lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix phpunit SecurityTest

Browse Source
This commit is contained in:
Laurent Destailleur 2022-02-22 23:44:56 +01:00
parent 77e2969411
commit e96061dd18
83 changed files with 189 additions and 251 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
htdocs/accountancy/admin/accountmodel.php
View File

@ -230,7 +230,7 @@ if (GETPOST('actionadd', 'alpha') || GETPOST('actionmodify', 'alpha')) {
if ($i) {
$sql .= ",";
}
if ($_POST[$listfieldvalue[$i]] == '') {
if (GETPOST($listfieldvalue[$i]) == '') {
$sql .= "null";
} else {
$sql .= "'".$db->escape(GETPOST($listfieldvalue[$i]))."'";
@ -279,7 +279,7 @@ if (GETPOST('actionadd', 'alpha') || GETPOST('actionmodify', 'alpha')) {
$sql .= ",";
}
$sql .= $field."=";
if ($_POST[$listfieldvalue[$i]] == '') {
if (GETPOST($listfieldvalue[$i]) == '') {
$sql .= "null";
} else {
$sql .= "'".$db->escape(GETPOST($listfieldvalue[$i]))."'";

13
htdocs/accountancy/admin/categories_list.php
View File

@ -195,17 +195,6 @@ if (GETPOST('actionadd', 'alpha') || GETPOST('actionmodify', 'alpha')) {
setEventMessages($langs->transnoentities('ErrorFieldMustBeANumeric', $langs->transnoentities("Position")), null, 'errors');
}
// Clean some parameters
if ($_POST["accountancy_code"] <= 0) {
$_POST["accountancy_code"] = ''; // If empty, we force to null
}
if ($_POST["accountancy_code_sell"] <= 0) {
$_POST["accountancy_code_sell"] = ''; // If empty, we force to null
}
if ($_POST["accountancy_code_buy"] <= 0) {
$_POST["accountancy_code_buy"] = ''; // If empty, we force to null
}
// Si verif ok et action add, on ajoute la ligne
if ($ok && GETPOST('actionadd', 'alpha')) {
if ($tabrowid[$id]) {
@ -243,7 +232,7 @@ if (GETPOST('actionadd', 'alpha') || GETPOST('actionmodify', 'alpha')) {
if ($i) {
$sql .= ",";
}
if ($_POST[$listfieldvalue[$i]] == '' && !$listfieldvalue[$i] == 'formula') {
if (GETPOST($listfieldvalue[$i]) == '' && !$listfieldvalue[$i] == 'formula') {
$sql .= "null"; // For vat, we want/accept code = ''
} else {
$sql .= "'".$db->escape(GETPOST($listfieldvalue[$i]))."'";

10
htdocs/adherents/subscription/card.php
View File

@ -93,8 +93,8 @@ if ($user->rights->adherent->cotisation->creer && $action == 'update' && !$cance
if ($accountline->rappro) {
$errmsg = $langs->trans("SubscriptionLinkedToConciliatedTransaction");
} else {
$accountline->datev = dol_mktime($_POST['datesubhour'], $_POST['datesubmin'], 0, $_POST['datesubmonth'], $_POST['datesubday'], $_POST['datesubyear']);
$accountline->dateo = dol_mktime($_POST['datesubhour'], $_POST['datesubmin'], 0, $_POST['datesubmonth'], $_POST['datesubday'], $_POST['datesubyear']);
$accountline->datev = dol_mktime(GETPOST('datesubhour', 'int'), GETPOST('datesubmin', 'int'), 0, GETPOST('datesubmonth', 'int'), GETPOST('datesubday', 'int'), GETPOST('datesubyear', 'int'));
$accountline->dateo = dol_mktime(GETPOST('datesubhour', 'int'), GETPOST('datesubmin', 'int'), 0, GETPOST('datesubmonth', 'int'), GETPOST('datesubday', 'int'), GETPOST('datesubyear', 'int'));
$accountline->amount = $amount;
$result = $accountline->update($user);
if ($result < 0) {
@ -105,12 +105,12 @@ if ($user->rights->adherent->cotisation->creer && $action == 'update' && !$cance
if (!$errmsg) {
// Modify values
$object->dateh = dol_mktime($_POST['datesubhour'], $_POST['datesubmin'], 0, $_POST['datesubmonth'], $_POST['datesubday'], $_POST['datesubyear']);
$object->datef = dol_mktime($_POST['datesubendhour'], $_POST['datesubendmin'], 0, $_POST['datesubendmonth'], $_POST['datesubendday'], $_POST['datesubendyear']);
$object->dateh = dol_mktime(GETPOST('datesubhour', 'int'), GETPOST('datesubmin', 'int'), 0, GETPOST('datesubmonth', 'int'), GETPOST('datesubday', 'int'), GETPOST('datesubyear', 'int'));
$object->datef = dol_mktime(GETPOST('datesubendhour', 'int'), GETPOST('datesubendmin', 'int'), 0, GETPOST('datesubendmonth', 'int'), GETPOST('datesubendday', 'int'), GETPOST('datesubendyear', 'int'));
$object->fk_type = $typeid;
$object->note = $note;
$object->note_private = $note;
$object->amount = $amount;
//print 'datef='.$object->datef.' '.$_POST['datesubendday'];
$result = $object->update($user);
if ($result >= 0 && !count($object->errors)) {

1
htdocs/admin/agenda.php
View File

@ -88,7 +88,6 @@ if ($action == "save" && empty($cancel)) {
foreach ($triggers as $trigger) {
$keyparam = 'MAIN_AGENDA_ACTIONAUTO_'.$trigger['code'];
//print "param=".$param." - ".$_POST[$param];
if ($search_event === '' || preg_match('/'.preg_quote($search_event, '/').'/i', $keyparam)) {
$res = dolibarr_set_const($db, $keyparam, (GETPOST($keyparam, 'alpha') ?GETPOST($keyparam, 'alpha') : ''), 'chaine', 0, '', $conf->entity);
if (!($res > 0)) {

10
htdocs/admin/mails.php
View File

@ -903,8 +903,8 @@ if ($action == 'edit') {
include_once DOL_DOCUMENT_ROOT.'/core/class/html.formmail.class.php';
$formmail = new FormMail($db);
$formmail->trackid = (($action == 'testhtml') ? "testhtml" : "test");
$formmail->fromname = (GETPOSTISSET('fromname') ? $_POST['fromname'] : $conf->global->MAIN_MAIL_EMAIL_FROM);
$formmail->frommail = (GETPOSTISSET('frommail') ? $_POST['frommail'] : $conf->global->MAIN_MAIL_EMAIL_FROM);
$formmail->fromname = (GETPOSTISSET('fromname') ? GETPOST('fromname') : $conf->global->MAIN_MAIL_EMAIL_FROM);
$formmail->frommail = (GETPOSTISSET('frommail') ? GETPOST('frommail') : $conf->global->MAIN_MAIL_EMAIL_FROM);
$formmail->fromid = $user->id;
$formmail->fromalsorobot = 1;
$formmail->fromtype = (GETPOSTISSET('fromtype') ?GETPOST('fromtype', 'aZ09') : (!empty($conf->global->MAIN_MAIL_DEFAULT_FROMTYPE) ? $conf->global->MAIN_MAIL_DEFAULT_FROMTYPE : 'user'));
@ -912,9 +912,9 @@ if ($action == 'edit') {
$formmail->withsubstit = 1;
$formmail->withfrom = 1;
$formmail->witherrorsto = 1;
$formmail->withto = (!empty($_POST['sendto']) ? GETPOST('sendto', 'restricthtml') : ($user->email ? $user->email : 1));
$formmail->withtocc = (!empty($_POST['sendtocc']) ? GETPOST('sendtocc', 'restricthtml') : 1); // ! empty to keep field if empty
$formmail->withtoccc = (!empty($_POST['sendtoccc']) ? GETPOST('sendtoccc', 'restricthtml') : 1); // ! empty to keep field if empty
$formmail->withto = (GETPOSTISSET('sendto') ? GETPOST('sendto', 'restricthtml') : ($user->email ? $user->email : 1));
$formmail->withtocc = (GETPOSTISSET('sendtocc') ? GETPOST('sendtocc', 'restricthtml') : 1); // ! empty to keep field if empty
$formmail->withtoccc = (GETPOSTISSET('sendtoccc') ? GETPOST('sendtoccc', 'restricthtml') : 1); // ! empty to keep field if empty
$formmail->withtopic = (GETPOSTISSET('subject') ? GETPOST('subject') : $langs->trans("Test"));
$formmail->withtopicreadonly = 0;
$formmail->withfile = 2;

2
htdocs/admin/mails_templates.php
View File

@ -308,7 +308,7 @@ if (empty($reshook)) {
// Rename some POST variables into a generic name
if (GETPOST('actionmodify', 'alpha') && $value == 'topic') {
$_POST['topic'] = $_POST['topic-'.$rowid];
$_POST['topic'] = GETPOST('topic-'.$rowid);
}
if ((!GETPOSTISSET($value) || GETPOST($value) == '' || GETPOST($value) == '-1') && $value != 'lang' && $value != 'fk_user' && $value != 'position') {

10
htdocs/admin/mails_ticket.php
View File

@ -537,16 +537,16 @@ if ($action == 'edit') {
// Cree l'objet formulaire mail
include_once DOL_DOCUMENT_ROOT.'/core/class/html.formmail.class.php';
$formmail = new FormMail($db);
$formmail->fromname = (GETPOSTISSET('fromname') ? $_POST['fromname'] : $conf->global->MAIN_MAIL_EMAIL_FROM);
$formmail->frommail = (GETPOSTISSET('frommail') ? $_POST['frommail'] : $conf->global->MAIN_MAIL_EMAIL_FROM);
$formmail->fromname = (GETPOSTISSET('fromname') ? GETPOST('fromname') : $conf->global->MAIN_MAIL_EMAIL_FROM);
$formmail->frommail = (GETPOSTISSET('frommail') ? GETPOST('frommail') : $conf->global->MAIN_MAIL_EMAIL_FROM);
$formmail->trackid = (($action == 'testhtml') ? "testhtml" : "test");
$formmail->withfromreadonly = 0;
$formmail->withsubstit = 0;
$formmail->withfrom = 1;
$formmail->witherrorsto = 1;
$formmail->withto = (!empty($_POST['sendto']) ? GETPOST('sendto', 'restricthtml') : ($user->email ? $user->email : 1));
$formmail->withtocc = (!empty($_POST['sendtocc']) ? GETPOST('sendtocc', 'restricthtml') : 1); // ! empty to keep field if empty
$formmail->withtoccc = (!empty($_POST['sendtoccc']) ? GETPOST('sendtoccc', 'restricthtml') : 1); // ! empty to keep field if empty
$formmail->withto = (GETPOSTISSET('sendto') ? GETPOST('sendto', 'restricthtml') : ($user->email ? $user->email : 1));
$formmail->withtocc = (GETPOSTISSET('sendtocc') ? GETPOST('sendtocc', 'restricthtml') : 1);
$formmail->withtoccc = (GETPOSTISSET('sendtoccc') ? GETPOST('sendtoccc', 'restricthtml') : 1);
$formmail->withtopic = (GETPOSTISSET('subject') ? GETPOST('subject') : $langs->trans("Test"));
$formmail->withtopicreadonly = 0;
$formmail->withfile = 2;

12
htdocs/admin/menus/edit.php
View File

@ -152,32 +152,32 @@ if ($action == 'add') {
$langs->load("errors");
$error = 0;
if (!$error && !$_POST['menu_handler']) {
if (!$error && !GETPOST('menu_handler')) {
setEventMessages($langs->trans("ErrorFieldRequired", $langs->transnoentities("MenuHandler")), null, 'errors');
$action = 'create';
$error++;
}
if (!$error && !$_POST['type']) {
if (!$error && !GETPOST('type')) {
setEventMessages($langs->trans("ErrorFieldRequired", $langs->transnoentities("Type")), null, 'errors');
$action = 'create';
$error++;
}
if (!$error && !$_POST['url']) {
if (!$error && !GETPOST('url')) {
setEventMessages($langs->trans("ErrorFieldRequired", $langs->transnoentitiesnoconv("URL")), null, 'errors');
$action = 'create';
$error++;
}
if (!$error && !$_POST['titre']) {
if (!$error && !GETPOST('titre')) {
setEventMessages($langs->trans("ErrorFieldRequired", $langs->transnoentitiesnoconv("Title")), null, 'errors');
$action = 'create';
$error++;
}
if (!$error && $_POST['menuId'] && $_POST['type'] == 'top') {
if (!$error && GETPOST('menuId') && GETPOST('type') == 'top') {
setEventMessages($langs->trans("ErrorTopMenuMustHaveAParentWithId0"), null, 'errors');
$action = 'create';
$error++;
}
if (!$error && !$_POST['menuId'] && $_POST['type'] == 'left') {
if (!$error && !GETPOST('menuId') && GETPOST('type') == 'left') {
setEventMessages($langs->trans("ErrorLeftMenuMustHaveAParentId"), null, 'errors');
$action = 'create';
$error++;

1
htdocs/admin/modules.php
View File

@ -48,7 +48,6 @@ if (empty($mode)) {
$mode = 'common';
}
$action = GETPOST('action', 'aZ09');
//var_dump($_POST);exit;
$value = GETPOST('value', 'alpha');
$page_y = GETPOST('page_y', 'int');
$search_keyword = GETPOST('search_keyword', 'alpha');

2
htdocs/admin/sms.php
View File

@ -62,7 +62,7 @@ if ($action == 'update' && !$cancel) {
// Send sms
if ($action == 'send' && !$_POST['cancel']) {
if ($action == 'send' && !$cancel) {
$error = 0;
$smsfrom = '';

8
htdocs/admin/website.php
View File

@ -198,15 +198,15 @@ if (GETPOST('actionadd', 'alpha') || GETPOST('actionmodify', 'alpha')) {
$_POST[$listfieldvalue[$i]] = $conf->entity;
}
if ($value == 'ref') {
$_POST[$listfieldvalue[$i]] = strtolower($_POST[$listfieldvalue[$i]]);
$_POST[$listfieldvalue[$i]] = strtolower(GETPOST($listfieldvalue[$i]));
}
if ($i) {
$sql .= ",";
}
if ($_POST[$listfieldvalue[$i]] == '') {
if (GETPOST($listfieldvalue[$i]) == '') {
$sql .= "null";
} else {
$sql .= "'".$db->escape($_POST[$listfieldvalue[$i]])."'";
$sql .= "'".$db->escape(GETPOST($listfieldvalue[$i]))."'";
}
$i++;
}
@ -259,7 +259,7 @@ if (GETPOST('actionadd', 'alpha') || GETPOST('actionmodify', 'alpha')) {
if ($_POST[$listfieldvalue[$i]] == '') {
$sql .= "null";
} else {
$sql .= "'".$db->escape($_POST[$listfieldvalue[$i]])."'";
$sql .= "'".$db->escape(GETPOST($listfieldvalue[$i]))."'";
}
$i++;
}

2
htdocs/barcode/printsheet.php
View File

@ -23,7 +23,7 @@
* \brief Page to print sheets with barcodes using the document templates into core/modules/printsheets
*/
if (!empty($_POST['mode']) && $_POST['mode'] === 'label') { // Page is called to build a PDF and output, we must ne renew the token.
if (!empty($_POST['mode']) && $_POST['mode'] === 'label') { // Page is called to build a PDF and output, we must not renew the token.
if (!defined('NOTOKENRENEWAL')) {
define('NOTOKENRENEWAL', '1'); // Do not roll the Anti CSRF token (used if MAIN_SECURITY_CSRF_WITH_TOKEN is on)
}

2
htdocs/comm/card.php
View File

@ -214,7 +214,7 @@ if (empty($reshook)) {
// assujetissement a la TVA
if ($action == 'setassujtva' && $user->rights->societe->creer) {
$object->fetch($id);
$object->tva_assuj = $_POST['assujtva_value'];
$object->tva_assuj = GETPOST('assujtva_value');
$result = $object->update($object->id);
if ($result < 0) {
setEventMessages($object->error, $object->errors, 'errors');

2
htdocs/comm/mailing/card.php
View File

@ -745,7 +745,7 @@ if ($action == 'create') {
print '<table class="border centpercent">';
print '<tr><td class="fieldrequired titlefieldcreate">'.$langs->trans("MailTopic").'</td><td><input class="flat minwidth200 quatrevingtpercent" name="sujet" value="'.dol_escape_htmltag(GETPOST('sujet', 'alphanohtml')).'"></td></tr>';
print '<tr><td>'.$langs->trans("BackgroundColorByDefault").'</td><td colspan="3">';
print $htmlother->selectColor($_POST['bgcolor'], 'bgcolor', '', 0);
print $htmlother->selectColor(GETPOST('bgcolor'), 'bgcolor', '', 0);
print '</td></tr>';
print '</table>';

6
htdocs/comm/propal/card.php
View File

@ -302,7 +302,7 @@ if (empty($reshook)) {
}
}
} elseif ($action == 'setdate' && $usercancreate) {
$datep = dol_mktime(12, 0, 0, $_POST['remonth'], $_POST['reday'], $_POST['reyear']);
$datep = dol_mktime(12, 0, 0, GETPOST('remonth', 'int'), GETPOST('reday', 'int'), GETPOST('reyear', 'int'));
if (empty($datep)) {
$error++;
@ -316,7 +316,7 @@ if (empty($reshook)) {
}
}
} elseif ($action == 'setecheance' && $usercancreate) {
$result = $object->set_echeance($user, dol_mktime(12, 0, 0, $_POST['echmonth'], $_POST['echday'], $_POST['echyear']));
$result = $object->set_echeance($user, dol_mktime(12, 0, 0, GETPOST('echmonth', 'int'), GETPOST('echday', 'int'), GETPOST('echyear', 'int')));
if ($result >= 0) {
if (empty($conf->global->MAIN_DISABLE_PDF_AUTOUPDATE)) {
$outputlangs = $langs;
@ -339,7 +339,7 @@ if (empty($reshook)) {
setEventMessages($object->error, $object->errors, 'errors');
}
} elseif ($action == 'setdate_livraison' && $usercancreate) {
$result = $object->setDeliveryDate($user, dol_mktime(12, 0, 0, $_POST['date_livraisonmonth'], $_POST['date_livraisonday'], $_POST['date_livraisonyear']));
$result = $object->setDeliveryDate($user, dol_mktime(12, 0, 0, GETPOST('date_livraisonmonth', 'int'), GETPOST('date_livraisonday', 'int'), GETPOST('date_livraisonyear', 'int')));
if ($result < 0) {
dol_print_error($db, $object->error);
}

6
htdocs/comm/propal/contact.php
View File

@ -107,12 +107,6 @@ if ($action == 'addcontact' && $user->rights->propale->creer) {
dol_print_error($db);
}
}
/*
elseif ($action == 'setaddress' && $user->rights->propale->creer)
{
$result=$object->setDeliveryAddress($_POST['fk_address']);
if ($result < 0) dol_print_error($db,$object->error);
}*/
/*

2
htdocs/comm/remx.php
View File

@ -160,7 +160,7 @@ if ($action == 'setremise' && $user->rights->societe->creer) {
$amount_ht = price2num(GETPOST('amount_ht', 'alpha'));
$desc = GETPOST('desc', 'alpha');
$tva_tx = GETPOST('tva_tx', 'alpha');
$discount_type = !empty($_POST['discount_type']) ?GETPOST('discount_type', 'alpha') : 0;
$discount_type = GETPOSTISSET('discount_type') ? GETPOST('discount_type', 'alpha') : 0;
if ($amount_ht > 0) {
$error = 0;

2
htdocs/commande/card.php
View File

@ -533,7 +533,6 @@ if (empty($reshook)) {
}
}
} elseif ($action == 'setdate' && $usercancreate) {
// print "x ".$_POST['liv_month'].", ".$_POST['liv_day'].", ".$_POST['liv_year'];
$date = dol_mktime(0, 0, 0, GETPOST('order_month', 'int'), GETPOST('order_day', 'int'), GETPOST('order_year', 'int'));
$result = $object->set_date($user, $date);
@ -541,7 +540,6 @@ if (empty($reshook)) {
setEventMessages($object->error, $object->errors, 'errors');
}
} elseif ($action == 'setdate_livraison' && $usercancreate) {
// print "x ".$_POST['liv_month'].", ".$_POST['liv_day'].", ".$_POST['liv_year'];
$date_delivery = dol_mktime(GETPOST('liv_hour', 'int'), GETPOST('liv_min', 'int'), 0, GETPOST('liv_month', 'int'), GETPOST('liv_day', 'int'), GETPOST('liv_year', 'int'));
$object->fetch($id);

7
htdocs/commande/contact.php
View File

@ -91,13 +91,6 @@ if ($action == 'addcontact' && $user->rights->commande->creer) {
setEventMessages($object->error, $object->errors, 'errors');
}
}
/*
elseif ($action == 'setaddress' && $user->rights->commande->creer)
{
$object->fetch($id);
$result=$object->setDeliveryAddress($_POST['fk_address']);
if ($result < 0) dol_print_error($db,$object->error);
}*/
/*

8
htdocs/compta/ajaxpayment.php
View File

@ -47,10 +47,10 @@ $langs->load('compta');
//init var
$invoice_type = GETPOST('invoice_type', 'int');
$amountPayment = $_POST['amountPayment'];
$amounts = $_POST['amounts']; // from text inputs : invoice amount payment (check required)
$remains = $_POST['remains']; // from dolibarr's object (no need to check)
$currentInvId = $_POST['imgClicked']; // from DOM elements : imgId (equals invoice id)
$amountPayment = GETPOST('amountPayment');
$amounts = GETPOST('amounts'); // from text inputs : invoice amount payment (check required)
$remains = GETPOST('remains'); // from dolibarr's object (no need to check)
$currentInvId = GETPOST('imgClicked'); // from DOM elements : imgId (equals invoice id)
// Getting the posted keys=>values, sanitize the ones who are from text inputs
$amountPayment = $amountPayment != '' ? (is_numeric(price2num($amountPayment)) ? price2num($amountPayment) : '') : ''; // keep void if not a valid entry

2
htdocs/compta/bank/card.php
View File

@ -283,7 +283,7 @@ if (empty($reshook)) {
$categories = GETPOST('categories', 'array');
$object->setCategories($categories);
$_GET["id"] = $_POST["id"]; // Force chargement page en mode visu
$_GET["id"] = GETPOST("id", 'int'); // Force chargement page en mode visu
} else {
$error++;
setEventMessages($object->error, $object->errors, 'errors');

2
htdocs/compta/facture/card-rec.php
View File

@ -488,7 +488,7 @@ if (empty($reshook)) {
// Define special_code for special lines
$special_code = 0;
// if (empty($_POST['qty'])) $special_code=3; // Options should not exists on invoices
// if (!GETPOST('qty')) $special_code=3; // Options should not exists on invoices
// Ecrase $pu par celui du produit
// Ecrase $desc par celui du produit

14
htdocs/compta/facture/card.php
View File

@ -367,7 +367,7 @@ if (empty($reshook)) {
}
} elseif ($action == 'classin' && $usercancreate) {
$object->fetch($id);
$object->setProject($_POST['projectid']);
$object->setProject(GETPOST('projectid', 'int'));
} elseif ($action == 'setmode' && $usercancreate) {
$object->fetch($id);
$result = $object->setPaymentMethods(GETPOST('mode_reglement_id', 'int'));
@ -489,7 +489,7 @@ if (empty($reshook)) {
}
} elseif ($action == 'setpaymentterm' && $usercancreate) {
$object->fetch($id);
$object->date_lim_reglement = dol_mktime(12, 0, 0, $_POST['paymenttermmonth'], $_POST['paymenttermday'], $_POST['paymenttermyear']);
$object->date_lim_reglement = dol_mktime(12, 0, 0, GETPOST('paymenttermmonth', 'int'), GETPOST('paymenttermday', 'int'), GETPOST('paymenttermyear', 'int'));
if ($object->date_lim_reglement < $object->date) {
$object->date_lim_reglement = $object->calculate_date_lim_reglement();
setEventMessages($langs->trans("DatePaymentTermCantBeLowerThanObjectDate"), null, 'warnings');
@ -2110,7 +2110,7 @@ if (empty($reshook)) {
// Define special_code for special lines
$special_code = 0;
// if (empty($_POST['qty'])) $special_code=3; // Options should not exists on invoices
// if (!GETPOST(qty)) $special_code=3; // Options should not exists on invoices
// Ecrase $pu par celui du produit
// Ecrase $desc par celui du produit
@ -2284,7 +2284,7 @@ if (empty($reshook)) {
}
// Insert line
$result = $object->addline($desc, $pu_ht, $qty, $tva_tx, $localtax1_tx, $localtax2_tx, $idprod, $remise_percent, $date_start, $date_end, 0, $info_bits, '', $price_base_type, $pu_ttc, $type, - 1, $special_code, '', 0, GETPOST('fk_parent_line'), $fournprice, $buyingprice, $label, $array_options, $_POST['progress'], '', $fk_unit, $pu_ht_devise);
$result = $object->addline($desc, $pu_ht, $qty, $tva_tx, $localtax1_tx, $localtax2_tx, $idprod, $remise_percent, $date_start, $date_end, 0, $info_bits, '', $price_base_type, $pu_ttc, $type, - 1, $special_code, '', 0, GETPOST('fk_parent_line'), $fournprice, $buyingprice, $label, $array_options, GETPOST('progress'), '', $fk_unit, $pu_ht_devise);
if ($result > 0) {
// Define output language and generate document
@ -2579,7 +2579,7 @@ if (empty($reshook)) {
setEventMessages($object->error, $object->errors, 'errors');
}
}
} elseif ($action == 'updatealllines' && $usercancreate && $_POST['all_percent'] == $langs->trans('Modifier')) { // Update all lines of situation invoice
} elseif ($action == 'updatealllines' && $usercancreate && GETPOST('all_percent') == $langs->trans('Modifier')) { // Update all lines of situation invoice
if (!$object->fetch($id) > 0) {
dol_print_error($db);
}
@ -2592,11 +2592,11 @@ if (empty($reshook)) {
setEventMessages($mesg, null, 'warnings');
$result = -1;
} else {
$object->update_percent($line, $_POST['all_progress']);
$object->update_percent($line, GETPOST('all_progress'));
}
}
}
} elseif ($action == 'updateline' && $usercancreate && $_POST['cancel'] == $langs->trans("Cancel")) {
} elseif ($action == 'updateline' && $usercancreate && !$cancel) {
header('Location: '.$_SERVER["PHP_SELF"].'?facid='.$id); // To show again edited page
exit();
} elseif ($action == 'confirm_situationout' && $confirm == 'yes' && $usercancreate) {

8
htdocs/compta/paiement.php
View File

@ -127,7 +127,7 @@ if (empty($reshook)) {
}
}
$formquestion[$i++] = array('type' => 'hidden', 'name' => $key, 'value' => $_POST[$key]);
$formquestion[$i++] = array('type' => 'hidden', 'name' => $key, 'value' => GETPOST($key));
} elseif (substr($key, 0, 21) == 'multicurrency_amount_') {
$cursorfacid = substr($key, 21);
$multicurrency_amounts[$cursorfacid] = price2num(GETPOST($key));
@ -702,11 +702,11 @@ if ($action == 'create' || $action == 'confirm_paiement' || $action == 'add_paie
if (!empty($conf->use_javascript_ajax)) {
print img_picto("Auto fill", 'rightarrow', "class='AutoFillAmout' data-rowname='".$namef."' data-value='".($sign * $multicurrency_remaintopay)."'");
}
print '<input type="text" class="maxwidth75 multicurrency_amount" name="'.$namef.'" value="'.$_POST[$namef].'">';
print '<input type="text" class="maxwidth75 multicurrency_amount" name="'.$namef.'" value="'.GETPOST($namef).'">';
print '<input type="hidden" class="multicurrency_remain" name="'.$nameRemain.'" value="'.$multicurrency_remaintopay.'">';
} else {
print '<input type="text" class="maxwidth75" name="'.$namef.'_disabled" value="'.$_POST[$namef].'" disabled>';
print '<input type="hidden" name="'.$namef.'" value="'.$_POST[$namef].'">';
print '<input type="text" class="maxwidth75" name="'.$namef.'_disabled" value="'.GETPOST($namef).'" disabled>';
print '<input type="hidden" name="'.$namef.'" value="'.GETPOST($namef).'">';
}
}
print "</td>";

6
htdocs/compta/paiement/card.php
View File

@ -173,8 +173,8 @@ if ($action == 'confirm_validate' && $confirm == 'yes' && $user->rights->facture
}
}
if ($action == 'setnum_paiement' && !empty($_POST['num_paiement'])) {
$res = $object->update_num($_POST['num_paiement']);
if ($action == 'setnum_paiement' && GETPOST('num_paiement')) {
$res = $object->update_num(GETPOST('num_paiement'));
if ($res === 0) {
setEventMessages($langs->trans('PaymentNumberUpdateSucceeded'), null, 'mesgs');
} else {
@ -182,7 +182,7 @@ if ($action == 'setnum_paiement' && !empty($_POST['num_paiement'])) {
}
}
if ($action == 'setdatep' && !empty($_POST['datepday'])) {
if ($action == 'setdatep' && GETPOST('datepday')) {
$datepaye = dol_mktime(GETPOST('datephour', 'int'), GETPOST('datepmin', 'int'), GETPOST('datepsec', 'int'), GETPOST('datepmonth', 'int'), GETPOST('datepday', 'int'), GETPOST('datepyear', 'int'));
$res = $object->update_date($datepaye);
if ($res === 0) {

5
htdocs/compta/paiement/cheque/card.php
View File

@ -77,8 +77,7 @@ $object = new RemiseCheque($db);
if ($action == 'setdate' && $user->rights->banque->cheque) {
$result = $object->fetch(GETPOST('id', 'int'));
if ($result > 0) {
//print "x ".$_POST['liv_month'].", ".$_POST['liv_day'].", ".$_POST['liv_year'];
$date = dol_mktime(0, 0, 0, $_POST['datecreate_month'], $_POST['datecreate_day'], $_POST['datecreate_year']);
$date = dol_mktime(0, 0, 0, GETPOST('datecreate_month', 'int'), GETPOST('datecreate_day', 'int'), GETPOST('datecreate_year', 'int'));
$result = $object->set_date($user, $date);
if ($result < 0) {
@ -118,7 +117,7 @@ if ($action == 'setref' && $user->rights->banque->cheque) {
}
if ($action == 'create' && GETPOST("accountid", "int") > 0 && $user->rights->banque->cheque) {
if (is_array($_POST['toRemise'])) {
if (is_array(GETPOST('toRemise'))) {
$result = $object->create($user, GETPOST("accountid", "int"), 0, GETPOST('toRemise'));
if ($result > 0) {
if ($object->statut == 1) { // If statut is validated, we build doc

2
htdocs/compta/paiement_charge.php
View File

@ -83,7 +83,7 @@ if ($action == 'add_payment' || ($action == 'confirm_paiement' && $confirm == 'y
foreach ($_POST as $key => $value) {
if (substr($key, 0, 7) == 'amount_') {
$other_chid = substr($key, 7);
$amounts[$other_chid] = price2num($_POST[$key]);
$amounts[$other_chid] = price2num(GETPOST($key));
}
}

2
htdocs/compta/tva/card.php
View File

@ -468,7 +468,7 @@ if ($action == 'create') {
} else {
$label = $langs->trans("VATPayment");
}
print '<tr><td class="titlefieldcreate fieldrequired">'.$langs->trans("Label").'</td><td><input class="minwidth300" name="label" id="label" value="'.($_POST["label"] ?GETPOST("label", '', 2) : $label).'" autofocus></td></tr>';
print '<tr><td class="titlefieldcreate fieldrequired">'.$langs->trans("Label").'</td><td><input class="minwidth300" name="label" id="label" value="'.(GETPOSTISSET("label") ? GETPOST("label", '', 2) : $label).'" autofocus></td></tr>';
print '<tr><td class="titlefieldcreate fieldrequired">'.$form->textwithpicto($langs->trans("PeriodEndDate"), $langs->trans("LastDayTaxIsRelatedTo")).'</td><td>';
print $form->selectDate((GETPOST("datevmonth", 'int') ? $datev : -1), "datev", '', '', '', 'add', 1, 1);

6
htdocs/contrat/card.php
View File

@ -534,9 +534,9 @@ if (empty($reshook)) {
$localtax2_tx = get_localtax($tva_tx, 2, $object->thirdparty, $mysoc, $tva_npr);
// ajout prix achat
$fk_fournprice = $_POST['fournprice'];
if (!empty($_POST['buying_price'])) {
$pa_ht = $_POST['buying_price'];
$fk_fournprice = GETPOST('fournprice');
if (GETPOST('buying_price')) {
$pa_ht = GETPOST('buying_price');
} else {
$pa_ht = null;
}

16
htdocs/core/actions_massactions.inc.php
View File

@ -143,7 +143,7 @@ if (!$error && $massaction == 'confirm_presend') {
$massaction = 'presend';
}
$receiver = $_POST['receiver'];
$receiver = GETPOST('receiver', 'alphawithlgt');
if (!is_array($receiver)) {
if (empty($receiver) || $receiver == '-1') {
$receiver = array();
@ -181,7 +181,7 @@ if (!$error && $massaction == 'confirm_presend') {
$tmparray = array();
if (trim($_POST['sendto'])) {
// Recipients are provided into free text
$tmparray[] = trim($_POST['sendto']);
$tmparray[] = trim(GETPOST('sendto', 'alphawithlgt'));
}
if (count($receiver) > 0) {
foreach ($receiver as $key => $val) {
@ -197,7 +197,7 @@ if (!$error && $massaction == 'confirm_presend') {
$sendto = implode(',', $tmparray);
// Define $sendtocc
$receivercc = $_POST['receivercc'];
$receivercc = GETPOST('receivercc', 'alphawithlgt');
if (!is_array($receivercc)) {
if ($receivercc == '-1') {
$receivercc = array();
@ -207,7 +207,7 @@ if (!$error && $massaction == 'confirm_presend') {
}
$tmparray = array();
if (trim($_POST['sendtocc'])) {
$tmparray[] = trim($_POST['sendtocc']);
$tmparray[] = trim(GETPOST('sendtocc', 'alphawithlgt'));
}
if (count($receivercc) > 0) {
foreach ($receivercc as $key => $val) {
@ -298,7 +298,7 @@ if (!$error && $massaction == 'confirm_presend') {
continue;
}
if ($_POST['addmaindocfile']) {
if (GETPOST('addmaindocfile')) {
// TODO Use future field $objectobj->fullpathdoc to know where is stored default file
// TODO If not defined, use $objectobj->model_pdf (or defaut invoice config) to know what is template to use to regenerate doc.
$filename = dol_sanitizeFileName($objectobj->ref).'.pdf';
@ -347,7 +347,7 @@ if (!$error && $massaction == 'confirm_presend') {
$reg = array();
$fromtype = GETPOST('fromtype');
if ($fromtype === 'user') {
$from = $user->getFullName($langs).' <'.$user->email.'>';
$from = dol_string_nospecial($user->getFullName($langs), ' ', array(",")).' <'.$user->email.'>';
} elseif ($fromtype === 'company') {
$from = $conf->global->MAIN_INFO_SOCIETE_NOM.' <'.$conf->global->MAIN_INFO_SOCIETE_MAIL.'>';
} elseif (preg_match('/user_aliases_(\d+)/', $fromtype, $reg)) {
@ -361,10 +361,10 @@ if (!$error && $massaction == 'confirm_presend') {
$resql = $db->query($sql);
$obj = $db->fetch_object($resql);
if ($obj) {
$from = $obj->label.' <'.$obj->email.'>';
$from = dol_string_nospecial($obj->label, ' ', array(",")).' <'.$obj->email.'>';
}
} else {
$from = $_POST['fromname'].' <'.$_POST['frommail'].'>';
$from = GETPOST('fromname').' <'.GETPOST('frommail').'>';
}
$replyto = $from;

24
htdocs/core/actions_sendmails.inc.php
View File

@ -49,7 +49,7 @@ if (GETPOST('addfile', 'alpha')) {
/*
* Remove file in email form
*/
if (!empty($_POST['removedfile']) && empty($_POST['removAll'])) {
if (GETPOST('removedfile') && !GETPOST('removAll')) {
$trackid = GETPOST('trackid', 'aZ09');
require_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php';
@ -103,7 +103,7 @@ if (GETPOST('removAll', 'alpha')) {
/*
* Send mail
*/
if (($action == 'send' || $action == 'relance') && !$_POST['addfile'] && !$_POST['removAll'] && !$_POST['removedfile'] && !$_POST['cancel'] && !$_POST['modelselected']) {
if (($action == 'send' || $action == 'relance') && !GETPOST('addfile') && !GETPOST('removAll') && !GETPOST('removedfile') && !GETPOST('cancel') && !GETPOST('modelselected')) {
if (empty($trackid)) {
$trackid = GETPOST('trackid', 'aZ09');
}
@ -171,7 +171,7 @@ if (($action == 'send' || $action == 'relance') && !$_POST['addfile'] && !$_POST
$sendtoccuserid = array();
// Define $sendto
$receiver = $_POST['receiver'];
$receiver = GETPOST('receiver', 'alphawithlgt');
if (!is_array($receiver)) {
if ($receiver == '-1') {
$receiver = array();
@ -183,12 +183,12 @@ if (($action == 'send' || $action == 'relance') && !$_POST['addfile'] && !$_POST
$tmparray = array();
if (trim($_POST['sendto'])) {
// Recipients are provided into free text field
$tmparray[] = trim($_POST['sendto']);
$tmparray[] = trim(GETPOST('sendto', 'alphawithlgt'));
}
if (trim($_POST['tomail'])) {
// Recipients are provided into free hidden text field
$tmparray[] = trim($_POST['tomail']);
$tmparray[] = trim(GETPOST('tomail', 'alphawithlgt'));
}
if (count($receiver) > 0) {
@ -207,7 +207,7 @@ if (($action == 'send' || $action == 'relance') && !$_POST['addfile'] && !$_POST
}
if (!empty($conf->global->MAIN_MAIL_ENABLED_USER_DEST_SELECT)) {
$receiveruser = $_POST['receiveruser'];
$receiveruser = GETPOST('receiveruser', 'alphawithlgt');
if (is_array($receiveruser) && count($receiveruser) > 0) {
$fuserdest = new User($db);
foreach ($receiveruser as $key => $val) {
@ -220,7 +220,7 @@ if (($action == 'send' || $action == 'relance') && !$_POST['addfile'] && !$_POST
$sendto = implode(',', $tmparray);
// Define $sendtocc
$receivercc = $_POST['receivercc'];
$receivercc = GETPOST('receivercc', 'alphawithlgt');
if (!is_array($receivercc)) {
if ($receivercc == '-1') {
$receivercc = array();
@ -230,7 +230,7 @@ if (($action == 'send' || $action == 'relance') && !$_POST['addfile'] && !$_POST
}
$tmparray = array();
if (trim($_POST['sendtocc'])) {
$tmparray[] = trim($_POST['sendtocc']);
$tmparray[] = trim(GETPOST('sendtocc', 'alphawithlgt'));
}
if (count($receivercc) > 0) {
foreach ($receivercc as $key => $val) {
@ -248,7 +248,7 @@ if (($action == 'send' || $action == 'relance') && !$_POST['addfile'] && !$_POST
}
}
if (!empty($conf->global->MAIN_MAIL_ENABLED_USER_DEST_SELECT)) {
$receiverccuser = $_POST['receiverccuser'];
$receiverccuser = GETPOST('receiverccuser', 'alphawithlgt');
if (is_array($receiverccuser) && count($receiverccuser) > 0) {
$fuserdest = new User($db);
@ -293,10 +293,10 @@ if (($action == 'send' || $action == 'relance') && !$_POST['addfile'] && !$_POST
$from = dol_string_nospecial($obj->label, ' ', array(",")).' <'.$obj->email.'>';
}
} else {
$from = dol_string_nospecial($_POST['fromname'], ' ', array(",")).' <'.$_POST['frommail'].'>';
$from = dol_string_nospecial(GETPOST('fromname'), ' ', array(",")).' <'.GETPOST('frommail').'>';
}
$replyto = dol_string_nospecial($_POST['replytoname'], ' ', array(",")).' <'.$_POST['replytomail'].'>';
$replyto = dol_string_nospecial(GETPOST('replytoname'), ' ', array(",")).' <'.GETPOST('replytomail').'>';
$message = GETPOST('message', 'restricthtml');
$subject = GETPOST('subject', 'restricthtml');
@ -313,7 +313,7 @@ if (($action == 'send' || $action == 'relance') && !$_POST['addfile'] && !$_POST
$sendtobcc .= (empty($conf->global->$autocopy) ? '' : (($sendtobcc ? ", " : "").$conf->global->$autocopy));
}
$deliveryreceipt = $_POST['deliveryreceipt'];
$deliveryreceipt = GETPOST('deliveryreceipt');
if ($action == 'send' || $action == 'relance') {
$actionmsg2 = $langs->transnoentities('MailSentBy').' '.CMailFile::getValidAddress($from, 4, 0, 1).' '.$langs->transnoentities('To').' '.CMailFile::getValidAddress($sendto, 4, 0, 1);

3
htdocs/core/ajax/ajaxdirtree.php
View File

@ -47,8 +47,6 @@ if (!isset($mode) || $mode != 'noajax') { // For ajax call
include_once DOL_DOCUMENT_ROOT.'/core/class/html.form.class.php';
include_once DOL_DOCUMENT_ROOT.'/ecm/class/ecmdirectory.class.php';
//if (GETPOST('preopened')) { $_GET['dir'] = $_POST['dir'] = '/bbb/'; }
$openeddir = GETPOST('openeddir');
$modulepart = GETPOST('modulepart');
$selecteddir = jsUnEscape(GETPOST('dir')); // relative path. We must decode using same encoding function used by javascript: escape()
@ -60,7 +58,6 @@ if (!isset($mode) || $mode != 'noajax') { // For ajax call
}
} else {
// For no ajax call
//if (GETPOST('preopened')) { $_GET['dir'] = $_POST['dir'] = GETPOST('preopened'); }
$openeddir = GETPOST('openeddir');
$modulepart = GETPOST('modulepart');

1
htdocs/core/ajax/saveinplace.php
View File

@ -103,6 +103,7 @@ if (!empty($field) && !empty($element) && !empty($table_element) && !empty($fk_e
}
$_POST['action'] = 'update'; // Hack so restrictarea will test permissions on write too
$feature = $newelement;
$feature2 = $subelement;
$object_id = $fk_element;

6
htdocs/core/boxes/box_graph_nb_ticket_last_x_days.php
View File

@ -87,11 +87,11 @@ class box_graph_nb_ticket_last_x_days extends ModeleBoxes
$param_day = 'DOLUSERCOOKIE_ticket_last_days';
if (!empty($_POST[$param_day])) {
if ($_POST[$param_day] >= 15) {
if (GETPOST($param_day)) {
if (GETPOST($param_day) >= 15) {
$days = 14;
} else {
$days = $_POST[$param_day];
$days = GETPOST($param_day);
}
} else {
$days = 7;

4
htdocs/core/class/commonobject.class.php
View File

@ -5708,11 +5708,11 @@ abstract class CommonObject
if (in_array($key_type, array('date'))) {
// Clean parameters
// TODO GMT date in memory must be GMT so we should add gm=true in parameters
$value_key = dol_mktime(0, 0, 0, $_POST[$postfieldkey."month"], $_POST[$postfieldkey."day"], $_POST[$postfieldkey."year"]);
$value_key = dol_mktime(0, 0, 0, GETPOST($postfieldkey."month", 'int'), GETPOST($postfieldkey."day", 'int'), GETPOST($postfieldkey."year", 'int'));
} elseif (in_array($key_type, array('datetime'))) {
// Clean parameters
// TODO GMT date in memory must be GMT so we should add gm=true in parameters
$value_key = dol_mktime($_POST[$postfieldkey."hour"], $_POST[$postfieldkey."min"], 0, $_POST[$postfieldkey."month"], $_POST[$postfieldkey."day"], $_POST[$postfieldkey."year"]);
$value_key = dol_mktime(GETPOST($postfieldkey."hour", 'int'), GETPOST($postfieldkey."min", 'int'), 0, GETPOST($postfieldkey."month", 'int'), GETPOST($postfieldkey."day", 'int'), GETPOST($postfieldkey."year", 'int'));
} elseif (in_array($key_type, array('checkbox', 'chkbxlst'))) {
$value_arr = GETPOST($postfieldkey, 'array'); // check if an array
if (!empty($value_arr)) {

2
htdocs/core/class/html.formticket.class.php
View File

@ -1364,7 +1364,7 @@ class FormTicket
} elseif (!dol_textishtml($defaultmessage) && dol_textishtml($this->substit['__USER_SIGNATURE__'])) {
$defaultmessage = dol_nl2br($defaultmessage);
}
if (GETPOSTISSET("message") && !$_POST['modelselected']) {
if (GETPOSTISSET("message") && !GETPOST('modelselected')) {
$defaultmessage = GETPOST('message', 'restricthtml');
} else {
$defaultmessage = make_substitutions($defaultmessage, $this->substit);

12
htdocs/core/lib/functions.lib.php
View File

@ -713,11 +713,11 @@ function GETPOSTINT($paramname, $method = 0)
/**
* Return a value after checking on a rule. A sanitization may also have been done.
*
* @param string $out Value to check/clear.
* @param string $check Type of check/sanitizing
* @param int $filter Filter to apply when $check is set to 'custom'. (See http://php.net/manual/en/filter.filters.php for détails)
* @param mixed $options Options to pass to filter_var when $check is set to 'custom'
* @return string|array Value sanitized (string or array). It may be '' if format check fails.
* @param string|array $out Value to check/clear.
* @param string $check Type of check/sanitizing
* @param int $filter Filter to apply when $check is set to 'custom'. (See http://php.net/manual/en/filter.filters.php for détails)
* @param mixed $options Options to pass to filter_var when $check is set to 'custom'
* @return string|array Value sanitized (string or array). It may be '' if format check fails.
*/
function checkVal($out = '', $check = 'alphanohtml', $filter = null, $options = null)
{
@ -8799,7 +8799,7 @@ function printCommonFooter($zone = 'private')
// A div to store page_y POST parameter so we can read it using javascript
print "\n<!-- A div to store page_y POST parameter -->\n";
print '<div id="page_y" style="display: none;">'.(empty($_POST['page_y']) ? '' : $_POST['page_y']).'</div>'."\n";
print '<div id="page_y" style="display: none;">'.(GETPOST('page_y') ? GETPOST('page_y') : '').'</div>'."\n";
$parameters = array();
$reshook = $hookmanager->executeHooks('printCommonFooter', $parameters); // Note that $action and $object may have been modified by some hooks

2
htdocs/core/login/functions_googleoauth.php
View File

@ -50,7 +50,7 @@ function check_user_password_googleoauth($usertotest, $passwordtotest, $entityto
// Get identity from user and redirect browser to Google OAuth Server
if (GETPOSTISSET('username')) {
/*$openid = new SimpleOpenID();
$openid->SetIdentity($_POST['username']);
$openid->SetIdentity(GETPOST('username'));
$protocol = ($conf->file->main_force_https ? 'https://' : 'http://');
$openid->SetTrustRoot($protocol . $_SERVER["HTTP_HOST"]);
$openid->SetRequiredFields(array('email','fullname'));

2
htdocs/core/modules/mailings/thirdparties.modules.php
View File

@ -72,7 +72,7 @@ class mailing_thirdparties extends MailingTargets
$addDescription = "";
// Select the third parties from category
if (empty($_POST['filter'])) {
if (!GETPOST('filter')) {
$sql = "SELECT s.rowid as id, s.email as email, s.nom as name, null as fk_contact, null as firstname, null as label";
$sql .= " FROM ".MAIN_DB_PREFIX."societe as s";
$sql .= " WHERE s.email <> ''";

1
htdocs/core/photos_resize.php
View File

@ -413,7 +413,6 @@ if ($action == 'confirm_crop') {
$fullpath = $dir."/".$original_file;
//var_dump($fullpath.' '.$_POST['w'].'x'.$_POST['h'].'-'.$_POST['x'].'x'.$_POST['y']);exit;
$result = dol_imageResizeOrCrop($fullpath, 1, GETPOST('w', 'int'), GETPOST('h', 'int'), GETPOST('x', 'int'), GETPOST('y', 'int'));
if ($result == $fullpath) {

4
htdocs/don/payment/payment.php
View File

@ -78,7 +78,7 @@ if ($action == 'add_payment') {
foreach ($_POST as $key => $value) {
if (substr($key, 0, 7) == 'amount_') {
$other_chid = substr($key, 7);
$amounts[$other_chid] = price2num($_POST[$key]);
$amounts[$other_chid] = price2num(GETPOST($key));
}
}
@ -110,7 +110,7 @@ if ($action == 'add_payment') {
}
if (!$error) {
$result = $payment->addPaymentToBank($user, 'payment_donation', '(DonationPayment)', $_POST['accountid'], '', '');
$result = $payment->addPaymentToBank($user, 'payment_donation', '(DonationPayment)', GETPOST('accountid', 'int'), '', '');
if (!$result > 0) {
$errmsg = $payment->error;
setEventMessages($errmsg, null, 'errors');

12
htdocs/eventorganization/core/actions_massactions_mail.inc.php
View File

@ -111,7 +111,7 @@ if (!$error && $massaction == 'confirm_presend_attendees') {
$massaction = 'presend_attendees';
}
$receiver = $_POST['receiver'];
$receiver = GETPOST('receiver', 'alphawithlgt');
if (!is_array($receiver)) {
if (empty($receiver) || $receiver == '-1') {
$receiver = array();
@ -143,7 +143,7 @@ if (!$error && $massaction == 'confirm_presend_attendees') {
$sendto = $attendees->thirdparty->name . '<' . trim($attendees->email) . '>';
// Define $sendtocc
$receivercc = $_POST['receivercc'];
$receivercc = GETPOST('receivercc', 'alphawithlgt');
if (!is_array($receivercc)) {
if ($receivercc == '-1') {
$receivercc = array();
@ -153,7 +153,7 @@ if (!$error && $massaction == 'confirm_presend_attendees') {
}
$tmparray = array();
if (trim($_POST['sendtocc'])) {
$tmparray[] = trim($_POST['sendtocc']);
$tmparray[] = trim(GETPOST('sendtocc', 'alphawithlgt'));
}
$sendtocc = implode(',', $tmparray);
@ -177,17 +177,17 @@ if (!$error && $massaction == 'confirm_presend_attendees') {
$resql = $db->query($sql);
$obj = $db->fetch_object($resql);
if ($obj) {
$from = $obj->label . ' <' . $obj->email . '>';
$from = dol_string_nospecial($obj->label, ' ', array(",")) . ' <' . $obj->email . '>';
}
} else {
$from = $_POST['fromname'] . ' <' . $_POST['frommail'] . '>';
$from = dol_string_nospecial(GETPOST('fromname'), ' ', array(",")) . ' <' . GETPOST('frommail') . '>';
}
$replyto = $from;
$subject = GETPOST('subject', 'restricthtml');
$message = GETPOST('message', 'restricthtml');
$sendtobcc = GETPOST('sendtoccc');
$sendtobcc = GETPOST('sendtoccc', 'alphawithlgt');
// $objecttmp is a real object or an empty object if we choose to send one email per thirdparty instead of one per object
// Make substitution in email content

2
htdocs/expedition/card.php
View File

@ -304,7 +304,6 @@ if (empty($reshook)) {
$qty = "qtyl".$i.'_'.$j;
}
} else {
//var_dump(GETPOST($qty,'alpha')); var_dump($_POST); var_dump($batch);exit;
//shipment line for product with no batch management and no multiple stock location
if (GETPOST($qty, 'int') > 0) {
$totalqty += price2num(GETPOST($qty, 'alpha'), 'MS');
@ -473,7 +472,6 @@ if (empty($reshook)) {
// }
//}
} elseif ($action == 'setdate_livraison' && $user->rights->expedition->creer) {
//print "x ".$_POST['liv_month'].", ".$_POST['liv_day'].", ".$_POST['liv_year'];
$datedelivery = dol_mktime(GETPOST('liv_hour', 'int'), GETPOST('liv_min', 'int'), 0, GETPOST('liv_month', 'int'), GETPOST('liv_day', 'int'), GETPOST('liv_year', 'int'));
$object->fetch($id);

1
htdocs/expedition/shipment.php
View File

@ -112,7 +112,6 @@ if (empty($reshook)) {
}
if ($action == 'setdatedelivery' && $user->rights->commande->creer) {
//print "x ".$_POST['liv_month'].", ".$_POST['liv_day'].", ".$_POST['liv_year'];
$datedelivery = dol_mktime(GETPOST('liv_hour', 'int'), GETPOST('liv_min', 'int'), 0, GETPOST('liv_month', 'int'), GETPOST('liv_day', 'int'), GETPOST('liv_year', 'int'));
$object->fetch($id);

4
htdocs/expensereport/payment/payment.php
View File

@ -87,8 +87,8 @@ if ($action == 'add_payment') {
// Read possible payments
foreach ($_POST as $key => $value) {
if (substr($key, 0, 7) == 'amount_') {
$amounts[$expensereport->fk_user_author] = price2num($_POST[$key]);
$total += price2num($_POST[$key]);
$amounts[$expensereport->fk_user_author] = price2num(GETPOST($key));
$total += price2num(GETPOST($key));
}
}

4
htdocs/exports/export.php
View File

@ -388,7 +388,7 @@ if ($step == 4 && $action == 'submitFormField') {
$_SESSION["export_filtered_fields"] = array();
foreach ($objexport->array_export_TypeFields[0] as $code => $type) { // $code: s.fieldname $value: Text|Boolean|List:ccc
$newcode = (string) preg_replace('/\./', '_', $code);
//print 'xxx '.$code."=".$newcode."=".$type."=".$_POST[$newcode]."\n<br>";
//print 'xxx '.$code."=".$newcode."=".$type."=".GETPOST($newcode)."\n<br>";
$check = 'alphanohtml';
$filterqualified = 1;
if (!GETPOSTISSET($newcode) || GETPOST($newcode, $check) == '') {
@ -1212,7 +1212,7 @@ if ($step == 5 && $datatoexport) {
// Show existing generated documents
// NB: La fonction show_documents rescanne les modules qd genallowed=1, sinon prend $liste
print $formfile->showdocuments('export', '', $upload_dir, $_SERVER["PHP_SELF"].'?step=5&datatoexport='.$datatoexport, $liste, 1, (!empty($_POST['model']) ? $_POST['model'] : 'csv'), 1, 1, 0, 0, 0, '', 'none', '', '', '');
print $formfile->showdocuments('export', '', $upload_dir, $_SERVER["PHP_SELF"].'?step=5&datatoexport='.$datatoexport, $liste, 1, (GETPOST('model') ? GETPOST('model') : 'csv'), 1, 1, 0, 0, 0, '', 'none', '', '', '');
}
llxFooter();

4
htdocs/fourn/commande/card.php
View File

@ -1707,12 +1707,12 @@ if ($action == 'create') {
// Payment term
print '<tr><td class="nowrap">'.$langs->trans('PaymentConditionsShort').'</td><td>';
$form->select_conditions_paiements(isset($_POST['cond_reglement_id']) ? $_POST['cond_reglement_id'] : $cond_reglement_id, 'cond_reglement_id');
$form->select_conditions_paiements(GETPOSTISSET('cond_reglement_id') ? GETPOST('cond_reglement_id') : $cond_reglement_id, 'cond_reglement_id');
print '</td></tr>';
// Payment mode
print '<tr><td>'.$langs->trans('PaymentMode').'</td><td>';
$form->select_types_paiements(isset($_POST['mode_reglement_id']) ? $_POST['mode_reglement_id'] : $mode_reglement_id, 'mode_reglement_id');
$form->select_types_paiements(GETPOSTISSET('mode_reglement_id') ? GETPOST('mode_reglement_id') : $mode_reglement_id, 'mode_reglement_id');
print '</td></tr>';
// Planned delivery date

4
htdocs/fourn/commande/dispatch.php
View File

@ -305,8 +305,8 @@ if ($action == 'dispatch' && $permissiontoreceive) {
$pu = 'pu_'.$reg[1].'_'.$reg[2];
$fk_commandefourndet = 'fk_commandefourndet_'.$reg[1].'_'.$reg[2];
$lot = 'lot_number_'.$reg[1].'_'.$reg[2];
$dDLUO = dol_mktime(12, 0, 0, $_POST['dluo_'.$reg[1].'_'.$reg[2].'month'], $_POST['dluo_'.$reg[1].'_'.$reg[2].'day'], $_POST['dluo_'.$reg[1].'_'.$reg[2].'year']);
$dDLC = dol_mktime(12, 0, 0, $_POST['dlc_'.$reg[1].'_'.$reg[2].'month'], $_POST['dlc_'.$reg[1].'_'.$reg[2].'day'], $_POST['dlc_'.$reg[1].'_'.$reg[2].'year']);
$dDLUO = dol_mktime(12, 0, 0, GETPOST('dluo_'.$reg[1].'_'.$reg[2].'month', 'int'), GETPOST('dluo_'.$reg[1].'_'.$reg[2].'day', 'int'), GETPOST('dluo_'.$reg[1].'_'.$reg[2].'year', 'int'));
$dDLC = dol_mktime(12, 0, 0, GETPOST('dlc_'.$reg[1].'_'.$reg[2].'month', 'int'), GETPOST('dlc_'.$reg[1].'_'.$reg[2].'day', 'int'), GETPOST('dlc_'.$reg[1].'_'.$reg[2].'year', 'int'));
$fk_commandefourndet = 'fk_commandefourndet_'.$reg[1].'_'.$reg[2];

13
htdocs/fourn/facture/card.php
View File

@ -990,7 +990,7 @@ if (empty($reshook)) {
if (!$error && GETPOST('origin', 'alpha') && GETPOST('originid')) {
// Parse element/subelement (ex: project_task)
$element = $subelement = GETPOST('origin', 'alpha');
/*if (preg_match('/^([^_]+)_([^_]+)/i',$_POST['origin'],$regs))
/*if (preg_match('/^([^_]+)_([^_]+)/i', GETPOST('origin'),$regs))
{
$element = $regs[1];
$subelement = $regs[2];
@ -1954,7 +1954,7 @@ if ($action == 'create') {
$datetmp = dol_mktime(12, 0, 0, GETPOST('remonth', 'int'), GETPOST('reday', 'int'), GETPOST('reyear', 'int'));
$dateinvoice = ($datetmp == '' ? (empty($conf->global->MAIN_AUTOFILL_DATE) ?-1 : '') : $datetmp);
$datetmp = dol_mktime(12, 0, 0, $_POST['echmonth'], $_POST['echday'], $_POST['echyear']);
$datetmp = dol_mktime(12, 0, 0, GETPOST('echmonth', 'int'), GETPOST('echday', 'int'), GETPOST('echyear', 'int'));
$datedue = ($datetmp == '' ?-1 : $datetmp);
// Replicate extrafields
@ -1967,7 +1967,7 @@ if ($action == 'create') {
$fk_account = $societe->fk_account;
$datetmp = dol_mktime(12, 0, 0, GETPOST('remonth', 'int'), GETPOST('reday', 'int'), GETPOST('reyear', 'int'));
$dateinvoice = ($datetmp == '' ? (empty($conf->global->MAIN_AUTOFILL_DATE) ?-1 : '') : $datetmp);
$datetmp = dol_mktime(12, 0, 0, $_POST['echmonth'], $_POST['echday'], $_POST['echyear']);
$datetmp = dol_mktime(12, 0, 0, GETPOST('echmonth', 'int'), GETPOST('echday', 'int'), GETPOST('echyear', 'int'));
$datedue = ($datetmp == '' ?-1 : $datetmp);
if (!empty($conf->multicurrency->enabled) && !empty($soc->multicurrency_code)) {
@ -2110,7 +2110,7 @@ if ($action == 'create') {
}
// Ref supplier
print '<tr><td class="fieldrequired">'.$langs->trans('RefSupplier').'</td><td><input name="ref_supplier" value="'.(isset($_POST['ref_supplier']) ? $_POST['ref_supplier'] : $objectsrc->ref_supplier).'" type="text"';
print '<tr><td class="fieldrequired">'.$langs->trans('RefSupplier').'</td><td><input name="ref_supplier" value="'.(GETPOSTISSET('ref_supplier') ? GETPOST('ref_supplier') : $objectsrc->ref_supplier).'" type="text"';
if ($societe->id > 0) {
print ' autofocus';
}
@ -2203,8 +2203,9 @@ if ($action == 'create') {
foreach ($facids as $facparam)
{
$options .= '<option value="' . $facparam ['id'] . '"';
if ($facparam ['id'] == $_POST['fac_replacement'])
if ($facparam ['id'] == GETPOST('fac_replacement') {
$options .= ' selected';
}
$options .= '>' . $facparam ['ref'];
$options .= ' (' . $facturestatic->LibStatut(0, $facparam ['status']) . ')';
$options .= '</option>';
@ -2446,7 +2447,7 @@ if ($action == 'create') {
if (!empty($conf->intracommreport->enabled)) {
$langs->loadLangs(array("intracommreport"));
print '<tr><td>'.$langs->trans('IntracommReportTransportMode').'</td><td>';
$form->selectTransportMode(isset($_POST['transport_mode_id']) ? $_POST['transport_mode_id'] : $transport_mode_id, 'transport_mode_id');
$form->selectTransportMode(GETPOSTISSET('transport_mode_id') ? GETPOST('transport_mode_id') : $transport_mode_id, 'transport_mode_id');
print '</td></tr>';
}

2
htdocs/fourn/facture/note.php
View File

@ -69,7 +69,7 @@ if (empty($reshook)) {
// Set label
if ($action == 'setlabel' && ($user->rights->fournisseur->facture->creer || $user->rights->supplier_invoice->creer)) {
$object->label = $_POST['label'];
$object->label = GETPOST('label');
$result = $object->update($user);
if ($result < 0) {
dol_print_error($db);

16
htdocs/fourn/facture/paiement.php
View File

@ -187,7 +187,7 @@ if (empty($reshook)) {
}
}
$formquestion[$i++] = array('type' => 'hidden', 'name' => $key, 'value' => $_POST[$key]);
$formquestion[$i++] = array('type' => 'hidden', 'name' => $key, 'value' => GETPOST($key));
} elseif (substr($key, 0, 21) == 'multicurrency_amount_') {
$cursorfacid = substr($key, 21);
$multicurrency_amounts[$cursorfacid] = (GETPOST($key) ? price2num(GETPOST($key)) : 0);
@ -219,7 +219,7 @@ if (empty($reshook)) {
}
// Check parameters
if ($_POST['paiementid'] <= 0) {
if (GETPOST('paiementid') <= 0) {
setEventMessages($langs->transnoentities('ErrorFieldRequired', $langs->transnoentities('PaymentMode')), null, 'errors');
$error++;
}
@ -494,7 +494,7 @@ if ($action == 'create' || $action == 'confirm_paiement' || $action == 'add_paie
print $form->selectDate($dateinvoice, '', '', '', 0, "addpaiement", 1, 1, 0, '', '', $object->date);
print '</td></tr>';
print '<tr><td class="fieldrequired">'.$langs->trans('PaymentMode').'</td><td>';
$form->select_types_paiements(empty($_POST['paiementid']) ? $obj->fk_mode_reglement : $_POST['paiementid'], 'paiementid');
$form->select_types_paiements(!GETPOST('paiementid') ? $obj->fk_mode_reglement : GETPOST('paiementid'), 'paiementid');
print '</td>';
if (!empty($conf->banque->enabled)) {
print '<tr><td class="fieldrequired">'.$langs->trans('Account').'</td><td>';
@ -504,10 +504,10 @@ if ($action == 'create' || $action == 'confirm_paiement' || $action == 'add_paie
} else {
print '<tr><td>&nbsp;</td></tr>';
}
print '<tr><td>'.$langs->trans('Numero').'</td><td><input name="num_paiement" type="text" value="'.(empty($_POST['num_paiement']) ? '' : $_POST['num_paiement']).'"></td></tr>';
print '<tr><td>'.$langs->trans('Numero').'</td><td><input name="num_paiement" type="text" value="'.(!GETPOST('num_paiement') ? '' : GETPOST('num_paiement')).'"></td></tr>';
print '<tr><td>'.$langs->trans('Comments').'</td>';
print '<td class="tdtop">';
print '<textarea name="comment" wrap="soft" class="quatrevingtpercent" rows="'.ROWS_3.'">'.(empty($_POST['comment']) ? '' : $_POST['comment']).'</textarea></td></tr>';
print '<textarea name="comment" wrap="soft" class="quatrevingtpercent" rows="'.ROWS_3.'">'.(!GETPOST('comment') ? '' : GETPOST('comment')).'</textarea></td></tr>';
print '</table>';
print dol_get_fiche_end();
@ -683,10 +683,10 @@ if ($action == 'create' || $action == 'confirm_paiement' || $action == 'add_paie
print img_picto("Auto fill", 'rightarrow', "class='AutoFillAmout' data-rowname='".$namef."' data-value='".($sign * $multicurrency_remaintopay)."'");
}
print '<input type=hidden class="multicurrency_remain" name="'.$nameRemain.'" value="'.$multicurrency_remaintopay.'">';
print '<input type="text" size="8" class="multicurrency_amount" name="'.$namef.'" value="'.$_POST[$namef].'">';
print '<input type="text" size="8" class="multicurrency_amount" name="'.$namef.'" value="'.GETPOST($namef).'">';
} else {
print '<input type="text" size="8" name="'.$namef.'_disabled" value="'.$_POST[$namef].'" disabled>';
print '<input type="hidden" name="'.$namef.'" value="'.$_POST[$namef].'">';
print '<input type="text" size="8" name="'.$namef.'_disabled" value="'.GETPOST($namef).'" disabled>';
print '<input type="hidden" name="'.$namef.'" value="'.GETPOST($namef).'">';
}
}
print "</td>";

6
htdocs/fourn/paiement/card.php
View File

@ -108,9 +108,9 @@ if ($action == 'confirm_validate' && $confirm == 'yes' &&
}
}
if ($action == 'setnum_paiement' && !empty($_POST['num_paiement'])) {
if ($action == 'setnum_paiement' && GETPOST('num_paiement')) {
$object->fetch($id);
$res = $object->update_num($_POST['num_paiement']);
$res = $object->update_num(GETPOST('num_paiement'));
if ($res === 0) {
setEventMessages($langs->trans('PaymentNumberUpdateSucceeded'), null, 'mesgs');
} else {
@ -118,7 +118,7 @@ if ($action == 'setnum_paiement' && !empty($_POST['num_paiement'])) {
}
}
if ($action == 'setdatep' && !empty($_POST['datepday'])) {
if ($action == 'setdatep' && GETPOST('datepday')) {
$object->fetch($id);
$datepaye = dol_mktime(GETPOST('datephour', 'int'), GETPOST('datepmin', 'int'), GETPOST('datepsec', 'int'), GETPOST('datepmonth', 'int'), GETPOST('datepday', 'int'), GETPOST('datepyear', 'int'));
$res = $object->update_date($datepaye);

2
htdocs/holiday/card.php
View File

@ -654,7 +654,7 @@ if (empty($reshook)) {
}
if ($action == 'confirm_refuse' && GETPOST('confirm', 'alpha') == 'yes') {
if (!empty($_POST['detail_refuse'])) {
if (GETPOST('detail_refuse')) {
$object->fetch($id);
// If status pending validation and validator = user

3
htdocs/holiday/define_holiday.php
View File

@ -145,7 +145,8 @@ if (empty($reshook)) {
}
//If the user set a comment, we add it to the log comment
$comment = ((isset($_POST['note_holiday'][$userID]) && !empty($_POST['note_holiday'][$userID])) ? ' ('.$_POST['note_holiday'][$userID].')' : '');
$note_holiday = GETPOST('note_holiday');
$comment = ((isset($note_holiday[$userID]) && !empty($note_holiday[$userID])) ? ' ('.$note_holiday[$userID].')' : '');
//print 'holiday: '.$val['rowid'].'-'.$userValue;
if ($userValue != '') {

4
htdocs/hrm/establishment/card.php
View File

@ -135,14 +135,14 @@ if ($action == 'confirm_delete' && $confirm == "yes") {
$result = $object->update($user);
if ($result > 0) {
header("Location: ".$_SERVER["PHP_SELF"]."?id=".$_POST['id']);
header("Location: ".$_SERVER["PHP_SELF"]."?id=".GETPOST('id', 'int'));
exit;
} else {
setEventMessages($object->error, $object->errors, 'errors');
}
}
} else {
header("Location: ".$_SERVER["PHP_SELF"]."?id=".$_POST['id']);
header("Location: ".$_SERVER["PHP_SELF"]."?id=".GETPOST('id', 'int'));
exit;
}
}

3
htdocs/hrm/evaluation_card.php
View File

@ -269,9 +269,6 @@ if ($action == 'create') {
print dol_get_fiche_head(array(), '');
// Set some default values
//if (! GETPOSTISSET('fieldname')) $_POST['fieldname'] = 'myvalue';
print '<table class="border centpercent tableforfieldcreate">'."\n";
// Common attributes

3
htdocs/hrm/job_card.php
View File

@ -195,9 +195,6 @@ if ($action == 'create') {
print dol_get_fiche_head(array(), '');
// Set some default values
//if (! GETPOSTISSET('fieldname')) $_POST['fieldname'] = 'myvalue';
print '<table class="border centpercent tableforfieldcreate">' . "\n";
// Common attributes

3
htdocs/hrm/position.php
View File

@ -915,9 +915,6 @@ if ($action == 'create') {
print dol_get_fiche_head(array(), '');
// Set some default values
//if (! GETPOSTISSET('fieldname')) $_POST['fieldname'] = 'myvalue';
print '<table class="border centpercent tableforfieldcreate">' . "\n";
// Common attributes

3
htdocs/hrm/skill_card.php
View File

@ -196,9 +196,6 @@ if ($action == 'create') {
print dol_get_fiche_head(array(), '');
// Set some default values
//if (! GETPOSTISSET('fieldname')) $_POST['fieldname'] = 'myvalue';
print '<table class="border centpercent tableforfieldcreate">' . "\n";
// Common attributes

3
htdocs/knowledgemanagement/knowledgerecord_card.php
View File

@ -184,9 +184,6 @@ if ($action == 'create') {
print dol_get_fiche_head(array(), '');
// Set some default values
//if (! GETPOSTISSET('fieldname')) $_POST['fieldname'] = 'myvalue';
print '<table class="border centpercent tableforfieldcreate">'."\n";
// Common attributes

6
htdocs/margin/admin/margin.php
View File

@ -64,7 +64,7 @@ if (preg_match('/del_([a-z0-9_\-]+)/i', $action, $reg)) {
}
if ($action == 'remises') {
if (dolibarr_set_const($db, 'MARGIN_METHODE_FOR_DISCOUNT', $_POST['MARGIN_METHODE_FOR_DISCOUNT'], 'chaine', 0, '', $conf->entity) > 0) {
if (dolibarr_set_const($db, 'MARGIN_METHODE_FOR_DISCOUNT', GETPOST('MARGIN_METHODE_FOR_DISCOUNT'), 'chaine', 0, '', $conf->entity) > 0) {
setEventMessages($langs->trans("RecordModifiedSuccessfully"), null, 'mesgs');
} else {
dol_print_error($db);
@ -72,7 +72,7 @@ if ($action == 'remises') {
}
if ($action == 'typemarges') {
if (dolibarr_set_const($db, 'MARGIN_TYPE', $_POST['MARGIN_TYPE'], 'chaine', 0, '', $conf->entity) > 0) {
if (dolibarr_set_const($db, 'MARGIN_TYPE', GETPOST('MARGIN_TYPE'), 'chaine', 0, '', $conf->entity) > 0) {
setEventMessages($langs->trans("RecordModifiedSuccessfully"), null, 'mesgs');
} else {
dol_print_error($db);
@ -80,7 +80,7 @@ if ($action == 'typemarges') {
}
if ($action == 'contact') {
if (dolibarr_set_const($db, 'AGENT_CONTACT_TYPE', $_POST['AGENT_CONTACT_TYPE'], 'chaine', 0, '', $conf->entity) > 0) {
if (dolibarr_set_const($db, 'AGENT_CONTACT_TYPE', GETPOST('AGENT_CONTACT_TYPE'), 'chaine', 0, '', $conf->entity) > 0) {
setEventMessages($langs->trans("RecordModifiedSuccessfully"), null, 'mesgs');
} else {
dol_print_error($db);

6
htdocs/opensurvey/results.php
View File

@ -103,13 +103,13 @@ $testmodifier = false;
$testligneamodifier = false;
$ligneamodifier = -1;
for ($i = 0; $i < $nblines; $i++) {
if (isset($_POST['modifierligne'.$i])) {
if (GETPOSTISSET('modifierligne'.$i)) {
$ligneamodifier = $i;
$testligneamodifier = true;
}
//test pour voir si une ligne est a modifier
if (isset($_POST['validermodifier'.$i])) {
if (GETPOSTISSET('validermodifier'.$i)) {
$modifier = $i;
$testmodifier = true;
}
@ -153,7 +153,7 @@ if (GETPOST("ajoutercolonne") && GETPOST('nouvellecolonne') && $object->format =
//on rajoute la valeur a la fin de tous les sujets deja entrés
$nouveauxsujets .= ',';
$nouveauxsujets .= str_replace(array(",", "@"), " ", GETPOST("nouvellecolonne")).(empty($_POST["typecolonne"]) ? '' : '@'.GETPOST("typecolonne"));
$nouveauxsujets .= str_replace(array(",", "@"), " ", GETPOST("nouvellecolonne")).(!GETPOST("typecolonne") ? '' : '@'.GETPOST("typecolonne"));
//mise a jour avec les nouveaux sujets dans la base
$sql = 'UPDATE '.MAIN_DB_PREFIX."opensurvey_sondage";

37
htdocs/opensurvey/wizard/choix_date.php
View File

@ -51,7 +51,8 @@ if (GETPOST('confirmation')) {
for ($i = 0; $i < $nbofchoice; $i++) {
// Show hours choices
for ($j = 0; $j < $_SESSION["nbrecaseshoraires"]; $j++) {
$_SESSION["horaires$i"][$j] = $_POST["horaires$i"][$j];
$horairesi = GETPOST("horaires".$i);
$_SESSION["horaires$i"][$j] = $horairesi[$j];
$tmphorairesi = GETPOST('horaires'.$i, 'array');
@ -248,7 +249,8 @@ if (issetAndNoEmpty('moisavant_x') || issetAndNoEmpty('moisavant')) {
for ($i = 0; $i < $nbofchoice; $i++) {
//affichage des 5 cases horaires
for ($j = 0; $j < $_SESSION["nbrecaseshoraires"]; $j++) {
$_SESSION["horaires$i"][$j] = $_POST["horaires$i"][$j];
$horairesi = GETPOST("horaires".$i);
$_SESSION["horaires$i"][$j] = $horairesi[$j];
}
}
}
@ -269,7 +271,8 @@ if (issetAndNoEmpty('moisapres_x') || issetAndNoEmpty('moisapres')) {
for ($i = 0; $i < $nbofchoice; $i++) {
//affichage des 5 cases horaires
for ($j = 0; $j < $_SESSION["nbrecaseshoraires"]; $j++) {
$_SESSION["horaires$i"][$j] = $_POST["horaires$i"][$j];
$horairesi = GETPOST("horaires".$i);
$_SESSION["horaires$i"][$j] = $horairesi[$j];
}
}
}
@ -285,7 +288,8 @@ if (issetAndNoEmpty('anneeavant_x') || issetAndNoEmpty('anneeavant')) {
for ($i = 0; $i < $nbofchoice; $i++) {
//affichage des 5 cases horaires
for ($j = 0; $j < $_SESSION["nbrecaseshoraires"]; $j++) {
$_SESSION["horaires$i"][$j] = $_POST["horaires$i"][$j];
$horairesi = GETPOST("horaires".$i);
$_SESSION["horaires$i"][$j] = $horairesi[$j];
}
}
}
@ -301,7 +305,8 @@ if (issetAndNoEmpty('anneeapres_x') || issetAndNoEmpty('anneeapres')) {
for ($i = 0; $i < $nbofchoice; $i++) {
//affichage des 5 cases horaires
for ($j = 0; $j < $_SESSION["nbrecaseshoraires"]; $j++) {
$_SESSION["horaires$i"][$j] = $_POST["horaires$i"][$j];
$horairesi = GETPOST("horaires".$i);
$_SESSION["horaires$i"][$j] = $horairesi[$j];
}
}
}
@ -365,7 +370,8 @@ if (issetAndNoEmpty('choixjourajout')) {
if (issetAndNoEmpty('totalchoixjour', $_SESSION) === true && issetAndNoEmpty('choixjourajout') === true) {
$nbofchoice = count($_SESSION["totalchoixjour"]);
for ($i = 0; $i < $nbofchoice; $i++) {
if ($_SESSION["totalchoixjour"][$i] == mktime(0, 0, 0, $_SESSION["mois"], $_POST["choixjourajout"][0], $_SESSION["annee"])) {
$choixjourajout = GETPOST("choixjourajout");
if ($_SESSION["totalchoixjour"][$i] == mktime(0, 0, 0, $_SESSION["mois"], $choixjourajout[0], $_SESSION["annee"])) {
$journeuf = false;
}
}
@ -373,15 +379,17 @@ if (issetAndNoEmpty('choixjourajout')) {
// Si le test est passé, alors on insere la valeur dans la variable de session qui contient les dates
if ($journeuf && issetAndNoEmpty('choixjourajout') === true) {
array_push($_SESSION["totalchoixjour"], dol_mktime(0, 0, 0, $_SESSION["mois"], $_POST["choixjourajout"][0], $_SESSION["annee"]));
$choixjourajout = GETPOST("choixjourajout");
array_push($_SESSION["totalchoixjour"], dol_mktime(0, 0, 0, $_SESSION["mois"], $choixjourajout[0], $_SESSION["annee"]));
sort($_SESSION["totalchoixjour"]);
$cle = array_search(dol_mktime(0, 0, 0, $_SESSION["mois"], $_POST["choixjourajout"][0], $_SESSION["annee"]), $_SESSION["totalchoixjour"]);
$cle = array_search(dol_mktime(0, 0, 0, $_SESSION["mois"], $choixjourajout[0], $_SESSION["annee"]), $_SESSION["totalchoixjour"]);
//On sauvegarde les heures deja entrées
for ($i = 0; $i < $cle; $i++) {
$horairesi = GETPOST("horaires".$i);
for ($j = 0; $j < $_SESSION["nbrecaseshoraires"]; $j++) {
if (issetAndNoEmpty('horaires'.$i) === true && issetAndNoEmpty($i, $_POST['horaires'.$i]) === true) {
$_SESSION["horaires$i"][$j] = $_POST["horaires$i"][$j];
$_SESSION["horaires$i"][$j] = $horairesi[$j];
}
}
}
@ -391,7 +399,8 @@ if (issetAndNoEmpty('choixjourajout')) {
$k = $i + 1;
if (issetAndNoEmpty('horaires'.$i) === true && issetAndNoEmpty($i, $_POST['horaires'.$i]) === true) {
for ($j = 0; $j < $_SESSION["nbrecaseshoraires"]; $j++) {
$_SESSION["horaires$k"][$j] = $_POST["horaires$i"][$j];
$horairesi = GETPOST("horaires".$i);
$_SESSION["horaires$i"][$j] = $horairesi[$j];
}
}
}
@ -407,12 +416,14 @@ if (issetAndNoEmpty('choixjourretrait')) {
for ($i = 0; $i < $nbofchoice; $i++) {
//affichage des 5 cases horaires
for ($j = 0; $j < $_SESSION["nbrecaseshoraires"]; $j++) {
$_SESSION["horaires$i"][$j] = $_POST["horaires$i"][$j];
$horairesi = GETPOST("horaires".$i);
$_SESSION["horaires$i"][$j] = $horairesi[$j];
}
}
for ($i = 0; $i < $nbofchoice; $i++) {
if ($_SESSION["totalchoixjour"][$i] == mktime(0, 0, 0, $_SESSION["mois"], $_POST["choixjourretrait"][0], $_SESSION["annee"])) {
$choixjourretrait = GETPOST('choixjourretrait');
if ($_SESSION["totalchoixjour"][$i] == mktime(0, 0, 0, $_SESSION["mois"], $choixjourretrait[0], $_SESSION["annee"])) {
for ($j = $i; $j < $nbofchoice; $j++) {
$k = $j + 1;
$_SESSION["horaires$j"] = $_SESSION["horaires$k"];
@ -425,7 +436,7 @@ if (issetAndNoEmpty('choixjourretrait')) {
//report des horaires dans toutes les cases
if (issetAndNoEmpty('reporterhoraires')) {
$_SESSION["horaires0"] = $_POST["horaires0"];
$_SESSION["horaires0"] = GETPOST("horaires0");
$nbofchoice = count($_SESSION["totalchoixjour"]);
for ($i = 0; $i < $nbofchoice; $i++) {
$j = $i + 1;

3
htdocs/partnership/partnership_card.php
View File

@ -273,9 +273,6 @@ if ($action == 'create') {
print dol_get_fiche_head(array(), '');
// Set some default values
//if (! GETPOSTISSET('fieldname')) $_POST['fieldname'] = 'myvalue';
print '<table class="border centpercent tableforfieldcreate">'."\n";
// Common attributes

3
htdocs/product/inventory/card.php
View File

@ -196,9 +196,6 @@ if ($action == 'create') {
print dol_get_fiche_head(array(), '');
// Set some default values
//if (! GETPOSTISSET('fieldname')) $_POST['fieldname'] = 'myvalue';
print '<table class="border centpercent tableforfieldcreate">'."\n";
// Common attributes

4
htdocs/product/stock/product.php
View File

@ -496,8 +496,8 @@ if ($action == 'updateline' && GETPOST('save') == $langs->trans("Save")) {
if ((!GETPOST("sellby")) && (!GETPOST("eatby")) && (!$batchnumber)) {
setEventMessages($langs->trans("ErrorFieldRequired", $langs->transnoentitiesnoconv("atleast1batchfield")), null, 'errors');
} else {
$d_eatby = dol_mktime(0, 0, 0, $_POST['eatbymonth'], $_POST['eatbyday'], $_POST['eatbyyear']);
$d_sellby = dol_mktime(0, 0, 0, $_POST['sellbymonth'], $_POST['sellbyday'], $_POST['sellbyyear']);
$d_eatby = dol_mktime(0, 0, 0, GETPOST('eatbymonth', 'int'), GETPOST('eatbyday', 'int'), GETPOST('eatbyyear', 'int'));
$d_sellby = dol_mktime(0, 0, 0, GETPOST('sellbymonth', 'int'), GETPOST('sellbyday', 'int'), GETPOST('sellbyyear', 'int'));
$pdluo->batch = $batchnumber;
$pdluo->eatby = $d_eatby;
$pdluo->sellby = $d_sellby;

3
htdocs/product/stock/productlot_card.php
View File

@ -386,9 +386,6 @@ if ($action == 'create') {
print dol_get_fiche_head(array(), '');
// Set some default values
//if (! GETPOSTISSET('fieldname')) $_POST['fieldname'] = 'myvalue';
print '<table class="border centpercent tableforfieldcreate">'."\n";
// Common attributes

2
htdocs/projet/activity/permonth.php
View File

@ -196,7 +196,7 @@ if ($action == 'addtime' && $user->rights->projet->lire && GETPOST('assigntask')
}
if ($action == 'addtime' && $user->rights->projet->lire) {
$timetoadd = $_POST['task'];
$timetoadd = GETPOST('task');
if (empty($timetoadd)) {
setEventMessages($langs->trans("ErrorTimeSpentIsEmpty"), null, 'errors');
} else {

2
htdocs/projet/activity/perweek.php
View File

@ -257,7 +257,7 @@ if ($action == 'addtime' && $user->rights->projet->lire && GETPOST('assigntask')
}
if ($action == 'addtime' && $user->rights->projet->lire && GETPOST('formfilteraction') != 'listafterchangingselectedfields') {
$timetoadd = $_POST['task'];
$timetoadd = GETPOST('task');
if (empty($timetoadd)) {
setEventMessages($langs->trans("ErrorTimeSpentIsEmpty"), null, 'errors');
} else {

4
htdocs/projet/tasks.php
View File

@ -303,8 +303,6 @@ if ($action == 'createtask' && $user->rights->projet->creer) {
$error = 0;
// If we use user timezone, we must change also view/list to use user timezone everywhere
//$date_start = dol_mktime($_POST['dateohour'],$_POST['dateomin'],0,$_POST['dateomonth'],$_POST['dateoday'],$_POST['dateoyear'],'user');
//$date_end = dol_mktime($_POST['dateehour'],$_POST['dateemin'],0,$_POST['dateemonth'],$_POST['dateeday'],$_POST['dateeyear'],'user');
$date_start = dol_mktime(GETPOST('dateohour', 'int'), GETPOST('dateomin', 'int'), 0, GETPOST('dateomonth', 'int'), GETPOST('dateoday', 'int'), GETPOST('dateoyear', 'int'));
$date_end = dol_mktime(GETPOST('dateehour', 'int'), GETPOST('dateemin', 'int'), 0, GETPOST('dateemonth', 'int'), GETPOST('dateeday', 'int'), GETPOST('dateeyear', 'int'));
@ -318,7 +316,7 @@ if ($action == 'createtask' && $user->rights->projet->creer) {
setEventMessages($langs->trans("ErrorFieldRequired", $langs->transnoentities("Label")), null, 'errors');
$action = 'create';
$error++;
} elseif (empty($_POST['task_parent'])) {
} elseif (!GETPOST('task_parent')) {
setEventMessages($langs->trans("ErrorFieldRequired", $langs->transnoentities("ChildOfProjectTask")), null, 'errors');
$action = 'create';
$error++;

2
htdocs/projet/tasks/task.php
View File

@ -91,7 +91,7 @@ if ($action == 'update' && !GETPOST("cancel") && $user->rights->projet->creer) {
if (!$error) {
$object->oldcopy = clone $object;
$tmparray = explode('_', $_POST['task_parent']);
$tmparray = explode('_', GETPOST('task_parent'));
$task_parent = $tmparray[1];
if (empty($task_parent)) {
$task_parent = 0; // If task_parent is ''

4
htdocs/projet/tasks/time.php
View File

@ -1433,12 +1433,12 @@ if (($id > 0 || !empty($ref)) || $projectidforalltimes > 0 || $allprojectforuser
// Note
print '<td>';
print '<textarea name="timespent_note" class="maxwidth100onsmartphone" rows="'.ROWS_2.'">'.($_POST['timespent_note'] ? $_POST['timespent_note'] : '').'</textarea>';
print '<textarea name="timespent_note" class="maxwidth100onsmartphone" rows="'.ROWS_2.'">'.(GETPOST('timespent_note') ? GETPOST('timespent_note') : '').'</textarea>';
print '</td>';
// Duration - Time spent
print '<td class="nowraponall">';
$durationtouse = ($_POST['timespent_duration'] ? $_POST['timespent_duration'] : '');
$durationtouse = (GETPOST('timespent_duration') ? GETPOST('timespent_duration') : '');
if (GETPOSTISSET('timespent_durationhour') || GETPOSTISSET('timespent_durationmin')) {
$durationtouse = (GETPOST('timespent_durationhour') * 3600 + GETPOST('timespent_durationmin') * 60);
}

2
htdocs/public/demo/index.php
View File

@ -212,7 +212,7 @@ if (GETPOST('action', 'aZ09') == 'gotodemo') { // Action run when we click o
// If we disable modules using personalized list
foreach ($modules as $val) {
$modulekeyname = strtolower($val->name);
if (empty($_POST[$modulekeyname]) && empty($val->always_enabled) && !in_array($modulekeyname, $alwayscheckedmodules)) {
if (!GETPOST($modulekeyname) && empty($val->always_enabled) && !in_array($modulekeyname, $alwayscheckedmodules)) {
$disablestring .= $modulekeyname.',';
if ($modulekeyname == 'propale') {
$disablestring .= 'propal,';

1
htdocs/public/opensurvey/studs.php
View File

@ -202,7 +202,6 @@ for ($i = 0; $i < $nblines; $i++) {
}
if ($testmodifier) {
//var_dump($_POST);exit;
$nouveauchoix = '';
for ($i = 0; $i < $nbcolonnes; $i++) {
if (GETPOSTISSET("choix".$i) && GETPOST("choix".$i) == '1') {

2
htdocs/public/ticket/create_ticket.php
View File

@ -126,7 +126,7 @@ if (empty($reshook) && GETPOST('removedfile', 'alpha') && !GETPOST('save', 'alph
$upload_dir_tmp = $vardir.'/temp/'.session_id();
// TODO Delete only files that was uploaded from email form
dol_remove_file_process($_POST['removedfile'], 0, 0);
dol_remove_file_process(GETPOST('removedfile'), 0, 0);
$action = 'create_ticket';
}

9
htdocs/reception/card.php
View File

@ -323,7 +323,6 @@ if (empty($reshook)) {
$stockLocation = "ent1".$i."_0";
$qty = "qtyl".$i;
//var_dump(GETPOST($qty,'int')); var_dump($_POST); var_dump($batch);exit;
//reception line for product with no batch management and no multiple stock location
if (GETPOST($qty, 'alpha') > 0) {
$totalqty += price2num(GETPOST($qty, 'alpha'), 'MS');
@ -335,7 +334,6 @@ if (empty($reshook)) {
if ($totalqty > 0) { // There is at least one thing to ship
//var_dump($_POST);exit;
for ($i = 1; $i <= $num; $i++) {
$lineToTest = '';
$lineId = GETPOST($idl, 'int');
@ -466,7 +464,6 @@ if (empty($reshook)) {
setEventMessages($object->error, $object->errors, 'errors');
}*/
} elseif ($action == 'setdate_livraison' && $permissiontoadd) {
//print "x ".$_POST['liv_month'].", ".$_POST['liv_day'].", ".$_POST['liv_year'];
$datedelivery = dol_mktime(GETPOST('liv_hour', 'int'), GETPOST('liv_min', 'int'), 0, GETPOST('liv_month', 'int'), GETPOST('liv_day', 'int'), GETPOST('liv_year', 'int'));
$object->fetch($id);
@ -956,10 +953,10 @@ if ($action == 'create') {
$ent = 'entrepot_' . $paramSuffix;
$pu = 'pu_' . $paramSuffix;
$lot = 'lot_number_' . $paramSuffix;
$dDLUO = dol_mktime(12, 0, 0, $_POST['dluo_'.$paramSuffix.'month'], $_POST['dluo_'.$paramSuffix.'day'], $_POST['dluo_'.$paramSuffix.'year']);
$dDLC = dol_mktime(12, 0, 0, $_POST['dlc_'.$paramSuffix.'month'], $_POST['dlc_'.$paramSuffix.'day'], $_POST['dlc_'.$paramSuffix.'year']);
$dDLUO = dol_mktime(12, 0, 0, GETPOST('dluo_'.$paramSuffix.'month', 'int'), GETPOST('dluo_'.$paramSuffix.'day', 'int'), GETPOST('dluo_'.$paramSuffix.'year', 'int'));
$dDLC = dol_mktime(12, 0, 0, GETPOST('dlc_'.$paramSuffix.'month', 'int'), GETPOST('dlc_'.$paramSuffix.'day', 'int'), GETPOST('dlc_'.$paramSuffix.'year', 'int'));
$fk_commandefourndet = 'fk_commandefourndet_'.$paramSuffix;
$dispatchLines[$numAsked] = array('prod' => GETPOST($prod, 'int'), 'qty' => price2num(GETPOST($qty), 'MS'), 'ent' =>GETPOST($ent, 'int'), 'pu' => price2num(GETPOST($pu), 'MU'), 'comment' =>GETPOST('comment'), 'fk_commandefourndet' => GETPOST($fk_commandefourndet, 'int'), 'DLC'=> $dDLC, 'DLUO'=> $dDLUO, 'lot'=> GETPOST($lot, 'alpha'));
$dispatchLines[$numAsked] = array('prod' => GETPOST($prod, 'int'), 'qty' => price2num(GETPOST($qty), 'MS'), 'ent' => GETPOST($ent, 'int'), 'pu' => price2num(GETPOST($pu), 'MU'), 'comment' => GETPOST('comment'), 'fk_commandefourndet' => GETPOST($fk_commandefourndet, 'int'), 'DLC'=> $dDLC, 'DLUO'=> $dDLUO, 'lot'=> GETPOST($lot, 'alpha'));
}
// If create form is coming from same page, it means that post was sent but an error occured

3
htdocs/recruitment/recruitmentcandidature_card.php
View File

@ -325,9 +325,6 @@ if ($action == 'create') {
print dol_get_fiche_head(array(), '');
// Set some default values
//if (! GETPOSTISSET('fieldname')) $_POST['fieldname'] = 'myvalue';
print '<table class="border centpercent tableforfieldcreate">'."\n";
// Common attributes

2
htdocs/salaries/paiement_salary.php
View File

@ -87,7 +87,7 @@ if ($action == 'add_payment' || ($action == 'confirm_paiement' && $confirm == 'y
foreach ($_POST as $key => $value) {
if (substr($key, 0, 7) == 'amount_') {
$other_chid = substr($key, 7);
$amounts[$other_chid] = price2num($_POST[$key]);
$amounts[$other_chid] = price2num(GETPOST($key));
}
}

2
htdocs/societe/price.php
View File

@ -156,7 +156,7 @@ if (empty($reshook)) {
$action = '';
}
if ($action == 'update_customer_price_confirm' && !$_POST ["cancel"] && ($user->rights->produit->creer || $user->rights->service->creer)) {
if ($action == 'update_customer_price_confirm' && !$cancel && ($user->rights->produit->creer || $user->rights->service->creer)) {
$prodcustprice->fetch(GETPOST('lineid', 'int'));
$update_child_soc = GETPOST('updatechildprice');

7
htdocs/societe/societecontact.php
View File

@ -111,13 +111,6 @@ if ($action == 'addcontact' && $user->rights->societe->creer) {
dol_print_error($db);
}
}
/*
elseif ($action == 'setaddress' && $user->rights->societe->creer)
{
$object->fetch($id);
$result=$object->setDeliveryAddress($_POST['fk_address']);
if ($result < 0) dol_print_error($db,$object->error);
}*/
/*

6
htdocs/supplier_proposal/card.php
View File

@ -244,7 +244,7 @@ if (empty($reshook)) {
}
}
} elseif ($action == 'setdate_livraison' && $usercancreate) {
$result = $object->setDeliveryDate($user, dol_mktime(12, 0, 0, $_POST['liv_month'], $_POST['liv_day'], $_POST['liv_year']));
$result = $object->setDeliveryDate($user, dol_mktime(12, 0, 0, GETPOST('liv_month', 'int'), GETPOST('liv_day', 'int'), GETPOST('liv_year', 'int')));
if ($result < 0) {
dol_print_error($db, $object->error);
}
@ -895,7 +895,7 @@ if (empty($reshook)) {
if (!empty($productid)) {
$productsupplier = new ProductFournisseur($db);
if (!empty($conf->global->SUPPLIER_PROPOSAL_WITH_PREDEFINED_PRICES_ONLY)) {
if ($productid > 0 && $productsupplier->get_buyprice(0, price2num($_POST['qty']), $productid, 'none', GETPOST('socid', 'int')) < 0) {
if ($productid > 0 && $productsupplier->get_buyprice(0, price2num(GETPOST('qty')), $productid, 'none', GETPOST('socid', 'int')) < 0) {
setEventMessages($langs->trans("ErrorQtyTooLowForThisSupplier"), null, 'warnings');
}
}
@ -1007,7 +1007,7 @@ if (empty($reshook)) {
$object->setProject(GETPOST('projectid'), 'int');
} elseif ($action == 'setavailability' && $usercancreate) {
// Delivery delay
$result = $object->availability($_POST['availability_id']);
$result = $object->availability(GETPOST('availability_id'));
} elseif ($action == 'setconditions' && $usercancreate) {
// Terms of payments
$result = $object->setPaymentTerms(GETPOST('cond_reglement_id', 'int'));

2
htdocs/user/passwordforgotten.php
View File

@ -113,7 +113,7 @@ if (empty($reshook)) {
// Action modif mot de passe
if ($action == 'buildnewpassword' && $username) {
$sessionkey = 'dol_antispam_value';
$ok = (array_key_exists($sessionkey, $_SESSION) === true && (strtolower($_SESSION[$sessionkey]) == strtolower($_POST['code'])));
$ok = (array_key_exists($sessionkey, $_SESSION) === true && (strtolower($_SESSION[$sessionkey]) == strtolower(GETPOST('code'))));
// Verify code
if (!$ok) {

2
test/phpunit/SecurityTest.php
View File

@ -574,7 +574,7 @@ class SecurityTest extends PHPUnit\Framework\TestCase
$_POST["backtopage"]='javascripT&javascript#javascriptxjavascript3a alert(1)';
$result=GETPOST("backtopage");
print __METHOD__." result=".$result."\n";
$this->assertEquals('x3a alert(1)', $result, 'Test for backtopage param');
$this->assertEquals('x3aalert(1)', $result, 'Test for backtopage param');
return $result;
}