From fa8b960520881a31b75f3e57ad27178806bb8955 Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Mon, 30 Nov 2020 13:22:48 +0100
Subject: [PATCH] Clean code

---
 htdocs/product/admin/price_rules.php | 21 +++++++++++++--------
 1 file changed, 13 insertions(+), 8 deletions(-)

diff --git a/htdocs/product/admin/price_rules.php b/htdocs/product/admin/price_rules.php
index 94d2a658ecd..5b5743a742b 100644
--- a/htdocs/product/admin/price_rules.php
+++ b/htdocs/product/admin/price_rules.php
@@ -26,15 +26,18 @@ require_once DOL_DOCUMENT_ROOT.'/core/lib/product.lib.php';
 // Load translation files required by the page
 $langs->loadLangs(array('admin', 'products'));
 
+$action = GETPOST('action', 'aZ09');
+
 // Security check
 if (!$user->admin || (empty($conf->product->enabled) && empty($conf->service->enabled)))
 	accessforbidden();
 
+
 /**
  * Actions
  */
 
-if ($_POST) {
+if ($action == 'update') {
 	$var_percent = GETPOST('var_percent', 'array');
 	$var_min_percent = GETPOST('var_min_percent', 'array');
 	$fk_level = GETPOST('fk_level', 'array');
@@ -70,19 +73,19 @@ if ($_POST) {
 		if (!$check1 || !$check2) {
 			//If the level is between range but percent fields are empty, then we ensure it does not exist in DB
 			if ($check1) {
-				$db->query("DELETE FROM ".MAIN_DB_PREFIX."product_pricerules WHERE level = ".(int) $i);
+				$db->query("DELETE FROM ".MAIN_DB_PREFIX."product_pricerules WHERE level = ".((int) $i));
 			}
 
 			continue;
 		}
 
-		$sql = "INSERT INTO ".MAIN_DB_PREFIX."product_pricerules (level, fk_level, var_percent, var_min_percent) VALUES (
-		".(int) $i.", ".$db->escape($i_fk_level).", ".$i_var_percent.", ".$i_var_min_percent.")";
+		$sql = "INSERT INTO ".MAIN_DB_PREFIX."product_pricerules (level, fk_level, var_percent, var_min_percent) VALUES (";
+		$sql .= ((int) $i).", ".$db->escape($i_fk_level).", ".$i_var_percent.", ".$i_var_min_percent.")";
 
 		if (!$db->query($sql)) {
 			//If we could not create, then we try updating
-			$sql = "UPDATE ".MAIN_DB_PREFIX."product_pricerules
-			SET fk_level = ".$db->escape($i_fk_level).", var_percent = ".$i_var_percent.", var_min_percent = ".$i_var_min_percent." WHERE level = ".$i;
+			$sql = "UPDATE ".MAIN_DB_PREFIX."product_pricerules";
+			$sql .= " SET fk_level = ".$db->escape($i_fk_level).", var_percent = ".$i_var_percent.", var_min_percent = ".$i_var_min_percent." WHERE level = ".$i;
 
 			if (!$db->query($sql)) {
 				setEventMessages($langs->trans('ErrorSavingChanges'), null, 'errors');
@@ -93,6 +96,7 @@ if ($_POST) {
 	setEventMessages($langs->trans("RecordSaved"), null, 'mesgs');
 }
 
+
 /*
  * View
  */
@@ -124,8 +128,9 @@ $linkback = '<a href="'.DOL_URL_ROOT.'/admin/modules.php?restore_lastsearch_valu
 print load_fiche_titre($title, $linkback, 'title_setup');
 
 
-
-print '<form method="POST">';
+print '<form method="POST" action="'.$_SERVER["PHP_SELF"].'">';
+print '<input type="hidden" name="token" value="'.newToken().'">';
+print '<input type="hidden" name="action" value="update">';
 
 $head = product_admin_prepare_head();
 print dol_get_fiche_head($head, 'generator', $tab, 0, 'product');