From eb36c3f1444043001bfa19bfd70fbc13377fa959 Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Sat, 19 Sep 2020 02:27:32 +0200
Subject: [PATCH] Fix must use GETPOST

---
 htdocs/comm/mailing/card.php | 24 ++++++++++++------------
 1 file changed, 12 insertions(+), 12 deletions(-)

diff --git a/htdocs/comm/mailing/card.php b/htdocs/comm/mailing/card.php
index 26216c1ac01..13037b58769 100644
--- a/htdocs/comm/mailing/card.php
+++ b/htdocs/comm/mailing/card.php
@@ -462,14 +462,14 @@ if (empty($reshook))
 	{
 		$mesgs = array();
 
-		$object->email_from     = trim($_POST["from"]);
-		$object->email_replyto  = trim($_POST["replyto"]);
-		$object->email_errorsto = trim($_POST["errorsto"]);
-		$object->titre          = trim($_POST["titre"]);
-		$object->sujet          = trim($_POST["sujet"]);
-		$object->body           = trim($_POST["bodyemail"]);
-		$object->bgcolor        = trim($_POST["bgcolor"]);
-		$object->bgimage        = trim($_POST["bgimage"]);
+		$object->email_from     = GETPOST("from");
+		$object->email_replyto  = GETPOST("replyto");
+		$object->email_errorsto = GETPOST("errorsto");
+		$object->titre          = GETPOST("titre");
+		$object->sujet          = GETPOST("sujet");
+		$object->body           = GETPOST("bodyemail", 'restricthtml');
+		$object->bgcolor        = GETPOST("bgcolor");
+		$object->bgimage        = GETPOST("bgimage");
 
 		if (!$object->titre) {
 			$mesgs[] = $langs->trans("ErrorFieldRequired", $langs->transnoentities("MailTitle"));
@@ -563,10 +563,10 @@ if (empty($reshook))
 		{
 			$mesgs = array();
 
-			$object->sujet          = trim($_POST["sujet"]);
-			$object->body           = trim($_POST["bodyemail"]);
-			$object->bgcolor        = trim($_POST["bgcolor"]);
-			$object->bgimage        = trim($_POST["bgimage"]);
+			$object->sujet          = GETPOST("sujet");
+			$object->body           = GETPOST("bodyemail", 'restricthtml');
+			$object->bgcolor        = GETPOST("bgcolor");
+			$object->bgimage        = GETPOST("bgimage");
 
 			if (!$object->sujet) {
 				$mesgs[] = $langs->trans("ErrorFieldRequired", $langs->transnoentities("MailTopic"));