diff --git a/htdocs/takepos/admin/orderprinters.php b/htdocs/takepos/admin/orderprinters.php index 73081e6103d..646eef127bf 100644 --- a/htdocs/takepos/admin/orderprinters.php +++ b/htdocs/takepos/admin/orderprinters.php @@ -42,9 +42,9 @@ if (! $user->rights->categorie->lire) accessforbidden(); $id=GETPOST('id','int'); $type=(GETPOST('type','aZ09') ? GETPOST('type','aZ09') : Categorie::TYPE_PRODUCT); $catname=GETPOST('catname','alpha'); -$action=GETPOST('action'); -$printer1=GETPOST('printer1'); -$printer2=GETPOST('printer2'); +$action=GETPOST('action','alpha'); +$printer1=GETPOST('printer1','alpha'); +$printer2=GETPOST('printer2','alpha'); if (is_numeric($type)) $type=Categorie::$MAP_ID_TO_CODE[$type]; // For backward compatibility diff --git a/htdocs/takepos/admin/setup.php b/htdocs/takepos/admin/setup.php index dc28008351e..752e5d18d9a 100644 --- a/htdocs/takepos/admin/setup.php +++ b/htdocs/takepos/admin/setup.php @@ -35,8 +35,7 @@ if (! empty($_REQUEST['CASHDESK_ID_THIRDPARTY_id'])) } // Security check -if (!$user->admin) -accessforbidden(); +if (!$user->admin) accessforbidden(); $langs->load("admin"); $langs->load("cashdesk"); diff --git a/htdocs/takepos/ajax.php b/htdocs/takepos/ajax.php index 5b199ec11a9..33d1503891e 100644 --- a/htdocs/takepos/ajax.php +++ b/htdocs/takepos/ajax.php @@ -33,9 +33,9 @@ if (! defined('NOREQUIREAJAX')) define('NOREQUIREAJAX','1'); require '../main.inc.php'; // Load $user and permissions require_once DOL_DOCUMENT_ROOT.'/categories/class/categorie.class.php'; -$category = GETPOST('category'); -$action = GETPOST('action'); -$term = GETPOST('term'); +$category = GETPOST('category','alpha'); +$action = GETPOST('action','alpha'); +$term = GETPOST('term','alpha'); /* diff --git a/htdocs/takepos/customers.php b/htdocs/takepos/customers.php index f62931569ef..f5bcb8557cf 100644 --- a/htdocs/takepos/customers.php +++ b/htdocs/takepos/customers.php @@ -37,17 +37,23 @@ require_once DOL_DOCUMENT_ROOT.'/core/lib/company.lib.php'; require_once DOL_DOCUMENT_ROOT.'/core/class/html.formcompany.class.php'; require_once DOL_DOCUMENT_ROOT.'/societe/class/client.class.php'; -$langs->loadLangs(array("companies", "commercial", "customers", "suppliers", "bills", "compta", "categories")); +$langs->loadLangs(array("companies", "commercial", "customers", "suppliers", "bills", "compta", "categories", "cashdesk")); $action=GETPOST('action','alpha'); $massaction=GETPOST('massaction','alpha'); $show_files=GETPOST('show_files','int'); $confirm=GETPOST('confirm','alpha'); $toselect = GETPOST('toselect', 'array'); -$idcustomer = GETPOST('idcustomer'); -$place = GETPOST('place'); +$idcustomer = GETPOST('idcustomer','int'); +$place = GETPOST('place','int'); + $_GET['optioncss'] = 'print'; + +/* + * Actions + */ + if ($action=="change") { $sql="UPDATE ".MAIN_DB_PREFIX."facture set fk_soc=".$idcustomer." where facnumber='(PROV-POS-".$place.")'"; $resql = $db->query($sql); diff --git a/htdocs/takepos/floors.php b/htdocs/takepos/floors.php index a108c54bf7c..8dd6f729950 100644 --- a/htdocs/takepos/floors.php +++ b/htdocs/takepos/floors.php @@ -29,15 +29,15 @@ $_GET['theme']="md"; // Force theme. MD theme provides better look and feel to T require '../main.inc.php'; // Load $user and permissions -$floor=GETPOST('floor'); +$floor=GETPOST('floor','alpha'); if ($floor=="") $floor=1; -$id = GETPOST('id'); -$action = GETPOST('action'); -$left = GETPOST('left'); -$top = GETPOST('top'); -$place = GETPOST('place'); +$id = GETPOST('id','int'); +$action = GETPOST('action','alpha'); +$left = GETPOST('left','alpha'); +$top = GETPOST('top','alpha'); +$place = GETPOST('place','int'); $newname = GETPOST('newname'); -$mode = GETPOST('mode'); +$mode = GETPOST('mode','alpha'); if ($action=="getTables"){ $sql="SELECT * from ".MAIN_DB_PREFIX."takepos_floor_tables where floor=".$floor; diff --git a/htdocs/takepos/freezone.php b/htdocs/takepos/freezone.php index 36b1913466e..f97d46518e3 100644 --- a/htdocs/takepos/freezone.php +++ b/htdocs/takepos/freezone.php @@ -29,7 +29,8 @@ require '../main.inc.php'; // Load $user and permissions $langs->load("bills"); $langs->load("cashdesk"); -$place = GETPOST('place'); + +$place = GETPOST('place','int'); /* diff --git a/htdocs/takepos/invoice.php b/htdocs/takepos/invoice.php index 2df1cc965f0..91b43dad675 100644 --- a/htdocs/takepos/invoice.php +++ b/htdocs/takepos/invoice.php @@ -32,13 +32,13 @@ require_once DOL_DOCUMENT_ROOT.'/compta/paiement/class/paiement.class.php'; $langs->load("bills"); $langs->load("cashdesk"); -$id = GETPOST('id'); -$action = GETPOST('action'); -$idproduct = GETPOST('idproduct'); -$place = GETPOST('place'); +$id = GETPOST('id','int'); +$action = GETPOST('action','alpha'); +$idproduct = GETPOST('idproduct','int'); +$place = GETPOST('place','int'); $number = GETPOST('number'); $idline = GETPOST('idline'); -$desc = GETPOST('desc'); +$desc = GETPOST('desc','alpha'); $pay = GETPOST('pay'); $sql="SELECT rowid FROM ".MAIN_DB_PREFIX."facture where facnumber='(PROV-POS-".$place.")'"; diff --git a/htdocs/takepos/pay.php b/htdocs/takepos/pay.php index 6a4c483606f..5f3b27b95be 100644 --- a/htdocs/takepos/pay.php +++ b/htdocs/takepos/pay.php @@ -30,7 +30,7 @@ $_GET['theme']="md"; // Force theme. MD theme provides better look and feel to T require '../main.inc.php'; // Load $user and permissions require_once DOL_DOCUMENT_ROOT . '/compta/facture/class/facture.class.php'; -$place = GETPOST('place'); +$place = GETPOST('place','int'); /* diff --git a/htdocs/takepos/takepos.php b/htdocs/takepos/takepos.php index ebd3b6bcd3e..8dec143bffe 100644 --- a/htdocs/takepos/takepos.php +++ b/htdocs/takepos/takepos.php @@ -32,9 +32,9 @@ require_once DOL_DOCUMENT_ROOT.'/core/class/html.formother.class.php'; require_once DOL_DOCUMENT_ROOT.'/categories/class/categorie.class.php'; require_once DOL_DOCUMENT_ROOT . '/compta/facture/class/facture.class.php'; -$place = GETPOST('place'); +$place = GETPOST('place','int'); if ($place=="") $place="0"; -$action = GETPOST('action'); +$action = GETPOST('action','alpha'); $langs->loadLangs(array("bills","orders","commercial","cashdesk"));