bcc17bd42 100644 --- a/htdocs/adherents/card.php +++ b/htdocs/adherents/card.php @@ -243,18 +243,16 @@ if (empty($reshook)) require_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php'; $birthdate = ''; - if (isset($_POST["birthday"]) && $_POST["birthday"] - && isset($_POST["birthmonth"]) && $_POST["birthmonth"] - && isset($_POST["birthyear"]) && $_POST["birthyear"]) + if (GETPOST("birthday", 'int') && GETPOST("birthmonth", 'int') && GETPOST("birthyear", 'int')) { - $birthdate = dol_mktime(12, 0, 0, $_POST["birthmonth"], $_POST["birthday"], $_POST["birthyear"]); + $birthdate = dol_mktime(12, 0, 0, GETPOST("birthmonth", 'int'), GETPOST("birthday", 'int'), GETPOST("birthyear", 'int')); } - $lastname = $_POST["lastname"]; - $firstname = $_POST["firstname"]; - $gender = $_POST["gender"]; - $societe = $_POST["societe"]; - $morphy = $_POST["morphy"]; - $login = $_POST["login"]; + $lastname = GETPOST("lastname", 'alphanohtml'); + $firstname = GETPOST("firstname", 'alphanohtml'); + $gender = GETPOST("gender", 'alphanohtml'); + $societe = GETPOST("societe", 'alphanohtml'); + $morphy = GETPOST("morphy", 'alphanohtml'); + $login = GETPOST("login", 'alphanohtml'); if ($morphy != 'mor' && empty($lastname)) { $error++; $langs->load("errors"); @@ -284,19 +282,19 @@ if (empty($reshook)) $object->oldcopy = clone $object; // Change values - $object->civility_id = trim(GETPOST("civility_id", 'alpha')); - $object->firstname = trim(GETPOST("firstname", 'alpha')); - $object->lastname = trim(GETPOST("lastname", 'alpha')); - $object->gender = trim(GETPOST("gender", 'alpha')); + $object->civility_id = trim(GETPOST("civility_id", 'alphanohtml')); + $object->firstname = trim(GETPOST("firstname", 'alphanohtml')); + $object->lastname = trim(GETPOST("lastname", 'alphanohtml')); + $object->gender = trim(GETPOST("gender", 'alphanohtml')); $object->login = trim(GETPOST("login", 'alpha')); $object->pass = trim(GETPOST("pass", 'alpha')); - $object->societe = trim(GETPOST("societe", 'alpha')); // deprecated - $object->company = trim(GETPOST("societe", 'alpha')); + $object->societe = trim(GETPOST("societe", 'alphanohtml')); // deprecated + $object->company = trim(GETPOST("societe", 'alphanohtml')); - $object->address = trim(GETPOST("address", 'alpha')); - $object->zip = trim(GETPOST("zipcode", 'alpha')); - $object->town = trim(GETPOST("town", 'alpha')); + $object->address = trim(GETPOST("address", 'alphanohtml')); + $object->zip = trim(GETPOST("zipcode", 'alphanohtml')); + $object->town = trim(GETPOST("town", 'alphanohtml')); $object->state_id = GETPOST("state_id", 'int'); $object->country_id = GETPOST("country_id", 'int'); @@ -442,14 +440,14 @@ if (empty($reshook)) } $typeid = GETPOST("typeid", 'int'); - $civility_id = GETPOST("civility_id", 'alpha'); - $lastname = GETPOST("lastname", 'alpha'); - $firstname = GETPOST("firstname", 'alpha'); - $gender = GETPOST("gender", 'alpha'); - $societe = GETPOST("societe", 'alpha'); - $address = GETPOST("address", 'alpha'); - $zip = GETPOST("zipcode", 'alpha'); - $town = GETPOST("town", 'alpha'); + $civility_id = GETPOST("civility_id", 'alphanohtml'); + $lastname = GETPOST("lastname", 'alphanohtml'); + $firstname = GETPOST("firstname", 'alphanohtml'); + $gender = GETPOST("gender", 'alphanohtml'); + $societe = GETPOST("societe", 'alphanohtml'); + $address = GETPOST("address", 'alphanohtml'); + $zip = GETPOST("zipcode", 'alphanohtml'); + $town = GETPOST("town", 'alphanohtml'); $state_id = GETPOST("state_id", 'int'); $country_id = GETPOST("country_id", 'int'); @@ -465,9 +463,8 @@ if (empty($reshook)) $pass = GETPOST("password", 'alpha'); $photo = GETPOST("photo", 'alpha'); //$comment=GETPOST("comment",'none'); - $morphy = GETPOST("morphy", 'alpha'); - $subscription = GETPOST("subscription", 'alpha'); - $public = GETPOST("public", 'alpha'); + $morphy = GETPOST("morphy", 'alphanohtml'); + $public = GETPOST("public", 'alphanohtml'); $userid = GETPOST("userid", 'int'); $socid = GETPOST("socid", 'int'); @@ -976,7 +973,7 @@ else print "\n"; // Company - print ''.$langs->trans("Company").''; + print ''.$langs->trans("Company").''; // Civility print ''.$langs->trans("UserTitle").''; @@ -984,39 +981,39 @@ else print ''; // Lastname - print ''.$langs->trans("Lastname").''; + print ''.$langs->trans("Lastname").''; print ''; // Firstname - print ''.$langs->trans("Firstname").''; + print ''.$langs->trans("Firstname").''; print ''; // Gender print ''.$langs->trans("Gender").''; print ''; $arraygender = array('man'=>$langs->trans("Genderman"), 'woman'=>$langs->trans("Genderwoman")); - print $form->selectarray('gender', $arraygender, GETPOST('gender'), 1); + print $form->selectarray('gender', $arraygender, GETPOST('gender', 'alphanohtml'), 1); print ''; // EMail - print ''.img_picto('', 'object_email').' '.($conf->global->ADHERENT_MAIL_REQUIRED ? '' : '').$langs->trans("EMail").($conf->global->ADHERENT_MAIL_REQUIRED ? '' : '').''; + print ''.img_picto('', 'object_email').' '.($conf->global->ADHERENT_MAIL_REQUIRED ? '' : '').$langs->trans("EMail").($conf->global->ADHERENT_MAIL_REQUIRED ? '' : '').''; // Address print ''.$langs->trans("Address").''; - print ''; + print ''; print ''; // Zip / Town print ''.$langs->trans("Zip").' / '.$langs->trans("Town").''; - print $formcompany->select_ziptown((GETPOST('zipcode', 'alphanohtml') ?GETPOST('zipcode', 'alphanohtml') : $object->zip), 'zipcode', array('town', 'selectcountry_id', 'state_id'), 6); + print $formcompany->select_ziptown((GETPOSTISSET('zipcode') ? GETPOST('zipcode', 'alphanohtml') : $object->zip), 'zipcode', array('town', 'selectcountry_id', 'state_id'), 6); print ' '; - print $formcompany->select_ziptown((GETPOST('town', 'alphanohtml') ?GETPOST('town', 'alphanohtml') : $object->town), 'town', array('zipcode', 'selectcountry_id', 'state_id')); + print $formcompany->select_ziptown((GETPOSTISSET('town') ? GETPOST('town', 'alphanohtml') : $object->town), 'town', array('zipcode', 'selectcountry_id', 'state_id')); print ''; // Country $object->country_id = $object->country_id ? $object->country_id : $mysoc->country_id; print ''.$langs->trans('Country').''; - print $form->select_country(GETPOST('country_id', 'alpha') ?GETPOST('country_id', 'alpha') : $object->country_id, 'country_id'); + print $form->select_country(GETPOSTISSET('country_id') ? GETPOST('country_id', 'alpha') : $object->country_id, 'country_id'); if ($user->admin) print info_admin($langs->trans("YouCanChangeValuesForThisListFromDictionarySetup"), 1); print ''; @@ -1026,7 +1023,7 @@ else print ''.$langs->trans('State').''; if ($object->country_id) { - print $formcompany->select_state(GETPOST('state_id', 'int') ?GETPOST('state_id', 'int') : $object->state_id, $object->country_code); + print $formcompany->select_state(GETPOSTISSET('state_id') ? GETPOST('state_id', 'int') : $object->state_id, $object->country_code); } else { @@ -1036,18 +1033,18 @@ else } // Pro phone - print ''.img_picto('', 'object_phoning').' '.$langs->trans("PhonePro").''; + print ''.img_picto('', 'object_phoning').' '.$langs->trans("PhonePro").''; // Personal phone - print ''.img_picto('', 'object_phoning').' '.$langs->trans("PhonePerso").''; + print ''.img_picto('', 'object_phoning').' '.$langs->trans("PhonePerso").''; // Mobile phone - print ''.img_picto('', 'object_phoning_mobile').' '.$langs->trans("PhoneMobile").''; + print ''.img_picto('', 'object_phoning_mobile').' '.$langs->trans("PhoneMobile").''; if (!empty($conf->socialnetworks->enabled)) { foreach ($socialnetworks as $key => $value) { if (!$value['active']) break; - print ''.$langs->trans($value['label']).''; + print ''.$langs->trans($value['label']).''; } } @@ -1196,14 +1193,14 @@ else $morphys["phy"] = $langs->trans("Physical"); $morphys["mor"] = $langs->trans("Moral"); print ''.$langs->trans("MemberNature").''; - print $form->selectarray("morphy", $morphys, (GETPOSTISSET("morphy") ?GETPOST("morphy", 'alpha') : $object->morphy)); + print $form->selectarray("morphy", $morphys, (GETPOSTISSET("morphy") ? GETPOST("morphy", 'alpha') : $object->morphy)); print ""; // Type print ''.$langs->trans("Type").''; if ($user->rights->adherent->creer) { - print $form->selectarray("typeid", $adht->liste_array(), (GETPOSTISSET("typeid") ?GETPOST("typeid", 'int') : $object->typeid)); + print $form->selectarray("typeid", $adht->liste_array(), (GETPOSTISSET("typeid") ? GETPOST("typeid", 'int') : $object->typeid)); } else { @@ -1213,27 +1210,27 @@ else print ""; // Company - print ''.$langs->trans("Company").'company).'">'; + print ''.$langs->trans("Company").'company).'">'; // Civility print ''.$langs->trans("UserTitle").''; - print $formcompany->select_civility(isset($_POST["civility_id"]) ? $_POST["civility_id"] : $object->civility_id)."\n"; + print $formcompany->select_civility(GETPOSTISSET("civility_id") ? GETPOST("civility_id", 'alpha') : $object->civility_id)."\n"; print ''; print ''; // Lastname - print ''.$langs->trans("Lastname").'lastname).'">'; + print ''.$langs->trans("Lastname").'lastname).'">'; print ''; // Firstname - print ''.$langs->trans("Firstname").'firstname).'">'; + print ''.$langs->trans("Firstname").'firstname).'">'; print ''; // Gender print ''.$langs->trans("Gender").''; print ''; $arraygender = array('man'=>$langs->trans("Genderman"), 'woman'=>$langs->trans("Genderwoman")); - print $form->selectarray('gender', $arraygender, GETPOST('gender') ?GETPOST('gender') : $object->gender, 1); + print $form->selectarray('gender', $arraygender, GETPOSTISSET('gender') ? GETPOST('gender', 'alphanohtml') : $object->gender, 1); print ''; // Photo @@ -1256,14 +1253,14 @@ else // Address print ''.$langs->trans("Address").''; - print ''; + print ''; print ''; // Zip / Town print ''.$langs->trans("Zip").' / '.$langs->trans("Town").''; - print $formcompany->select_ziptown((isset($_POST["zipcode"]) ?GETPOST("zipcode", '', 2) : $object->zip), 'zipcode', array('town', 'selectcountry_id', 'state_id'), 6); + print $formcompany->select_ziptown((GETPOSTISSET("zipcode") ? GETPOST("zipcode", 'alphanohtml', 2) : $object->zip), 'zipcode', array('town', 'selectcountry_id', 'state_id'), 6); print ' '; - print $formcompany->select_ziptown((isset($_POST["town"]) ?GETPOST("town", '', 2) : $object->town), 'town', array('zipcode', 'selectcountry_id', 'state_id')); + print $formcompany->select_ziptown((GETPOSTISSET("town") ? GETPOST("town", 'alphanohtml', 2) : $object->town), 'town', array('zipcode', 'selectcountry_id', 'state_id')); print ''; // Country @@ -1282,18 +1279,18 @@ else } // Pro phone - print ''.img_picto('', 'object_phoning').' '.$langs->trans("PhonePro").'phone).'">'; + print ''.img_picto('', 'object_phoning').' '.$langs->trans("PhonePro").'phone).'">'; // Personal phone - print ''.img_picto('', 'object_phoning').' '.$langs->trans("PhonePerso").'phone_perso).'">'; + print ''.img_picto('', 'object_phoning').' '.$langs->trans("PhonePerso").'phone_perso).'">'; // Mobile phone - print ''.img_picto('', 'object_phoning_mobile').' '.$langs->trans("PhoneMobile").'phone_mobile).'">'; + print ''.img_picto('', 'object_phoning_mobile').' '.$langs->trans("PhoneMobile").'phone_mobile).'">'; if (!empty($conf->socialnetworks->enabled)) { foreach ($socialnetworks as $key => $value) { if (!$value['active']) break; - print ''.$langs->trans($value['label']).''; + print ''.$langs->trans($value['label']).''; } } @@ -1304,7 +1301,7 @@ else // Public profil print "".$langs->trans("Public")."\n"; - print $form->selectyesno("public", (isset($_POST["public"]) ?GETPOST("public", '', 2) : $object->public), 1); + print $form->selectyesno("public", (GETPOSTISSET("public") ? GETPOST("public", 'alphanohtml', 2) : $object->public), 1); print "\n"; // Categories diff --git a/htdocs/product/card.php b/htdocs/product/card.php index ad793f4f7d3..59f2eb13170 100644 --- a/htdocs/product/card.php +++ b/htdocs/product/card.php @@ -193,7 +193,7 @@ if (empty($reshook)) { $error = 0; - if (!GETPOST('label')) + if (!GETPOST('label', 'alphanohtml')) { setEventMessages($langs->trans('ErrorFieldRequired', $langs->transnoentities('Label')), null, 'errors'); $action = "create"; @@ -217,8 +217,8 @@ if (empty($reshook)) $units = GETPOST('units', 'int'); $object->ref = $ref; - $object->label = GETPOST('label'); - $object->price_base_type = GETPOST('price_base_type'); + $object->label = GETPOST('label', 'alphanohtml'); + $object->price_base_type = GETPOST('price_base_type', 'aZ09'); if ($object->price_base_type == 'TTC') $object->price_ttc = GETPOST('price'); @@ -293,7 +293,7 @@ if (empty($reshook)) $object->url = GETPOST('url'); $object->note_private = dol_htmlcleanlastbr(GETPOST('note_private', 'none')); $object->note = $object->note_private; // deprecated - $object->customcode = GETPOST('customcode', 'alpha'); + $object->customcode = GETPOST('customcode', 'alphanohtml'); $object->country_id = GETPOST('country_id', 'int'); $object->duration_value = $duration_value; $object->duration_unit = $duration_unit; @@ -394,7 +394,7 @@ if (empty($reshook)) $object->oldcopy = clone $object; $object->ref = $ref; - $object->label = GETPOST('label'); + $object->label = GETPOST('label', 'alphanohtml'); $object->description = dol_htmlcleanlastbr(GETPOST('desc', 'none')); $object->url = GETPOST('url'); if (!empty($conf->global->MAIN_DISABLE_NOTES_TAB)) @@ -975,7 +975,7 @@ else print ''; $tmpcode = ''; if (!empty($modCodeProduct->code_auto)) $tmpcode = $modCodeProduct->getNextValue($object, $type); - print ''.$langs->trans("Ref").''; + print ''.$langs->trans("Ref").''; if ($refalreadyexists) { print $langs->trans("RefAlreadyExists"); @@ -983,7 +983,7 @@ else print ''; // Label - print ''.$langs->trans("Label").''; + print ''.$langs->trans("Label").''; // On sell print ''.$langs->trans("Status").' ('.$langs->trans("Sell").')'; diff --git a/htdocs/societe/card.php b/htdocs/societe/card.php index 9cc5febc2ca..2b4f0fc57af 100644 --- a/htdocs/societe/card.php +++ b/htdocs/societe/card.php @@ -390,23 +390,23 @@ if (empty($reshook)) if (GETPOST("private", 'int') == 1) // Ask to create a contact { - $object->particulier = GETPOST("private"); + $object->particulier = GETPOST("private", 'int'); - $object->name = dolGetFirstLastname(GETPOST('firstname', 'alpha'), GETPOST('name', 'alpha')); - $object->civility_id = GETPOST('civility_id'); // Note: civility id is a code, not an int + $object->name = dolGetFirstLastname(GETPOST('firstname', 'alphanohtml'), GETPOST('name', 'alphanohtml')); + $object->civility_id = GETPOST('civility_id', 'alphanohtml'); // Note: civility id is a code, not an int // Add non official properties - $object->name_bis = GETPOST('name', 'alpha'); - $object->firstname = GETPOST('firstname', 'alpha'); + $object->name_bis = GETPOST('name', 'alphanohtml'); + $object->firstname = GETPOST('firstname', 'alphanohtml'); } else { - $object->name = GETPOST('name', 'alpha'); + $object->name = GETPOST('name', 'alphanohtml'); } - $object->entity = (GETPOSTISSET('entity') ?GETPOST('entity', 'int') : $conf->entity); - $object->name_alias = GETPOST('name_alias'); - $object->address = GETPOST('address'); - $object->zip = GETPOST('zipcode', 'alpha'); - $object->town = GETPOST('town', 'alpha'); + $object->entity = (GETPOSTISSET('entity') ? GETPOST('entity', 'int') : $conf->entity); + $object->name_alias = GETPOST('name_alias', 'alphanohtml'); + $object->address = GETPOST('address', 'alphanohtml'); + $object->zip = GETPOST('zipcode', 'alphanohtml'); + $object->town = GETPOST('town', 'alphanohtml'); $object->country_id = GETPOST('country_id', 'int'); $object->state_id = GETPOST('state_id', 'int'); //$object->skype = GETPOST('skype', 'alpha'); @@ -425,19 +425,19 @@ if (empty($reshook)) $object->fax = GETPOST('fax', 'alpha'); $object->email = trim(GETPOST('email', 'custom', 0, FILTER_SANITIZE_EMAIL)); $object->url = trim(GETPOST('url', 'custom', 0, FILTER_SANITIZE_URL)); - $object->idprof1 = trim(GETPOST('idprof1', 'alpha')); - $object->idprof2 = trim(GETPOST('idprof2', 'alpha')); - $object->idprof3 = trim(GETPOST('idprof3', 'alpha')); - $object->idprof4 = trim(GETPOST('idprof4', 'alpha')); - $object->idprof5 = trim(GETPOST('idprof5', 'alpha')); - $object->idprof6 = trim(GETPOST('idprof6', 'alpha')); - $object->prefix_comm = GETPOST('prefix_comm', 'alpha'); + $object->idprof1 = trim(GETPOST('idprof1', 'alphanohtml')); + $object->idprof2 = trim(GETPOST('idprof2', 'alphanohtml')); + $object->idprof3 = trim(GETPOST('idprof3', 'alphanohtml')); + $object->idprof4 = trim(GETPOST('idprof4', 'alphanohtml')); + $object->idprof5 = trim(GETPOST('idprof5', 'alphanohtml')); + $object->idprof6 = trim(GETPOST('idprof6', 'alphanohtml')); + $object->prefix_comm = GETPOST('prefix_comm', 'alphanohtml'); $object->code_client = GETPOSTISSET('customer_code') ?GETPOST('customer_code', 'alpha') : GETPOST('code_client', 'alpha'); $object->code_fournisseur = GETPOSTISSET('supplier_code') ?GETPOST('supplier_code', 'alpha') : GETPOST('code_fournisseur', 'alpha'); - $object->capital = GETPOST('capital', 'alpha'); - $object->barcode = GETPOST('barcode', 'alpha'); + $object->capital = GETPOST('capital', 'alphanohtml'); + $object->barcode = GETPOST('barcode', 'alphanohtml'); - $object->tva_intra = GETPOST('tva_intra', 'alpha'); + $object->tva_intra = GETPOST('tva_intra', 'alphanohtml'); $object->tva_assuj = GETPOST('assujtva_value', 'alpha'); $object->status = GETPOST('status', 'alpha'); @@ -964,16 +964,16 @@ else if (GETPOST("type") == 'p') { $object->client = 2; } if (!empty($conf->fournisseur->enabled) && (GETPOST("type") == 'f' || (GETPOST("type") == '' && !empty($conf->global->THIRDPARTY_SUPPLIER_BY_DEFAULT)))) { $object->fournisseur = 1; } - $object->name = GETPOST('name', 'alpha'); - $object->name_alias = GETPOST('name_alias', 'alpha'); - $object->firstname = GETPOST('firstname', 'alpha'); + $object->name = GETPOST('name', 'alphanohtml'); + $object->name_alias = GETPOST('name_alias', 'alphanohtml'); + $object->firstname = GETPOST('firstname', 'alphanohtml'); $object->particulier = $private; - $object->prefix_comm = GETPOST('prefix_comm', 'alpha'); + $object->prefix_comm = GETPOST('prefix_comm', 'alphanohtml'); $object->client = GETPOST('client', 'int') ?GETPOST('client', 'int') : $object->client; if (empty($duplicate_code_error)) { $object->code_client = GETPOST('customer_code', 'alpha'); - $object->fournisseur = GETPOST('fournisseur') ?GETPOST('fournisseur') : $object->fournisseur; + $object->fournisseur = GETPOST('fournisseur') ? GETPOST('fournisseur', 'int') : $object->fournisseur; $object->code_fournisseur = GETPOST('supplier_code', 'alpha'); } else { @@ -981,9 +981,9 @@ else } - $object->address = GETPOST('address', 'alpha'); - $object->zip = GETPOST('zipcode', 'alpha'); - $object->town = GETPOST('town', 'alpha'); + $object->address = GETPOST('address', 'alphanohtml'); + $object->zip = GETPOST('zipcode', 'alphanohtml'); + $object->town = GETPOST('town', 'alphanohtml'); $object->state_id = GETPOST('state_id', 'int'); //$object->skype = GETPOST('skype', 'alpha'); //$object->twitter = GETPOST('twitter', 'alpha'); @@ -1001,14 +1001,14 @@ else $object->fax = GETPOST('fax', 'alpha'); $object->email = GETPOST('email', 'custom', 0, FILTER_SANITIZE_EMAIL); $object->url = GETPOST('url', 'custom', 0, FILTER_SANITIZE_URL); - $object->capital = GETPOST('capital', 'alpha'); - $object->barcode = GETPOST('barcode', 'alpha'); - $object->idprof1 = GETPOST('idprof1', 'alpha'); - $object->idprof2 = GETPOST('idprof2', 'alpha'); - $object->idprof3 = GETPOST('idprof3', 'alpha'); - $object->idprof4 = GETPOST('idprof4', 'alpha'); - $object->idprof5 = GETPOST('idprof5', 'alpha'); - $object->idprof6 = GETPOST('idprof6', 'alpha'); + $object->capital = GETPOST('capital', 'alphanohtml'); + $object->barcode = GETPOST('barcode', 'alphanohtml'); + $object->idprof1 = GETPOST('idprof1', 'alphanohtml'); + $object->idprof2 = GETPOST('idprof2', 'alphanohtml'); + $object->idprof3 = GETPOST('idprof3', 'alphanohtml'); + $object->idprof4 = GETPOST('idprof4', 'alphanohtml'); + $object->idprof5 = GETPOST('idprof5', 'alphanohtml'); + $object->idprof6 = GETPOST('idprof6', 'alphanohtml'); $object->typent_id = GETPOST('typent_id', 'int'); $object->effectif_id = GETPOST('effectif_id', 'int'); $object->civility_id = GETPOST('civility_id', 'alpha'); @@ -1023,7 +1023,7 @@ else $object->localtax1_value = GETPOST('lt1', 'int'); $object->localtax2_value = GETPOST('lt2', 'int'); - $object->tva_intra = GETPOST('tva_intra', 'alpha'); + $object->tva_intra = GETPOST('tva_intra', 'alphanohtml'); $object->commercial_id = GETPOST('commercial_id', 'int'); $object->default_lang = GETPOST('default_lang'); @@ -1252,7 +1252,7 @@ else print ''.$form->editfieldkey('Vendor', 'fournisseur', '', $object, 0, 'string', '', 1).''; $default = -1; if (!empty($conf->global->THIRDPARTY_SUPPLIER_BY_DEFAULT)) $default = 1; - print $form->selectyesno("fournisseur", (GETPOST('fournisseur', 'int') != '' ?GETPOST('fournisseur', 'int') : (GETPOST("type", 'alpha') == '' ? $default : $object->fournisseur)), 1, 0, (GETPOST("type", 'alpha') == '' ? 1 : 0)); + print $form->selectyesno("fournisseur", (GETPOST('fournisseur', 'int') != '' ? GETPOST('fournisseur', 'int') : (GETPOST("type", 'alpha') == '' ? $default : $object->fournisseur)), 1, 0, (GETPOST("type", 'alpha') == '' ? 1 : 0)); print ''; @@ -1651,15 +1651,15 @@ else if (GETPOSTISSET('name')) { // We overwrite with values if posted - $object->name = GETPOST('name', 'alpha'); - $object->prefix_comm = GETPOST('prefix_comm', 'alpha'); + $object->name = GETPOST('name', 'alphanohtml'); + $object->prefix_comm = GETPOST('prefix_comm', 'alphanohtml'); $object->client = GETPOST('client', 'int'); $object->code_client = GETPOST('customer_code', 'alpha'); $object->fournisseur = GETPOST('fournisseur', 'int'); $object->code_fournisseur = GETPOST('supplier_code', 'alpha'); - $object->address = GETPOST('address', 'alpha'); - $object->zip = GETPOST('zipcode', 'alpha'); - $object->town = GETPOST('town', 'alpha'); + $object->address = GETPOST('address', 'alphanohtml'); + $object->zip = GETPOST('zipcode', 'alphanohtml'); + $object->town = GETPOST('town', 'alphanohtml'); $object->country_id = GETPOST('country_id') ?GETPOST('country_id', 'int') : $mysoc->country_id; $object->state_id = GETPOST('state_id', 'int'); //$object->skype = GETPOST('skype', 'alpha'); @@ -1678,21 +1678,21 @@ else $object->fax = GETPOST('fax', 'alpha'); $object->email = GETPOST('email', 'custom', 0, FILTER_SANITIZE_EMAIL); $object->url = GETPOST('url', 'custom', 0, FILTER_SANITIZE_URL); - $object->capital = GETPOST('capital', 'alpha'); - $object->idprof1 = GETPOST('idprof1', 'alpha'); - $object->idprof2 = GETPOST('idprof2', 'alpha'); - $object->idprof3 = GETPOST('idprof3', 'alpha'); - $object->idprof4 = GETPOST('idprof4', 'alpha'); - $object->idprof5 = GETPOST('idprof5', 'alpha'); - $object->idprof6 = GETPOST('idprof6', 'alpha'); + $object->capital = GETPOST('capital', 'alphanohtml'); + $object->idprof1 = GETPOST('idprof1', 'alphanohtml'); + $object->idprof2 = GETPOST('idprof2', 'alphanohtml'); + $object->idprof3 = GETPOST('idprof3', 'alphanohtml'); + $object->idprof4 = GETPOST('idprof4', 'alphanohtml'); + $object->idprof5 = GETPOST('idprof5', 'alphanohtml'); + $object->idprof6 = GETPOST('idprof6', 'alphanohtml'); $object->typent_id = GETPOST('typent_id', 'int'); $object->effectif_id = GETPOST('effectif_id', 'int'); - $object->barcode = GETPOST('barcode', 'alpha'); + $object->barcode = GETPOST('barcode', 'alphanohtml'); $object->forme_juridique_code = GETPOST('forme_juridique_code', 'int'); $object->default_lang = GETPOST('default_lang', 'alpha'); $object->tva_assuj = GETPOST('assujtva_value', 'int'); - $object->tva_intra = GETPOST('tva_intra', 'alpha'); + $object->tva_intra = GETPOST('tva_intra', 'alphanohtml'); $object->status = GETPOST('status', 'int'); // Webservices url/key diff --git a/htdocs/ticket/card.php b/htdocs/ticket/card.php index d59581fa914..64ad5de4906 100644 --- a/htdocs/ticket/card.php +++ b/htdocs/ticket/card.php @@ -129,11 +129,11 @@ if ($cancel) if (GETPOST('add', 'alpha') && $user->rights->ticket->write) { $error = 0; - if (!GETPOST("subject", 'alpha')) { + if (!GETPOST("subject", 'alphanohtml')) { $error++; setEventMessages($langs->trans("ErrorFieldRequired", $langs->transnoentities("Subject")), null, 'errors'); $action = 'create'; - } elseif (!GETPOST("message", 'alpha')) { + } elseif (!GETPOST("message", 'restricthtml')) { $error++; setEventMessages($langs->trans("ErrorFieldRequired", $langs->transnoentities("Message")), null, 'errors'); $action = 'create'; @@ -142,10 +142,10 @@ if (GETPOST('add', 'alpha') && $user->rights->ticket->write) { if (!$error) { $db->begin(); - $object->ref = GETPOST("ref", 'alpha'); + $object->ref = GETPOST("ref", 'alphanohtml'); $object->fk_soc = GETPOST("socid", 'int') > 0 ? GETPOST("socid", 'int') : 0; - $object->subject = GETPOST("subject", 'alpha'); - $object->message = GETPOST("message", 'none'); + $object->subject = GETPOST("subject", 'alphanohtml'); + $object->message = GETPOST("message", 'restricthtml'); $object->type_code = GETPOST("type_code", 'alpha'); $object->category_code = GETPOST("category_code", 'alpha'); @@ -274,7 +274,7 @@ if (GETPOST('update', 'alpha') && GETPOST('id', 'int') && $user->rights->ticket- $error++; array_push($object->errors, $langs->trans("ErrorFieldRequired", $langs->transnoentities("Label"))); $action = 'edit'; - } elseif (!GETPOST("subject")) { + } elseif (!GETPOST("subject", 'alphanohtml')) { $error++; array_push($object->errors, $langs->trans("ErrorFieldRequired", $langs->transnoentities("Subject"))); $action = 'edit'; @@ -284,7 +284,7 @@ if (GETPOST('update', 'alpha') && GETPOST('id', 'int') && $user->rights->ticket- $db->begin(); $object->label = GETPOST("label", 'alphanohtml'); - $object->description = GETPOST("description", 'none'); + $object->description = GETPOST("description", 'restricthtml'); //... $ret = $object->update($user); @@ -459,7 +459,7 @@ if ($action == 'set_progression' && $user->rights->ticket->write) { if ($action == 'setsubject') { if ($object->fetch(GETPOST('id', 'int'))) { if ($action == 'setsubject') { - $object->subject = trim(GETPOST('subject', 'alpha')); + $object->subject = trim(GETPOST('subject', 'alphanohtml')); } if ($action == 'setsubject' && empty($object->subject)) { @@ -512,7 +512,7 @@ elseif ($action == 'setcontract' && $user->rights->ticket->write) { if (!GETPOST('cancel')) { $object->fetch('', '', GETPOST('track_id', 'alpha')); $oldvalue_message = $object->message; - $fieldtomodify = GETPOST('message_initial'); + $fieldtomodify = GETPOST('message_initial', 'restricthtml'); $object->message = $fieldtomodify; $ret = $object->update($user); From 5dd9f4e4c4e8b5a950ecd20549b0825c4421415f Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Sat, 6 Jun 2020 11:36:24 +0200 Subject: [PATCH 7/7] Fix travis false positive --- htdocs/install/mysql/migration/repair.sql | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/install/mysql/migration/repair.sql b/htdocs/install/mysql/migration/repair.sql index 7977227caf5..28fe1697449 100644 --- a/htdocs/install/mysql/migration/repair.sql +++ b/htdocs/install/mysql/migration/repair.sql @@ -519,7 +519,7 @@ UPDATE llx_facturedet SET situation_percent = 100 WHERE situation_percent IS NUL -- update llx_societe set code_compta_fournisseur = concat('401', substr(code_fournisseur, 3, 2),substr(code_fournisseur, 8, 5)) where fournisseur in (1,2,3) and code_fournisseur is not null; --- To fix a table with error "ERROR 1118 (42000): Row size too large. The maximum row size for the used table type, not counting BLOBs, is 8126. This includes storage overhead, check the manual. You have to change some columns to TEXT or BLOBs" +-- To fix a table with error 'ERROR 1118 (42000): Row size too large. The maximum row size for the used table type, not counting BLOBs, is 8126. This includes storage overhead, check the manual. You have to change some columns to TEXT or BLOBs' --ALTER TABLE llx_tablename ROW_FORMAT=DYNAMIC;