Fight against $_POST
This commit is contained in:
Laurent Destailleur
parent
52aebce789
commit
f4f3efec62
@ -15,6 +15,9 @@ WARNING:
|
||||
|
||||
Following changes may create regressions for some external modules, but were necessary to make Dolibarr better:
|
||||
* PHP 5.5 is no more supported. Minimum PHP is now 5.6+.
|
||||
* Default mode for GETPOST function is now 'alphanohtml' instead of 'none'. So check when you make POST or GET requests
|
||||
with HTML content that you make a GETPOST('myparam', 'restricthtml') or GETPOST('myparam', 'none') if you really need posted content without sanitizing
|
||||
the HTML into content (in such a case, sanitize data later)
|
||||
|
||||
|
||||
|
||||
|
||||
@ -157,7 +157,7 @@ if (GETPOST('actionadd', 'alpha') || GETPOST('actionmodify', 'alpha'))
|
||||
foreach ($listfield as $f => $value)
|
||||
{
|
||||
if ($value == 'country_id' && in_array($tablib[$id], array('Pcg_version'))) continue; // For some pages, country is not mandatory
|
||||
if ((! isset($_POST[$value]) || $_POST[$value]==''))
|
||||
if ((! GETPOSTISSET($value)) || GETPOST($value) == '')
|
||||
{
|
||||
$ok=0;
|
||||
$fieldnamekey=$listfield[$f];
|
||||
@ -170,13 +170,13 @@ if (GETPOST('actionadd', 'alpha') || GETPOST('actionmodify', 'alpha'))
|
||||
}
|
||||
}
|
||||
// Other checks
|
||||
if ($tabname[$id] == MAIN_DB_PREFIX."c_actioncomm" && isset($_POST["type"]) && in_array($_POST["type"], array('system','systemauto'))) {
|
||||
if ($tabname[$id] == MAIN_DB_PREFIX."c_actioncomm" && GETPOSTISSET("type") && in_array($_POST["type"], array('system','systemauto'))) {
|
||||
$ok=0;
|
||||
setEventMessages($langs->transnoentities('ErrorReservedTypeSystemSystemAuto'), null, 'errors');
|
||||
}
|
||||
if (isset($_POST["pcg_version"]))
|
||||
if (GETPOSTISSET("pcg_version"))
|
||||
{
|
||||
if ($_POST["pcg_version"]=='0')
|
||||
if (GETPOST("pcg_version") == '0')
|
||||
{
|
||||
$ok=0;
|
||||
setEventMessages($langs->transnoentities('ErrorCodeCantContainZero'), null, 'errors');
|
||||
|
||||
@ -153,7 +153,7 @@ if (GETPOST('actionadd', 'alpha') || GETPOST('actionmodify', 'alpha'))
|
||||
if ($value == 'formula' && empty($_POST['formula'])) continue;
|
||||
if ($value == 'range_account' && empty($_POST['range_account'])) continue;
|
||||
if ($value == 'country' || $value == 'country_id') continue;
|
||||
if (!isset($_POST[$value]) || $_POST[$value] == '')
|
||||
if (! GETPOSTISSET($value) || GETPOST($value) == '')
|
||||
{
|
||||
$ok = 0;
|
||||
$fieldnamekey = $listfield[$f];
|
||||
|
||||
@ -165,9 +165,9 @@ if (GETPOST('actionadd', 'alpha') || GETPOST('actionmodify', 'alpha'))
|
||||
if ($fieldnamekey == 'nature') $fieldnamekey = 'NatureOfJournal';
|
||||
}
|
||||
// Other checks
|
||||
if (isset($_POST["code"]))
|
||||
if (GETPOSTISSET("code"))
|
||||
{
|
||||
if ($_POST["code"] == '0')
|
||||
if (GETPOST("code") == '0')
|
||||
{
|
||||
$ok = 0;
|
||||
setEventMessages($langs->transnoentities('ErrorCodeCantContainZero'), null, 'errors');
|
||||
|
||||
@ -214,7 +214,7 @@ if ($user->rights->adherent->cotisation->creer && $action == 'edit')
|
||||
// Type
|
||||
print '<tr>';
|
||||
print '<td>'.$langs->trans("Type").'</td><td class="valeur" colspan="3">';
|
||||
print $form->selectarray("typeid", $adht->liste_array(), (isset($_POST["typeid"]) ? $_POST["typeid"] : $object->fk_type));
|
||||
print $form->selectarray("typeid", $adht->liste_array(), (GETPOSTISSET("typeid") ? GETPOST("typeid") : $object->fk_type));
|
||||
print'</td></tr>';
|
||||
|
||||
// Date start subscription
|
||||
|
||||
@ -792,7 +792,7 @@ if ($rowid > 0)
|
||||
$morphys["phy"] = $langs->trans("Physical");
|
||||
$morphys["mor"] = $langs->trans("Moral");
|
||||
print '<tr><td><span>'.$langs->trans("MemberNature").'</span></td><td>';
|
||||
print $form->selectarray("morphy", $morphys, isset($_POST["morphy"]) ? $_POST["morphy"] : $object->morphy);
|
||||
print $form->selectarray("morphy", $morphys, GETPOSTISSET("morphy") ? GETPOST("morphy") : $object->morphy);
|
||||
print "</td></tr>";
|
||||
|
||||
print '<tr><td>'.$langs->trans("SubscriptionRequired").'</td><td>';
|
||||
|
||||
@ -678,9 +678,9 @@ if (GETPOST('actionadd') || GETPOST('actionmodify'))
|
||||
$ok = 0;
|
||||
setEventMessages($langs->transnoentities('ErrorReservedTypeSystemSystemAuto'), null, 'errors');
|
||||
}
|
||||
if (isset($_POST["code"]))
|
||||
if (GETPOSTISSET("code"))
|
||||
{
|
||||
if ($_POST["code"] == '0')
|
||||
if (GETPOST("code") == '0')
|
||||
{
|
||||
$ok = 0;
|
||||
setEventMessages($langs->transnoentities('ErrorCodeCantContainZero'), null, 'errors');
|
||||
@ -691,7 +691,7 @@ if (GETPOST('actionadd') || GETPOST('actionmodify'))
|
||||
$msg .= $langs->transnoentities('ErrorFieldFormat', $langs->transnoentities('Code')).'<br>';
|
||||
}*/
|
||||
}
|
||||
if (isset($_POST["country"]) && ($_POST["country"] == '0') && ($id != 2))
|
||||
if (GETPOSTISSET("country") && ($_POST["country"] == '0') && ($id != 2))
|
||||
{
|
||||
if (in_array($tablib[$id], array('DictionaryCompanyType', 'DictionaryHolidayTypes'))) // Field country is no mandatory for such dictionaries
|
||||
{
|
||||
|
||||
@ -53,8 +53,7 @@ if ($action == "save")
|
||||
foreach ($eventstolog as $key => $arr)
|
||||
{
|
||||
$param='MAIN_LOGEVENTS_'.$arr['id'];
|
||||
//print "param=".$param." - ".$_POST[$param];
|
||||
if (! empty($_POST[$param])) dolibarr_set_const($db, $param, $_POST[$param], 'chaine', 0, '', $conf->entity);
|
||||
if (GETPOST($param, 'alphanohtml')) dolibarr_set_const($db, $param, GETPOST($param, 'alphanohtml'), 'chaine', 0, '', $conf->entity);
|
||||
else dolibarr_del_const($db, $param, $conf->entity);
|
||||
}
|
||||
|
||||
|
||||
@ -239,13 +239,6 @@ else
|
||||
jsdump(CKEDITOR.env, "divforlog");
|
||||
</script>';
|
||||
}
|
||||
|
||||
/*
|
||||
print '<!-- Result -->';
|
||||
print $_POST["formtestfield"];
|
||||
print '<!-- Result -->';
|
||||
print $conf->global->FCKEDITOR_TEST;
|
||||
*/
|
||||
}
|
||||
|
||||
// End of page
|
||||
|
||||
@ -51,14 +51,14 @@ if ($action == 'setvalue' && $user->admin)
|
||||
$error = 0;
|
||||
$db->begin();
|
||||
|
||||
if (!dolibarr_set_const($db, 'LDAP_GROUP_DN', GETPOST("group"), 'chaine', 0, '', $conf->entity)) $error++;
|
||||
if (!dolibarr_set_const($db, 'LDAP_GROUP_OBJECT_CLASS', GETPOST("objectclass"), 'chaine', 0, '', $conf->entity)) $error++;
|
||||
if (!dolibarr_set_const($db, 'LDAP_GROUP_DN', GETPOST("group", 'alphanohtml'), 'chaine', 0, '', $conf->entity)) $error++;
|
||||
if (!dolibarr_set_const($db, 'LDAP_GROUP_OBJECT_CLASS', GETPOST("objectclass", 'alphanohtml'), 'chaine', 0, '', $conf->entity)) $error++;
|
||||
|
||||
if (!dolibarr_set_const($db, 'LDAP_GROUP_FIELD_FULLNAME', GETPOST("fieldfullname"), 'chaine', 0, '', $conf->entity)) $error++;
|
||||
//if (! dolibarr_set_const($db, 'LDAP_GROUP_FIELD_NAME',$_POST["fieldname"],'chaine',0,'',$conf->entity)) $error++;
|
||||
if (!dolibarr_set_const($db, 'LDAP_GROUP_FIELD_DESCRIPTION', GETPOST("fielddescription"), 'chaine', 0, '', $conf->entity)) $error++;
|
||||
if (!dolibarr_set_const($db, 'LDAP_GROUP_FIELD_GROUPMEMBERS', GETPOST("fieldgroupmembers"), 'chaine', 0, '', $conf->entity)) $error++;
|
||||
if (!dolibarr_set_const($db, 'LDAP_GROUP_FIELD_GROUPID', GETPOST("fieldgroupid"), 'chaine', 0, '', $conf->entity)) $error++;
|
||||
if (!dolibarr_set_const($db, 'LDAP_GROUP_FIELD_FULLNAME', GETPOST("fieldfullname", 'alphanohtml'), 'chaine', 0, '', $conf->entity)) $error++;
|
||||
//if (! dolibarr_set_const($db, 'LDAP_GROUP_FIELD_NAME',GETPOST("fieldname", 'alphanohtml'),'chaine',0,'',$conf->entity)) $error++;
|
||||
if (!dolibarr_set_const($db, 'LDAP_GROUP_FIELD_DESCRIPTION', GETPOST("fielddescription", 'alphanohtml'), 'chaine', 0, '', $conf->entity)) $error++;
|
||||
if (!dolibarr_set_const($db, 'LDAP_GROUP_FIELD_GROUPMEMBERS', GETPOST("fieldgroupmembers", 'alphanohtml'), 'chaine', 0, '', $conf->entity)) $error++;
|
||||
if (!dolibarr_set_const($db, 'LDAP_GROUP_FIELD_GROUPID', GETPOST("fieldgroupid", 'alphanohtml'), 'chaine', 0, '', $conf->entity)) $error++;
|
||||
|
||||
// This one must be after the others
|
||||
$valkey = '';
|
||||
|
||||
@ -31,6 +31,8 @@ require_once DOL_DOCUMENT_ROOT.'/core/class/menubase.class.php';
|
||||
// Load translation files required by the page
|
||||
$langs->loadLangs(array("other", "admin"));
|
||||
|
||||
$cancel = GETPOST('cancel', 'alpha'); // We click on a Cancel button
|
||||
|
||||
if (!$user->admin) accessforbidden();
|
||||
|
||||
$dirstandard = array();
|
||||
@ -64,12 +66,12 @@ if (GETPOST("menu_handler")) $menu_handler = GETPOST("menu_handler");
|
||||
|
||||
if ($action == 'update')
|
||||
{
|
||||
if (!$_POST['cancel'])
|
||||
if (! $cancel)
|
||||
{
|
||||
$leftmenu = ''; $mainmenu = '';
|
||||
if (!empty($_POST['menuIdParent']) && !is_numeric($_POST['menuIdParent']))
|
||||
if (GETPOST('menuIdParent', 'alpha') && !is_numeric(GETPOST('menuIdParent', 'alpha')))
|
||||
{
|
||||
$tmp = explode('&', $_POST['menuIdParent']);
|
||||
$tmp = explode('&', GETPOST('menuIdParent', 'alpha'));
|
||||
foreach ($tmp as $s)
|
||||
{
|
||||
if (preg_match('/fk_mainmenu=/', $s))
|
||||
@ -138,7 +140,7 @@ if ($action == 'update')
|
||||
|
||||
if ($action == 'add')
|
||||
{
|
||||
if ($_POST['cancel'])
|
||||
if ($cancel)
|
||||
{
|
||||
header("Location: ".DOL_URL_ROOT."/admin/menus/index.php?menu_handler=".$menu_handler);
|
||||
exit;
|
||||
|
||||
@ -59,9 +59,18 @@ if ($action == 'setconst' && $user->admin)
|
||||
{
|
||||
$error = 0;
|
||||
$db->begin();
|
||||
foreach ($_POST['setupdriver'] as $setupconst) {
|
||||
|
||||
$setupconstarray = GETPOST('setupdriver', 'array');
|
||||
|
||||
foreach ($setupconstarray as $setupconst) {
|
||||
//print '<pre>'.print_r($setupconst, true).'</pre>';
|
||||
$result = dolibarr_set_const($db, $setupconst['varname'], $setupconst['value'], 'chaine', 0, '', $conf->entity);
|
||||
|
||||
$constname = dol_escape_htmltag($setupconst['varname']);
|
||||
$constvalue = dol_escape_htmltag($setupconst['value']);
|
||||
$consttype = dol_escape_htmltag($setupconst['type']);
|
||||
$constnote = dol_escape_htmltag($setupconst['note']);
|
||||
|
||||
$result = dolibarr_set_const($db, $constname, $constvalue, $consttype, 0, $constnote, $conf->entity);
|
||||
if (!$result > 0) $error++;
|
||||
}
|
||||
|
||||
|
||||
@ -70,8 +70,8 @@ if (preg_match('/set_([a-z0-9_\-]+)/i', $action, $reg))
|
||||
|
||||
elseif ($action == 'updateform')
|
||||
{
|
||||
$res1=dolibarr_set_const($db, "MAIN_APPLICATION_TITLE", $_POST["MAIN_APPLICATION_TITLE"], 'chaine', 0, '', $conf->entity);
|
||||
$res2=dolibarr_set_const($db, "MAIN_SESSION_TIMEOUT", $_POST["MAIN_SESSION_TIMEOUT"], 'chaine', 0, '', $conf->entity);
|
||||
$res1=dolibarr_set_const($db, "MAIN_APPLICATION_TITLE", GETPOST("MAIN_APPLICATION_TITLE", 'alphanohtml'), 'chaine', 0, '', $conf->entity);
|
||||
$res2=dolibarr_set_const($db, "MAIN_SESSION_TIMEOUT", GETPOST("MAIN_SESSION_TIMEOUT", 'alphanohtml'), 'chaine', 0, '', $conf->entity);
|
||||
if ($res1 && $res2) setEventMessages($langs->trans("RecordModifiedSuccessfully"), null, 'mesgs');
|
||||
}
|
||||
|
||||
|
||||
@ -28,6 +28,8 @@ require_once DOL_DOCUMENT_ROOT.'/core/lib/admin.lib.php';
|
||||
// Load translation files required by the page
|
||||
$langs->loadLangs(array("companies", "admin", "products", "sms", "other", "errors"));
|
||||
|
||||
$cancel = GETPOST('cancel', 'alpha'); // We click on a Cancel button
|
||||
|
||||
if (!$user->admin)
|
||||
accessforbidden();
|
||||
|
||||
@ -46,14 +48,13 @@ $action = GETPOST('action', 'aZ09');
|
||||
* Actions
|
||||
*/
|
||||
|
||||
if ($action == 'update' && empty($_POST["cancel"]))
|
||||
if ($action == 'update' && !$cancel)
|
||||
{
|
||||
dolibarr_set_const($db, "MAIN_DISABLE_ALL_SMS", $_POST["MAIN_DISABLE_ALL_SMS"], 'chaine', 0, '', $conf->entity);
|
||||
dolibarr_set_const($db, "MAIN_DISABLE_ALL_SMS", GETPOST("MAIN_DISABLE_ALL_SMS", 'alphanohtml'), 'chaine', 0, '', $conf->entity);
|
||||
|
||||
dolibarr_set_const($db, "MAIN_SMS_SENDMODE", $_POST["MAIN_SMS_SENDMODE"], 'chaine', 0, '', $conf->entity);
|
||||
dolibarr_set_const($db, "MAIN_SMS_SENDMODE", GETPOST("MAIN_SMS_SENDMODE", 'alphahtml'), 'chaine', 0, '', $conf->entity);
|
||||
|
||||
dolibarr_set_const($db, "MAIN_MAIL_SMS_FROM", $_POST["MAIN_MAIL_SMS_FROM"], 'chaine', 0, '', $conf->entity);
|
||||
//dolibarr_set_const($db, "MAIN_MAIL_AUTOCOPY_TO", $_POST["MAIN_MAIL_AUTOCOPY_TO"], 'chaine', 0, '', $conf->entity);
|
||||
dolibarr_set_const($db, "MAIN_MAIL_SMS_FROM", GETPOST("MAIN_MAIL_SMS_FROM", 'alphanohtml'), 'chaine', 0, '', $conf->entity);
|
||||
|
||||
header("Location: ".$_SERVER["PHP_SELF"]."?mainmenu=home&leftmenu=setup");
|
||||
exit;
|
||||
@ -68,15 +69,15 @@ if ($action == 'send' && !$_POST['cancel'])
|
||||
$error = 0;
|
||||
|
||||
$smsfrom = '';
|
||||
if (!empty($_POST["fromsms"])) $smsfrom = GETPOST("fromsms");
|
||||
if (empty($smsfrom)) $smsfrom = GETPOST("fromname");
|
||||
$sendto = GETPOST("sendto");
|
||||
$body = GETPOST('message');
|
||||
$deliveryreceipt = GETPOST("deliveryreceipt");
|
||||
$deferred = GETPOST('deferred');
|
||||
$priority = GETPOST('priority');
|
||||
$class = GETPOST('class');
|
||||
$errors_to = GETPOST("errorstosms");
|
||||
if (!empty($_POST["fromsms"])) $smsfrom = GETPOST("fromsms", 'alphanohtml');
|
||||
if (empty($smsfrom)) $smsfrom = GETPOST("fromname", 'alphanohtml');
|
||||
$sendto = GETPOST("sendto", 'alphanohtml');
|
||||
$body = GETPOST('message', 'alphanohtml');
|
||||
$deliveryreceipt = GETPOST("deliveryreceipt", 'alphanohtml');
|
||||
$deferred = GETPOST('deferred', 'alphanohtml');
|
||||
$priority = GETPOST('priority', 'alphanohtml');
|
||||
$class = GETPOST('class', 'alphanohtml');
|
||||
$errors_to = GETPOST("errorstosms", 'alphanohtml');
|
||||
|
||||
// Create form object
|
||||
include_once DOL_DOCUMENT_ROOT.'/core/class/html.formsms.class.php';
|
||||
|
||||
@ -50,18 +50,20 @@ $action = GETPOST('action', 'aZ09');
|
||||
// Action mise a jour ou ajout d'une constante
|
||||
if ($action == 'update' || $action == 'add')
|
||||
{
|
||||
$constname=GETPOST("constname");
|
||||
$constvalue=GETPOST("constvalue");
|
||||
$constnamearray = GETPOST("constname", 'array');
|
||||
$constvaluearray = GETPOST("constvalue", 'array');
|
||||
$consttypearray = GETPOST("consttype", 'array');
|
||||
$constnotearray = GETPOST("constnote", 'array');
|
||||
|
||||
// Action mise a jour ou ajout d'une constante
|
||||
if ($action == 'update' || $action == 'add')
|
||||
{
|
||||
foreach($_POST['constname'] as $key => $val)
|
||||
foreach($constnamearray as $key => $val)
|
||||
{
|
||||
$constname=$_POST["constname"][$key];
|
||||
$constvalue=$_POST["constvalue"][$key];
|
||||
$consttype=$_POST["consttype"][$key];
|
||||
$constnote=$_POST["constnote"][$key];
|
||||
$constname = dol_escape_htmltag($constnamearray[$key]);
|
||||
$constvalue = dol_escape_htmltag($constvaluearray[$key]);
|
||||
$consttype = dol_escape_htmltag($consttypearray[$key]);
|
||||
$constnote = dol_escape_htmltag($constnotearray[$key]);
|
||||
|
||||
$res=dolibarr_set_const($db, $constname, $constvalue, $type[$consttype], 0, $constnote, $conf->entity);
|
||||
|
||||
|
||||
@ -171,7 +171,7 @@ if ($action == 'setmod')
|
||||
if ($action == 'addcat')
|
||||
{
|
||||
$fourn = new Fournisseur($db);
|
||||
$fourn->CreateCategory($user, $_POST["cat"]);
|
||||
$fourn->CreateCategory($user, GETPOST('cat', 'alphanohtml'));
|
||||
}
|
||||
|
||||
if ($action == 'set_SUPPLIER_INVOICE_FREE_TEXT')
|
||||
|
||||
@ -165,7 +165,7 @@ elseif ($action == 'setmod')
|
||||
elseif ($action == 'addcat')
|
||||
{
|
||||
$fourn = new Fournisseur($db);
|
||||
$fourn->CreateCategory($user, $_POST["cat"]);
|
||||
$fourn->CreateCategory($user, GETPOST('cat', 'alphanohtml'));
|
||||
}
|
||||
|
||||
elseif ($action == 'set_SUPPLIER_ORDER_OTHER')
|
||||
|
||||
@ -132,7 +132,7 @@ if (GETPOST('actionadd', 'alpha') || GETPOST('actionmodify', 'alpha'))
|
||||
$ok=1;
|
||||
foreach ($listfield as $f => $value)
|
||||
{
|
||||
if ($value == 'ref' && (! isset($_POST[$value]) || $_POST[$value]==''))
|
||||
if ($value == 'ref' && (! GETPOSTISSET($value) || GETPOST($value) == ''))
|
||||
{
|
||||
$ok=0;
|
||||
$fieldnamekey=$listfield[$f];
|
||||
|
||||
@ -609,37 +609,15 @@ if ($rowid > 0)
|
||||
print $object->showOptionals($extrafields, 'edit', $parameters);
|
||||
}
|
||||
|
||||
print '</table>';
|
||||
// Other attributes
|
||||
include DOL_DOCUMENT_ROOT.'/core/tpl/extrafields_edit.tpl.php';
|
||||
|
||||
// Extra field
|
||||
if (empty($reshook))
|
||||
{
|
||||
print '<br><br><table class="border centpercent">';
|
||||
foreach ($extrafields->attributes[$object->element]['label'] as $key=>$label)
|
||||
{
|
||||
if (isset($_POST["options_".$key])) {
|
||||
if (is_array($_POST["options_".$key])) {
|
||||
// $_POST["options"] is an array but following code expects a comma separated string
|
||||
$value = implode(",", $_POST["options_".$key]);
|
||||
} else {
|
||||
$value = $_POST["options_".$key];
|
||||
}
|
||||
} else {
|
||||
$value = $adht->array_options["options_".$key];
|
||||
}
|
||||
print '<tr><td width="30%">'.$label.'</td><td>';
|
||||
print $extrafields->showInputField($key, $value);
|
||||
print "</td></tr>\n";
|
||||
}
|
||||
print '</table><br><br>';
|
||||
}
|
||||
print '</table>';
|
||||
|
||||
dol_fiche_end();
|
||||
|
||||
print '<div class="center">';
|
||||
print '<input type="submit" class="button" value="'.$langs->trans("Save").'">';
|
||||
print ' ';
|
||||
print '<input type="submit" name="cancel" class="button" value="'.$langs->trans("Cancel").'">';
|
||||
print '<div class="center"><input type="submit" class="button" name="save" value="'.$langs->trans("Save").'">';
|
||||
print ' <input type="submit" class="button" name="cancel" value="'.$langs->trans("Cancel").'">';
|
||||
print '</div>';
|
||||
|
||||
print "</form>";
|
||||
|
||||
@ -109,7 +109,7 @@ if (!empty($conf->product->enabled) || !empty($conf->service->enabled))
|
||||
}
|
||||
|
||||
$coldisplay++;
|
||||
print '<td class="bordertop nobottom linecolqty right"><input type="text" size="2" name="qty" id="qty" class="flat right" value="'.(isset($_POST["qty"]) ?GETPOST("qty", 'alpha', 2) : 1).'">';
|
||||
print '<td class="bordertop nobottom linecolqty right"><input type="text" size="2" name="qty" id="qty" class="flat right" value="'.(GETPOSTISSET("qty") ? GETPOST("qty", 'alpha', 2) : 1).'">';
|
||||
print '</td>';
|
||||
|
||||
if ($conf->global->PRODUCT_USE_UNITS)
|
||||
|
||||
@ -117,7 +117,7 @@ for ($i = 0; $i < $nbtoshow; $i++)
|
||||
|
||||
$buyer = new Societe($db);
|
||||
if ($_SESSION["CASHDESK_ID_THIRDPARTY"] > 0) $buyer->fetch($_SESSION["CASHDESK_ID_THIRDPARTY"]);
|
||||
echo $form->load_tva('selTva', (isset($_POST["selTva"])?GETPOST("selTva", 'alpha', 2):$vatrate), $mysoc, $buyer, 0, 0, '', false, -1);
|
||||
echo $form->load_tva('selTva', (GETPOSTISSET("selTva") ? GETPOST("selTva", 'alpha', 2) : $vatrate), $mysoc, $buyer, 0, 0, '', false, -1);
|
||||
?>
|
||||
</td>
|
||||
<td></td>
|
||||
|
||||
@ -3351,8 +3351,8 @@ if ($action == 'create')
|
||||
print '</td></tr>';
|
||||
|
||||
// Bank Account
|
||||
if (isset($_POST['fk_account'])) {
|
||||
$fk_account = $_POST['fk_account'];
|
||||
if (GETPOSTISSET('fk_account')) {
|
||||
$fk_account = GETPOST('fk_account');
|
||||
}
|
||||
|
||||
print '<tr><td>'.$langs->trans('BankAccount').'</td><td colspan="2">';
|
||||
|
||||
@ -4967,7 +4967,7 @@ abstract class CommonObject
|
||||
global $conf, $_POST;
|
||||
|
||||
// If param here has been posted, we use this value first.
|
||||
if (isset($_POST[$fieldname])) return GETPOST($fieldname, 2);
|
||||
if (GETPOSTISSET($fieldname)) return GETPOST($fieldname, 'alphanohtml', 3);
|
||||
|
||||
if (isset($alternatevalue)) return $alternatevalue;
|
||||
|
||||
|
||||
@ -420,10 +420,6 @@ class CoreObject extends CommonObject
|
||||
{
|
||||
$this->setDate($key, $value);
|
||||
}
|
||||
elseif( $this->checkFieldType($key, 'array'))
|
||||
{
|
||||
$this->{$key} = $value;
|
||||
}
|
||||
elseif ($this->checkFieldType($key, 'float'))
|
||||
{
|
||||
$this->{$key} = (double) price2num($value);
|
||||
@ -433,7 +429,7 @@ class CoreObject extends CommonObject
|
||||
}
|
||||
else
|
||||
{
|
||||
$this->{$key} = $value;
|
||||
$this->{$key} = dol_string_nohtmltag($value);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@ -291,6 +291,7 @@ function GETPOSTISSET($paramname)
|
||||
* 'array'=check it's array
|
||||
* 'san_alpha'=Use filter_var with FILTER_SANITIZE_STRING (do not use this for free text string)
|
||||
* 'nohtml', 'alphanohtml'=check there is no html content
|
||||
* 'restricthtml'=check html content is restricted to some tags only
|
||||
* 'custom'= custom filter specify $filter and $options)
|
||||
* @param int $method Type of method (0 = get then post, 1 = only get, 2 = only post, 3 = post then get)
|
||||
* @param int $filter Filter to apply when $check is set to 'custom'. (See http://php.net/manual/en/filter.filters.php for détails)
|
||||
@ -298,7 +299,7 @@ function GETPOSTISSET($paramname)
|
||||
* @param string $noreplace Force disable of replacement of __xxx__ strings.
|
||||
* @return string|string[] Value found (string or array), or '' if check fails
|
||||
*/
|
||||
function GETPOST($paramname, $check = 'none', $method = 0, $filter = null, $options = null, $noreplace = 0)
|
||||
function GETPOST($paramname, $check = 'alphanohtml', $method = 0, $filter = null, $options = null, $noreplace = 0)
|
||||
{
|
||||
global $mysoc, $user, $conf;
|
||||
|
||||
|
||||
@ -48,7 +48,7 @@ function check_user_password_googleoauth($usertotest, $passwordtotest, $entityto
|
||||
$login = '';
|
||||
|
||||
// Get identity from user and redirect browser to Google OAuth Server
|
||||
if (isset($_POST['username']))
|
||||
if (GETPOSTISSET('username'))
|
||||
{
|
||||
/*$openid = new SimpleOpenID();
|
||||
$openid->SetIdentity($_POST['username']);
|
||||
|
||||
@ -43,7 +43,7 @@ function check_user_password_openid($usertotest, $passwordtotest, $entitytotest)
|
||||
$login='';
|
||||
|
||||
// Get identity from user and redirect browser to OpenID Server
|
||||
if (isset($_POST['username']))
|
||||
if (GETPOSISSET('username'))
|
||||
{
|
||||
$openid = new SimpleOpenID();
|
||||
$openid->SetIdentity($_POST['username']);
|
||||
|
||||
@ -197,14 +197,14 @@ if ($action == 'create')
|
||||
print '</tr>';
|
||||
|
||||
print '<tr><td class="fieldrequired">'.$langs->trans("PaymentMode").'</td><td colspan="2">';
|
||||
$form->select_types_paiements(isset($_POST["paymenttype"])?$_POST["paymenttype"]:$object->paymenttype, "paymenttype");
|
||||
$form->select_types_paiements(GETPOSTISSET("paymenttype") ? GETPOST("paymenttype") : $object->paymenttype, "paymenttype");
|
||||
print "</td>\n";
|
||||
print '</tr>';
|
||||
|
||||
print '<tr>';
|
||||
print '<td class="fieldrequired">'.$langs->trans('AccountToCredit').'</td>';
|
||||
print '<td colspan="2">';
|
||||
$form->select_comptes(isset($_POST["accountid"])?$_POST["accountid"]:$object->accountid, "accountid", 0, '', 1); // Show open bank account list
|
||||
$form->select_comptes(GETPOSTISSET("accountid") ? GETPOST("accountid") : $object->accountid, "accountid", 0, '', 1); // Show open bank account list
|
||||
print '</td></tr>';
|
||||
|
||||
// Number
|
||||
|
||||
@ -241,11 +241,11 @@ if (empty($reshook))
|
||||
|
||||
if ($objectsrc->lines[$i]->product_tobatch) // If product need a batch number
|
||||
{
|
||||
if (isset($_POST[$batch]))
|
||||
if (GETPOSTISSET($batch))
|
||||
{
|
||||
//shipment line with batch-enable product
|
||||
$qty .= '_'.$j;
|
||||
while (isset($_POST[$batch]))
|
||||
while (GETPOSTISSET($batch))
|
||||
{
|
||||
// save line of detail into sub_qty
|
||||
$sub_qty[$j]['q'] = GETPOST($qty, 'int'); // the qty we want to move for this stock record
|
||||
@ -277,11 +277,11 @@ if (empty($reshook))
|
||||
}
|
||||
}
|
||||
}
|
||||
elseif (isset($_POST[$stockLocation]))
|
||||
elseif (GETPOSTISSET($stockLocation))
|
||||
{
|
||||
//shipment line from multiple stock locations
|
||||
$qty .= '_'.$j;
|
||||
while (isset($_POST[$stockLocation]))
|
||||
while (GETPOSTISSET($stockLocation))
|
||||
{
|
||||
// save sub line of warehouse
|
||||
$stockLine[$i][$j]['qty'] = GETPOST($qty, 'int');
|
||||
|
||||
@ -72,7 +72,7 @@ class ExpenseReportIk extends CoreObject
|
||||
* Attribute object linked with database
|
||||
* @var array
|
||||
*/
|
||||
protected $fields=array(
|
||||
public $fields=array(
|
||||
'rowid'=>array('type'=>'integer','index'=>true)
|
||||
,'fk_c_exp_tax_cat'=>array('type'=>'integer','index'=>true)
|
||||
,'fk_range'=>array('type'=>'integer','index'=>true)
|
||||
|
||||
@ -111,7 +111,7 @@ class ExpenseReportRule extends CoreObject
|
||||
* Attribute object linked with database
|
||||
* @var array
|
||||
*/
|
||||
protected $fields=array(
|
||||
public $fields=array(
|
||||
'rowid'=>array('type'=>'integer','index'=>true)
|
||||
,'dates'=>array('type'=>'date')
|
||||
,'datee'=>array('type'=>'date')
|
||||
|
||||
@ -411,12 +411,12 @@ if ($step == 4 && $action == 'submitFormField')
|
||||
$newcode = (string) preg_replace('/\./', '_', $code);
|
||||
//print 'xxx'.$code."=".$newcode."=".$type."=".$_POST[$newcode]."\n<br>";
|
||||
$filterqualified = 1;
|
||||
if (!isset($_POST[$newcode]) || $_POST[$newcode] == '') $filterqualified = 0;
|
||||
elseif (preg_match('/^List/', $type) && (is_numeric($_POST[$newcode]) && $_POST[$newcode] <= 0)) $filterqualified = 0;
|
||||
if (! GETPOSTISSET($newcode) || GETPOST($newcode, 'restricthtml') == '') $filterqualified = 0;
|
||||
elseif (preg_match('/^List/', $type) && (is_numeric(GETPOST($newcode, 'restricthtml')) && GETPOST($newcode, 'restricthtml') <= 0)) $filterqualified = 0;
|
||||
if ($filterqualified)
|
||||
{
|
||||
//print 'Filter on '.$newcode.' type='.$type.' value='.$_POST[$newcode]."\n";
|
||||
$objexport->array_export_FilterValue[0][$code] = $_POST[$newcode];
|
||||
$objexport->array_export_FilterValue[0][$code] = GETPOST($newcode, 'restricthtml');
|
||||
}
|
||||
}
|
||||
$array_filtervalue = (!empty($objexport->array_export_FilterValue[0]) ? $objexport->array_export_FilterValue[0] : '');
|
||||
|
||||
@ -273,7 +273,7 @@ if ($action == 'dispatch' && $user->rights->fournisseur->commande->receptionner)
|
||||
if (empty($conf->multicurrency->enabled) && empty($conf->dynamicprices->enabled)) {
|
||||
$dto = GETPOST("dto_".$reg[1].'_'.$reg[2]);
|
||||
//update supplier price
|
||||
if (isset($_POST[$saveprice])) {
|
||||
if (GETPOSTISSET($saveprice)) {
|
||||
// TODO Use class
|
||||
$sql = "UPDATE ".MAIN_DB_PREFIX."product_fournisseur_price";
|
||||
$sql .= " SET unitprice='".GETPOST($pu)."'";
|
||||
|
||||
@ -28,3 +28,5 @@ OAUTH_GITHUB_NAME=OAuth GitHub service
|
||||
OAUTH_GITHUB_ID=OAuth GitHub Id
|
||||
OAUTH_GITHUB_SECRET=OAuth GitHub Secret
|
||||
OAUTH_GITHUB_DESC=Go to <a class="notasortlink" href="https://github.com/settings/developers" target="_blank">this page</a> then "Register a new application" to create OAuth credentials
|
||||
OAUTH_STRIPE_TEST_NAME=OAuth Stripe Test
|
||||
OAUTH_STRIPE_LIVE_NAME=OAuth Stripe Live
|
||||
@ -565,6 +565,7 @@ if (!defined('NOLOGIN'))
|
||||
$dol_tz_string = preg_replace('/,/', '/', $dol_tz_string);
|
||||
$dol_tz_string = preg_replace('/\s/', '_', $dol_tz_string);
|
||||
$dol_dst = 0;
|
||||
// Keep $_POST here. Do not use GETPOSTISSET
|
||||
if (isset($_POST["dst_first"]) && isset($_POST["dst_second"]))
|
||||
{
|
||||
include_once DOL_DOCUMENT_ROOT.'/core/lib/date.lib.php';
|
||||
|
||||
@ -170,7 +170,7 @@ elseif (!empty($_ENV["dol_entity"])) // Entity inside a CLI script
|
||||
{
|
||||
$conf->entity = $_ENV["dol_entity"];
|
||||
}
|
||||
elseif (isset($_POST["loginfunction"]) && GETPOST("entity", 'int')) // Just after a login page
|
||||
elseif (GETPOSTISSET("loginfunction") && GETPOST("entity", 'int')) // Just after a login page
|
||||
{
|
||||
$conf->entity = GETPOST("entity", 'int');
|
||||
}
|
||||
|
||||
@ -112,7 +112,7 @@ class mailing_mailinglist_mymodule_myobject extends MailingTargets
|
||||
$sql = " select rowid as id, email, firstname, lastname, plan, partner";
|
||||
$sql.= " from ".MAIN_DB_PREFIX."myobject";
|
||||
$sql.= " where email IS NOT NULL AND email != ''";
|
||||
if (! empty($_POST['filter']) && $_POST['filter'] != 'none') $sql.= " AND status = '".$this->db->escape($_POST['filter'])."'";
|
||||
if (GETPOSTISSET('filter') && GETPOST('filter', 'alphanohtml') != 'none') $sql.= " AND status = '".$this->db->escape(GETPOST('filter', 'alphanohtml'))."'";
|
||||
$sql.= " ORDER BY email";
|
||||
|
||||
// Stocke destinataires dans target
|
||||
|
||||
@ -63,9 +63,9 @@ if ($action == 'edit_updater') {
|
||||
if (!empty($action) && empty($cancel)) {
|
||||
//Global variable actions
|
||||
if ($action == 'create_variable' || $action == 'edit_variable') {
|
||||
$price_globals->code = isset($_POST['code'])?GETPOST('code', 'alpha'):$price_globals->code;
|
||||
$price_globals->description = isset($_POST['description'])?GETPOST('description', 'alpha'):$price_globals->description;
|
||||
$price_globals->value = isset($_POST['value'])?GETPOST('value', 'int'):$price_globals->value;
|
||||
$price_globals->code = GETPOSTISSET('code')?GETPOST('code', 'alpha'):$price_globals->code;
|
||||
$price_globals->description = GETPOSTISSET('description')?GETPOST('description', 'alpha'):$price_globals->description;
|
||||
$price_globals->value = GETPOSTISSET('value')?GETPOST('value', 'int'):$price_globals->value;
|
||||
//Check if record already exists only when saving
|
||||
if (!empty($save)) {
|
||||
foreach ($price_globals->listGlobalVariables() as $entry) {
|
||||
@ -101,11 +101,11 @@ if (!empty($action) && empty($cancel)) {
|
||||
|
||||
//Updaters actions
|
||||
if ($action == 'create_updater' || $action == 'edit_updater') {
|
||||
$price_updaters->type = isset($_POST['type'])?GETPOST('type', 'int'):$price_updaters->type;
|
||||
$price_updaters->description = isset($_POST['description'])?GETPOST('description', 'alpha'):$price_updaters->description;
|
||||
$price_updaters->parameters = isset($_POST['parameters'])?GETPOST('parameters'):$price_updaters->parameters;
|
||||
$price_updaters->fk_variable = isset($_POST['fk_variable'])?GETPOST('fk_variable', 'int'):$price_updaters->fk_variable;
|
||||
$price_updaters->update_interval = isset($_POST['update_interval'])?GETPOST('update_interval', 'int'):$price_updaters->update_interval;
|
||||
$price_updaters->type = GETPOSTISSET('type')?GETPOST('type', 'int'):$price_updaters->type;
|
||||
$price_updaters->description = GETPOSTISSET('description')?GETPOST('description', 'alpha'):$price_updaters->description;
|
||||
$price_updaters->parameters = GETPOSTISSET('parameters')?GETPOST('parameters'):$price_updaters->parameters;
|
||||
$price_updaters->fk_variable = GETPOSTISSET('fk_variable')?GETPOST('fk_variable', 'int'):$price_updaters->fk_variable;
|
||||
$price_updaters->update_interval = GETPOSTISSET('update_interval')?GETPOST('update_interval', 'int'):$price_updaters->update_interval;
|
||||
}
|
||||
if ($action == 'create_updater' && !empty($save)) {
|
||||
//Verify if process() works
|
||||
|
||||
@ -331,7 +331,7 @@ if (empty($reshook))
|
||||
{
|
||||
for ($i = 2; $i <= $conf->global->PRODUIT_MULTIPRICES_LIMIT; $i++)
|
||||
{
|
||||
if (isset($_POST["price_".$i]))
|
||||
if (GETPOSTISSET("price_".$i))
|
||||
{
|
||||
$object->multiprices["$i"] = price2num($_POST["price_".$i], 'MU');
|
||||
$object->multiprices_base_type["$i"] = $_POST["multiprices_base_type_".$i];
|
||||
|
||||
@ -1874,7 +1874,7 @@ if ($socid && $action == 'create' && $user->rights->societe->creer)
|
||||
|
||||
print '<tr><td>'.$langs->trans("WithdrawMode").'</td><td>';
|
||||
$tblArraychoice = array("FRST" => $langs->trans("FRST"), "RECUR" => $langs->trans("RECUR"));
|
||||
print $form->selectarray("frstrecur", $tblArraychoice, (isset($_POST['frstrecur']) ?GETPOST('frstrecur') : 'FRST'), 0);
|
||||
print $form->selectarray("frstrecur", $tblArraychoice, (GETPOSTISSET('frstrecur') ? GETPOST('frstrecur') : 'FRST'), 0);
|
||||
print '</td></tr>';
|
||||
|
||||
print '</table>';
|
||||
|
||||
@ -33,13 +33,14 @@ require '../../main.inc.php';
|
||||
top_httphead();
|
||||
|
||||
// Registering the location of boxes
|
||||
if (isset($_POST['roworder'])) {
|
||||
if (GETPOSTISSET('roworder')) {
|
||||
$roworder=GETPOST('roworder', 'alpha', 2);
|
||||
|
||||
dol_syslog("AjaxOrderAttribute roworder=".$roworder, LOG_DEBUG);
|
||||
|
||||
$rowordertab = explode(',', $roworder);
|
||||
|
||||
$newrowordertab = array();
|
||||
foreach ($rowordertab as $value) {
|
||||
if (!empty($value)) {
|
||||
$newrowordertab[] = $value;
|
||||
|
||||
Loading…
Reference in New Issue
Block a user