diff --git a/htdocs/categories/fiche.php b/htdocs/categories/fiche.php index 893afea90e3..6cc51539721 100644 --- a/htdocs/categories/fiche.php +++ b/htdocs/categories/fiche.php @@ -34,13 +34,13 @@ $langs->load("categories"); $socid=GETPOST('socid'); if (!$user->rights->categorie->lire) accessforbidden(); -$action = GETPOST('action'); -$cancel = GETPOST('cancel'); -$origin = GETPOST('origin'); -$catorigin = GETPOST('catorigin'); -$nbcats = (GETPOST('choix') ? GETPOST('choix') : 1); -$type = GETPOST('type'); -$urlfrom = GETPOST("urlfrom"); +$action = GETPOST('action','alpha'); +$cancel = GETPOST('cancel','alpha'); +$origin = GETPOST('origin','alpha'); +$catorigin = GETPOST('catorigin','int'); +$nbcats = (GETPOST('choix') ? GETPOST('choix') : 1); // TODO not use ? +$type = GETPOST('type','alpha'); +$urlfrom = GETPOST('urlfrom','alpha'); if ($origin) { diff --git a/htdocs/core/lib/security2.lib.php b/htdocs/core/lib/security2.lib.php index 338efbb5e80..10846f14e16 100644 --- a/htdocs/core/lib/security2.lib.php +++ b/htdocs/core/lib/security2.lib.php @@ -209,7 +209,7 @@ function dol_loginfunction($langs,$conf,$mysoc) $sessiontimeout='DOLSESSTIMEOUT_'.$prefix; if (! empty($conf->global->MAIN_SESSION_TIMEOUT)) setcookie($sessiontimeout, $conf->global->MAIN_SESSION_TIMEOUT, 0, "/", '', 0); - if (GETPOST("urlfrom")) $_SESSION["urlfrom"]=GETPOST("urlfrom"); + if (GETPOST('urlfrom','alpha')) $_SESSION["urlfrom"]=GETPOST('urlfrom','alpha'); else unset($_SESSION["urlfrom"]); if (! GETPOST("username")) $focus_element='username'; diff --git a/htdocs/public/demo/index.php b/htdocs/public/demo/index.php index 9926d7f54fc..e5619c3db1e 100644 --- a/htdocs/public/demo/index.php +++ b/htdocs/public/demo/index.php @@ -222,7 +222,7 @@ if (GETPOST("action") == 'gotodemo') if ($disablestring) { $url=DOL_URL_ROOT.'/index.php?disablemodules='.$disablestring; - if (GETPOST("urlfrom")) $url.='&urlfrom='.GETPOST("urlfrom"); + if (GETPOST('urlfrom','alpha')) $url.='&urlfrom='.GETPOST('urlfrom','alpha'); header("Location: ".$url); exit; }