diff --git a/htdocs/accountancy/admin/account.php b/htdocs/accountancy/admin/account.php index acd9eba2c9d..5c4e836986e 100644 --- a/htdocs/accountancy/admin/account.php +++ b/htdocs/accountancy/admin/account.php @@ -37,7 +37,7 @@ $langs->load("salaries"); $mesg = ''; $action = GETPOST('action','aZ09'); -$cancel = GETPOST('cancel'); +$cancel = GETPOST('cancel','alpha'); $id = GETPOST('id', 'int'); $rowid = GETPOST('rowid', 'int'); @@ -84,8 +84,8 @@ $contextpage=GETPOST('contextpage','aZ')?GETPOST('contextpage','aZ'):'accounting * Actions */ -if (GETPOST('cancel')) { $action='list'; $massaction=''; } -if (! GETPOST('confirmmassaction')) { $massaction=''; } +if (GETPOST('cancel','alpha')) { $action='list'; $massaction=''; } +if (! GETPOST('confirmmassaction','alpha')) { $massaction=''; } $parameters=array(); $reshook=$hookmanager->executeHooks('doActions',$parameters,$object,$action); // Note that $action and $object may have been modified by some hooks diff --git a/htdocs/accountancy/admin/card.php b/htdocs/accountancy/admin/card.php index ef707bbc43a..79a8a531ec9 100644 --- a/htdocs/accountancy/admin/card.php +++ b/htdocs/accountancy/admin/card.php @@ -37,10 +37,10 @@ $langs->load("accountancy"); $mesg = ''; $action = GETPOST('action','aZ09'); -$backtopage = GETPOST('backtopage'); +$backtopage = GETPOST('backtopage','alpha'); $id = GETPOST('id', 'int'); $rowid = GETPOST('rowid', 'int'); -$cancel = GETPOST('cancel'); +$cancel = GETPOST('cancel','alpha'); // Security check @@ -52,7 +52,7 @@ $object = new AccountingAccount($db); * Action */ -if (GETPOST('cancel')) +if (GETPOST('cancel','alpha')) { $urltogo=$backtopage?$backtopage:dol_buildpath('/accountancy/admin/account.php',1); header("Location: ".$urltogo); diff --git a/htdocs/accountancy/admin/categories.php b/htdocs/accountancy/admin/categories.php index ec2602568fb..b281078a6bf 100644 --- a/htdocs/accountancy/admin/categories.php +++ b/htdocs/accountancy/admin/categories.php @@ -35,7 +35,7 @@ $langs->load("accountancy"); $mesg = ''; $id = GETPOST('id', 'int'); $rowid = GETPOST('rowid', 'int'); -$cancel = GETPOST('cancel'); +$cancel = GETPOST('cancel','alpha'); $action = GETPOST('action','aZ09'); $cat_id = GETPOST('account_category'); $selectcpt = GETPOST('cpt_bk', 'array'); diff --git a/htdocs/accountancy/admin/productaccount.php b/htdocs/accountancy/admin/productaccount.php index ec77bde58b1..bebca87404c 100644 --- a/htdocs/accountancy/admin/productaccount.php +++ b/htdocs/accountancy/admin/productaccount.php @@ -90,8 +90,8 @@ $arrayfields=array(); * Actions */ -if (GETPOST('cancel')) { $action='list'; $massaction=''; } -if (! GETPOST('confirmmassaction') && $massaction != 'presend' && $massaction != 'confirm_presend') { $massaction=''; } +if (GETPOST('cancel','alpha')) { $action='list'; $massaction=''; } +if (! GETPOST('confirmmassaction','alpha') && $massaction != 'presend' && $massaction != 'confirm_presend') { $massaction=''; } $parameters=array(); $reshook=$hookmanager->executeHooks('doActions',$parameters,$object,$action); // Note that $action and $object may have been modified by some hooks diff --git a/htdocs/accountancy/bookkeeping/list.php b/htdocs/accountancy/bookkeeping/list.php index 0bb24f116d3..c87b906f45e 100644 --- a/htdocs/accountancy/bookkeeping/list.php +++ b/htdocs/accountancy/bookkeeping/list.php @@ -108,8 +108,8 @@ if ($action != 'export_file' && ! isset($_POST['begin']) && ! isset($_GET['begin * Action */ -if (GETPOST('cancel')) { $action='list'; $massaction=''; } -if (! GETPOST('confirmmassaction') && $massaction != 'presend' && $massaction != 'confirm_presend') { $massaction=''; } +if (GETPOST('cancel','alpha')) { $action='list'; $massaction=''; } +if (! GETPOST('confirmmassaction','alpha') && $massaction != 'presend' && $massaction != 'confirm_presend') { $massaction=''; } if (GETPOST('button_removefilter_x','alpha') || GETPOST('button_removefilter.x','alpha') || GETPOST('button_removefilter','alpha')) // All tests are required to be compatible with all browsers { diff --git a/htdocs/accountancy/customer/list.php b/htdocs/accountancy/customer/list.php index 0288ee872d7..51f62ecabf6 100644 --- a/htdocs/accountancy/customer/list.php +++ b/htdocs/accountancy/customer/list.php @@ -101,8 +101,8 @@ $aarowid_p = $accounting->fetch('', $conf->global->ACCOUNTING_PRODUCT_SOLD_ACCOU * Action */ -if (GETPOST('cancel')) { $action='list'; $massaction=''; } -if (! GETPOST('confirmmassaction') && $massaction != 'presend' && $massaction != 'confirm_presend') { $massaction=''; } +if (GETPOST('cancel','alpha')) { $action='list'; $massaction=''; } +if (! GETPOST('confirmmassaction','alpha') && $massaction != 'presend' && $massaction != 'confirm_presend') { $massaction=''; } // Purge search criteria if (GETPOST('button_removefilter_x','alpha') || GETPOST('button_removefilter.x','alpha') || GETPOST('button_removefilter','alpha')) // All test are required to be compatible with all browsers diff --git a/htdocs/accountancy/expensereport/list.php b/htdocs/accountancy/expensereport/list.php index 6bf18f0da20..ee17976ca30 100644 --- a/htdocs/accountancy/expensereport/list.php +++ b/htdocs/accountancy/expensereport/list.php @@ -97,8 +97,8 @@ $accounting = new AccountingAccount($db); * Action */ -if (GETPOST('cancel')) { $action='list'; $massaction=''; } -if (! GETPOST('confirmmassaction') && $massaction != 'presend' && $massaction != 'confirm_presend') { $massaction=''; } +if (GETPOST('cancel','alpha')) { $action='list'; $massaction=''; } +if (! GETPOST('confirmmassaction','alpha') && $massaction != 'presend' && $massaction != 'confirm_presend') { $massaction=''; } // Purge search criteria if (GETPOST('button_removefilter_x','alpha') || GETPOST('button_removefilter.x','alpha') || GETPOST('button_removefilter','alpha')) // All test are required to be compatible with all browsers diff --git a/htdocs/accountancy/supplier/list.php b/htdocs/accountancy/supplier/list.php index ba5ecfe6bb7..0ebf66f1215 100644 --- a/htdocs/accountancy/supplier/list.php +++ b/htdocs/accountancy/supplier/list.php @@ -102,8 +102,8 @@ $aarowid_p = $accounting->fetch('', $conf->global->ACCOUNTING_PRODUCT_BUY_ACCOUN * Action */ -if (GETPOST('cancel')) { $action='list'; $massaction=''; } -if (! GETPOST('confirmmassaction') && $massaction != 'presend' && $massaction != 'confirm_presend') { $massaction=''; } +if (GETPOST('cancel','alpha')) { $action='list'; $massaction=''; } +if (! GETPOST('confirmmassaction','alpha') && $massaction != 'presend' && $massaction != 'confirm_presend') { $massaction=''; } // Purge search criteria if (GETPOST('button_removefilter_x','alpha') || GETPOST('button_removefilter.x','alpha') || GETPOST('button_removefilter','alpha')) // All test are required to be compatible with all browsers diff --git a/htdocs/adherents/list.php b/htdocs/adherents/list.php index cf98099fb7a..3dc5439f47f 100644 --- a/htdocs/adherents/list.php +++ b/htdocs/adherents/list.php @@ -138,8 +138,8 @@ if (is_array($extrafields->attribute_label) && count($extrafields->attribute_lab * Actions */ -if (GETPOST('cancel')) { $action='list'; $massaction=''; } -if (! GETPOST('confirmmassaction') && $massaction != 'presend' && $massaction != 'confirm_presend' && $massaction != 'confirm_createbills') { $massaction=''; } +if (GETPOST('cancel','alpha')) { $action='list'; $massaction=''; } +if (! GETPOST('confirmmassaction','alpha') && $massaction != 'presend' && $massaction != 'confirm_presend' && $massaction != 'confirm_createbills') { $massaction=''; } $parameters=array('socid'=>$socid); $reshook=$hookmanager->executeHooks('doActions',$parameters,$object,$action); // Note that $action and $object may have been modified by some hooks diff --git a/htdocs/adherents/subscription/card.php b/htdocs/adherents/subscription/card.php index 5cd4704ae37..f86da6d8fcc 100644 --- a/htdocs/adherents/subscription/card.php +++ b/htdocs/adherents/subscription/card.php @@ -39,7 +39,7 @@ $errmsg=''; $action=GETPOST("action",'alpha'); $rowid=GETPOST("rowid","int")?GETPOST("rowid","int"):GETPOST("id","int"); $typeid=GETPOST("typeid","int"); -$cancel=GETPOST('cancel'); +$cancel=GETPOST('cancel','alpha'); $confirm=GETPOST('confirm'); if (! $user->rights->adherent->cotisation->lire) diff --git a/htdocs/adherents/subscription/list.php b/htdocs/adherents/subscription/list.php index 1fee5ac545c..4d22ec1f6a6 100644 --- a/htdocs/adherents/subscription/list.php +++ b/htdocs/adherents/subscription/list.php @@ -75,8 +75,8 @@ $result=restrictedArea($user,'adherent','','','cotisation'); * Actions */ -if (GETPOST('cancel')) { $action='list'; $massaction=''; } -if (! GETPOST('confirmmassaction') && $massaction != 'presend' && $massaction != 'confirm_presend' && $massaction != 'confirm_createbills') { $massaction=''; } +if (GETPOST('cancel','alpha')) { $action='list'; $massaction=''; } +if (! GETPOST('confirmmassaction','alpha') && $massaction != 'presend' && $massaction != 'confirm_presend' && $massaction != 'confirm_createbills') { $massaction=''; } $parameters=array('socid'=>$socid); $reshook=$hookmanager->executeHooks('doActions',$parameters,$object,$action); // Note that $action and $object may have been modified by some hooks diff --git a/htdocs/admin/defaultvalues.php b/htdocs/admin/defaultvalues.php index 3565a2f5f20..b758506f8b5 100644 --- a/htdocs/admin/defaultvalues.php +++ b/htdocs/admin/defaultvalues.php @@ -69,8 +69,8 @@ $hookmanager->initHooks(array('admindefaultvalues','globaladmin')); * Actions */ -if (GETPOST('cancel')) { $action='list'; $massaction=''; } -if (! GETPOST('confirmmassaction') && $massaction != 'presend' && $massaction != 'confirm_presend') { $massaction=''; } +if (GETPOST('cancel','alpha')) { $action='list'; $massaction=''; } +if (! GETPOST('confirmmassaction','alpha') && $massaction != 'presend' && $massaction != 'confirm_presend') { $massaction=''; } $parameters=array('socid'=>$socid); $reshook=$hookmanager->executeHooks('doActions',$parameters,$object,$action); // Note that $action and $object may have been modified by some hooks diff --git a/htdocs/admin/dolistore/class/PSWebServiceLibrary.class.php b/htdocs/admin/dolistore/class/PSWebServiceLibrary.class.php index 4b8978462fb..85783ae197d 100644 --- a/htdocs/admin/dolistore/class/PSWebServiceLibrary.class.php +++ b/htdocs/admin/dolistore/class/PSWebServiceLibrary.class.php @@ -387,48 +387,6 @@ class PrestaShopWebservice self::checkStatusCode($request['status_code']);// check the response validity return self::parseXML($request['response']); } - - /** - * Delete (DELETE) a resource. - * Unique parameter must take :

- * 'resource' => Resource name
- * 'id' => ID or array which contains IDs of a resource(s) you want to delete

- * - * delete(array('resource' => 'orders', 'id' => 1)); - * // Following code will not be executed if an exception is thrown. - * echo 'Successfully deleted.'; - * } - * catch (PrestaShopWebserviceException $ex) - * { - * echo 'Error : '.$ex->getMessage(); - * } - * ?> - * - * @param array $options Array representing resource to delete. - * @return boolean true - */ - public function delete($options) - { - if (isset($options['url'])) - $url = $options['url']; - elseif (isset($options['resource']) && isset($options['id'])) - if (is_array($options['id'])) - $url = $this->url.'/api/'.$options['resource'].'/?id=['.implode(',', $options['id']).']'; - else - $url = $this->url.'/api/'.$options['resource'].'/'.$options['id']; - if (isset($options['id_shop'])) - $url .= '&id_shop='.$options['id_shop']; - if (isset($options['id_group_shop'])) - $url .= '&id_group_shop='.$options['id_group_shop']; - $request = self::executeRequest($url, array(CURLOPT_CUSTOMREQUEST => 'DELETE')); - self::checkStatusCode($request['status_code']);// check the response validity - return true; - } } /** diff --git a/htdocs/admin/ihm.php b/htdocs/admin/ihm.php index f764f40c054..56efe2b5d7d 100644 --- a/htdocs/admin/ihm.php +++ b/htdocs/admin/ihm.php @@ -55,7 +55,7 @@ if (! defined("MAIN_MOTD")) define("MAIN_MOTD",""); * Action */ -if (GETPOST('cancel')) +if (GETPOST('cancel','alpha')) { $action=''; } diff --git a/htdocs/admin/mails_templates.php b/htdocs/admin/mails_templates.php index d4862e2a7b3..c9b8120bd0f 100644 --- a/htdocs/admin/mails_templates.php +++ b/htdocs/admin/mails_templates.php @@ -179,8 +179,8 @@ $id = 25; * Actions */ -if (GETPOST('cancel')) { $action='list'; $massaction=''; } -if (! GETPOST('confirmmassaction') && $massaction != 'presend' && $massaction != 'confirm_presend') { $massaction=''; } +if (GETPOST('cancel','alpha')) { $action='list'; $massaction=''; } +if (! GETPOST('confirmmassaction','alpha') && $massaction != 'presend' && $massaction != 'confirm_presend') { $massaction=''; } $parameters=array(); $reshook=$hookmanager->executeHooks('doActions',$parameters,$object,$action); // Note that $action and $object may have been modified by some hooks diff --git a/htdocs/admin/translation.php b/htdocs/admin/translation.php index bffa9be01b6..e2d2db9e659 100644 --- a/htdocs/admin/translation.php +++ b/htdocs/admin/translation.php @@ -64,8 +64,8 @@ $hookmanager->initHooks(array('admintranslation','globaladmin')); * Actions */ -if (GETPOST('cancel')) { $action='list'; $massaction=''; } -if (! GETPOST('confirmmassaction') && $massaction != 'presend' && $massaction != 'confirm_presend') { $massaction=''; } +if (GETPOST('cancel','alpha')) { $action='list'; $massaction=''; } +if (! GETPOST('confirmmassaction','alpha') && $massaction != 'presend' && $massaction != 'confirm_presend') { $massaction=''; } $parameters=array('socid'=>$socid); $reshook=$hookmanager->executeHooks('doActions',$parameters,$object,$action); // Note that $action and $object may have been modified by some hooks diff --git a/htdocs/bookmarks/card.php b/htdocs/bookmarks/card.php index e9722669e7d..2c3b200b4e4 100644 --- a/htdocs/bookmarks/card.php +++ b/htdocs/bookmarks/card.php @@ -63,7 +63,7 @@ if ($action == 'add' || $action == 'addproduct' || $action == 'update') $error = 0; - if (GETPOST("cancel")) + if (GETPOST('cancel','alpha')) { if (empty($backtopage)) $backtopage=($urlsource?$urlsource:((! empty($url))?$url:DOL_URL_ROOT.'/bookmarks/list.php')); header("Location: ".$backtopage); diff --git a/htdocs/categories/edit.php b/htdocs/categories/edit.php index 59bee88b75b..4ccd9116d74 100644 --- a/htdocs/categories/edit.php +++ b/htdocs/categories/edit.php @@ -36,7 +36,7 @@ $ref=GETPOST('ref'); $type=GETPOST('type'); $action=GETPOST('action','aZ09'); $confirm=GETPOST('confirm'); -$cancel=GETPOST('cancel'); +$cancel=GETPOST('cancel','alpha'); $socid=GETPOST('socid','int'); $label=GETPOST('label'); diff --git a/htdocs/comm/address.php b/htdocs/comm/address.php index 72e2dbadff4..6547f453b21 100644 --- a/htdocs/comm/address.php +++ b/htdocs/comm/address.php @@ -52,7 +52,7 @@ $object = new Address($db); */ // Cancel -if (GETPOST("cancel") && ! empty($backtopage)) +if (GETPOST('cancel','alpha') && ! empty($backtopage)) { header("Location: ".$backtopage); exit; diff --git a/htdocs/comm/card.php b/htdocs/comm/card.php index 8c793de43fc..1b3d231382c 100644 --- a/htdocs/comm/card.php +++ b/htdocs/comm/card.php @@ -73,7 +73,7 @@ $pageprev = $page - 1; $pagenext = $page + 1; if (! $sortorder) $sortorder="ASC"; if (! $sortfield) $sortfield="nom"; -$cancelbutton = GETPOST('cancel'); +$cancelbutton = GETPOST('cancel','alpha'); $object = new Client($db); $extrafields = new ExtraFields($db); diff --git a/htdocs/comm/mailing/card.php b/htdocs/comm/mailing/card.php index 86a5504d409..c7771476f35 100644 --- a/htdocs/comm/mailing/card.php +++ b/htdocs/comm/mailing/card.php @@ -738,7 +738,7 @@ if ($action == 'create') print ''; print ''; print ''; print '
'.$langs->trans("MailTopic").'
'.$langs->trans("BackgroundColorByDefault").''; - print $htmlother->selectColor($_POST['bgcolor'],'bgcolor','new_mailing',0); + print $htmlother->selectColor($_POST['bgcolor'],'bgcolor','',0); print '
'; @@ -930,7 +930,7 @@ else * Boutons d'action */ - if (GETPOST("cancel") || $confirm=='no' || $action == '' || in_array($action,array('settodraft', 'valid','delete','sendall','clone'))) + if (GETPOST('cancel','alpha') || $confirm=='no' || $action == '' || in_array($action,array('settodraft', 'valid','delete','sendall','clone'))) { print "\n\n
\n"; @@ -941,7 +941,14 @@ else if (($object->statut == 0 || $object->statut == 1) && $user->rights->mailing->creer) { - print ''.$langs->trans("EditWithEditor").''; + if (! empty($conf->fckeditor->enabled) && ! empty($conf->global->FCKEDITOR_ENABLE_MAILING)) + { + print ''.$langs->trans("EditWithEditor").''; + } + else + { + print ''.$langs->trans("EditWithTextEditor").''; + } if (! empty($conf->use_javascript_ajax)) print ''.$langs->trans("EditHTMLSource").''; } @@ -1091,19 +1098,19 @@ else // Background color /*print ''.$langs->trans("BackgroundColorByDefault").''; - print $htmlother->selectColor($object->bgcolor,'bgcolor','edit_mailing',0); + print $htmlother->selectColor($object->bgcolor,'bgcolor','',0); print '';*/ print ''; // Message - print '
'; - if (empty($object->bgcolor) || strtolower($object->bgcolor) == 'ffffff') + print '
'; + if (empty($object->bgcolor) || strtolower($object->bgcolor) == 'ffffff') // CKEditor does not apply the color of the div into its content area { $readonly=1; // Editeur wysiwyg require_once DOL_DOCUMENT_ROOT.'/core/class/doleditor.class.php'; - $doleditor=new DolEditor('bodyemail',$object->body,'',600,'dolibarr_mailings','',false,true,empty($conf->global->FCKEDITOR_ENABLE_MAILING)?0:1,20,120,$readonly); + $doleditor=new DolEditor('bodyemail',$object->body,'',600,'dolibarr_mailings','',false,true,empty($conf->global->FCKEDITOR_ENABLE_MAILING)?0:1,20,'90%',$readonly); $doleditor->Create(); } else print dol_htmlentitiesbr($object->body); @@ -1245,7 +1252,7 @@ else // Background color print ''.$langs->trans("BackgroundColorByDefault").''; - print $htmlother->selectColor($object->bgcolor,'bgcolor','edit_mailing',0); + print $htmlother->selectColor($object->bgcolor,'bgcolor','',0); print ''; print ''; diff --git a/htdocs/comm/mailing/class/advtargetemailing.class.php b/htdocs/comm/mailing/class/advtargetemailing.class.php index ea2569b863e..8e8941c23fb 100644 --- a/htdocs/comm/mailing/class/advtargetemailing.class.php +++ b/htdocs/comm/mailing/class/advtargetemailing.class.php @@ -658,7 +658,7 @@ class AdvanceTargetingMailing extends CommonObject $sqlwhere[]= " (t.datec >= '".$this->db->idate($arrayquery['contact_create_st_dt'])."' AND t.datec <= '".$this->db->idate($arrayquery['contact_create_end_dt'])."')"; } if (!empty($arrayquery['contact_categ']) && count($arrayquery['contact_categ'])>0) { - $sqlwhere[]= " (contactcateg.fk_categorie IN (".$db->escape(implode(",",$arrayquery['contact_categ']))."))"; + $sqlwhere[]= " (contactcateg.fk_categorie IN (".$this->db->escape(implode(",",$arrayquery['contact_categ']))."))"; } //Standard Extrafield feature diff --git a/htdocs/comm/propal/card.php b/htdocs/comm/propal/card.php index 49bab4faa71..7987555e569 100644 --- a/htdocs/comm/propal/card.php +++ b/htdocs/comm/propal/card.php @@ -602,7 +602,7 @@ if (empty($reshook)) } // Close proposal - else if ($action == 'setstatut' && $user->rights->propal->cloturer && ! GETPOST('cancel')) + else if ($action == 'setstatut' && $user->rights->propal->cloturer && ! GETPOST('cancel','alpha')) { if (! GETPOST('statut')) { setEventMessages($langs->trans("ErrorFieldRequired", $langs->transnoentitiesnoconv("CloseAs")), null, 'errors'); @@ -622,7 +622,7 @@ if (empty($reshook)) } // Reopen proposal - else if ($action == 'confirm_reopen' && $user->rights->propal->cloturer && ! GETPOST('cancel')) + else if ($action == 'confirm_reopen' && $user->rights->propal->cloturer && ! GETPOST('cancel','alpha')) { // prevent browser refresh from reopening proposal several times if ($object->statut == Propal::STATUS_SIGNED || $object->statut == Propal::STATUS_NOTSIGNED || $object->statut == Propal::STATUS_BILLED) @@ -1106,7 +1106,7 @@ if (empty($reshook)) } } - else if ($action == 'updateligne' && $user->rights->propal->creer && GETPOST('cancel')) + else if ($action == 'updateligne' && $user->rights->propal->creer && GETPOST('cancel','alpha')) { header('Location: ' . $_SERVER['PHP_SELF'] . '?id=' . $object->id); // Pour reaffichage de la fiche en cours d'edition exit(); diff --git a/htdocs/comm/propal/list.php b/htdocs/comm/propal/list.php index 4939d7e83f7..909b0f3ebc8 100644 --- a/htdocs/comm/propal/list.php +++ b/htdocs/comm/propal/list.php @@ -169,8 +169,8 @@ $object = new Propal($db); // To be passed as parameter of executeHooks that nee * Actions */ -if (GETPOST('cancel')) { $action='list'; $massaction=''; } -if (! GETPOST('confirmmassaction') && $massaction != 'presend' && $massaction != 'confirm_presend') { $massaction=''; } +if (GETPOST('cancel','alpha')) { $action='list'; $massaction=''; } +if (! GETPOST('confirmmassaction','alpha') && $massaction != 'presend' && $massaction != 'confirm_presend') { $massaction=''; } $parameters=array('socid'=>$socid); $reshook=$hookmanager->executeHooks('doActions',$parameters,$object,$action); // Note that $action and $object may have been modified by some hooks @@ -420,7 +420,7 @@ if ($resql) { $langs->load("mails"); - if (! GETPOST('cancel')) + if (! GETPOST('cancel','alpha')) { $objecttmp=new Propal($db); $listofselectedid=array(); diff --git a/htdocs/comm/remise.php b/htdocs/comm/remise.php index bca371977a7..1ad4612d879 100644 --- a/htdocs/comm/remise.php +++ b/htdocs/comm/remise.php @@ -46,7 +46,7 @@ $backtopage = GETPOST('backtopage','alpha'); * Actions */ -if (GETPOST('cancel') && ! empty($backtopage)) +if (GETPOST('cancel','alpha') && ! empty($backtopage)) { header("Location: ".$backtopage); exit; diff --git a/htdocs/comm/remx.php b/htdocs/comm/remx.php index 9964db9ecde..04eb2583fb5 100644 --- a/htdocs/comm/remx.php +++ b/htdocs/comm/remx.php @@ -49,7 +49,7 @@ if ($user->societe_id > 0) * Actions */ -if (GETPOST('cancel') && ! empty($backtopage)) +if (GETPOST('cancel','alpha') && ! empty($backtopage)) { header("Location: ".$backtopage); exit; diff --git a/htdocs/commande/card.php b/htdocs/commande/card.php index 13139da7ea3..040b1e200d8 100644 --- a/htdocs/commande/card.php +++ b/htdocs/commande/card.php @@ -1061,7 +1061,7 @@ if (empty($reshook)) } } - else if ($action == 'updateline' && $user->rights->commande->creer && GETPOST('cancel') == $langs->trans('Cancel')) { + else if ($action == 'updateline' && $user->rights->commande->creer && GETPOST('cancel','alpha') == $langs->trans('Cancel')) { header('Location: ' . $_SERVER['PHP_SELF'] . '?id=' . $object->id); // Pour reaffichage de la fiche en cours d'edition exit(); } @@ -1477,7 +1477,7 @@ if ($action == 'create' && $user->rights->commande->creer) print ''; } else { print ''; - print $form->select_company('', 'socid', 's.client = 1 OR s.client = 3', 'SelectThirdParty', 0, 0, null, 0, 'minwidth300'); + print $form->select_company('', 'socid', '(s.client = 1 OR s.client = 3)', 'SelectThirdParty', 0, 0, null, 0, 'minwidth300'); // reload page to retrieve customer informations if (!empty($conf->global->RELOAD_PAGE_ON_CUSTOMER_CHANGE)) { diff --git a/htdocs/commande/list.php b/htdocs/commande/list.php index 8810a1be986..13841b108d9 100644 --- a/htdocs/commande/list.php +++ b/htdocs/commande/list.php @@ -149,8 +149,8 @@ if (is_array($extrafields->attribute_label) && count($extrafields->attribute_lab * Actions */ -if (GETPOST('cancel')) { $action='list'; $massaction=''; } -if (! GETPOST('confirmmassaction') && $massaction != 'presend' && $massaction != 'confirm_presend' && $massaction != 'confirm_createbills') { $massaction=''; } +if (GETPOST('cancel','alpha')) { $action='list'; $massaction=''; } +if (! GETPOST('confirmmassaction','alpha') && $massaction != 'presend' && $massaction != 'confirm_presend' && $massaction != 'confirm_createbills') { $massaction=''; } $parameters=array('socid'=>$socid); $reshook=$hookmanager->executeHooks('doActions',$parameters,$object,$action); // Note that $action and $object may have been modified by some hooks @@ -666,7 +666,7 @@ if ($resql) { $langs->load("mails"); - if (! GETPOST('cancel')) + if (! GETPOST('cancel','alpha')) { $objecttmp=new Commande($db); $listofselectedid=array(); diff --git a/htdocs/compta/bank/bankentries.php b/htdocs/compta/bank/bankentries.php index 67c16322a9d..cd4d659d743 100644 --- a/htdocs/compta/bank/bankentries.php +++ b/htdocs/compta/bank/bankentries.php @@ -161,8 +161,8 @@ if (is_array($extrafields->attribute_label) && count($extrafields->attribute_lab * Actions */ -if (GETPOST('cancel')) { $action='list'; $massaction=''; } -if (! GETPOST('confirmmassaction') && $massaction != 'presend' && $massaction != 'confirm_presend') { $massaction=''; } +if (GETPOST('cancel','alpha')) { $action='list'; $massaction=''; } +if (! GETPOST('confirmmassaction','alpha') && $massaction != 'presend' && $massaction != 'confirm_presend') { $massaction=''; } $parameters=array(); $reshook=$hookmanager->executeHooks('doActions',$parameters,$object,$action); // Note that $action and $object may have been modified by some hooks diff --git a/htdocs/compta/bank/index.php b/htdocs/compta/bank/index.php index 177e576b5d7..80bf9d6f50c 100644 --- a/htdocs/compta/bank/index.php +++ b/htdocs/compta/bank/index.php @@ -111,8 +111,8 @@ if (is_array($extrafields->attribute_label) && count($extrafields->attribute_lab * Actions */ -if (GETPOST('cancel')) { $action='list'; $massaction=''; } -if (! GETPOST('confirmmassaction') && $massaction != 'presend' && $massaction != 'confirm_presend') { $massaction=''; } +if (GETPOST('cancel','alpha')) { $action='list'; $massaction=''; } +if (! GETPOST('confirmmassaction','alpha') && $massaction != 'presend' && $massaction != 'confirm_presend') { $massaction=''; } $parameters=array('socid'=>$socid); $reshook=$hookmanager->executeHooks('doActions',$parameters,$object,$action); // Note that $action and $object may have been modified by some hooks diff --git a/htdocs/compta/bank/ligne.php b/htdocs/compta/bank/ligne.php index 525b7a72e12..c88220192ab 100644 --- a/htdocs/compta/bank/ligne.php +++ b/htdocs/compta/bank/ligne.php @@ -48,8 +48,8 @@ $action=GETPOST('action','alpha'); $confirm=GETPOST('confirm','alpha'); $rowid=GETPOST("rowid",'int'); $orig_account=GETPOST("orig_account"); -$backtopage=GETPOST('backtopage'); -$cancel=GETPOST('cancel'); +$backtopage=GETPOST('backtopage','alpha'); +$cancel=GETPOST('cancel','alpha'); // Security check $fieldvalue = (! empty($id) ? $id : (! empty($ref) ? $ref :'')); diff --git a/htdocs/compta/facture/card.php b/htdocs/compta/facture/card.php index d3e21f183a3..1e387bcd3fa 100644 --- a/htdocs/compta/facture/card.php +++ b/htdocs/compta/facture/card.php @@ -1762,7 +1762,7 @@ if (empty($reshook)) } } - elseif ($action == 'updateligne' && $user->rights->facture->creer && ! GETPOST('cancel')) + elseif ($action == 'updateligne' && $user->rights->facture->creer && ! GETPOST('cancel','alpha')) { if (! $object->fetch($id) > 0) dol_print_error($db); $object->fetch_thirdparty(); diff --git a/htdocs/compta/facture/fiche-rec.php b/htdocs/compta/facture/fiche-rec.php index 80ffffdfb39..98fc2cd2f62 100644 --- a/htdocs/compta/facture/fiche-rec.php +++ b/htdocs/compta/facture/fiche-rec.php @@ -139,8 +139,8 @@ if (is_array($extrafields->attribute_label) && count($extrafields->attribute_lab * Actions */ -if (GETPOST('cancel')) { $action='list'; $massaction=''; } -if (! GETPOST('confirmmassaction') && $massaction != 'presend' && $massaction != 'confirm_presend') { $massaction=''; } +if (GETPOST('cancel','alpha')) { $action='list'; $massaction=''; } +if (! GETPOST('confirmmassaction','alpha') && $massaction != 'presend' && $massaction != 'confirm_presend') { $massaction=''; } $parameters = array('socid' => $socid); $reshook = $hookmanager->executeHooks('doActions', $parameters, $object, $action); // Note that $action and $object may have been modified by some hooks @@ -148,7 +148,7 @@ if ($reshook < 0) setEventMessages($hookmanager->error, $hookmanager->errors, 'e if (empty($reshook)) { - if (GETPOST('cancel')) $action=''; + if (GETPOST('cancel','alpha')) $action=''; // Selection of new fields include DOL_DOCUMENT_ROOT.'/core/actions_changeselectedfields.inc.php'; @@ -728,7 +728,7 @@ if (empty($reshook)) } } - elseif ($action == 'updateligne' && $user->rights->facture->creer && ! GETPOST('cancel')) + elseif ($action == 'updateligne' && $user->rights->facture->creer && ! GETPOST('cancel','alpha')) { if (! $object->fetch($id) > 0) dol_print_error($db); $object->fetch_thirdparty(); diff --git a/htdocs/compta/facture/list.php b/htdocs/compta/facture/list.php index 3ffd0af9cd3..15a79d7fdd9 100644 --- a/htdocs/compta/facture/list.php +++ b/htdocs/compta/facture/list.php @@ -181,8 +181,8 @@ if (is_array($extrafields->attribute_label) && count($extrafields->attribute_lab * Actions */ -if (GETPOST('cancel')) { $action='list'; $massaction=''; } -if (! GETPOST('confirmmassaction') && $massaction != 'presend' && $massaction != 'confirm_presend') { $massaction=''; } +if (GETPOST('cancel','alpha')) { $action='list'; $massaction=''; } +if (! GETPOST('confirmmassaction','alpha') && $massaction != 'presend' && $massaction != 'confirm_presend') { $massaction=''; } $parameters=array('socid'=>$socid); $reshook=$hookmanager->executeHooks('doActions',$parameters,$object,$action); // Note that $action and $object may have been modified by some hooks @@ -612,7 +612,7 @@ if ($resql) { $langs->load("mails"); - if (! GETPOST('cancel')) + if (! GETPOST('cancel','alpha')) { $objecttmp=new Facture($db); $listofselectedid=array(); diff --git a/htdocs/contact/agenda.php b/htdocs/contact/agenda.php index cc7f36261cc..04c62107e83 100644 --- a/htdocs/contact/agenda.php +++ b/htdocs/contact/agenda.php @@ -115,7 +115,7 @@ if ($reshook < 0) setEventMessages($hookmanager->error, $hookmanager->errors, 'e if (empty($reshook)) { // Cancel - if (GETPOST("cancel") && ! empty($backtopage)) + if (GETPOST('cancel','alpha') && ! empty($backtopage)) { header("Location: ".$backtopage); exit; diff --git a/htdocs/contact/card.php b/htdocs/contact/card.php index d5854297f43..7dffd99f8bf 100644 --- a/htdocs/contact/card.php +++ b/htdocs/contact/card.php @@ -91,7 +91,7 @@ if ($reshook < 0) setEventMessages($hookmanager->error, $hookmanager->errors, 'e if (empty($reshook)) { // Cancel - if (GETPOST("cancel") && ! empty($backtopage)) + if (GETPOST('cancel','alpha') && ! empty($backtopage)) { header("Location: ".$backtopage); exit; diff --git a/htdocs/contact/list.php b/htdocs/contact/list.php index 6d89cd07cd4..ebf7bc611f9 100644 --- a/htdocs/contact/list.php +++ b/htdocs/contact/list.php @@ -176,8 +176,8 @@ if (($id > 0 || ! empty($ref)) && $action != 'add') * Actions */ -if (GETPOST('cancel')) { $action='list'; $massaction=''; } -if (! GETPOST('confirmmassaction') && $massaction != 'presend' && $massaction != 'confirm_presend') { $massaction=''; } +if (GETPOST('cancel','alpha')) { $action='list'; $massaction=''; } +if (! GETPOST('confirmmassaction','alpha') && $massaction != 'presend' && $massaction != 'confirm_presend') { $massaction=''; } $parameters=array(); $reshook=$hookmanager->executeHooks('doActions',$parameters, $object, $action); // Note that $action and $object may have been modified by some hooks diff --git a/htdocs/contrat/card.php b/htdocs/contrat/card.php index 26f9d0f6eae..5b109c7b0d7 100644 --- a/htdocs/contrat/card.php +++ b/htdocs/contrat/card.php @@ -636,7 +636,7 @@ if (empty($reshook)) } } - else if ($action == 'updateline' && $user->rights->contrat->creer && ! GETPOST('cancel')) + else if ($action == 'updateline' && $user->rights->contrat->creer && ! GETPOST('cancel','alpha')) { $objectline = new ContratLigne($db); if ($objectline->fetch(GETPOST('elrowid'))) @@ -822,7 +822,7 @@ if (empty($reshook)) } elseif ($action=='setref_supplier') { - $cancelbutton = GETPOST('cancel'); + $cancelbutton = GETPOST('cancel','alpha'); if (!$cancelbutton) { $result = $object->fetch($id); @@ -846,7 +846,7 @@ if (empty($reshook)) } elseif ($action=='setref_customer') { - $cancelbutton = GETPOST('cancel'); + $cancelbutton = GETPOST('cancel','alpha'); if (!$cancelbutton) { @@ -871,7 +871,7 @@ if (empty($reshook)) } elseif ($action=='setref') { - $cancelbutton = GETPOST('cancel'); + $cancelbutton = GETPOST('cancel','alpha'); if (!$cancelbutton) { $result = $object->fetch($id); @@ -895,7 +895,7 @@ if (empty($reshook)) } elseif ($action=='setdate_contrat') { - $cancelbutton = GETPOST('cancel'); + $cancelbutton = GETPOST('cancel','alpha'); if (!$cancelbutton) { $result = $object->fetch($id); diff --git a/htdocs/contrat/list.php b/htdocs/contrat/list.php index 17246751600..beba40103af 100644 --- a/htdocs/contrat/list.php +++ b/htdocs/contrat/list.php @@ -136,8 +136,8 @@ if (is_array($extrafields->attribute_label) && count($extrafields->attribute_lab * Action */ -if (GETPOST('cancel')) { $action='list'; $massaction=''; } -if (! GETPOST('confirmmassaction') && $massaction != 'presend' && $massaction != 'confirm_presend') { $massaction=''; } +if (GETPOST('cancel','alpha')) { $action='list'; $massaction=''; } +if (! GETPOST('confirmmassaction','alpha') && $massaction != 'presend' && $massaction != 'confirm_presend') { $massaction=''; } $parameters=array('socid'=>$socid); $reshook=$hookmanager->executeHooks('doActions',$parameters,$object,$action); // Note that $action and $object may have been modified by some hooks diff --git a/htdocs/contrat/services.php b/htdocs/contrat/services.php index aaf0d0cd796..cd445e682eb 100644 --- a/htdocs/contrat/services.php +++ b/htdocs/contrat/services.php @@ -140,8 +140,8 @@ if (is_array($extrafields->attribute_label) && count($extrafields->attribute_lab * Actions */ -if (GETPOST('cancel')) { $action='list'; $massaction=''; } -if (! GETPOST('confirmmassaction') && $massaction != 'presend' && $massaction != 'confirm_presend' && $massaction != 'confirm_createbills') { $massaction=''; } +if (GETPOST('cancel','alpha')) { $action='list'; $massaction=''; } +if (! GETPOST('confirmmassaction','alpha') && $massaction != 'presend' && $massaction != 'confirm_presend' && $massaction != 'confirm_createbills') { $massaction=''; } $parameters=array('socid'=>$socid); $reshook=$hookmanager->executeHooks('doActions',$parameters,$object,$action); // Note that $action and $object may have been modified by some hooks diff --git a/htdocs/core/actions_setnotes.inc.php b/htdocs/core/actions_setnotes.inc.php index 3fa76891124..39f63683575 100644 --- a/htdocs/core/actions_setnotes.inc.php +++ b/htdocs/core/actions_setnotes.inc.php @@ -28,7 +28,7 @@ // $id must be defined (object is loaded in this file with fetch) // Set public note -if ($action == 'setnote_public' && ! empty($permissionnote) && ! GETPOST('cancel')) +if ($action == 'setnote_public' && ! empty($permissionnote) && ! GETPOST('cancel','alpha')) { if (empty($action) || ! is_object($object) || empty($id)) dol_print_error('','Include of actions_setnotes.inc.php was done but required variable was not set before'); if (empty($object->id)) $object->fetch($id); // Fetch may not be already done @@ -36,7 +36,7 @@ if ($action == 'setnote_public' && ! empty($permissionnote) && ! GETPOST('cancel if ($result < 0) setEventMessages($object->error, $object->errors, 'errors'); } // Set public note -else if ($action == 'setnote_private' && ! empty($permissionnote) && ! GETPOST('cancel')) +else if ($action == 'setnote_private' && ! empty($permissionnote) && ! GETPOST('cancel','alpha')) { if (empty($action) || ! is_object($object) || empty($id)) dol_print_error('','Include of actions_setnotes.inc.php was done but required variable was not set before'); if (empty($object->id)) $object->fetch($id); // Fetch may not be already done diff --git a/htdocs/core/class/doleditor.class.php b/htdocs/core/class/doleditor.class.php index 918956d7b32..723ae0d47b1 100644 --- a/htdocs/core/class/doleditor.class.php +++ b/htdocs/core/class/doleditor.class.php @@ -170,7 +170,8 @@ class DolEditor if (in_array($this->tool,array('textarea','ckeditor'))) { $found=1; - //$out.= ''; diff --git a/htdocs/core/class/html.form.class.php b/htdocs/core/class/html.form.class.php index 7df18ebba43..c022dab7d78 100644 --- a/htdocs/core/class/html.form.class.php +++ b/htdocs/core/class/html.form.class.php @@ -1919,7 +1919,7 @@ class Form $sql.= ' WHERE p.entity IN ('.getEntity('product').')'; if (count($warehouseStatusArray)) { - $sql.= ' AND (p.fk_product_type = 1 OR e.statut IN ('.$db->escape(implode(',',$warehouseStatusArray)).'))'; + $sql.= ' AND (p.fk_product_type = 1 OR e.statut IN ('.$this->db->escape(implode(',',$warehouseStatusArray)).'))'; } if (!empty($conf->global->PRODUIT_ATTRIBUTES_HIDECHILD)) { diff --git a/htdocs/core/lib/functions.lib.php b/htdocs/core/lib/functions.lib.php index 6380a9b0398..f24cf0338c5 100644 --- a/htdocs/core/lib/functions.lib.php +++ b/htdocs/core/lib/functions.lib.php @@ -259,14 +259,18 @@ function dol_shutdown() * @param int $filter Filter to apply when $check is set to 'custom'. (See http://php.net/manual/en/filter.filters.php for détails) * @param mixed $options Options to pass to filter_var when $check is set to 'custom'. * @return string|string[] Value found (string or array), or '' if check fails - * - * @TODO Set default value for check to alpha. Check all WYSIWYG edition (email and description...) is still ok with rich text. */ -function GETPOST($paramname, $check='', $method=0, $filter=NULL, $options=NULL) +function GETPOST($paramname, $check='alpha', $method=0, $filter=NULL, $options=NULL) { global $mysoc,$user,$conf; if (empty($paramname)) return 'BadFirstParameterForGETPOST'; + if (empty($check)) + { + dol_syslog("Deprecated use of GETPOST, called with 1st param = ".$paramname." and 2nd param is '', when calling page ".$_SERVER["PHP_SELF"], LOG_WARNING); + // Enable this line to know who call the GETPOST with '' $check parameter. + //var_dump(debug_backtrace()[0]); + } if (empty($method)) $out = isset($_GET[$paramname])?$_GET[$paramname]:(isset($_POST[$paramname])?$_POST[$paramname]:''); elseif ($method==1) $out = isset($_GET[$paramname])?$_GET[$paramname]:''; @@ -420,15 +424,6 @@ function GETPOST($paramname, $check='', $method=0, $filter=NULL, $options=NULL) } - if (empty($check) && ! empty($conf->global->MAIN_FEATURES_LEVEL) && $conf->global->MAIN_FEATURES_LEVEL >= 2) - { - dol_syslog("Deprecated use of GETPOST, called with 1st param = ".$paramname." and 2nd param not defined, when calling page ".$_SERVER["PHP_SELF"], LOG_WARNING); - // Enable this line to know who call the GETPOST with empty $check parameter. - //var_dump(debug_backtrace()[0]); - } - - if (! empty($check)) - { // Substitution variables for GETPOST (used to get final url with variable parameters or final default value with variable paramaters) // Example of variables: __DAY__, __MONTH__, __YEAR__, __MYCOUNTRYID__, __USERID__, __ENTITYID__, ... // We do this only if var is a GET. If it is a POST, may be we want to post the text with vars as the setup text. @@ -518,7 +513,6 @@ function GETPOST($paramname, $check='', $method=0, $filter=NULL, $options=NULL) $out=filter_var($out, $filter, $options); break; } - } // Code for search criteria persistence. // Save data into session if key start with 'search_' or is 'smonth', 'syear', 'month', 'year' @@ -6337,29 +6331,39 @@ function natural_search($fields, $value, $mode=0, $nofirstand=0) $i3 = 0; foreach($tmpcrits as $tmpcrit) { - $newres .= (($i2 > 0 || $i3 > 0) ? ' OR ' : '') . $field . " LIKE '"; + $newres .= (($i2 > 0 || $i3 > 0) ? ' OR ' : ''); + + if (preg_match('/\.(id|rowid)$/', $field)) // Special cas for rowid that is sometimes a ref so used as a search field + { + $newres .= $field . " = " . (is_numeric(trim($tmpcrit))?trim($tmpcrit):'0'); + } + else + { + $newres .= $field . " LIKE '"; + + $tmpcrit=trim($tmpcrit); + $tmpcrit2=$tmpcrit; + $tmpbefore='%'; $tmpafter='%'; + if (preg_match('/^[\^\$]/', $tmpcrit)) + { + $tmpbefore=''; + $tmpcrit2 = preg_replace('/^[\^\$]/', '', $tmpcrit2); + } + if (preg_match('/[\^\$]$/', $tmpcrit)) + { + $tmpafter=''; + $tmpcrit2 = preg_replace('/[\^\$]$/', '', $tmpcrit2); + } + $newres .= $tmpbefore; + $newres .= $db->escape($tmpcrit2); + $newres .= $tmpafter; + $newres .= "'"; + if ($tmpcrit2 == '') + { + $newres .= ' OR ' . $field . " IS NULL"; + } + } - $tmpcrit=trim($tmpcrit); - $tmpcrit2=$tmpcrit; - $tmpbefore='%'; $tmpafter='%'; - if (preg_match('/^[\^\$]/', $tmpcrit)) - { - $tmpbefore=''; - $tmpcrit2 = preg_replace('/^[\^\$]/', '', $tmpcrit2); - } - if (preg_match('/[\^\$]$/', $tmpcrit)) - { - $tmpafter=''; - $tmpcrit2 = preg_replace('/[\^\$]$/', '', $tmpcrit2); - } - $newres .= $tmpbefore; - $newres .= $db->escape($tmpcrit2); - $newres .= $tmpafter; - $newres .= "'"; - if ($tmpcrit2 == '') - { - $newres .= ' OR ' . $field . " IS NULL"; - } $i3++; } $i2++; // a criteria was added to string diff --git a/htdocs/core/lib/security2.lib.php b/htdocs/core/lib/security2.lib.php index d0def9d5627..3876dc0e2cd 100644 --- a/htdocs/core/lib/security2.lib.php +++ b/htdocs/core/lib/security2.lib.php @@ -189,7 +189,7 @@ function dol_loginfunction($langs,$conf,$mysoc) if (GETPOST('urlfrom','alpha')) $_SESSION["urlfrom"]=GETPOST('urlfrom','alpha'); else unset($_SESSION["urlfrom"]); - if (! GETPOST("username")) $focus_element='username'; + if (! GETPOST("username",'alpha')) $focus_element='username'; else $focus_element='password'; $demologin=''; diff --git a/htdocs/core/modules/fichinter/doc/pdf_soleil.modules.php b/htdocs/core/modules/fichinter/doc/pdf_soleil.modules.php index c4f930a0db7..93e5aa11182 100644 --- a/htdocs/core/modules/fichinter/doc/pdf_soleil.modules.php +++ b/htdocs/core/modules/fichinter/doc/pdf_soleil.modules.php @@ -302,7 +302,7 @@ class pdf_soleil extends ModelePDFFicheinter $pageposafter=$pageposbefore; //print $pageposafter.'-'.$pageposbefore;exit; $pdf->setPageOrientation('', 1, $heightforfooter); // The only function to edit the bottom margin of current page to set it. - $pdf->writeHTMLCell(0, 0, $curX, $curY, $txt.'
'.$desc, LR, 1, 0); + $pdf->writeHTMLCell(0, 0, $curX, $curY, dol_concatdesc($txt,$desc), 0, 1, 0); $pageposafter=$pdf->getPage(); $posyafter=$pdf->GetY(); //var_dump($posyafter); var_dump(($this->page_hauteur - ($heightforfooter+$heightforfreetext+$heightforinfotot))); exit; diff --git a/htdocs/core/photos_resize.php b/htdocs/core/photos_resize.php index 5b29d25202e..69056ff02be 100644 --- a/htdocs/core/photos_resize.php +++ b/htdocs/core/photos_resize.php @@ -36,7 +36,7 @@ $action=GETPOST('action','alpha'); $modulepart=GETPOST('modulepart','alpha')?GETPOST('modulepart','alpha'):'produit|service'; $original_file = GETPOST("file"); $backtourl=GETPOST('backtourl'); -$cancel=GETPOST("cancel"); +$cancel=GETPOST('cancel','alpha'); // Security check if (empty($modulepart)) accessforbidden('Bad value for modulepart'); diff --git a/htdocs/cron/card.php b/htdocs/cron/card.php index dce56ff5468..a1255954014 100644 --- a/htdocs/cron/card.php +++ b/htdocs/cron/card.php @@ -41,7 +41,7 @@ if (!$user->rights->cron->create) accessforbidden(); $id=GETPOST('id','int'); $action=GETPOST('action','alpha'); $confirm=GETPOST('confirm','alpha'); -$cancel=GETPOST('cancel'); +$cancel=GETPOST('cancel','alpha'); $backtourl=GETPOST('backtourl','alpha'); $securitykey = GETPOST('securitykey','alpha'); diff --git a/htdocs/don/card.php b/htdocs/don/card.php index 72ea8e84792..6f3ab42d7fc 100644 --- a/htdocs/don/card.php +++ b/htdocs/don/card.php @@ -46,7 +46,7 @@ $langs->load("bills"); $id=GETPOST('rowid')?GETPOST('rowid','int'):GETPOST('id','int'); $action=GETPOST('action','alpha'); -$cancel=GETPOST('cancel'); +$cancel=GETPOST('cancel','alpha'); $amount=GETPOST('amount'); $donation_date=dol_mktime(12, 0, 0, GETPOST('remonth'), GETPOST('reday'), GETPOST('reyear')); $projectid = (GETPOST('projectid') ? GETPOST('projectid', 'int') : 0); diff --git a/htdocs/ecm/docfile.php b/htdocs/ecm/docfile.php index 61cce03cc1d..192240b4943 100644 --- a/htdocs/ecm/docfile.php +++ b/htdocs/ecm/docfile.php @@ -61,7 +61,7 @@ $pagenext = $page + 1; if (! $sortorder) $sortorder="ASC"; if (! $sortfield) $sortfield="label"; -$cancel=GETPOST('cancel'); +$cancel=GETPOST('cancel','alpha'); $action=GETPOST('action','aZ09'); $section=GETPOST("section"); if (! $section) diff --git a/htdocs/ecm/docmine.php b/htdocs/ecm/docmine.php index f418627d1be..c722ba9a208 100644 --- a/htdocs/ecm/docmine.php +++ b/htdocs/ecm/docmine.php @@ -138,7 +138,7 @@ if ($action == 'confirm_deletedir' && $confirm == 'yes') } // Update description -if ($action == 'update' && ! GETPOST('cancel')) +if ($action == 'update' && ! GETPOST('cancel','alpha')) { $error=0; diff --git a/htdocs/expedition/list.php b/htdocs/expedition/list.php index ab5fa27b13f..a5b693aa3f9 100644 --- a/htdocs/expedition/list.php +++ b/htdocs/expedition/list.php @@ -119,8 +119,8 @@ if (is_array($extrafields->attribute_label) && count($extrafields->attribute_lab * Actions */ -if (GETPOST('cancel')) { $action='list'; $massaction=''; } -if (! GETPOST('confirmmassaction')) { $massaction=''; } +if (GETPOST('cancel','alpha')) { $action='list'; $massaction=''; } +if (! GETPOST('confirmmassaction','alpha')) { $massaction=''; } $parameters=array('socid'=>$socid); $reshook=$hookmanager->executeHooks('doActions',$parameters,$object,$action); // Note that $action and $object may have been modified by some hooks diff --git a/htdocs/expensereport/card.php b/htdocs/expensereport/card.php index c231d2c6dd5..2b48f3d65b0 100644 --- a/htdocs/expensereport/card.php +++ b/htdocs/expensereport/card.php @@ -49,7 +49,7 @@ $langs->load("bills"); $langs->load("mails"); $action=GETPOST('action','aZ09'); -$cancel=GETPOST('cancel'); +$cancel=GETPOST('cancel','alpha'); $confirm = GETPOST('confirm', 'alpha'); $date_start = dol_mktime(0, 0, 0, GETPOST('date_debutmonth'), GETPOST('date_debutday'), GETPOST('date_debutyear')); diff --git a/htdocs/expensereport/list.php b/htdocs/expensereport/list.php index 28fcdefcf62..a02e23c3123 100644 --- a/htdocs/expensereport/list.php +++ b/htdocs/expensereport/list.php @@ -130,8 +130,8 @@ if (is_array($extrafields->attribute_label) && count($extrafields->attribute_lab * Actions */ -if (GETPOST('cancel')) { $action='list'; $massaction=''; } -if (! GETPOST('confirmmassaction') && $massaction != 'presend' && $massaction != 'confirm_presend') { $massaction=''; } +if (GETPOST('cancel','alpha')) { $action='list'; $massaction=''; } +if (! GETPOST('confirmmassaction','alpha') && $massaction != 'presend' && $massaction != 'confirm_presend') { $massaction=''; } $parameters=array('socid'=>$socid); $reshook=$hookmanager->executeHooks('doActions',$parameters,$object,$action); // Note that $action and $object may have been modified by some hooks diff --git a/htdocs/fichinter/list.php b/htdocs/fichinter/list.php index 866d8cab17c..9dca5d1badb 100644 --- a/htdocs/fichinter/list.php +++ b/htdocs/fichinter/list.php @@ -128,8 +128,8 @@ if (is_array($extrafields->attribute_label) && count($extrafields->attribute_lab * Actions */ -if (GETPOST('cancel')) { $action='list'; $massaction=''; } -if (! GETPOST('confirmmassaction') && $massaction != 'presend' && $massaction != 'confirm_presend' && $massaction != 'confirm_createbills') { $massaction=''; } +if (GETPOST('cancel','alpha')) { $action='list'; $massaction=''; } +if (! GETPOST('confirmmassaction','alpha') && $massaction != 'presend' && $massaction != 'confirm_presend' && $massaction != 'confirm_createbills') { $massaction=''; } $parameters=array('socid'=>$socid); $reshook=$hookmanager->executeHooks('doActions',$parameters,$object,$action); // Note that $action and $object may have been modified by some hooks diff --git a/htdocs/fourn/card.php b/htdocs/fourn/card.php index a413820cbe0..02e0749d8c5 100644 --- a/htdocs/fourn/card.php +++ b/htdocs/fourn/card.php @@ -45,7 +45,7 @@ $langs->load('orders'); $langs->load('commercial'); $action = GETPOST('action','aZ09'); -$cancelbutton = GETPOST('cancel'); +$cancelbutton = GETPOST('cancel','alpha'); // Security check $id = (GETPOST('socid','int') ? GETPOST('socid','int') : GETPOST('id','int')); @@ -707,27 +707,58 @@ if ($object->id > 0) print '
'.$langs->trans("ThirdPartyIsClosed").'
'; } - if ($conf->supplier_proposal->enabled && $user->rights->supplier_proposal->creer && $object->status==1) + if ($conf->supplier_proposal->enabled && $user->rights->supplier_proposal->creer) { $langs->load("supplier_proposal"); - print ''.$langs->trans("AddSupplierProposal").''; + if ($object->status == 1) + { + print ''.$langs->trans("AddSupplierProposal").''; + } + else + { + print ''.$langs->trans("AddSupplierProposal").''; + } } - if ($user->rights->fournisseur->commande->creer && $object->status==1) + if ($user->rights->fournisseur->commande->creer) { $langs->load("orders"); - print ''.$langs->trans("AddOrder").''; + if ($object->status == 1) + { + print ''.$langs->trans("AddOrder").''; + } + else + { + print ''.$langs->trans("AddOrder").''; + } } - if ($user->rights->fournisseur->facture->creer && $object->status==1) + if ($user->rights->fournisseur->facture->creer) { $langs->load("bills"); - print ''.$langs->trans("AddBill").''; + if ($object->status == 1) + { + print ''.$langs->trans("AddBill").''; + } + else + { + print ''.$langs->trans("AddBill").''; + } } - if ($user->rights->fournisseur->facture->creer && $object->status==1) + if ($user->rights->fournisseur->facture->creer) { - if (! empty($orders2invoice) && $orders2invoice > 0) print '
'.$langs->trans("CreateInvoiceForThisCustomer").'
'; + if (! empty($orders2invoice) && $orders2invoice > 0) + { + if ($object->status == 1) + { + print '
'.$langs->trans("CreateInvoiceForThisCustomer").'
'; + } + else + { + print '
'.$langs->trans("CreateInvoiceForThisCustomer").'
'; + } + } else print '
'.$langs->trans("CreateInvoiceForThisCustomer").'
'; } diff --git a/htdocs/fourn/commande/card.php b/htdocs/fourn/commande/card.php index 754e34e0d97..e92a7c25de3 100644 --- a/htdocs/fourn/commande/card.php +++ b/htdocs/fourn/commande/card.php @@ -542,7 +542,7 @@ if (empty($reshook)) /* * Updating a line in the order */ - if ($action == 'updateline' && $user->rights->fournisseur->commande->creer && ! GETPOST('cancel')) + if ($action == 'updateline' && $user->rights->fournisseur->commande->creer && ! GETPOST('cancel','alpha')) { $tva_tx = GETPOST('tva_tx'); @@ -1170,7 +1170,7 @@ if (empty($reshook)) include DOL_DOCUMENT_ROOT.'/core/actions_sendmails.inc.php'; - if ($action == 'webservice' && GETPOST('mode', 'alpha') == "send" && ! GETPOST('cancel')) + if ($action == 'webservice' && GETPOST('mode', 'alpha') == "send" && ! GETPOST('cancel','alpha')) { $ws_url = $object->thirdparty->webservices_url; $ws_key = $object->thirdparty->webservices_key; @@ -2269,7 +2269,7 @@ elseif (! empty($object->id)) /* * Action webservice */ - elseif ($action == 'webservice' && GETPOST('mode', 'alpha') != "send" && ! GETPOST('cancel')) + elseif ($action == 'webservice' && GETPOST('mode', 'alpha') != "send" && ! GETPOST('cancel','alpha')) { $mode = GETPOST('mode', 'alpha'); $ws_url = $object->thirdparty->webservices_url; diff --git a/htdocs/fourn/commande/list.php b/htdocs/fourn/commande/list.php index ac67d256824..4794d72da6a 100644 --- a/htdocs/fourn/commande/list.php +++ b/htdocs/fourn/commande/list.php @@ -172,8 +172,8 @@ if (is_array($extrafields->attribute_label) && count($extrafields->attribute_lab * Actions */ -if (GETPOST('cancel')) { $action='list'; $massaction=''; } -if (! GETPOST('confirmmassaction')) { $massaction=''; } +if (GETPOST('cancel','alpha')) { $action='list'; $massaction=''; } +if (! GETPOST('confirmmassaction','alpha')) { $massaction=''; } $parameters=array('socid'=>$socid); $reshook=$hookmanager->executeHooks('doActions',$parameters,$object,$action); // Note that $action and $object may have been modified by some hooks @@ -689,7 +689,7 @@ if ($resql) { $langs->load("mails"); - if (! GETPOST('cancel')) + if (! GETPOST('cancel','alpha')) { $objecttmp=new CommandeFournisseur($db); $listofselectedid=array(); diff --git a/htdocs/fourn/facture/list.php b/htdocs/fourn/facture/list.php index ec785c5e206..96473dd6e6e 100644 --- a/htdocs/fourn/facture/list.php +++ b/htdocs/fourn/facture/list.php @@ -183,8 +183,8 @@ if (is_array($extrafields->attribute_label) && count($extrafields->attribute_lab * Actions */ -if (GETPOST('cancel')) { $action='list'; $massaction=''; } -if (! GETPOST('confirmmassaction') && $massaction != 'presend' && $massaction != 'confirm_presend' && $massaction != 'confirm_createbills') { $massaction=''; } +if (GETPOST('cancel','alpha')) { $action='list'; $massaction=''; } +if (! GETPOST('confirmmassaction','alpha') && $massaction != 'presend' && $massaction != 'confirm_presend' && $massaction != 'confirm_createbills') { $massaction=''; } $parameters=array('socid'=>$socid); $reshook=$hookmanager->executeHooks('doActions',$parameters,$object,$action); // Note that $action and $object may have been modified by some hooks @@ -493,7 +493,7 @@ if ($resql) { $langs->load("mails"); - if (! GETPOST('cancel')) + if (! GETPOST('cancel','alpha')) { $objecttmp=new FactureFournisseur($db); $listofselectedid=array(); diff --git a/htdocs/fourn/product/list.php b/htdocs/fourn/product/list.php index 5707c0bff30..c6a8f24f98f 100644 --- a/htdocs/fourn/product/list.php +++ b/htdocs/fourn/product/list.php @@ -69,8 +69,8 @@ $extrafields = new ExtraFields($db); * Put here all code to do according to value of "action" parameter */ -if (GETPOST('cancel')) { $action='list'; $massaction=''; } -if (! GETPOST('confirmmassaction') && $massaction != 'presend' && $massaction != 'confirm_presend') { $massaction=''; } +if (GETPOST('cancel','alpha')) { $action='list'; $massaction=''; } +if (! GETPOST('confirmmassaction','alpha') && $massaction != 'presend' && $massaction != 'confirm_presend') { $massaction=''; } $parameters=array(); $reshook=$hookmanager->executeHooks('doActions',$parameters,$object,$action); // Note that $action and $object may have been modified by some hooks diff --git a/htdocs/holiday/define_holiday.php b/htdocs/holiday/define_holiday.php index 66e490ae420..de8a7147267 100644 --- a/htdocs/holiday/define_holiday.php +++ b/htdocs/holiday/define_holiday.php @@ -71,8 +71,8 @@ $holiday = new Holiday($db); * Actions */ -if (GETPOST('cancel')) { $action='list'; $massaction=''; } -if (! GETPOST('confirmmassaction') && $massaction != 'presend' && $massaction != 'confirm_presend') { $massaction=''; } +if (GETPOST('cancel','alpha')) { $action='list'; $massaction=''; } +if (! GETPOST('confirmmassaction','alpha') && $massaction != 'presend' && $massaction != 'confirm_presend') { $massaction=''; } $parameters=array(); $reshook=$hookmanager->executeHooks('doActions',$parameters,$object,$action); // Note that $action and $object may have been modified by some hooks diff --git a/htdocs/install/check.php b/htdocs/install/check.php index ebf1de7f552..2b09d1c9813 100644 --- a/htdocs/install/check.php +++ b/htdocs/install/check.php @@ -306,7 +306,19 @@ else } else { - require_once $dolibarr_main_document_root.'/core/lib/admin.lib.php'; + require_once $dolibarr_main_document_root.'/core/lib/admin.lib.php'; + + // If password is encoded, we decode it + if (preg_match('/crypted:/i',$dolibarr_main_db_pass) || ! empty($dolibarr_main_db_encrypted_pass)) + { + require_once $dolibarr_main_document_root.'/core/lib/security.lib.php'; + if (preg_match('/crypted:/i',$dolibarr_main_db_pass)) + { + $dolibarr_main_db_encrypted_pass = preg_replace('/crypted:/i', '', $dolibarr_main_db_pass); // We need to set this as it is used to know the password was initially crypted + $dolibarr_main_db_pass = dol_decode($dolibarr_main_db_encrypted_pass); + } + else $dolibarr_main_db_pass = dol_decode($dolibarr_main_db_encrypted_pass); + } // $conf is already instancied inside inc.php $conf->db->type = $dolibarr_main_db_type; @@ -315,12 +327,12 @@ else $conf->db->name = $dolibarr_main_db_name; $conf->db->user = $dolibarr_main_db_user; $conf->db->pass = $dolibarr_main_db_pass; - $db=getDoliDBInstance($conf->db->type,$conf->db->host,$conf->db->user,$conf->db->pass,$conf->db->name,$conf->db->port); + $db=getDoliDBInstance($conf->db->type,$conf->db->host,$conf->db->user,$conf->db->pass,$conf->db->name,$conf->db->port); if ($db->connected && $db->database_selected) { $ok=true; } - } + } } } diff --git a/htdocs/install/mysql/migration/4.0.0-5.0.0.sql b/htdocs/install/mysql/migration/4.0.0-5.0.0.sql index 86421894fec..25a92f1e265 100644 --- a/htdocs/install/mysql/migration/4.0.0-5.0.0.sql +++ b/htdocs/install/mysql/migration/4.0.0-5.0.0.sql @@ -61,6 +61,8 @@ ALTER TABLE llx_user DROP COLUMN phenix_login; ALTER TABLE llx_user DROP COLUMN phenix_pass; ALTER TABLE llx_user ADD COLUMN dateemployment datetime; +ALTER TABLE llx_user MODIFY login varchar(50) NOT NULL; + ALTER TABLE llx_societe ADD COLUMN fk_account integer; ALTER TABLE llx_commandedet ADD COLUMN fk_commandefourndet integer DEFAULT NULL after import_key; -- link to detail line of commande fourn (resplenish) diff --git a/htdocs/langs/en_US/main.lang b/htdocs/langs/en_US/main.lang index e7171fb94b1..0cea69200dc 100644 --- a/htdocs/langs/en_US/main.lang +++ b/htdocs/langs/en_US/main.lang @@ -714,6 +714,7 @@ CreateDraft=Create draft SetToDraft=Back to draft ClickToEdit=Click to edit EditWithEditor=Edit with CKEditor +EditWithTextEditor=Edit with Text editor EditHTMLSource=Edit HTML Source ObjectDeleted=Object %s deleted ByCountry=By country diff --git a/htdocs/livraison/card.php b/htdocs/livraison/card.php index 02b126306f2..81237d39782 100644 --- a/htdocs/livraison/card.php +++ b/htdocs/livraison/card.php @@ -54,7 +54,7 @@ if (!empty($conf->incoterm->enabled)) $langs->load('incoterm'); $action=GETPOST('action', 'alpha'); $confirm=GETPOST('confirm', 'alpha'); -$backtopage=GETPOST('backtopage'); +$backtopage=GETPOST('backtopage','alpha'); // Security check $id = GETPOST('id', 'int'); diff --git a/htdocs/margin/checkMargins.php b/htdocs/margin/checkMargins.php index df44c6e6399..9b043766c78 100644 --- a/htdocs/margin/checkMargins.php +++ b/htdocs/margin/checkMargins.php @@ -38,7 +38,7 @@ $action = GETPOST('action','alpha'); $massaction = GETPOST('massaction','alpha'); $toselect = GETPOST('toselect', 'array'); $contextpage= GETPOST('contextpage','aZ')?GETPOST('contextpage','aZ'):'margindetail'; // To manage different context of search -$backtopage = GETPOST('backtopage'); +$backtopage = GETPOST('backtopage','alpha'); $optioncss = GETPOST('optioncss','alpha'); // Load variable for pagination @@ -75,8 +75,8 @@ if (GETPOST("button_search_x") || GETPOST("button_search")) { * Actions */ -if (GETPOST('cancel')) { $action='list'; $massaction=''; } -if (! GETPOST('confirmmassaction') && $massaction != 'presend' && $massaction != 'confirm_presend') { $massaction=''; } +if (GETPOST('cancel','alpha')) { $action='list'; $massaction=''; } +if (! GETPOST('confirmmassaction','alpha') && $massaction != 'presend' && $massaction != 'confirm_presend') { $massaction=''; } $parameters=array(); $reshook=$hookmanager->executeHooks('doActions',$parameters, $object, $action); // Note that $action and $object may have been modified by some hooks diff --git a/htdocs/master.inc.php b/htdocs/master.inc.php index a8d068cfd7d..ce3080e32e4 100644 --- a/htdocs/master.inc.php +++ b/htdocs/master.inc.php @@ -152,7 +152,7 @@ else if (! empty($_ENV["dol_entity"])) // Entity inside a CLI script { $conf->entity = $_ENV["dol_entity"]; } -else if (isset($_POST["loginfunction"]) && GETPOST("entity")) // Just after a login page +else if (isset($_POST["loginfunction"]) && GETPOST("entity",'int')) // Just after a login page { $conf->entity = GETPOST("entity",'int'); } diff --git a/htdocs/modulebuilder/template/myobject_agenda.php b/htdocs/modulebuilder/template/myobject_agenda.php index 8db9f0877c2..d6ccb79eea8 100644 --- a/htdocs/modulebuilder/template/myobject_agenda.php +++ b/htdocs/modulebuilder/template/myobject_agenda.php @@ -106,7 +106,7 @@ if ($reshook < 0) setEventMessages($hookmanager->error, $hookmanager->errors, 'e if (empty($reshook)) { // Cancel - if (GETPOST("cancel") && ! empty($backtopage)) + if (GETPOST('cancel','alpha') && ! empty($backtopage)) { header("Location: ".$backtopage); exit; diff --git a/htdocs/modulebuilder/template/myobject_list.php b/htdocs/modulebuilder/template/myobject_list.php index b89491b5d48..0d30d50df55 100644 --- a/htdocs/modulebuilder/template/myobject_list.php +++ b/htdocs/modulebuilder/template/myobject_list.php @@ -143,8 +143,8 @@ if (is_array($extrafields->attribute_label) && count($extrafields->attribute_lab * Put here all code to do according to value of "$action" parameter */ -if (GETPOST('cancel')) { $action='list'; $massaction=''; } -if (! GETPOST('confirmmassaction') && $massaction != 'presend' && $massaction != 'confirm_presend') { $massaction=''; } +if (GETPOST('cancel','alpha')) { $action='list'; $massaction=''; } +if (! GETPOST('confirmmassaction','alpha') && $massaction != 'presend' && $massaction != 'confirm_presend') { $massaction=''; } $parameters=array(); $reshook=$hookmanager->executeHooks('doActions', $parameters, $object, $action); // Note that $action and $object may have been modified by some hooks diff --git a/htdocs/opensurvey/card.php b/htdocs/opensurvey/card.php index c634ca1ceaa..4d71efe6395 100644 --- a/htdocs/opensurvey/card.php +++ b/htdocs/opensurvey/card.php @@ -35,7 +35,7 @@ if (!$user->rights->opensurvey->read) accessforbidden(); // Initialisation des variables $action=GETPOST('action','aZ09'); -$cancel=GETPOST('cancel'); +$cancel=GETPOST('cancel','alpha'); $numsondage = ''; diff --git a/htdocs/opensurvey/results.php b/htdocs/opensurvey/results.php index 9bfb15b2c24..2ce78a2f8c7 100644 --- a/htdocs/opensurvey/results.php +++ b/htdocs/opensurvey/results.php @@ -520,7 +520,7 @@ if (GETPOST('ajoutsujet')) if (!$user->rights->opensurvey->write) accessforbidden(); print '
'."\n"; - print ''; + print ''; print '
'."\n"; print "

"."\n"; diff --git a/htdocs/product/card.php b/htdocs/product/card.php index 53d553aca16..54afc80691f 100644 --- a/htdocs/product/card.php +++ b/htdocs/product/card.php @@ -69,7 +69,7 @@ $id=GETPOST('id', 'int'); $ref=GETPOST('ref', 'alpha'); $type=GETPOST('type','int'); $action=(GETPOST('action','alpha') ? GETPOST('action','alpha') : 'view'); -$cancel=GETPOST('cancel'); +$cancel=GETPOST('cancel','alpha'); $confirm=GETPOST('confirm','alpha'); $socid=GETPOST('socid','int'); $duration_value = GETPOST('duration_value'); @@ -358,7 +358,7 @@ if (empty($reshook)) // Update a product or service if ($action == 'update' && ($user->rights->produit->creer || $user->rights->service->creer)) { - if (GETPOST('cancel')) + if (GETPOST('cancel','alpha')) { $action = ''; } diff --git a/htdocs/product/class/productbatch.class.php b/htdocs/product/class/productbatch.class.php index 5ab70506693..64a43485604 100644 --- a/htdocs/product/class/productbatch.class.php +++ b/htdocs/product/class/productbatch.class.php @@ -154,7 +154,7 @@ class Productbatch extends CommonObject $sql.= " pl.sellby"; $sql.= " FROM ".MAIN_DB_PREFIX."product_batch as t INNER JOIN ".MAIN_DB_PREFIX."product_stock w on t.fk_product_stock = w.rowid"; - $sql.= " LEFT JOIN ".MAIN_DB_PREFIX."product_lot as pl on pl.fk_product = w.fk_product and pl.batch = t.batch"; + $sql.= " LEFT JOIN ".MAIN_DB_PREFIX."product_lot as pl on pl.fk_product = w.fk_product and pl.batch = t.batch"; $sql.= " WHERE t.rowid = ".$id; dol_syslog(get_class($this)."::fetch", LOG_DEBUG); @@ -205,9 +205,9 @@ class Productbatch extends CommonObject // TODO Check qty is ok for stock move. Negative may not be allowed. if ($this->qty < 0) { - + } - + // Update request $sql = "UPDATE ".MAIN_DB_PREFIX.self::$_table_element." SET"; $sql.= " fk_product_stock=".(isset($this->fk_product_stock)?$this->fk_product_stock:"null").","; @@ -435,7 +435,7 @@ class Productbatch extends CommonObject if (! empty($eatby)) array_push($where," eatby = '".$this->db->idate($eatby)."'"); // deprecated if (! empty($sellby)) array_push($where," sellby = '".$this->db->idate($sellby)."'"); // deprecated - + if (! empty($batch_number)) $sql.= " AND batch = '".$this->db->escape($batch_number)."'"; if (! empty($where)) $sql.= " AND (".implode(" OR ",$where).")"; @@ -493,7 +493,7 @@ class Productbatch extends CommonObject $sql.= " t.import_key"; if ($fk_product > 0) { - $sql.= ", pl.eatby as eatby, pl.sellby as sellby"; + $sql.= ", pl.rowid as lotid, pl.eatby as eatby, pl.sellby as sellby"; // TODO May add extrafields to ? } $sql.= " FROM ".MAIN_DB_PREFIX."product_batch as t"; @@ -517,6 +517,7 @@ class Productbatch extends CommonObject $tmp = new Productbatch($db); $tmp->id = $obj->rowid; + $tmp->lotid = $obj->lotid; $tmp->tms = $db->jdate($obj->tms); $tmp->fk_product_stock = $obj->fk_product_stock; $tmp->sellby = $db->jdate($obj->sellby ? $obj->sellby : $obj->oldsellby); diff --git a/htdocs/product/inventory/list.php b/htdocs/product/inventory/list.php index 162567878d1..6f443324f6b 100644 --- a/htdocs/product/inventory/list.php +++ b/htdocs/product/inventory/list.php @@ -69,7 +69,7 @@ $toselect = GETPOST('toselect', 'array'); $contextpage= GETPOST('contextpage','aZ')?GETPOST('contextpage','aZ'):'inventorylist'; // To manage different context of search $id = GETPOST('id','int'); -$backtopage = GETPOST('backtopage'); +$backtopage = GETPOST('backtopage','alpha'); $optioncss = GETPOST('optioncss','alpha'); // Load variable for pagination @@ -143,8 +143,8 @@ if (is_array($extrafields->attribute_label) && count($extrafields->attribute_lab * Put here all code to do according to value of "$action" parameter */ -if (GETPOST('cancel')) { $action='list'; $massaction=''; } -if (! GETPOST('confirmmassaction') && $massaction != 'presend' && $massaction != 'confirm_presend') { $massaction=''; } +if (GETPOST('cancel','alpha')) { $action='list'; $massaction=''; } +if (! GETPOST('confirmmassaction','alpha') && $massaction != 'presend' && $massaction != 'confirm_presend') { $massaction=''; } $parameters=array(); $reshook=$hookmanager->executeHooks('doActions',$parameters,$object,$action); // Note that $action and $object may have been modified by some hooks diff --git a/htdocs/product/list.php b/htdocs/product/list.php index 4f994660052..7d2b1a22b68 100644 --- a/htdocs/product/list.php +++ b/htdocs/product/list.php @@ -193,8 +193,8 @@ if (is_array($extrafields->attribute_label) && count($extrafields->attribute_lab * Actions */ -if (GETPOST('cancel')) { $action='list'; $massaction=''; } -if (! GETPOST('confirmmassaction') && $massaction != 'presend' && $massaction != 'confirm_presend') { $massaction=''; } +if (GETPOST('cancel','alpha')) { $action='list'; $massaction=''; } +if (! GETPOST('confirmmassaction','alpha') && $massaction != 'presend' && $massaction != 'confirm_presend') { $massaction=''; } $parameters=array(); $reshook=$hookmanager->executeHooks('doActions',$parameters, $object, $action); // Note that $action and $object may have been modified by some hooks diff --git a/htdocs/product/reassortlot.php b/htdocs/product/reassortlot.php index 5c89aa4845f..cf4e889e89e 100644 --- a/htdocs/product/reassortlot.php +++ b/htdocs/product/reassortlot.php @@ -28,6 +28,7 @@ require '../main.inc.php'; require_once DOL_DOCUMENT_ROOT.'/product/class/product.class.php'; +require_once DOL_DOCUMENT_ROOT.'/product/stock/class/productlot.class.php'; require_once DOL_DOCUMENT_ROOT.'/core/class/html.formother.class.php'; require_once DOL_DOCUMENT_ROOT.'/categories/class/categorie.class.php'; require_once DOL_DOCUMENT_ROOT.'/product/stock/class/entrepot.class.php'; @@ -115,7 +116,7 @@ $sql.= ' p.duration, p.tosell as statut, p.tobuy, p.seuil_stock_alerte, p.desire $sql.= ' ps.fk_entrepot,'; $sql.= ' e.label as warehouse_ref, e.lieu as warehouse_lieu, e.fk_parent as warehouse_parent,'; $sql.= ' pb.batch, pb.eatby as oldeatby, pb.sellby as oldsellby,'; -$sql.= ' pl.eatby, pl.sellby,'; +$sql.= ' pl.rowid as lotid, pl.eatby, pl.sellby,'; $sql.= ' SUM(pb.qty) as stock_physique, COUNT(pb.rowid) as nbinbatchtable'; $sql.= ' FROM '.MAIN_DB_PREFIX.'product as p'; $sql.= ' LEFT JOIN '.MAIN_DB_PREFIX.'product_stock as ps on p.rowid = ps.fk_product'; // Detail for each warehouse @@ -157,7 +158,7 @@ $sql.= " p.duration, p.tosell, p.tobuy, p.seuil_stock_alerte, p.desiredstock, p. $sql.= " ps.fk_entrepot,"; $sql.= " e.label, e.lieu, e.fk_parent,"; $sql.= " pb.batch, pb.eatby, pb.sellby,"; -$sql.= " pl.eatby, pl.sellby"; +$sql.= " pl.rowid, pl.eatby, pl.sellby"; if ($toolowstock) $sql.= " HAVING SUM(".$db->ifsql('ps.reel IS NULL', '0', 'ps.reel').") < p.seuil_stock_alerte"; // Not used yet $sql.= $db->order($sortfield,$sortorder); @@ -306,6 +307,7 @@ if ($resql) print "\n"; $product_static=new Product($db); + $product_lot_static=new Productlot($db); $warehousetmp=new Entrepot($db); while ($i < min($num,$limit)) @@ -336,6 +338,13 @@ if ($resql) $product_static->type=$objp->fk_product_type; $product_static->entity=$objp->entity; + $product_lot_static->batch=$objp->batch; + $product_lot_static->product_id=$objp->rowid; + $product_lot_static->id=$objp->lotid; + $product_lot_static->eatby=$objp->eatby; + $product_lot_static->sellby=$objp->sellby; + + $warehousetmp->id=$objp->fk_entrepot; $warehousetmp->ref=$objp->warehouse_ref; $warehousetmp->label=$objp->warehouse_ref; @@ -372,7 +381,15 @@ if ($resql) print $warehousetmp->getNomUrl(1); } print ''; - print ''.$objp->batch.''; + + // Lot + print ''; + if ($product_lot_static->batch) + { + print $product_lot_static->getNomUrl(1); + } + print ''; + print ''.dol_print_date($db->jdate($objp->eatby), 'day').''; print ''.dol_print_date($db->jdate($objp->sellby), 'day').''; print ''; diff --git a/htdocs/product/stock/card.php b/htdocs/product/stock/card.php index 0f843e97b61..c95e805c3f5 100644 --- a/htdocs/product/stock/card.php +++ b/htdocs/product/stock/card.php @@ -39,7 +39,7 @@ $langs->load("companies"); $langs->load("categories"); $action=GETPOST('action','aZ09'); -$cancel=GETPOST('cancel'); +$cancel=GETPOST('cancel','alpha'); $confirm=GETPOST('confirm'); $sortfield = GETPOST("sortfield",'alpha'); @@ -48,7 +48,7 @@ $id = GETPOST("id",'int'); if (! $sortfield) $sortfield="p.ref"; if (! $sortorder) $sortorder="DESC"; -$backtopage=GETPOST("backtopage"); +$backtopage=GETPOST('backtopage','alpha'); // Security check $result=restrictedArea($user,'stock'); diff --git a/htdocs/product/stock/mouvement.php b/htdocs/product/stock/mouvement.php index 8659dfe8461..4b878c03260 100644 --- a/htdocs/product/stock/mouvement.php +++ b/htdocs/product/stock/mouvement.php @@ -51,7 +51,7 @@ $id=GETPOST('id','int'); $msid=GETPOST('msid','int'); $product_id=GETPOST("product_id"); $action=GETPOST('action','aZ09'); -$cancel=GETPOST('cancel'); +$cancel=GETPOST('cancel','alpha'); $idproduct = GETPOST('idproduct','int'); $year = GETPOST("year"); $month = GETPOST("month"); @@ -112,8 +112,8 @@ $object = new MouvementStock($db); // To be passed as parameter of executeHooks * Actions */ -if (GETPOST('cancel')) { $action='list'; $massaction=''; } -if (! GETPOST('confirmmassaction') && $massaction != 'presend' && $massaction != 'confirm_presend') { $massaction=''; } +if (GETPOST('cancel','alpha')) { $action='list'; $massaction=''; } +if (! GETPOST('confirmmassaction','alpha') && $massaction != 'presend' && $massaction != 'confirm_presend') { $massaction=''; } $parameters=array(); $reshook=$hookmanager->executeHooks('doActions',$parameters,$object,$action); // Note that $action and $object may have been modified by some hooks diff --git a/htdocs/product/stock/product.php b/htdocs/product/stock/product.php index 87a218bb672..01df409361c 100644 --- a/htdocs/product/stock/product.php +++ b/htdocs/product/stock/product.php @@ -32,6 +32,7 @@ require '../../main.inc.php'; require_once DOL_DOCUMENT_ROOT.'/product/stock/class/entrepot.class.php'; require_once DOL_DOCUMENT_ROOT.'/product/class/product.class.php'; +require_once DOL_DOCUMENT_ROOT.'/product/stock/class/productlot.class.php'; require_once DOL_DOCUMENT_ROOT.'/fourn/class/fournisseur.product.class.php'; require_once DOL_DOCUMENT_ROOT.'/core/lib/product.lib.php'; require_once DOL_DOCUMENT_ROOT.'/product/class/html.formproduct.class.php'; @@ -50,15 +51,15 @@ $langs->load("stocks"); $langs->load("sendings"); if (! empty($conf->productbatch->enabled)) $langs->load("productbatch"); -$backtopage=GETPOST('backtopage'); +$backtopage=GETPOST('backtopage','alpha'); $action=GETPOST('action','aZ09'); -$cancel=GETPOST('cancel'); +$cancel=GETPOST('cancel','alpha'); $id=GETPOST('id', 'int'); $ref=GETPOST('ref', 'alpha'); $stocklimit = GETPOST('seuil_stock_alerte'); $desiredstock = GETPOST('desiredstock'); -$cancel = GETPOST('cancel'); +$cancel = GETPOST('cancel','alpha'); $fieldid = isset($_GET["ref"])?'ref':'rowid'; $d_eatby=dol_mktime(0, 0, 0, $_POST['eatbymonth'], $_POST['eatbyday'], $_POST['eatbyyear']); $d_sellby=dol_mktime(0, 0, 0, $_POST['sellbymonth'], $_POST['sellbyday'], $_POST['sellbyyear']); @@ -823,6 +824,8 @@ $sql.= " AND ps.fk_product = ".$object->id; $sql.= " ORDER BY e.label"; $entrepotstatic=new Entrepot($db); +$product_lot_static=new Productlot($db); + $total=0; $totalvalue=$totalvaluesell=0; @@ -867,6 +870,11 @@ if ($resql) if ($details<0) dol_print_error($db); foreach ($details as $pdluo) { + $product_lot_static->id = $pdluo->lotid; + $product_lot_static->batch = $pdluo->batch; + $product_lot_static->eatby = $pdluo->eatby; + $product_lot_static->sellby = $pdluo->sellby; + if ($action == 'editline' && GETPOST('lineid','int') == $pdluo->id) { //Current line edit print "\n".''; @@ -896,7 +904,9 @@ if ($resql) // Do not use this, or data will be wrong (bad tracking of movement label, inventory code, ... //print 'id.'#'.$pdluo->id.'">'; //print img_edit().''; - print ''.$pdluo->batch.''; + print ''; + print $product_lot_static->getNomUrl(1); + print ''; print ''. dol_print_date($pdluo->eatby,'day') .''; print ''. dol_print_date($pdluo->sellby,'day') .''; print ''.$pdluo->qty.($pdluo->qty<0?' '.img_warning():'').''; diff --git a/htdocs/product/stock/productlot_card.php b/htdocs/product/stock/productlot_card.php index 77466ead2c8..70d907ae5e9 100644 --- a/htdocs/product/stock/productlot_card.php +++ b/htdocs/product/stock/productlot_card.php @@ -45,7 +45,7 @@ $langs->load("productbatch"); // Get parameters $id = GETPOST('id','int'); $action = GETPOST('action','alpha'); -$backtopage = GETPOST('backtopage'); +$backtopage = GETPOST('backtopage','alpha'); $batch = GETPOST('batch','alpha'); $productid = GETPOST('productid','int'); $ref = GETPOST('ref','alpha'); // ref is productid_batch @@ -150,7 +150,7 @@ if (empty($reshook)) // Action to add record if ($action == 'add') { - if (GETPOST('cancel')) + if (GETPOST('cancel','alpha')) { $urltogo=$backtopage?$backtopage:dol_buildpath('/stock/list.php',1); header("Location: ".$urltogo); @@ -198,10 +198,10 @@ if (empty($reshook)) } // Cancel - if ($action == 'update' && GETPOST('cancel')) $action='view'; + if ($action == 'update' && GETPOST('cancel','alpha')) $action='view'; // Action to update record - if ($action == 'update' && ! GETPOST('cancel')) + if ($action == 'update' && ! GETPOST('cancel','alpha')) { $error=0; @@ -284,7 +284,6 @@ if ($action == 'create') print ''."\n"; // print ''; // - print ''; print ''; print ''; print ''; diff --git a/htdocs/product/stock/productlot_list.php b/htdocs/product/stock/productlot_list.php index 3cf1e022e7f..567d60911ae 100644 --- a/htdocs/product/stock/productlot_list.php +++ b/htdocs/product/stock/productlot_list.php @@ -45,7 +45,7 @@ $langs->load("users"); // Get parameters $id = GETPOST('id','int'); $action = GETPOST('action','alpha'); -$backtopage = GETPOST('backtopage'); +$backtopage = GETPOST('backtopage','alpha'); $myparam = GETPOST('myparam','alpha'); @@ -132,8 +132,8 @@ if (($id > 0 || ! empty($ref)) && $action != 'add') * Actions */ -if (GETPOST('cancel')) { $action='list'; $massaction=''; } -if (! GETPOST('confirmmassaction') && $massaction != 'confirm_presend') { $massaction=''; } +if (GETPOST('cancel','alpha')) { $action='list'; $massaction=''; } +if (! GETPOST('confirmmassaction','alpha') && $massaction != 'confirm_presend') { $massaction=''; } $parameters=array(); $reshook=$hookmanager->executeHooks('doActions',$parameters,$object,$action); // Note that $action and $object may have been modified by some hooks diff --git a/htdocs/projet/list.php b/htdocs/projet/list.php index 5d0af329952..657e6d610d3 100644 --- a/htdocs/projet/list.php +++ b/htdocs/projet/list.php @@ -148,8 +148,8 @@ $object = new Project($db); * Actions */ -if (GETPOST('cancel')) { $action='list'; $massaction=''; } -if (! GETPOST('confirmmassaction') && $massaction != 'presend' && $massaction != 'confirm_presend' && $massaction != 'confirm_createbills') { $massaction=''; } +if (GETPOST('cancel','alpha')) { $action='list'; $massaction=''; } +if (! GETPOST('confirmmassaction','alpha') && $massaction != 'presend' && $massaction != 'confirm_presend' && $massaction != 'confirm_createbills') { $massaction=''; } $parameters=array('socid'=>$socid); $reshook=$hookmanager->executeHooks('doActions',$parameters,$object,$action); // Note that $action and $object may have been modified by some hooks diff --git a/htdocs/projet/tasks.php b/htdocs/projet/tasks.php index c00e93e239f..41413645906 100644 --- a/htdocs/projet/tasks.php +++ b/htdocs/projet/tasks.php @@ -39,7 +39,7 @@ $id = GETPOST('id', 'int'); $ref = GETPOST('ref', 'alpha'); $taskref = GETPOST('taskref', 'alpha'); $backtopage=GETPOST('backtopage','alpha'); -$cancel=GETPOST('cancel'); +$cancel=GETPOST('cancel','alpha'); $search_user_id = GETPOST('search_user_id', 'int'); diff --git a/htdocs/projet/tasks/list.php b/htdocs/projet/tasks/list.php index 3d239921c60..c730fd074d5 100644 --- a/htdocs/projet/tasks/list.php +++ b/htdocs/projet/tasks/list.php @@ -138,8 +138,8 @@ $object = new Task($db); * Actions */ -if (GETPOST('cancel')) { $action='list'; $massaction=''; } -if (! GETPOST('confirmmassaction') && $massaction != 'presend' && $massaction != 'confirm_presend' && $massaction != 'confirm_createbills') { $massaction=''; } +if (GETPOST('cancel','alpha')) { $action='list'; $massaction=''; } +if (! GETPOST('confirmmassaction','alpha') && $massaction != 'presend' && $massaction != 'confirm_presend' && $massaction != 'confirm_createbills') { $massaction=''; } $parameters=array('socid'=>$socid); $reshook=$hookmanager->executeHooks('doActions',$parameters,$object,$action); // Note that $action and $object may have been modified by some hooks diff --git a/htdocs/public/members/new.php b/htdocs/public/members/new.php index 03c44514b01..2869d2254e7 100644 --- a/htdocs/public/members/new.php +++ b/htdocs/public/members/new.php @@ -546,13 +546,13 @@ if (empty($conf->global->SOCIETE_DISABLE_STATE)) print ''; } // EMail -print ''."\n"; +print ''."\n"; // Login if (empty($conf->global->ADHERENT_LOGIN_NOT_REQUIRED)) { - print ''."\n"; - print ''."\n"; - print ''."\n"; + print ''."\n"; + print ''."\n"; + print ''."\n"; } // Birthday print '
'.$langs->trans("Label").'
'.$langs->trans("Fieldentity").'
'.$langs->trans("Fieldfk_product").'
'.$langs->trans("Fieldbatch").'
'.$langs->trans("Fieldfk_user_creat").'
'.$langs->trans("Email").' *
'.$langs->trans("Email").' *
'.$langs->trans("Login").' *
'.$langs->trans("Password").' *
'.$langs->trans("PasswordAgain").' *
'.$langs->trans("Login").' *
'.$langs->trans("Password").' *
'.$langs->trans("PasswordAgain").' *
'.$langs->trans("DateToBirth").''; diff --git a/htdocs/resource/element_resource.php b/htdocs/resource/element_resource.php index a886dcf475b..9c89b516eff 100644 --- a/htdocs/resource/element_resource.php +++ b/htdocs/resource/element_resource.php @@ -108,7 +108,7 @@ if ($action == 'add_element_resource' && ! $cancel) } // Update ressource -if ($action == 'update_linked_resource' && $user->rights->resource->write && !GETPOST('cancel') ) +if ($action == 'update_linked_resource' && $user->rights->resource->write && !GETPOST('cancel','alpha') ) { $res = $object->fetch_element_resource($lineid); if($res) diff --git a/htdocs/societe/agenda.php b/htdocs/societe/agenda.php index 497b9593142..0dea66946ec 100644 --- a/htdocs/societe/agenda.php +++ b/htdocs/societe/agenda.php @@ -76,7 +76,7 @@ if ($reshook < 0) setEventMessages($hookmanager->error, $hookmanager->errors, 'e if (empty($reshook)) { // Cancel - if (GETPOST("cancel") && ! empty($backtopage)) + if (GETPOST('cancel','alpha') && ! empty($backtopage)) { header("Location: ".$backtopage); exit; diff --git a/htdocs/societe/card.php b/htdocs/societe/card.php index bc51fb39375..45101a79d45 100644 --- a/htdocs/societe/card.php +++ b/htdocs/societe/card.php @@ -56,7 +56,7 @@ if (! empty($conf->notification->enabled)) $langs->load("mails"); $mesg=''; $error=0; $errors=array(); $action = (GETPOST('action','aZ09') ? GETPOST('action','aZ09') : 'view'); -$cancel = GETPOST('cancel'); +$cancel = GETPOST('cancel','alpha'); $backtopage = GETPOST('backtopage','alpha'); $confirm = GETPOST('confirm'); $socid = GETPOST('socid','int'); @@ -421,7 +421,7 @@ if (empty($reshook)) else if (! empty($_FILES['photo']['name'])) $object->logo = dol_sanitizeFileName($_FILES['photo']['name']); // Check parameters - if (! GETPOST("cancel")) + if (! GETPOST('cancel','alpha')) { if (! empty($object->email) && ! isValidEMail($object->email)) { @@ -580,7 +580,7 @@ if (empty($reshook)) if ($action == 'update') { - if (GETPOST("cancel")) + if (GETPOST('cancel','alpha')) { if (! empty($backtopage)) { diff --git a/htdocs/societe/list.php b/htdocs/societe/list.php index 02b717feb9b..e23a457cea5 100644 --- a/htdocs/societe/list.php +++ b/htdocs/societe/list.php @@ -208,8 +208,8 @@ $object = new Societe($db); * Actions */ -if (GETPOST('cancel')) { $action='list'; $massaction=''; } -if (! GETPOST('confirmmassaction') && $massaction != 'presend' && $massaction != 'confirm_presend') { $massaction=''; } +if (GETPOST('cancel','alpha')) { $action='list'; $massaction=''; } +if (! GETPOST('confirmmassaction','alpha') && $massaction != 'presend' && $massaction != 'confirm_presend') { $massaction=''; } $parameters=array(); $reshook=$hookmanager->executeHooks('doActions',$parameters, $object, $action); // Note that $action and $object may have been modified by some hooks diff --git a/htdocs/supplier_proposal/card.php b/htdocs/supplier_proposal/card.php index 04d0a09a804..fda4eea65ea 100644 --- a/htdocs/supplier_proposal/card.php +++ b/htdocs/supplier_proposal/card.php @@ -434,7 +434,7 @@ if (empty($reshook)) } // Reopen proposal - else if ($action == 'confirm_reopen' && $user->rights->supplier_proposal->cloturer && ! GETPOST('cancel')) { + else if ($action == 'confirm_reopen' && $user->rights->supplier_proposal->cloturer && ! GETPOST('cancel','alpha')) { // prevent browser refresh from reopening proposal several times if ($object->statut == SupplierProposal::STATUS_SIGNED || $object->statut == SupplierProposal::STATUS_NOTSIGNED || $object->statut == SupplierProposal::STATUS_CLOSE) { $object->reopen($user, SupplierProposal::STATUS_VALIDATED); @@ -442,7 +442,7 @@ if (empty($reshook)) } // Close proposal - else if ($action == 'close' && $user->rights->supplier_proposal->cloturer && ! GETPOST('cancel')) { + else if ($action == 'close' && $user->rights->supplier_proposal->cloturer && ! GETPOST('cancel','alpha')) { // prevent browser refresh from reopening proposal several times if ($object->statut == SupplierProposal::STATUS_SIGNED) { $object->setStatut(SupplierProposal::STATUS_CLOSE); @@ -450,7 +450,7 @@ if (empty($reshook)) } // Set accepted/refused - else if ($action == 'setstatut' && $user->rights->supplier_proposal->cloturer && ! GETPOST('cancel')) { + else if ($action == 'setstatut' && $user->rights->supplier_proposal->cloturer && ! GETPOST('cancel','alpha')) { if (! GETPOST('statut')) { setEventMessages($langs->trans("ErrorFieldRequired", $langs->transnoentities("CloseAs")), null, 'errors'); $action = 'statut'; @@ -871,7 +871,7 @@ if (empty($reshook)) } } - else if ($action == 'updateligne' && $user->rights->supplier_proposal->creer && GETPOST('cancel') == $langs->trans('Cancel')) { + else if ($action == 'updateligne' && $user->rights->supplier_proposal->creer && GETPOST('cancel','alpha') == $langs->trans('Cancel')) { header('Location: ' . $_SERVER['PHP_SELF'] . '?id=' . $object->id); // Pour reaffichage de la fiche en cours d'edition exit(); } diff --git a/htdocs/supplier_proposal/list.php b/htdocs/supplier_proposal/list.php index f92c0e6305d..96d1079b92a 100644 --- a/htdocs/supplier_proposal/list.php +++ b/htdocs/supplier_proposal/list.php @@ -168,8 +168,8 @@ if (is_array($extrafields->attribute_label) && count($extrafields->attribute_lab * Actions */ -if (GETPOST('cancel')) { $action='list'; $massaction=''; } -if (! GETPOST('confirmmassaction') && $massaction != 'presend' && $massaction != 'confirm_presend') { $massaction=''; } +if (GETPOST('cancel','alpha')) { $action='list'; $massaction=''; } +if (! GETPOST('confirmmassaction','alpha') && $massaction != 'presend' && $massaction != 'confirm_presend') { $massaction=''; } $parameters=array('socid'=>$socid); $reshook=$hookmanager->executeHooks('doActions',$parameters,$object,$action); // Note that $action and $object may have been modified by some hooks @@ -420,7 +420,7 @@ if ($resql) { $langs->load("mails"); - if (! GETPOST('cancel')) + if (! GETPOST('cancel','alpha')) { $objecttmp=new SupplierProposal($db); $listofselectedid=array(); diff --git a/htdocs/user/card.php b/htdocs/user/card.php index 0eac875046b..a495290f47a 100644 --- a/htdocs/user/card.php +++ b/htdocs/user/card.php @@ -55,7 +55,7 @@ $mode = GETPOST('mode','alpha'); $confirm = GETPOST('confirm','alpha'); $subaction = GETPOST('subaction','alpha'); $group = GETPOST("group","int",3); -$cancel = GETPOST('cancel'); +$cancel = GETPOST('cancel','alpha'); // Users/Groups management only in master entity if transverse mode if (($action == 'create' || $action == 'adduserldap') && ! empty($conf->multicompany->enabled) && $conf->entity > 1 && $conf->global->MULTICOMPANY_TRANSVERSE_MODE) diff --git a/htdocs/user/clicktodial.php b/htdocs/user/clicktodial.php index 2ba3c67d0b4..64919029536 100644 --- a/htdocs/user/clicktodial.php +++ b/htdocs/user/clicktodial.php @@ -53,7 +53,7 @@ $reshook=$hookmanager->executeHooks('doActions',$parameters,$object,$action); if ($reshook < 0) setEventMessages($hookmanager->error, $hookmanager->errors, 'errors'); if (empty($reshook)) { - if ($action == 'update' && !GETPOST('cancel')) { + if ($action == 'update' && !GETPOST('cancel','alpha')) { $edituser = new User($db); $edituser->fetch($id); diff --git a/htdocs/user/group/index.php b/htdocs/user/group/index.php index 9624e462a71..f4b962fb86f 100644 --- a/htdocs/user/group/index.php +++ b/htdocs/user/group/index.php @@ -68,8 +68,8 @@ $fieldstosearchall = array( * Actions */ -if (GETPOST('cancel')) { $action='list'; $massaction=''; } -if (! GETPOST('confirmmassaction') && $massaction != 'presend' && $massaction != 'confirm_presend' && $massaction != 'confirm_createbills') { $massaction=''; } +if (GETPOST('cancel','alpha')) { $action='list'; $massaction=''; } +if (! GETPOST('confirmmassaction','alpha') && $massaction != 'presend' && $massaction != 'confirm_presend' && $massaction != 'confirm_createbills') { $massaction=''; } $parameters=array(); $reshook=$hookmanager->executeHooks('doActions',$parameters); // Note that $action and $object may have been modified by some hooks diff --git a/htdocs/user/index.php b/htdocs/user/index.php index f9989827021..04bbbcf8b81 100644 --- a/htdocs/user/index.php +++ b/htdocs/user/index.php @@ -135,8 +135,8 @@ if ($mode == 'employee') $search_employee=1; * Actions */ -if (GETPOST('cancel')) { $action='list'; $massaction=''; } -if (! GETPOST('confirmmassaction') && $massaction != 'presend' && $massaction != 'confirm_presend' && $massaction != 'confirm_createbills') { $massaction=''; } +if (GETPOST('cancel','alpha')) { $action='list'; $massaction=''; } +if (! GETPOST('confirmmassaction','alpha') && $massaction != 'presend' && $massaction != 'confirm_presend' && $massaction != 'confirm_createbills') { $massaction=''; } $parameters=array(); $reshook=$hookmanager->executeHooks('doActions',$parameters); // Note that $action and $object may have been modified by some hooks diff --git a/htdocs/user/passwordforgotten.php b/htdocs/user/passwordforgotten.php index 9c2aabd3654..43cb5097bba 100644 --- a/htdocs/user/passwordforgotten.php +++ b/htdocs/user/passwordforgotten.php @@ -48,19 +48,19 @@ $action=GETPOST('action', 'alpha'); $mode=$dolibarr_main_authentication; if (! $mode) $mode='http'; -$username = GETPOST('username'); -$passwordhash = GETPOST('passwordhash'); -$conf->entity = (GETPOST('entity') ? GETPOST('entity') : 1); +$username = GETPOST('username','alpha'); +$passwordhash = GETPOST('passwordhash','alpha'); +$conf->entity = (GETPOST('entity','int') ? GETPOST('entity','int') : 1); // Instantiate hooks of thirdparty module only if not already define $hookmanager->initHooks(array('passwordforgottenpage')); -if (GETPOST('dol_hide_leftmenu') || ! empty($_SESSION['dol_hide_leftmenu'])) $conf->dol_hide_leftmenu=1; -if (GETPOST('dol_hide_topmenu') || ! empty($_SESSION['dol_hide_topmenu'])) $conf->dol_hide_topmenu=1; -if (GETPOST('dol_optimize_smallscreen') || ! empty($_SESSION['dol_optimize_smallscreen'])) $conf->dol_optimize_smallscreen=1; -if (GETPOST('dol_no_mouse_hover') || ! empty($_SESSION['dol_no_mouse_hover'])) $conf->dol_no_mouse_hover=1; -if (GETPOST('dol_use_jmobile') || ! empty($_SESSION['dol_use_jmobile'])) $conf->dol_use_jmobile=1; +if (GETPOST('dol_hide_leftmenu','alpha') || ! empty($_SESSION['dol_hide_leftmenu'])) $conf->dol_hide_leftmenu=1; +if (GETPOST('dol_hide_topmenu','alpha') || ! empty($_SESSION['dol_hide_topmenu'])) $conf->dol_hide_topmenu=1; +if (GETPOST('dol_optimize_smallscreen','alpha') || ! empty($_SESSION['dol_optimize_smallscreen'])) $conf->dol_optimize_smallscreen=1; +if (GETPOST('dol_no_mouse_hover','alpha') || ! empty($_SESSION['dol_no_mouse_hover'])) $conf->dol_no_mouse_hover=1; +if (GETPOST('dol_use_jmobile','alpha') || ! empty($_SESSION['dol_use_jmobile'])) $conf->dol_use_jmobile=1; /** diff --git a/htdocs/variants/combinations.php b/htdocs/variants/combinations.php index 0ec1bf07b68..f5feba2e606 100644 --- a/htdocs/variants/combinations.php +++ b/htdocs/variants/combinations.php @@ -41,7 +41,7 @@ $massaction=GETPOST('massaction','alpha'); $show_files=GETPOST('show_files','int'); $confirm=GETPOST('confirm','alpha'); $toselect = GETPOST('toselect', 'array'); -$cancel = GETPOST('cancel'); +$cancel = GETPOST('cancel','alpha'); // Security check $fieldvalue = (! empty($id) ? $id : $ref);