Wavyzz/dolibarr-fork
2
0
Fork 0
forked from Wavyzz/dolibarr
Code Pull Requests Activity

Fight against $_POST

Browse Source
This commit is contained in:
Laurent Destailleur
2020-11-30 14:47:07 +01:00
parent fa8b960520
commit 00ad6df395
51 changed files with 199 additions and 211 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
htdocs/accountancy/admin/accountmodel.php
View File

@@ -187,7 +187,7 @@ if (GETPOST('actionadd', 'alpha') || GETPOST('actionmodify', 'alpha'))
$msg .= $langs->transnoentities('ErrorFieldFormat', $langs->transnoentities('Code')).'<br>';
}*/
}
if (isset($_POST["country"]) && ($_POST["country"] == '0') && ($id != 2))
if (GETPOSTISSET("country") && (GETPOST("country") == '0') && ($id != 2))
{
$ok = 0;
setEventMessages($langs->transnoentities("ErrorFieldRequired", $langs->transnoentities("Country")), null, 'errors');

4
htdocs/accountancy/admin/card.php
View File

@@ -247,7 +247,7 @@ if ($action == 'create') {
// Chart of accounts type
print '<tr><td>'.$langs->trans("Pcgtype").'</td>';
print '<td>';
print '<input type="text" name="pcg_type" value="'.dol_escape_htmltag(isset($_POST['pcg_type']) ?GETPOST('pcg_type', 'alpha') : $object->pcg_type).'">';
print '<input type="text" name="pcg_type" value="'.dol_escape_htmltag(GETPOSTISSET('pcg_type') ? GETPOST('pcg_type', 'alpha') : $object->pcg_type).'">';
print '</td></tr>';
print '</table>';
@@ -309,7 +309,7 @@ if ($action == 'create') {
// Chart of accounts type
print '<tr><td>'.$langs->trans("Pcgtype").'</td>';
print '<td>';
print '<input type="text" name="pcg_type" value="'.dol_escape_htmltag(isset($_POST['pcg_type']) ?GETPOST('pcg_type', 'alpha') : $object->pcg_type).'">';
print '<input type="text" name="pcg_type" value="'.dol_escape_htmltag(GETPOSTISSET('pcg_type') ? GETPOST('pcg_type', 'alpha') : $object->pcg_type).'">';
print '</td></tr>';
print '</table>';

2
htdocs/accountancy/admin/categories_list.php
View File

@@ -168,7 +168,7 @@ if (GETPOST('actionadd', 'alpha') || GETPOST('actionmodify', 'alpha'))
setEventMessages($langs->transnoentities("ErrorFieldRequired", $langs->transnoentities($fieldnamekey)), null, 'errors');
}
}
if (isset($_POST["code"]))
if (GETPOSTISSET("code"))
{
if ($_POST["code"] == '0')
{

2
htdocs/accountancy/bookkeeping/list.php
View File

@@ -108,7 +108,7 @@ $hookmanager->initHooks(array('bookkeepinglist'));
$formaccounting = new FormAccounting($db);
$form = new Form($db);
if (!in_array($action, array('export_file', 'delmouv', 'delmouvconfirm')) && !GETPOSTISSET('begin') && !isset($_POST['formfilteraction']) && GETPOST('page', 'int') == '' && !GETPOST('noreset', 'int') && $user->rights->accounting->mouvements->export)
if (!in_array($action, array('export_file', 'delmouv', 'delmouvconfirm')) && !GETPOSTISSET('begin') && !GETPOSTISSET('formfilteraction') && GETPOST('page', 'int') == '' && !GETPOST('noreset', 'int') && $user->rights->accounting->mouvements->export)
{
if (empty($search_date_start) && empty($search_date_end) && !GETPOSTISSET('restore_lastsearch_values'))
{

18
htdocs/adherents/card.php
View File

@@ -382,14 +382,12 @@ if (empty($reshook)) {
if ($action == 'add' && $user->rights->adherent->creer) {
if ($canvas) $object->canvas = $canvas;
$birthdate = '';
if (isset($_POST["birthday"]) && $_POST["birthday"]
&& isset($_POST["birthmonth"]) && $_POST["birthmonth"]
&& isset($_POST["birthyear"]) && $_POST["birthyear"]) {
$birthdate = dol_mktime(12, 0, 0, $_POST["birthmonth"], $_POST["birthday"], $_POST["birthyear"]);
if (GETPOSTISSET("birthday") && GETPOST("birthday") && GETPOSTISSET("birthmonth") && GETPOST("birthmonth") && GETPOSTISSET("birthyear") && GETPOST("birthyear")) {
$birthdate = dol_mktime(12, 0, 0, GETPOST("birthmonth", 'int'), GETPOST("birthday", 'int'), GETPOST("birthyear", 'int'));
}
$datesubscription = '';
if (isset($_POST["reday"]) && isset($_POST["remonth"]) && isset($_POST["reyear"])) {
$datesubscription = dol_mktime(12, 0, 0, $_POST["remonth"], $_POST["reday"], $_POST["reyear"]);
if (GETPOSTISSET("reday") && GETPOSTISSET("remonth") && GETPOSTISSET("reyear")) {
$datesubscription = dol_mktime(12, 0, 0, GETPOST("remonth", 'int'), GETPOST("reday", "int"), GETPOST("reyear", "int"));
}
$typeid = GETPOST("typeid", 'int');
@@ -1075,7 +1073,7 @@ if (is_object($objcanvas) && $objcanvas->displayCanvasExists($action)) {
// Password
if (empty($conf->global->ADHERENT_LOGIN_NOT_REQUIRED)) {
print '<tr><td class="fieldrequired">'.$langs->trans("Password").'</td><td><input type="password" name="pass" class="minwidth300" maxlength="50" value="'.(isset($_POST["pass"]) ?GETPOST("pass", '', 2) : $object->pass).'"></td></tr>';
print '<tr><td class="fieldrequired">'.$langs->trans("Password").'</td><td><input type="password" name="pass" class="minwidth300" maxlength="50" value="'.(GETPOSTISSET("pass") ? GETPOST("pass", '', 2) : $object->pass).'"></td></tr>';
}
// Morphy
$morphys["phy"] = $langs->trans("Physical");
@@ -1134,7 +1132,7 @@ if (is_object($objcanvas) && $objcanvas->displayCanvasExists($action)) {
// EMail
print '<tr><td>'.($conf->global->ADHERENT_MAIL_REQUIRED ? '<span class="fieldrequired">' : '').$langs->trans("EMail").($conf->global->ADHERENT_MAIL_REQUIRED ? '</span>' : '').'</td>';
print '<td>'.img_picto('', 'object_email').' <input type="text" name="member_email" class="minwidth300" maxlength="255" value="'.(isset($_POST["member_email"]) ?GETPOST("member_email", '', 2) : $object->email).'"></td></tr>';
print '<td>'.img_picto('', 'object_email').' <input type="text" name="member_email" class="minwidth300" maxlength="255" value="'.(GETPOSTISSET("member_email") ? GETPOST("member_email", '', 2) : $object->email).'"></td></tr>';
// Address
print '<tr><td>'.$langs->trans("Address").'</td><td>';
@@ -1151,14 +1149,14 @@ if (is_object($objcanvas) && $objcanvas->displayCanvasExists($action)) {
// Country
//$object->country_id=$object->country_id?$object->country_id:$mysoc->country_id; // In edit mode we don't force to company country if not defined
print '<tr><td>'.$langs->trans('Country').'</td><td>';
print $form->select_country(isset($_POST["country_id"]) ? $_POST["country_id"] : $object->country_id, 'country_id');
print $form->select_country(GETPOSTISSET("country_id") ? GETPOST("country_id", "alpha") : $object->country_id, 'country_id');
if ($user->admin) print info_admin($langs->trans("YouCanChangeValuesForThisListFromDictionarySetup"), 1);
print '</td></tr>';
// State
if (empty($conf->global->MEMBER_DISABLE_STATE)) {
print '<tr><td>'.$langs->trans('State').'</td><td>';
print $formcompany->select_state($object->state_id, isset($_POST["country_id"]) ?GETPOST("country_id") : $object->country_id);
print $formcompany->select_state($object->state_id, GETPOSTISSET("country_id") ? GETPOST("country_id", "alpha") : $object->country_id);
print '</td></tr>';
}

13
htdocs/admin/boxes.php
View File

@@ -54,19 +54,18 @@ if ($action == 'addconst')
if ($action == 'add') {
$error = 0;
$boxids = GETPOST('boxid', 'array');
$db->begin();
if (isset($_POST['boxid']) && is_array($_POST['boxid']))
{
foreach ($_POST['boxid'] as $boxid)
{
if (is_array($boxids)) {
foreach ($boxids as $boxid) {
if (is_numeric($boxid['pos']) && $boxid['pos'] >= 0) // 0=Home, 1=...
{
$pos = $boxid['pos'];
// Initialize distinct fk_user with all already existing values of fk_user (user that use a personalized view of boxes for page "pos")
$distinctfkuser = array();
if (!$error)
{
if (!$error) {
$sql = "SELECT fk_user";
$sql .= " FROM ".MAIN_DB_PREFIX."user_param";
$sql .= " WHERE param = 'MAIN_BOXES_".$db->escape($pos)."' AND value = '1'";
@@ -146,7 +145,7 @@ if ($action == 'add') {
if ($action == 'delete')
{
$sql = "SELECT box_id FROM ".MAIN_DB_PREFIX."boxes";
$sql .= " WHERE rowid=".$rowid;
$sql .= " WHERE rowid=".((int) $rowid);
$resql = $db->query($sql);
$obj = $db->fetch_object($resql);

2
htdocs/admin/delais.php
View File

@@ -188,7 +188,7 @@ if ($action == 'update')
if (!empty($conf->global->MAIN_USE_METEO_WITH_PERCENTAGE)) $plus = '_PERCENTAGE';
// Update values
for ($i = 0; $i < 4; $i++) {
if (isset($_POST['MAIN_METEO'.$plus.'_LEVEL'.$i])) dolibarr_set_const($db, 'MAIN_METEO'.$plus.'_LEVEL'.$i, GETPOST('MAIN_METEO'.$plus.'_LEVEL'.$i, 'int'), 'chaine', 0, '', $conf->entity);
if (GETPOSTISSET('MAIN_METEO'.$plus.'_LEVEL'.$i)) dolibarr_set_const($db, 'MAIN_METEO'.$plus.'_LEVEL'.$i, GETPOST('MAIN_METEO'.$plus.'_LEVEL'.$i, 'int'), 'chaine', 0, '', $conf->entity);
}
}

6
htdocs/admin/dict.php
View File

@@ -690,7 +690,7 @@ if (GETPOST('actionadd') || GETPOST('actionmodify'))
if ($value == 'formula' && empty($_POST['formula'])) continue;
if ($value == 'dayrule' && empty($_POST['dayrule'])) continue;
if ($value == 'sortorder') continue; // For a column name 'sortorder', we use the field name 'position'
if ((!isset($_POST[$value]) || $_POST[$value] == '')
if ((!GETPOSTISSET($value) || GETPOST($value) == '')
&& (!in_array($listfield[$f], array('decalage', 'module', 'accountancy_code', 'accountancy_code_sell', 'accountancy_code_buy', 'tracking', 'picto')) // Fields that are not mandatory
&& (!($id == 10 && $listfield[$f] == 'code')) // Code is mandatory fir table 10
)
@@ -719,7 +719,7 @@ if (GETPOST('actionadd') || GETPOST('actionmodify'))
}
}
// Other checks
if (GETPOST('actionadd') && $tabname[$id] == MAIN_DB_PREFIX."c_actioncomm" && isset($_POST["type"]) && in_array($_POST["type"], array('system', 'systemauto'))) {
if (GETPOST('actionadd') && $tabname[$id] == MAIN_DB_PREFIX."c_actioncomm" && GETPOSTISSET("type") && in_array(GETPOST("type"), array('system', 'systemauto'))) {
$ok = 0;
setEventMessages($langs->transnoentities('ErrorReservedTypeSystemSystemAuto'), null, 'errors');
}
@@ -757,7 +757,7 @@ if (GETPOST('actionadd') || GETPOST('actionmodify'))
if ($_POST["accountancy_code"] <= 0) $_POST["accountancy_code"] = ''; // If empty, we force to null
if ($_POST["accountancy_code_sell"] <= 0) $_POST["accountancy_code_sell"] = ''; // If empty, we force to null
if ($_POST["accountancy_code_buy"] <= 0) $_POST["accountancy_code_buy"] = ''; // If empty, we force to null
if ($id == 10 && isset($_POST["code"])) // Spaces are not allowed into code
if ($id == 10 && GETPOSTISSET("code")) // Spaces are not allowed into code
{
$_POST["code"] = preg_replace('/\s/', '', $_POST["code"]);
}

14
htdocs/admin/mails.php
View File

@@ -856,8 +856,8 @@ if ($action == 'edit')
include_once DOL_DOCUMENT_ROOT.'/core/class/html.formmail.class.php';
$formmail = new FormMail($db);
$formmail->trackid = (($action == 'testhtml') ? "testhtml" : "test");
$formmail->fromname = (isset($_POST['fromname']) ? $_POST['fromname'] : $conf->global->MAIN_MAIL_EMAIL_FROM);
$formmail->frommail = (isset($_POST['frommail']) ? $_POST['frommail'] : $conf->global->MAIN_MAIL_EMAIL_FROM);
$formmail->fromname = (GETPOSTISSET('fromname') ? $_POST['fromname'] : $conf->global->MAIN_MAIL_EMAIL_FROM);
$formmail->frommail = (GETPOSTISSET('frommail') ? $_POST['frommail'] : $conf->global->MAIN_MAIL_EMAIL_FROM);
$formmail->fromid = $user->id;
$formmail->fromalsorobot = 1;
$formmail->fromtype = (GETPOSTISSET('fromtype') ?GETPOST('fromtype', 'aZ09') : (!empty($conf->global->MAIN_MAIL_DEFAULT_FROMTYPE) ? $conf->global->MAIN_MAIL_DEFAULT_FROMTYPE : 'user'));
@@ -865,13 +865,13 @@ if ($action == 'edit')
$formmail->withsubstit = 1;
$formmail->withfrom = 1;
$formmail->witherrorsto = 1;
$formmail->withto = (!empty($_POST['sendto']) ? $_POST['sendto'] : ($user->email ? $user->email : 1));
$formmail->withtocc = (!empty($_POST['sendtocc']) ? $_POST['sendtocc'] : 1); // ! empty to keep field if empty
$formmail->withtoccc = (!empty($_POST['sendtoccc']) ? $_POST['sendtoccc'] : 1); // ! empty to keep field if empty
$formmail->withtopic = (isset($_POST['subject']) ? $_POST['subject'] : $langs->trans("Test"));
$formmail->withto = (!empty($_POST['sendto']) ? GETPOST('sendto', 'restricthtml') : ($user->email ? $user->email : 1));
$formmail->withtocc = (!empty($_POST['sendtocc']) ? GETPOST('sendtocc', 'restricthtml') : 1); // ! empty to keep field if empty
$formmail->withtoccc = (!empty($_POST['sendtoccc']) ? GETPOST('sendtoccc', 'restricthtml') : 1); // ! empty to keep field if empty
$formmail->withtopic = (GETPOSTISSET('subject') ? GETPOST('subject') : $langs->trans("Test"));
$formmail->withtopicreadonly = 0;
$formmail->withfile = 2;
$formmail->withbody = (isset($_POST['message']) ? $_POST['message'] : ($action == 'testhtml' ? $langs->transnoentities("PredefinedMailTestHtml") : $langs->transnoentities("PredefinedMailTest")));
$formmail->withbody = (GETPOSTISSET('message') ? GETPOST('message', 'restricthtml') : ($action == 'testhtml' ? $langs->transnoentities("PredefinedMailTestHtml") : $langs->transnoentities("PredefinedMailTest")));
$formmail->withbodyreadonly = 0;
$formmail->withcancel = 1;
$formmail->withdeliveryreceipt = 1;

14
htdocs/admin/mails_emailing.php
View File

@@ -564,20 +564,20 @@ if ($action == 'edit')
// Cree l'objet formulaire mail
include_once DOL_DOCUMENT_ROOT.'/core/class/html.formmail.class.php';
$formmail = new FormMail($db);
$formmail->fromname = (isset($_POST['fromname']) ? $_POST['fromname'] : $conf->global->MAIN_MAIL_EMAIL_FROM);
$formmail->frommail = (isset($_POST['frommail']) ? $_POST['frommail'] : $conf->global->MAIN_MAIL_EMAIL_FROM);
$formmail->fromname = (GETPOSTISSET('fromname') ? GETPOST('fromname', 'restricthtml') : $conf->global->MAIN_MAIL_EMAIL_FROM);
$formmail->frommail = (GETPOSTISSET('frommail') ? GETPOST('frommail', 'restricthtml') : $conf->global->MAIN_MAIL_EMAIL_FROM);
$formmail->trackid = (($action == 'testhtml') ? "testhtml" : "test");
$formmail->withfromreadonly = 0;
$formmail->withsubstit = 0;
$formmail->withfrom = 1;
$formmail->witherrorsto = 1;
$formmail->withto = (!empty($_POST['sendto']) ? $_POST['sendto'] : ($user->email ? $user->email : 1));
$formmail->withtocc = (!empty($_POST['sendtocc']) ? $_POST['sendtocc'] : 1); // ! empty to keep field if empty
$formmail->withtoccc = (!empty($_POST['sendtoccc']) ? $_POST['sendtoccc'] : 1); // ! empty to keep field if empty
$formmail->withtopic = (isset($_POST['subject']) ? $_POST['subject'] : $langs->trans("Test"));
$formmail->withto = (!GETPOST('sendto') ? GETPOST('sendto', 'restricthtml') : ($user->email ? $user->email : 1));
$formmail->withtocc = (!GETPOST(['sendtocc']) ? GETPOST('sendtocc', 'restricthtml') : 1); // ! empty to keep field if empty
$formmail->withtoccc = (!GETPOST(['sendtoccc']) ? GETPOST('sendtoccc', 'restricthtml') : 1); // ! empty to keep field if empty
$formmail->withtopic = (GETPOSTISSET('subject') ? GETPOST('subject') : $langs->trans("Test"));
$formmail->withtopicreadonly = 0;
$formmail->withfile = 2;
$formmail->withbody = (isset($_POST['message']) ? $_POST['message'] : ($action == 'testhtml' ? $langs->transnoentities("PredefinedMailTestHtml") : $langs->transnoentities("PredefinedMailTest")));
$formmail->withbody = (GETPOSTISSET('message') ? GETPOST('message', 'restricthtml') : ($action == 'testhtml' ? $langs->transnoentities("PredefinedMailTestHtml") : $langs->transnoentities("PredefinedMailTest")));
$formmail->withbodyreadonly = 0;
$formmail->withcancel = 1;
$formmail->withdeliveryreceipt = 1;

2
htdocs/admin/mails_templates.php
View File

@@ -271,7 +271,7 @@ if (empty($reshook)) {
// Rename some POST variables into a generic name
if (GETPOST('actionmodify', 'alpha') && $value == 'topic') $_POST['topic'] = $_POST['topic-'.$rowid];
if ((!isset($_POST[$value]) || $_POST[$value] == '' || $_POST[$value] == '-1') && $value != 'lang' && $value != 'fk_user' && $value != 'position')
if ((!GETPOSTISSET($value) || GETPOST($value) == '' || GETPOST($value) == '-1') && $value != 'lang' && $value != 'fk_user' && $value != 'position')
{
$ok = 0;
$fieldnamekey = $listfield[$f];

14
htdocs/admin/mails_ticket.php
View File

@@ -530,20 +530,20 @@ if ($action == 'edit')
// Cree l'objet formulaire mail
include_once DOL_DOCUMENT_ROOT.'/core/class/html.formmail.class.php';
$formmail = new FormMail($db);
$formmail->fromname = (isset($_POST['fromname']) ? $_POST['fromname'] : $conf->global->MAIN_MAIL_EMAIL_FROM);
$formmail->frommail = (isset($_POST['frommail']) ? $_POST['frommail'] : $conf->global->MAIN_MAIL_EMAIL_FROM);
$formmail->fromname = (GETPOSTISSET('fromname') ? $_POST['fromname'] : $conf->global->MAIN_MAIL_EMAIL_FROM);
$formmail->frommail = (GETPOSTISSET('frommail') ? $_POST['frommail'] : $conf->global->MAIN_MAIL_EMAIL_FROM);
$formmail->trackid = (($action == 'testhtml') ? "testhtml" : "test");
$formmail->withfromreadonly = 0;
$formmail->withsubstit = 0;
$formmail->withfrom = 1;
$formmail->witherrorsto = 1;
$formmail->withto = (!empty($_POST['sendto']) ? $_POST['sendto'] : ($user->email ? $user->email : 1));
$formmail->withtocc = (!empty($_POST['sendtocc']) ? $_POST['sendtocc'] : 1); // ! empty to keep field if empty
$formmail->withtoccc = (!empty($_POST['sendtoccc']) ? $_POST['sendtoccc'] : 1); // ! empty to keep field if empty
$formmail->withtopic = (isset($_POST['subject']) ? $_POST['subject'] : $langs->trans("Test"));
$formmail->withto = (!empty($_POST['sendto']) ? GETPOST('sendto', 'restricthtml') : ($user->email ? $user->email : 1));
$formmail->withtocc = (!empty($_POST['sendtocc']) ? GETPOST('sendtocc', 'restricthtml') : 1); // ! empty to keep field if empty
$formmail->withtoccc = (!empty($_POST['sendtoccc']) ? GETPOST('sendtoccc', 'restricthtml') : 1); // ! empty to keep field if empty
$formmail->withtopic = (GETPOSTISSET('subject') ? GETPOST('subject') : $langs->trans("Test"));
$formmail->withtopicreadonly = 0;
$formmail->withfile = 2;
$formmail->withbody = (isset($_POST['message']) ? $_POST['message'] : ($action == 'testhtml' ? $langs->transnoentities("PredefinedMailTestHtml") : $langs->transnoentities("PredefinedMailTest")));
$formmail->withbody = (GETPOSTISSET('message') ? GETPOST('message', 'restricthtml') : ($action == 'testhtml' ? $langs->transnoentities("PredefinedMailTestHtml") : $langs->transnoentities("PredefinedMailTest")));
$formmail->withbodyreadonly = 0;
$formmail->withcancel = 1;
$formmail->withdeliveryreceipt = 1;

2
htdocs/admin/proxy.php
View File

@@ -135,7 +135,7 @@ print '<tr class="oddeven">';
print '<td>'.$langs->trans("ConnectionTimeout").'</td><td class="right">';
print '</td>';
print '<td class="nowrap">';
print '<input class="flat" name="MAIN_USE_CONNECT_TIMEOUT" type="text" size="4" value="'.(isset($_POST["MAIN_USE_CONNECT_TIMEOUT"]) ?GETPOST("MAIN_USE_CONNECT_TIMEOUT") : $conf->global->MAIN_USE_CONNECT_TIMEOUT).'">';
print '<input class="flat" name="MAIN_USE_CONNECT_TIMEOUT" type="text" size="4" value="'.(GETPOSTISSET("MAIN_USE_CONNECT_TIMEOUT") ? GETPOST("MAIN_USE_CONNECT_TIMEOUT") : $conf->global->MAIN_USE_CONNECT_TIMEOUT).'">';
print ' '.strtolower($langs->trans("Seconds"));
print '</td>';
print '</tr>';

11
htdocs/admin/syslog.php
View File

@@ -85,7 +85,7 @@ if ($action == 'set')
$db->begin();
$newActiveModules = array();
$selectedModules = (isset($_POST['SYSLOG_HANDLERS']) ? $_POST['SYSLOG_HANDLERS'] : array());
$selectedModules = (GETPOSTISSET('SYSLOG_HANDLERS') ? GETPOST('SYSLOG_HANDLERS') : array());
// Save options of handler
foreach ($syslogModules as $syslogHandler)
@@ -97,11 +97,10 @@ if ($action == 'set')
if (in_array($syslogHandler, $selectedModules)) $newActiveModules[] = $syslogHandler;
foreach ($module->configure() as $option)
{
if (isset($_POST[$option['constant']]))
if (GETPOSTISSET($option['constant']))
{
$_POST[$option['constant']] = trim($_POST[$option['constant']]);
dolibarr_del_const($db, $option['constant'], -1);
dolibarr_set_const($db, $option['constant'], $_POST[$option['constant']], 'chaine', 0, '', 0);
dolibarr_set_const($db, $option['constant'], trim(GETPOST($option['constant'])), 'chaine', 0, '', 0);
}
}
}
@@ -229,7 +228,7 @@ foreach ($syslogModules as $moduleName)
$tmpoption = $option['constant'];
if (!empty($tmpoption))
{
if (isset($_POST[$tmpoption])) $value = $_POST[$tmpoption];
if (GETPOSTISSET($tmpoption)) $value = GETPOST($tmpoption);
elseif (!empty($conf->global->$tmpoption)) $value = $conf->global->$tmpoption;
} else $value = (isset($option['default']) ? $option['default'] : '');
@@ -240,7 +239,7 @@ foreach ($syslogModules as $moduleName)
{
$filelogparam = ' (<a href="'.DOL_URL_ROOT.'/document.php?modulepart=logs&file='.basename($value).'">';
$filelogparam .= $langs->trans('Download');
$filelogparam .= $filelog.'</a>)';
$filelogparam .= ' '.basename($value).'</a>)';
print $filelogparam;
}
}

2
htdocs/admin/system/phpinfo.php
View File

@@ -93,7 +93,7 @@ if (versioncompare(versionphparray(), $arrayphpminversionerror) < 0)
print '</td></tr>';
print '<tr><td>GET and POST support</td><td>';
if (!isset($_GET["testget"]) && !isset($_POST["testpost"]) && !isset($_GET["mainmenu"]))
if (!isset($_GET["testget"]) && !isset($_POST["testpost"]) && !isset($_GET["mainmenu"])) // We must keep $_GET and $_POST here
{
print '<img src="'.$WarningPicturePath.'" alt="Warning"> '.$langs->trans("PHPSupportPOSTGETKo");
print ' (<a href="'.$_SERVER["PHP_SELF"].'?testget=ok">'.$langs->trans("Recheck").'</a>)';

8
htdocs/comm/action/card.php
View File

@@ -280,7 +280,7 @@ if (empty($reshook) && $action == 'add')
}
}
}
$object->fk_project = isset($_POST["projectid"]) ? $_POST["projectid"] : 0;
$object->fk_project = GETPOSTISSET("projectid") ? GETPOST("projectid", 'int') : 0;
$taskid = GETPOST('taskid', 'int');
if (!empty($taskid)) {
@@ -324,7 +324,7 @@ if (empty($reshook) && $action == 'add')
$object->note_private = trim(GETPOST("note", "restricthtml"));
if (isset($_POST["contactid"])) $object->contact = $contact;
if (GETPOSTISSET("contactid")) $object->contact = $contact;
if (GETPOST('socid', 'int') > 0)
{
@@ -1051,8 +1051,8 @@ if ($action == 'create')
print '<tr><td>'.$langs->trans("Status").' / '.$langs->trans("Percentage").'</td>';
print '<td>';
$percent = -1;
if (isset($_GET['status']) || isset($_POST['status'])) $percent = GETPOST('status');
elseif (isset($_GET['percentage']) || isset($_POST['percentage'])) $percent = GETPOST('percentage');
if (GETPOSTISSET('status')) $percent = GETPOST('status');
elseif (GETPOSTISSET('percentage')) $percent = GETPOST('percentage');
else {
if (GETPOST('complete') == '0' || GETPOST("afaire") == 1) $percent = '0';
elseif (GETPOST('complete') == 100 || GETPOST("afaire") == 2) $percent = 100;

2
htdocs/comm/action/index.php
View File

@@ -336,7 +336,7 @@ if ($status == 'todo') $title = $langs->trans("ToDoActions");
*/
$param = '';
if ($actioncode || isset($_GET['search_actioncode']) || isset($_POST['search_actioncode'])) {
if ($actioncode || GETPOSTISSET('search_actioncode')) {
if (is_array($actioncode)) {
foreach ($actioncode as $str_action) $param .= "&search_actioncode[]=".urlencode($str_action);
} else $param .= "&search_actioncode=".urlencode($actioncode);

8
htdocs/comm/action/pertype.php
View File

@@ -122,8 +122,8 @@ $tmparray = explode('-', $tmp);
$begin_d = 1;
$end_d = 53;
if ($status == '' && !isset($_GET['status']) && !isset($_POST['status'])) $status = (empty($conf->global->AGENDA_DEFAULT_FILTER_STATUS) ? '' : $conf->global->AGENDA_DEFAULT_FILTER_STATUS);
if (empty($action) && !isset($_GET['action']) && !isset($_POST['action'])) $action = (empty($conf->global->AGENDA_DEFAULT_VIEW) ? 'show_month' : $conf->global->AGENDA_DEFAULT_VIEW);
if ($status == '' && !GETPOSTISSET('status')) $status = (empty($conf->global->AGENDA_DEFAULT_FILTER_STATUS) ? '' : $conf->global->AGENDA_DEFAULT_FILTER_STATUS);
if (empty($action) && !GETPOSTISSET('action')) $action = (empty($conf->global->AGENDA_DEFAULT_VIEW) ? 'show_month' : $conf->global->AGENDA_DEFAULT_VIEW);
if (GETPOST('viewcal', 'alpha') && $action != 'show_day' && $action != 'show_week' && $action != 'show_peruser') {
$action = 'show_month'; $day = '';
@@ -227,13 +227,13 @@ if ($status == 'done') $title = $langs->trans("DoneActions");
if ($status == 'todo') $title = $langs->trans("ToDoActions");
$param = '';
if ($actioncode || isset($_GET['search_actioncode']) || isset($_POST['search_actioncode'])) {
if ($actioncode || GETPOSTISSET('search_actioncode')) {
if (is_array($actioncode)) {
foreach ($actioncode as $str_action) $param .= "&search_actioncode[]=".urlencode($str_action);
} else $param .= "&search_actioncode=".urlencode($actioncode);
}
if ($resourceid > 0) $param .= "&search_resourceid=".urlencode($resourceid);
if ($status || isset($_GET['status']) || isset($_POST['status'])) $param .= "&search_status=".urlencode($status);
if ($status || GETPOSTISSET('status')) $param .= "&search_status=".urlencode($status);
if ($filter) $param .= "&search_filter=".urlencode($filter);
if ($filtert) $param .= "&search_filtert=".urlencode($filtert);
if ($usergroup) $param .= "&search_usergroup=".urlencode($usergroup);

8
htdocs/comm/action/peruser.php
View File

@@ -125,8 +125,8 @@ if ($begin_d < 1 || $begin_d > 7) $begin_d = 1;
if ($end_d < 1 || $end_d > 7) $end_d = 7;
if ($end_d < $begin_d) $end_d = $begin_d + 1;
if ($status == '' && !isset($_GET['status']) && !isset($_POST['status'])) $status = (empty($conf->global->AGENDA_DEFAULT_FILTER_STATUS) ? '' : $conf->global->AGENDA_DEFAULT_FILTER_STATUS);
if (empty($action) && !isset($_GET['action']) && !isset($_POST['action'])) $action = (empty($conf->global->AGENDA_DEFAULT_VIEW) ? 'show_month' : $conf->global->AGENDA_DEFAULT_VIEW);
if ($status == '' && !GETPOSTISSET('status')) $status = (empty($conf->global->AGENDA_DEFAULT_FILTER_STATUS) ? '' : $conf->global->AGENDA_DEFAULT_FILTER_STATUS);
if (empty($action) && !GETPOSTISSET('action')) $action = (empty($conf->global->AGENDA_DEFAULT_VIEW) ? 'show_month' : $conf->global->AGENDA_DEFAULT_VIEW);
if (GETPOST('viewcal', 'alpha') && $action != 'show_day' && $action != 'show_week' && $action != 'show_peruser') {
$action = 'show_month'; $day = '';
@@ -227,13 +227,13 @@ if ($status == 'done') $title = $langs->trans("DoneActions");
if ($status == 'todo') $title = $langs->trans("ToDoActions");
$param = '';
if ($actioncode || isset($_GET['search_actioncode']) || isset($_POST['search_actioncode'])) {
if ($actioncode || GETPOSTISSET('search_actioncode')) {
if (is_array($actioncode)) {
foreach ($actioncode as $str_action) $param .= "&search_actioncode[]=".urlencode($str_action);
} else $param .= "&search_actioncode=".urlencode($actioncode);
}
if ($resourceid > 0) $param .= "&search_resourceid=".urlencode($resourceid);
if ($status || isset($_GET['status']) || isset($_POST['status'])) $param .= "&search_status=".urlencode($status);
if ($status || GETPOSTISSET('status')) $param .= "&search_status=".urlencode($status);
if ($filter) $param .= "&search_filter=".urlencode($filter);
if ($filtert) $param .= "&search_filtert=".urlencode($filtert);
if ($usergroup) $param .= "&search_usergroup=".urlencode($usergroup);

15
htdocs/compta/bank/bankentries_list.php
View File

@@ -225,17 +225,16 @@ if ((GETPOST('confirm_savestatement', 'alpha') || GETPOST('confirm_reconcile', '
if ($num_releve)
{
$bankline = new AccountLine($db);
if (isset($_POST['rowid']) && is_array($_POST['rowid']))
{
foreach ($_POST['rowid'] as $row)
{
if ($row > 0)
{
$rowids = GETPOST('rowid', 'array');
if (!empty($rowids) && is_array($rowids)) {
foreach ($rowids as $row) {
if ($row > 0) {
$result = $bankline->fetch($row);
$bankline->num_releve = $num_releve; //$_POST["num_releve"];
$result = $bankline->update_conciliation($user, GETPOST("cat"), GETPOST('confirm_reconcile', 'alpha') ? 1 : 0); // If we confirm_reconcile, we set flag 'rappro' to 1.
if ($result < 0)
{
if ($result < 0) {
setEventMessages($bankline->error, $bankline->errors, 'errors');
$error++;
break;

31
htdocs/compta/bank/card.php
View File

@@ -346,7 +346,7 @@ if ($action == 'create')
// Type
print '<tr><td class="fieldrequired">'.$langs->trans("AccountType").'</td>';
print '<td>';
$formbank->selectTypeOfBankAccount(isset($_POST["type"]) ? $_POST["type"] : Account::TYPE_CURRENT, "type");
$formbank->selectTypeOfBankAccount(GETPOSTISSET("type") ? GETPOST("type") : Account::TYPE_CURRENT, "type");
print '</td></tr>';
// Currency
@@ -354,7 +354,7 @@ if ($action == 'create')
print '<td>';
$selectedcode = $object->currency_code;
if (!$selectedcode) $selectedcode = $conf->currency;
print $form->selectCurrency((isset($_POST["account_currency_code"]) ? $_POST["account_currency_code"] : $selectedcode), 'account_currency_code');
print $form->selectCurrency((GETPOSTISSET("account_currency_code") ? GETPOST("account_currency_code") : $selectedcode), 'account_currency_code');
//print $langs->trans("Currency".$conf->currency);
//print '<input type="hidden" name="account_currency_code" value="'.$conf->currency.'">';
print '</td></tr>';
@@ -367,9 +367,8 @@ if ($action == 'create')
// Country
$selectedcode = '';
if (isset($_POST["account_country_id"]))
{
$selectedcode = $_POST["account_country_id"] ? $_POST["account_country_id"] : $object->country_code;
if (GETPOSTISSET("account_country_id")) {
$selectedcode = GETPOST("account_country_id") ? GETPOST("account_country_id") : $object->country_code;
} elseif (empty($selectedcode)) $selectedcode = $mysoc->country_code;
$object->country_code = getCountry($selectedcode, 2); // Force country code on account to have following field on bank fields matching country rules
@@ -383,7 +382,7 @@ if ($action == 'create')
print '<tr><td>'.$langs->trans('State').'</td><td>';
if ($selectedcode)
{
$formcompany->select_departement(isset($_POST["account_state_id"]) ? $_POST["account_state_id"] : '', $selectedcode, 'account_state_id');
$formcompany->select_departement(GETPOSTISSET("account_state_id") ? GETPOST("account_state_id") : '', $selectedcode, 'account_state_id');
} else {
print $countrynotdefined;
}
@@ -818,16 +817,16 @@ if ($action == 'create')
// Ref
print '<tr><td class="fieldrequired titlefieldcreate">'.$langs->trans("Ref").'</td>';
print '<td><input type="text" class="flat maxwidth200" name="ref" value="'.dol_escape_htmltag(isset($_POST["ref"]) ?GETPOST("ref") : $object->ref).'"></td></tr>';
print '<td><input type="text" class="flat maxwidth200" name="ref" value="'.dol_escape_htmltag(GETPOSTISSET("ref") ? GETPOST("ref") : $object->ref).'"></td></tr>';
// Label
print '<tr><td class="fieldrequired">'.$langs->trans("Label").'</td>';
print '<td><input type="text" class="flat minwidth300" name="label" value="'.dol_escape_htmltag(isset($_POST["label"]) ?GETPOST("label") : $object->label).'"></td></tr>';
print '<td><input type="text" class="flat minwidth300" name="label" value="'.dol_escape_htmltag(GETPOSTISSET("label") ? GETPOST("label") : $object->label).'"></td></tr>';
// Type
print '<tr><td class="fieldrequired">'.$langs->trans("AccountType").'</td>';
print '<td class="maxwidth200onsmartphone">';
$formbank->selectTypeOfBankAccount((isset($_POST["type"]) ? $_POST["type"] : $object->type), "type");
$formbank->selectTypeOfBankAccount((GETPOSTISSET("type") ? GETPOST("type") : $object->type), "type");
print '</td></tr>';
// Currency
@@ -837,7 +836,7 @@ if ($action == 'create')
print '<td class="maxwidth200onsmartphone">';
$selectedcode = $object->currency_code;
if (!$selectedcode) $selectedcode = $conf->currency;
print $form->selectCurrency((isset($_POST["account_currency_code"]) ? $_POST["account_currency_code"] : $selectedcode), 'account_currency_code');
print $form->selectCurrency((GETPOSTISSET("account_currency_code") ? GETPOST("account_currency_code") : $selectedcode), 'account_currency_code');
//print $langs->trans("Currency".$conf->currency);
//print '<input type="hidden" name="account_currency_code" value="'.$conf->currency.'">';
print '</td></tr>';
@@ -845,13 +844,13 @@ if ($action == 'create')
// Status
print '<tr><td class="fieldrequired">'.$langs->trans("Status").'</td>';
print '<td class="maxwidth200onsmartphone">';
print $form->selectarray("clos", $object->status, (isset($_POST["clos"]) ? $_POST["clos"] : $object->clos));
print $form->selectarray("clos", $object->status, (GETPOSTISSET("clos") ? GETPOST("clos") : $object->clos));
print '</td></tr>';
// Country
$object->country_id = $object->country_id ? $object->country_id : $mysoc->country_id;
$selectedcode = $object->country_code;
if (isset($_POST["account_country_id"])) $selectedcode = $_POST["account_country_id"];
if (GETPOSTISSET("account_country_id")) $selectedcode = GETPOST("account_country_id");
elseif (empty($selectedcode)) $selectedcode = $mysoc->country_code;
$object->country_code = getCountry($selectedcode, 2); // Force country code on account to have following field on bank fields matching country rules
@@ -865,7 +864,7 @@ if ($action == 'create')
print '<tr><td>'.$langs->trans('State').'</td><td class="maxwidth200onsmartphone">';
if ($selectedcode)
{
print $formcompany->select_state(isset($_POST["account_state_id"]) ? $_POST["account_state_id"] : $object->state_id, $selectedcode, 'account_state_id');
print $formcompany->select_state(GETPOSTISSET("account_state_id") ? GETPOST("account_state_id") : $object->state_id, $selectedcode, 'account_state_id');
} else {
print $countrynotdefined;
}
@@ -882,14 +881,14 @@ if ($action == 'create')
// Balance
print '<tr><td>'.$langs->trans("BalanceMinimalAllowed").'</td>';
print '<td><input size="12" type="text" class="flat" name="account_min_allowed" value="'.(isset($_POST["account_min_allowed"]) ?GETPOST("account_min_allowed") : $object->min_allowed).'"></td></tr>';
print '<td><input size="12" type="text" class="flat" name="account_min_allowed" value="'.(GETPOSTISSET("account_min_allowed") ? GETPOST("account_min_allowed") : $object->min_allowed).'"></td></tr>';
print '<tr><td>'.$langs->trans("BalanceMinimalDesired").'</td>';
print '<td><input size="12" type="text" class="flat" name="account_min_desired" value="'.(isset($_POST["account_min_desired"]) ?GETPOST("account_min_desired") : $object->min_desired).'"></td></tr>';
print '<td><input size="12" type="text" class="flat" name="account_min_desired" value="'.(GETPOSTISSET("account_min_desired") ? GETPOST("account_min_desired") : $object->min_desired).'"></td></tr>';
// Web
print '<tr><td>'.$langs->trans("Web").'</td>';
print '<td><input class="maxwidth200onsmartphone" type="text" class="flat" name="url" value="'.(isset($_POST["url"]) ?GETPOST("url") : $object->url).'">';
print '<td><input class="maxwidth200onsmartphone" type="text" class="flat" name="url" value="'.(GETPOSTISSET("url") ? GETPOST("url") : $object->url).'">';
print '</td></tr>';
// Tags-Categories

18
htdocs/compta/bank/line.php
View File

@@ -139,17 +139,17 @@ if ($user->rights->banque->modifier && $action == "update")
$sql = "UPDATE ".MAIN_DB_PREFIX."bank";
$sql .= " SET ";
// Always opened
if (isset($_POST['value'])) $sql .= " fk_type='".$db->escape(GETPOST('value'))."',";
if (isset($_POST['num_chq'])) $sql .= " num_chq='".$db->escape(GETPOST("num_chq"))."',";
if (isset($_POST['banque'])) $sql .= " banque='".$db->escape(GETPOST("banque"))."',";
if (isset($_POST['emetteur'])) $sql .= " emetteur='".$db->escape(GETPOST("emetteur"))."',";
if (GETPOSTISSET('value')) $sql .= " fk_type='".$db->escape(GETPOST('value'))."',";
if (GETPOSTISSET('num_chq')) $sql .= " num_chq='".$db->escape(GETPOST("num_chq"))."',";
if (GETPOSTISSET('banque')) $sql .= " banque='".$db->escape(GETPOST("banque"))."',";
if (GETPOSTISSET('emetteur')) $sql .= " emetteur='".$db->escape(GETPOST("emetteur"))."',";
// Blocked when conciliated
if (!$acline->rappro)
{
if (isset($_POST['label'])) $sql .= " label = '".$db->escape(GETPOST("label"))."',";
if (isset($_POST['amount'])) $sql .= " amount= '".$db->escape($amount)."',";
if (isset($_POST['dateomonth'])) $sql .= " dateo = '".$db->idate($dateop)."',";
if (isset($_POST['datevmonth'])) $sql .= " datev = '".$db->idate($dateval)."',";
if (GETPOSTISSET('label')) $sql .= " label = '".$db->escape(GETPOST("label"))."',";
if (GETPOSTISSET('amount')) $sql .= " amount= '".$db->escape($amount)."',";
if (GETPOSTISSET('dateomonth')) $sql .= " dateo = '".$db->idate($dateop)."',";
if (GETPOSTISSET('datevmonth')) $sql .= " datev = '".$db->idate($dateval)."',";
}
$sql .= " fk_account = ".$actarget->id;
$sql .= " WHERE rowid = ".$acline->id;
@@ -613,7 +613,7 @@ if ($result)
if ($user->rights->banque->consolidate)
{
print '<td>';
print '<input type="checkbox" name="reconciled" class="flat" '.(isset($_POST["reconciled"]) ? ($_POST["reconciled"] ? ' checked="checked"' : '') : ($objp->rappro ? ' checked="checked"' : '')).'">';
print '<input type="checkbox" name="reconciled" class="flat" '.(GETPOSTISSET("reconciled") ? (GETPOST("reconciled") ? ' checked="checked"' : '') : ($objp->rappro ? ' checked="checked"' : '')).'">';
print '</td>';
} else {
print '<td>'.yn($objp->rappro).'</td>';

2
htdocs/compta/facture/card.php
View File

@@ -3415,7 +3415,7 @@ if ($action == 'create')
// Payment mode
print '<tr><td>'.$langs->trans('PaymentMode').'</td><td colspan="2">';
$form->select_types_paiements(isset($_POST['mode_reglement_id']) ? $_POST['mode_reglement_id'] : $mode_reglement_id, 'mode_reglement_id', 'CRDT');
$form->select_types_paiements(GETPOSTISSET('mode_reglement_id') ? GETPOST('mode_reglement_id') : $mode_reglement_id, 'mode_reglement_id', 'CRDT');
print '</td></tr>';
// Bank Account

8
htdocs/compta/paiement_charge.php
View File

@@ -222,21 +222,21 @@ if ($action == 'create')
print '<tr><td class="tdtop">'.$langs->trans("RemainderToPay").'</td><td>'.price($total-$sumpaid,0,$outputlangs,1,-1,-1,$conf->currency).'</td></tr>';*/
print '<tr><td class="fieldrequired">'.$langs->trans("Date").'</td><td>';
$datepaye = dol_mktime(12, 0, 0, $_POST["remonth"], $_POST["reday"], $_POST["reyear"]);
$datepayment = empty($conf->global->MAIN_AUTOFILL_DATE) ? (empty($_POST["remonth"]) ?-1 : $datepaye) : 0;
$datepaye = dol_mktime(12, 0, 0, GETPOST("remonth", 'int'), GETPOST("reday", 'int'), GETPOST("reyear", 'int'));
$datepayment = empty($conf->global->MAIN_AUTOFILL_DATE) ? (GETPOSTISSET("remonth") ? $datepaye : -1) : 0;
print $form->selectDate($datepayment, '', '', '', 0, "add_payment", 1, 1, 0, '', '', $charge->date_ech, '', 1, $langs->trans("DateOfSocialContribution"));
print "</td>";
print '</tr>';
print '<tr><td class="fieldrequired">'.$langs->trans("PaymentMode").'</td><td>';
$form->select_types_paiements(isset($_POST["paiementtype"]) ? $_POST["paiementtype"] : $charge->paiementtype, "paiementtype");
$form->select_types_paiements(GETPOSTISSET("paiementtype") ? GETPOST("paiementtype") : $charge->paiementtype, "paiementtype");
print "</td>\n";
print '</tr>';
print '<tr>';
print '<td class="fieldrequired">'.$langs->trans('AccountToDebit').'</td>';
print '<td>';
$form->select_comptes(isset($_POST["accountid"]) ? $_POST["accountid"] : $charge->accountid, "accountid", 0, '', 2); // Show opend bank account list
$form->select_comptes(GETPOSTISSET("accountid") ? GETPOST("accountid") : $charge->accountid, "accountid", 0, '', 2); // Show opend bank account list
print '</td></tr>';
// Number

2
htdocs/contact/card.php
View File

@@ -893,7 +893,7 @@ if (is_object($objcanvas) && $objcanvas->displayCanvasExists($action))
*/
// We set country_id, and country_code label of the chosen country
if (isset($_POST["country_id"]) || $object->country_id)
if (GETPOSTISSET("country_id") || $object->country_id)
{
$tmparray = getCountry($object->country_id, 'all');
$object->country_code = $tmparray['code'];

4
htdocs/core/class/html.formmail.class.php
View File

@@ -1133,7 +1133,7 @@ class FormMail extends Form
if (!empty($conf->global->MAIL_FORCE_DELIVERY_RECEIPT_SUPPLIER_PROPOSAL) && !empty($this->param['models']) && $this->param['models'] == 'supplier_proposal_send') $defaultvaluefordeliveryreceipt = 1;
if (!empty($conf->global->MAIL_FORCE_DELIVERY_RECEIPT_ORDER) && !empty($this->param['models']) && $this->param['models'] == 'order_send') $defaultvaluefordeliveryreceipt = 1;
if (!empty($conf->global->MAIL_FORCE_DELIVERY_RECEIPT_INVOICE) && !empty($this->param['models']) && $this->param['models'] == 'facture_send') $defaultvaluefordeliveryreceipt = 1;
$out .= $form->selectyesno('deliveryreceipt', (isset($_POST["deliveryreceipt"]) ? $_POST["deliveryreceipt"] : $defaultvaluefordeliveryreceipt), 1);
$out .= $form->selectyesno('deliveryreceipt', (GETPOSTISSET("deliveryreceipt") ? GETPOST("deliveryreceipt") : $defaultvaluefordeliveryreceipt), 1);
}
$out .= "</td></tr>\n";
return $out;
@@ -1170,7 +1170,7 @@ class FormMail extends Form
$out .= $defaulttopic;
$out .= '<input type="hidden" class="quatrevingtpercent" id="subject" name="subject" value="'.$defaulttopic.'" />';
} else {
$out .= '<input type="text" class="quatrevingtpercent" id="subject" name="subject" value="'.((isset($_POST["subject"]) && !$_POST['modelselected']) ? $_POST["subject"] : ($defaulttopic ? $defaulttopic : '')).'" />';
$out .= '<input type="text" class="quatrevingtpercent" id="subject" name="subject" value="'.((GETPOSTISSET("subject") && !GETPOST('modelselected')) ? GETPOST("subject") : ($defaulttopic ? $defaulttopic : '')).'" />';
}
$out .= "</td></tr>\n";
return $out;

2
htdocs/core/class/html.formsms.class.php
View File

@@ -288,7 +288,7 @@ function limitChars(textarea, limit, infodiv)
$defaultmessage = $this->withbody;
}
$defaultmessage = make_substitutions($defaultmessage, $this->substit);
if (isset($_POST["message"])) $defaultmessage = $_POST["message"];
if (GETPOSTISSET("message")) $defaultmessage = GETPOST("message", 'restricthtml');
$defaultmessage = str_replace('\n', "\n", $defaultmessage);
print "<tr>";

4
htdocs/core/class/html.formticket.class.php
View File

@@ -999,8 +999,8 @@ class FormTicket
} elseif (!dol_textishtml($defaultmessage) && dol_textishtml($this->substit['__USER_SIGNATURE__'])) {
$defaultmessage = dol_nl2br($defaultmessage);
}
if (isset($_POST["message"]) && !$_POST['modelselected']) {
$defaultmessage = GETPOST('message');
if (GETPOSTISSET("message") && !$_POST['modelselected']) {
$defaultmessage = GETPOST('message', 'restricthtml');
} else {
$defaultmessage = make_substitutions($defaultmessage, $this->substit);
// Clean first \n and br (to avoid empty line when CONTACTCIVNAME is empty)

18
htdocs/core/lib/functions.lib.php
View File

@@ -224,14 +224,14 @@ function dol_shutdown()
}
/**
* Return true if we are in a context of submitting a parameter
* Return true if we are in a context of submitting the parameter $paramname
*
* @param string $paramname Name or parameter to test
* @return boolean True if we have just submit a POST or GET request with the parameter provided (even if param is empty)
*/
function GETPOSTISSET($paramname)
{
$isset = 0;
$isset = false;
$relativepathstring = $_SERVER["PHP_SELF"];
// Clean $relativepathstring
@@ -254,7 +254,7 @@ function GETPOSTISSET($paramname)
{
if ($key == $paramname) // We are on the requested parameter
{
$isset = 1;
$isset = true;
break;
}
}
@@ -263,16 +263,16 @@ function GETPOSTISSET($paramname)
// If there is saved contextpage, page or limit
if ($paramname == 'contextpage' && !empty($_SESSION['lastsearch_contextpage_'.$relativepathstring]))
{
$isset = 1;
$isset = true;
} elseif ($paramname == 'page' && !empty($_SESSION['lastsearch_page_'.$relativepathstring]))
{
$isset = 1;
$isset = true;
} elseif ($paramname == 'limit' && !empty($_SESSION['lastsearch_limit_'.$relativepathstring]))
{
$isset = 1;
$isset = true;
}
} else {
$isset = (isset($_POST[$paramname]) || isset($_GET[$paramname]));
$isset = (isset($_POST[$paramname]) || isset($_GET[$paramname])); // We must keep $_POST and $_GET here
}
return $isset;
@@ -287,13 +287,13 @@ function GETPOSTISSET($paramname)
* @param string $check Type of check
* ''=no check (deprecated)
* 'none'=no check (only for param that should have very rich content)
* 'array', 'array:restricthtml' or 'array:aZ09' to check it's an array
* 'int'=check it's numeric (integer or float)
* 'intcomma'=check it's integer+comma ('1,2,3,4...')
* 'alpha'=Same than alphanohtml since v13
* 'alphanohtml'=check there is no html content and no " and no ../
* 'aZ'=check it's a-z only
* 'aZ09'=check it's simple alpha string (recommended for keys)
* 'array'=check it's array
* 'san_alpha'=Use filter_var with FILTER_SANITIZE_STRING (do not use this for free text string)
* 'nohtml'=check there is no html content and no " and no ../
* 'restricthtml'=check html content is restricted to some tags only
@@ -411,7 +411,6 @@ function GETPOST($paramname, $check = 'alphanohtml', $method = 0, $filter = null
}
}
} // Management of default search_filters and sort order
//elseif (preg_match('/list.php$/', $_SERVER["PHP_SELF"]) && ! empty($paramname) && ! isset($_GET[$paramname]) && ! isset($_POST[$paramname]))
elseif (!empty($paramname) && !isset($_GET[$paramname]) && !isset($_POST[$paramname]))
{
if (!empty($user->default_values)) // $user->default_values defined from menu 'Setup - Default values'
@@ -476,6 +475,7 @@ function GETPOST($paramname, $check = 'alphanohtml', $method = 0, $filter = null
if ($qualified)
{
// We must keep $_POST and $_GET here
if (isset($_POST['sall']) || isset($_POST['search_all']) || isset($_GET['sall']) || isset($_GET['search_all']))
{
// We made a search from quick search menu, do we still use default filter ?

8
htdocs/core/modules/mailings/pomme.modules.php
View File

@@ -172,10 +172,10 @@ class mailing_pomme extends MailingTargets
$sql .= " WHERE u.email <> ''"; // u.email IS NOT NULL est implicite dans ce test
$sql .= " AND u.entity IN (0,".$conf->entity.")";
$sql .= " AND u.email NOT IN (SELECT email FROM ".MAIN_DB_PREFIX."mailing_cibles WHERE fk_mailing=".$mailing_id.")";
if (isset($_POST["filter"]) && $_POST["filter"] == '1') $sql .= " AND u.statut=1";
if (isset($_POST["filter"]) && $_POST["filter"] == '0') $sql .= " AND u.statut=0";
if (isset($_POST["filteremployee"]) && $_POST["filteremployee"] == '1') $sql .= " AND u.employee=1";
if (isset($_POST["filteremployee"]) && $_POST["filteremployee"] == '0') $sql .= " AND u.employee=0";
if (GETPOSTISSET("filter") && GETPOST("filter") == '1') $sql .= " AND u.statut=1";
if (GETPOSTISSET("filter") && GETPOST("filter") == '0') $sql .= " AND u.statut=0";
if (GETPOSTISSET("filteremployee") && GETPOSt("filteremployee") == '1') $sql .= " AND u.employee=1";
if (GETPOSTISSET("filteremployee") && GETPOST("filteremployee") == '0') $sql .= " AND u.employee=0";
$sql .= " ORDER BY u.email";
// Stocke destinataires dans cibles

20
htdocs/core/modules/mailings/thirdparties.modules.php
View File

@@ -81,9 +81,8 @@ class mailing_thirdparties extends MailingTargets
$sql .= " AND s.email NOT IN (SELECT email FROM ".MAIN_DB_PREFIX."mailing_cibles WHERE fk_mailing=".$mailing_id.")";
} else {
$addFilter = "";
if (isset($_POST["filter_client"]) && $_POST["filter_client"] <> '-1')
{
$addFilter .= " AND s.client=".$_POST["filter_client"];
if (GETPOSTISSET("filter_client") && GETPOST("filter_client") <> '-1') {
$addFilter .= " AND s.client=".((int) GETPOST("filter_client", 'int'));
$addDescription = $langs->trans('ProspectCustomer')."=";
if ($_POST["filter_client"] == 0)
{
@@ -98,18 +97,15 @@ class mailing_thirdparties extends MailingTargets
{
$addDescription .= $langs->trans('ProspectCustomer');
} else {
$addDescription .= "Unknown status ".$_POST["filter_client"];
$addDescription .= "Unknown status ".GETPOST("filter_client");
}
}
if (isset($_POST["filter_status"]))
{
if (strlen($addDescription) > 0)
{
if (GETPOSTISSET("filter_status")) {
if (strlen($addDescription) > 0) {
$addDescription .= ";";
}
$addDescription .= $langs->trans("Status")."=";
if ($_POST["filter_status"] == '1')
{
if (GETPOST("filter_status") == '1') {
$addFilter .= " AND s.status=1";
$addDescription .= $langs->trans("Enabled");
} else {
@@ -124,7 +120,7 @@ class mailing_thirdparties extends MailingTargets
$sql .= " AND s.email NOT IN (SELECT email FROM ".MAIN_DB_PREFIX."mailing_cibles WHERE fk_mailing=".$mailing_id.")";
$sql .= " AND cs.fk_soc = s.rowid";
$sql .= " AND c.rowid = cs.fk_categorie";
$sql .= " AND c.rowid='".$this->db->escape($_POST['filter'])."'";
$sql .= " AND c.rowid=".((int) GETPOST('filter', 'int'));
$sql .= $addFilter;
$sql .= " UNION ";
$sql .= "SELECT s.rowid as id, s.email as email, s.nom as name, null as fk_contact, null as firstname, c.label as label";
@@ -134,7 +130,7 @@ class mailing_thirdparties extends MailingTargets
$sql .= " AND s.email NOT IN (SELECT email FROM ".MAIN_DB_PREFIX."mailing_cibles WHERE fk_mailing=".$mailing_id.")";
$sql .= " AND cs.fk_soc = s.rowid";
$sql .= " AND c.rowid = cs.fk_categorie";
$sql .= " AND c.rowid='".$this->db->escape($_POST['filter'])."'";
$sql .= " AND c.rowid=".((int) GETPOST('filter', 'int'));
$sql .= $addFilter;
}
$sql .= " ORDER BY email";

4
htdocs/core/tpl/extrafields_view.tpl.php
View File

@@ -85,7 +85,7 @@ if (empty($reshook) && is_array($extrafields->attributes[$object->table_element]
if (!empty($extrafields->attributes[$object->table_element]['langfile'][$tmpkeyextra])) $langs->load($extrafields->attributes[$object->table_element]['langfile'][$tmpkeyextra]);
if ($action == 'edit_extras')
{
$value = (isset($_POST["options_".$tmpkeyextra]) ? $_POST["options_".$tmpkeyextra] : $object->array_options["options_".$tmpkeyextra]);
$value = (GETPOSTISSET("options_".$tmpkeyextra) ? GETPOST("options_".$tmpkeyextra) : $object->array_options["options_".$tmpkeyextra]);
} else {
$value = $object->array_options["options_".$tmpkeyextra];
//var_dump($tmpkeyextra.' - '.$value);
@@ -172,7 +172,7 @@ if (empty($reshook) && is_array($extrafields->attributes[$object->table_element]
$datenotinstring = $db->jdate($datenotinstring);
}
//print 'x'.$object->array_options['options_' . $tmpkeyextra].'-'.$datenotinstring.' - '.dol_print_date($datenotinstring, 'dayhour');
$value = isset($_POST["options_".$tmpkeyextra]) ? dol_mktime($_POST["options_".$tmpkeyextra."hour"], $_POST["options_".$tmpkeyextra."min"], 0, $_POST["options_".$tmpkeyextra."month"], $_POST["options_".$tmpkeyextra."day"], $_POST["options_".$tmpkeyextra."year"]) : $datenotinstring;
$value = GETPOSTISSET("options_".$tmpkeyextra) ? dol_mktime(GETPOST("options_".$tmpkeyextra."hour", 'int'), GETPOST("options_".$tmpkeyextra."min", 'int'), 0, GETPOST("options_".$tmpkeyextra."month", 'int'), GETPOST("options_".$tmpkeyextra."day", 'int'), GETPOST("options_".$tmpkeyextra."year", 'int')) : $datenotinstring;
}
//TODO Improve element and rights detection

20
htdocs/core/tpl/objectline_create.tpl.php
View File

@@ -324,17 +324,17 @@ if ($nolinesbefore) {
{
$coldisplay++;
?>
<td class="nobottom linecolresupplier"><input id="fourn_ref" name="fourn_ref" class="flat minwidth50 maxwidth150" value="<?php echo (isset($_POST["fourn_ref"]) ?GETPOST("fourn_ref", 'alpha', 2) : ''); ?>"></td>
<td class="nobottom linecolresupplier"><input id="fourn_ref" name="fourn_ref" class="flat minwidth50 maxwidth150" value="<?php echo (GETPOSTISSET("fourn_ref") ? GETPOST("fourn_ref", 'alpha', 2) : ''); ?>"></td>
<?php }
print '<td class="nobottom linecolvat right">';
$coldisplay++;
if ($seller->tva_assuj == "0") echo '<input type="hidden" name="tva_tx" id="tva_tx" value="0">'.vatrate(0, true);
else echo $form->load_tva('tva_tx', (isset($_POST["tva_tx"]) ?GETPOST("tva_tx", 'alpha', 2) : -1), $seller, $buyer, 0, 0, '', false, 1);
else echo $form->load_tva('tva_tx', (GETPOSTISSET("tva_tx") ? GETPOST("tva_tx", 'alpha', 2) : -1), $seller, $buyer, 0, 0, '', false, 1);
?>
</td>
<td class="nobottom linecoluht right"><?php $coldisplay++; ?>
<input type="text" size="5" name="price_ht" id="price_ht" class="flat right" value="<?php echo (isset($_POST["price_ht"]) ?GETPOST("price_ht", 'alpha', 2) : ''); ?>">
<input type="text" size="5" name="price_ht" id="price_ht" class="flat right" value="<?php echo (GETPOSTISSET("price_ht") ? GETPOST("price_ht", 'alpha', 2) : ''); ?>">
</td>
<?php
@@ -342,7 +342,7 @@ if ($nolinesbefore) {
$coldisplay++;
?>
<td class="nobottom linecoluht_currency right">
<input type="text" size="5" name="multicurrency_price_ht" id="multicurrency_price_ht" class="flat right" value="<?php echo (isset($_POST["multicurrency_price_ht"]) ?GETPOST("multicurrency_price_ht", 'alpha', 2) : ''); ?>">
<input type="text" size="5" name="multicurrency_price_ht" id="multicurrency_price_ht" class="flat right" value="<?php echo (GETPOSTISSET("multicurrency_price_ht") ? GETPOST("multicurrency_price_ht", 'alpha', 2) : ''); ?>">
</td>
<?php
}
@@ -350,13 +350,13 @@ if ($nolinesbefore) {
$coldisplay++;
?>
<td class="nobottom linecoluttc right">
<input type="text" size="5" name="price_ttc" id="price_ttc" class="flat" value="<?php echo (isset($_POST["price_ttc"]) ?GETPOST("price_ttc", 'alpha', 2) : ''); ?>">
<input type="text" size="5" name="price_ttc" id="price_ttc" class="flat" value="<?php echo (GETPOSTISSET("price_ttc") ? GETPOST("price_ttc", 'alpha', 2) : ''); ?>">
</td>
<?php
}
$coldisplay++;
?>
<td class="nobottom linecolqty right"><input type="text" size="2" name="qty" id="qty" class="flat right" value="<?php echo (isset($_POST["qty"]) ?GETPOST("qty", 'alpha', 2) : 1); ?>">
<td class="nobottom linecolqty right"><input type="text" size="2" name="qty" id="qty" class="flat right" value="<?php echo (GETPOSTISSET("qty") ? GETPOST("qty", 'alpha', 2) : 1); ?>">
</td>
<?php
if (!empty($conf->global->PRODUCT_USE_UNITS)) {
@@ -371,7 +371,7 @@ if ($nolinesbefore) {
}
$coldisplay++;
?>
<td class="nobottom nowrap linecoldiscount right"><input type="text" size="1" name="remise_percent" id="remise_percent" class="flat right" value="<?php echo (isset($_POST["remise_percent"]) ?GETPOST("remise_percent", 'alpha', 2) : $remise_percent); ?>"><span class="hideonsmartphone">%</span></td>
<td class="nobottom nowrap linecoldiscount right"><input type="text" size="1" name="remise_percent" id="remise_percent" class="flat right" value="<?php echo (GETPOSTISSET("remise_percent") ? GETPOST("remise_percent", 'alpha', 2) : $remise_percent); ?>"><span class="hideonsmartphone">%</span></td>
<?php
if ($this->situation_cycle_ref) {
$coldisplay++;
@@ -389,17 +389,17 @@ if ($nolinesbefore) {
<select id="fournprice_predef" name="fournprice_predef" class="flat minwidth75imp" style="display: none;"></select>
<?php } ?>
<!-- For free product -->
<input type="text" id="buying_price" name="buying_price" class="flat maxwidth75 right" value="<?php echo (isset($_POST["buying_price"]) ?GETPOST("buying_price", 'alpha', 2) : ''); ?>">
<input type="text" id="buying_price" name="buying_price" class="flat maxwidth75 right" value="<?php echo (GETPOSTISSET("buying_price") ? GETPOST("buying_price", 'alpha', 2) : ''); ?>">
</td>
<?php
if (!empty($conf->global->DISPLAY_MARGIN_RATES))
{
echo '<td class="nobottom nowrap margininfos right"><input class="flat right" type="text" size="2" id="np_marginRate" name="np_marginRate" value="'.(isset($_POST["np_marginRate"]) ?GETPOST("np_marginRate", 'alpha', 2) : '').'"><span class="np_marginRate hideonsmartphone">%</span></td>';
echo '<td class="nobottom nowrap margininfos right"><input class="flat right" type="text" size="2" id="np_marginRate" name="np_marginRate" value="'.(GETPOSTISSET("np_marginRate") ? GETPOST("np_marginRate", 'alpha', 2) : '').'"><span class="np_marginRate hideonsmartphone">%</span></td>';
$coldisplay++;
}
if (!empty($conf->global->DISPLAY_MARK_RATES))
{
echo '<td class="nobottom nowrap margininfos right"><input class="flat right" type="text" size="2" id="np_markRate" name="np_markRate" value="'.(isset($_POST["np_markRate"]) ?GETPOST("np_markRate", 'alpha', 2) : '').'"><span class="np_markRate hideonsmartphone">%</span></td>';
echo '<td class="nobottom nowrap margininfos right"><input class="flat right" type="text" size="2" id="np_markRate" name="np_markRate" value="'.(GETPOSTISSET("np_markRate") ? GETPOST("np_markRate", 'alpha', 2) : '').'"><span class="np_markRate hideonsmartphone">%</span></td>';
$coldisplay++;
}
}

4
htdocs/core/tpl/objectline_edit.tpl.php
View File

@@ -234,7 +234,7 @@ $coldisplay++;
if ($user->rights->margins->creer) {
if (!empty($conf->global->DISPLAY_MARGIN_RATES))
{
$margin_rate = (isset($_POST["np_marginRate"]) ?GETPOST("np_marginRate", "alpha", 2) : (($line->pa_ht == 0) ? '' : price($line->marge_tx)));
$margin_rate = (GETPOSTISSET("np_marginRate") ? GETPOST("np_marginRate", "alpha", 2) : (($line->pa_ht == 0) ? '' : price($line->marge_tx)));
// if credit note, dont allow to modify margin
if ($line->subprice < 0)
echo '<td class="right nowrap margininfos">'.$margin_rate.'<span class="hideonsmartphone">%</span></td>';
@@ -242,7 +242,7 @@ $coldisplay++;
$coldisplay++;
} elseif (!empty($conf->global->DISPLAY_MARK_RATES))
{
$mark_rate = (isset($_POST["np_markRate"]) ?GETPOST("np_markRate", 'alpha', 2) : price($line->marque_tx));
$mark_rate = (GETPOSTISSET("np_markRate") ? GETPOST("np_markRate", 'alpha', 2) : price($line->marque_tx));
// if credit note, dont allow to modify margin
if ($line->subprice < 0)
echo '<td class="right nowrap margininfos">'.$mark_rate.'<span class="hideonsmartphone">%</span></td>';

4
htdocs/core/tpl/resource_add.tpl.php
View File

@@ -32,8 +32,8 @@ $events = array();
$out .= $formresources->select_resource_list('', 'fk_resource', '', 1, 1, 0, $events, '', 2, null);
$out .= '</div>';
$out .= '<div class="tagtd"><label>'.$langs->trans('Busy').'</label> '.$form->selectyesno('busy', (isset($_POST['busy']) ? $_POST['busy'] : 1), 1).'</div>';
$out .= '<div class="tagtd"><label>'.$langs->trans('Mandatory').'</label> '.$form->selectyesno('mandatory', (isset($_POST['mandatory']) ? $_POST['mandatory'] : 0), 1).'</div>';
$out .= '<div class="tagtd"><label>'.$langs->trans('Busy').'</label> '.$form->selectyesno('busy', (GETPOSTISSET('busy') ? GETPOST('busy') : 1), 1).'</div>';
$out .= '<div class="tagtd"><label>'.$langs->trans('Mandatory').'</label> '.$form->selectyesno('mandatory', (GETPOSTISSET('mandatory') ? GETPOST('mandatory') : 0), 1).'</div>';
$out .= '<div class="tagtd right">';
$out .= '<input type="submit" id="add-resource-place" class="button" value="'.$langs->trans("Add").'"/>';

8
htdocs/don/card.php
View File

@@ -418,9 +418,9 @@ if ($action == 'create')
// Zip / Town
print '<tr><td>'.$langs->trans("Zip").' / '.$langs->trans("Town").'</td><td>';
print $formcompany->select_ziptown((isset($_POST["zipcode"]) ? $_POST["zipcode"] : $object->zip), 'zipcode', array('town', 'selectcountry_id', 'state_id'), 6);
print $formcompany->select_ziptown((GETPOSTISSET("zipcode") ? GETPOST("zipcode") : $object->zip), 'zipcode', array('town', 'selectcountry_id', 'state_id'), 6);
print ' ';
print $formcompany->select_ziptown((isset($_POST["town"]) ? $_POST["town"] : $object->town), 'town', array('zipcode', 'selectcountry_id', 'state_id'));
print $formcompany->select_ziptown((GETPOSTISSET("town") ? GETPOST("town") : $object->town), 'town', array('zipcode', 'selectcountry_id', 'state_id'));
print '</tr>';
// Country
@@ -560,9 +560,9 @@ if (!empty($id) && $action == 'edit')
// Zip / Town
print '<tr><td>'.$langs->trans("Zip").' / '.$langs->trans("Town").'</td><td>';
print $formcompany->select_ziptown((isset($_POST["zipcode"]) ? $_POST["zipcode"] : $object->zip), 'zipcode', array('town', 'selectcountry_id', 'state_id'), 6);
print $formcompany->select_ziptown((GETPOSTISSET("zipcode") ? GETPOSTISSET("zipcode") : $object->zip), 'zipcode', array('town', 'selectcountry_id', 'state_id'), 6);
print ' ';
print $formcompany->select_ziptown((isset($_POST["town"]) ? $_POST["town"] : $object->town), 'town', array('zipcode', 'selectcountry_id', 'state_id'));
print $formcompany->select_ziptown((GETPOSTISSET("town") ? GETPOST("town") : $object->town), 'town', array('zipcode', 'selectcountry_id', 'state_id'));
print '</tr>';
// Country

4
htdocs/install/check.php
View File

@@ -93,8 +93,8 @@ if (empty($force_install_nophpinfo)) print ' (<a href="phpinfo.php" target="_bla
print "<br>\n";
// Check PHP support for $_POST
if (!isset($_GET["testget"]) && !isset($_POST["testpost"]))
// Check PHP support for $_GET and $_POST
if (!isset($_GET["testget"]) && !isset($_POST["testpost"])) // We must keep $_GET and $_POST here
{
print '<img src="../theme/eldy/img/warning.png" alt="Warning"> '.$langs->trans("PHPSupportPOSTGETKo");
print ' (<a href="'.$_SERVER["PHP_SELF"].'?testget=ok">'.$langs->trans("Recheck").'</a>)';

4
htdocs/install/inc.php
View File

@@ -177,7 +177,7 @@ if (preg_match('/install\.lock/i', $_SERVER["SCRIPT_FILENAME"]))
print $langs->trans("YouTryInstallDisabledByDirLock");
if (!empty($dolibarr_main_url_root))
{
print 'Click on following link, <a href="'.$dolibarr_main_url_root.'/admin/index.php?mainmenu=home&leftmenu=setup'.(isset($_POST["login"]) ? '&username='.urlencode($_POST["login"]) : '').'">';
print 'Click on following link, <a href="'.$dolibarr_main_url_root.'/admin/index.php?mainmenu=home&leftmenu=setup'.(GETPOSTISSET("login") ? '&username='.urlencode(GETPOST("login")) : '').'">';
print $langs->trans("ClickHereToGoToApp");
print '</a>';
}
@@ -202,7 +202,7 @@ if (@file_exists($lockfile))
if (!empty($dolibarr_main_url_root))
{
print $langs->trans("ClickOnLinkOrRemoveManualy").'<br>';
print '<a href="'.$dolibarr_main_url_root.'/admin/index.php?mainmenu=home&leftmenu=setup'.(isset($_POST["login"]) ? '&username='.urlencode($_POST["login"]) : '').'">';
print '<a href="'.$dolibarr_main_url_root.'/admin/index.php?mainmenu=home&leftmenu=setup'.(GETPOSTISSET("login") ? '&username='.urlencode(GETPOST("login")) : '').'">';
print $langs->trans("ClickHereToGoToApp");
print '</a>';
} else {

2
htdocs/install/repair.php
View File

@@ -1473,7 +1473,7 @@ if (empty($actiondone))
if ($oneoptionset)
{
print '<div class="center" style="padding-top: 10px"><a href="../index.php?mainmenu=home&leftmenu=home'.(isset($_POST["login"]) ? '&username='.urlencode($_POST["login"]) : '').'">';
print '<div class="center" style="padding-top: 10px"><a href="../index.php?mainmenu=home&leftmenu=home'.(GETPOSTISSET("login") ? '&username='.urlencode(GETPOST("login")) : '').'">';
print $langs->trans("GoToDolibarr");
print '</a></div>';
} else {

8
htdocs/opensurvey/results.php
View File

@@ -204,7 +204,9 @@ if (isset($_POST["ajoutercolonne"]) && $object->format == "D")
}
}
if ($_POST["nouvelleheuredebut"] == "vide" || (isset($_POST["nouvelleheuredebut"]) && isset($_POST["nouvelleheurefin"]) && (($_POST["nouvelleheuredebut"] < $_POST["nouvelleheurefin"]) || (($_POST["nouvelleheuredebut"] == $_POST["nouvelleheurefin"]) && ($_POST["nouvelleminutedebut"] < $_POST["nouvelleminutefin"]))))) {
if (GETPOST("nouvelleheuredebut") == "vide" || (GETPOSTISSET("nouvelleheuredebut") && GETPOSTISSET("nouvelleheurefin")
&& (GETPOST("nouvelleheuredebut") < GETPOST("nouvelleheurefin") || (GETPOST("nouvelleheuredebut") == GETPOST("nouvelleheurefin")
&& (GETPOST("nouvelleminutedebut") < GETPOST("nouvelleminutefin")))))) {
$erreur_ajout_date = false;
} else {
$erreur_ajout_date = "yes";
@@ -907,7 +909,7 @@ while ($compteur < $num)
//demande de confirmation pour modification de ligne
for ($i = 0; $i < $nblines; $i++)
{
if (isset($_POST["modifierligne".$i]))
if (GETPOSTISSET("modifierligne".$i))
{
if ($compteur == $i)
{
@@ -938,7 +940,7 @@ if (empty($testligneamodifier))
if (empty($listofanswers[$i]['format']) || !in_array($listofanswers[$i]['format'], array('yesno', 'foragainst')))
{
print '<input type="checkbox" name="choix'.$i.'" value="1"';
if (isset($_POST['choix'.$i]) && $_POST['choix'.$i] == '1')
if (GETPOSTISSET('choix'.$i) && GETPOST('choix'.$i) == '1')
{
print ' checked';
}

26
htdocs/opensurvey/wizard/choix_date.php
View File

@@ -46,6 +46,7 @@ if (GETPOST('confirmation'))
if (issetAndNoEmpty('totalchoixjour', $_SESSION) === true && issetAndNoEmpty('nbrecaseshoraires', $_SESSION) === true)
{
$nbofchoice = count($_SESSION["totalchoixjour"]);
$errheure = array();
for ($i = 0; $i < $nbofchoice; $i++)
{
@@ -54,16 +55,18 @@ if (GETPOST('confirmation'))
{
$_SESSION["horaires$i"][$j] = $_POST["horaires$i"][$j];
$case = $j + 1;
$tmphorairesi = GETPOST('horaires'.$i, 'array');
if (isset($_POST['horaires'.$i]) === false || isset($_POST['horaires'.$i][$j]) === false) {
if (!is_array($tmphorairesi) || empty($tmphorairesi[$j])) {
$errheure[$i][$j] = true;
$erreur = true;
continue;
}
//si c'est un creneau type 8:00-11:00
if (preg_match("/(\d{1,2}:\d{2})-(\d{1,2}:\d{2})/", $_POST["horaires$i"][$j], $creneaux)) {
// A range like 8:00-11:00
$creneaux = array();
$heures = array();
if (preg_match("/(\d{1,2}:\d{2})-(\d{1,2}:\d{2})/", $tmphorairesi[$j], $creneaux)) {
//on recupere les deux parties du preg_match qu'on redécoupe autour des ":"
$debutcreneau = explode(":", $creneaux[1]);
$fincreneau = explode(":", $creneaux[2]);
@@ -76,7 +79,7 @@ if (GETPOST('confirmation'))
$errheure[$i][$j] = true;
$erreur = true;
}
} elseif (preg_match(";^(\d{1,2}h\d{0,2})-(\d{1,2}h\d{0,2})$;i", $_POST["horaires$i"][$j], $creneaux)) { //si c'est un creneau type 8h00-11h00
} elseif (preg_match(";^(\d{1,2}h\d{0,2})-(\d{1,2}h\d{0,2})$;i", $tmphorairesi[$j], $creneaux)) { //si c'est un creneau type 8h00-11h00
//on recupere les deux parties du preg_match qu'on redécoupe autour des "H"
$debutcreneau = preg_split("/h/i", $creneaux[1]);
$fincreneau = preg_split("/h/i", $creneaux[2]);
@@ -89,7 +92,7 @@ if (GETPOST('confirmation'))
$errheure[$i][$j] = true;
$erreur = true;
}
} elseif (preg_match(";^(\d{1,2}):(\d{2})$;", $_POST["horaires$i"][$j], $heures)) { //si c'est une heure simple type 8:00
} elseif (preg_match(";^(\d{1,2}):(\d{2})$;", $tmphorairesi[$j], $heures)) { //si c'est une heure simple type 8:00
//si valeures correctes, on entre les données dans la variables de session
if ($heures[1] < 24 && $heures[2] < 60) {
$_SESSION["horaires$i"][$j] = $heures[0];
@@ -97,7 +100,7 @@ if (GETPOST('confirmation'))
$errheure[$i][$j] = true;
$erreur = true;
}
} elseif (preg_match(";^(\d{1,2})h(\d{0,2})$;i", $_POST["horaires$i"][$j], $heures)) { //si c'est une heure encore plus simple type 8h
} elseif (preg_match(";^(\d{1,2})h(\d{0,2})$;i", $tmphorairesi[$j], $heures)) { //si c'est une heure encore plus simple type 8h
//si valeures correctes, on entre les données dans la variables de session
if ($heures[1] < 24 && $heures[2] < 60) {
$_SESSION["horaires$i"][$j] = $heures[0];
@@ -105,7 +108,7 @@ if (GETPOST('confirmation'))
$errheure[$i][$j] = true;
$erreur = true;
}
} elseif (preg_match(";^(\d{1,2})-(\d{1,2})$;", $_POST["horaires$i"][$j], $heures)) { //si c'est un creneau simple type 8-11
} elseif (preg_match(";^(\d{1,2})-(\d{1,2})$;", $tmphorairesi[$j], $heures)) { //si c'est un creneau simple type 8-11
//si valeures correctes, on entre les données dans la variables de session
if ($heures[1] < $heures[2] && $heures[1] < 24 && $heures[2] < 24) {
$_SESSION["horaires$i"][$j] = $heures[0];
@@ -113,7 +116,7 @@ if (GETPOST('confirmation'))
$errheure[$i][$j] = true;
$erreur = true;
}
} elseif (preg_match(";^(\d{1,2})h-(\d{1,2})h$;", $_POST["horaires$i"][$j], $heures)) { //si c'est un creneau H type 8h-11h
} elseif (preg_match(";^(\d{1,2})h-(\d{1,2})h$;", $tmphorairesi[$j], $heures)) { //si c'est un creneau H type 8h-11h
//si valeures correctes, on entre les données dans la variables de session
if ($heures[1] < $heures[2] && $heures[1] < 24 && $heures[2] < 24) {
$_SESSION["horaires$i"][$j] = $heures[0];
@@ -121,7 +124,7 @@ if (GETPOST('confirmation'))
$errheure[$i][$j] = true;
$erreur = true;
}
} elseif ($_POST["horaires$i"][$j] == "") { //Si la case est vide
} elseif ($tmphorairesi[$j] == "") { //Si la case est vide
unset($_SESSION["horaires$i"][$j]);
} else { //pour tout autre format, message d'erreur
$errheure[$i][$j] = true;
@@ -160,7 +163,8 @@ if (GETPOST('confirmation'))
}
//If just one day and no other time options, error message
if (count($_SESSION["totalchoixjour"]) == "1" && $_POST["horaires0"][0] == "" && $_POST["horaires0"][1] == "" && $_POST["horaires0"][2] == "" && $_POST["horaires0"][3] == "" && $_POST["horaires0"][4] == "") {
$tmphoraires0 = GETPOST('horaires0', 'array');
if (count($_SESSION["totalchoixjour"]) == "1" && $tmphoraires0[0] == "" && $tmphoraires0[1] == "" && $tmphoraires0[2] == "" && $tmphoraires0[3] == "" && $tmphoraires0[4] == "") {
setEventMessages($langs->trans("MoreChoices"), null, 'errors');
$erreur = true;
}

4
htdocs/opensurvey/wizard/create_survey.php
View File

@@ -175,11 +175,11 @@ if ($_SESSION["mailsonde"]) $cochemail = "checked";
print '<input type="checkbox" name="mailsonde" '.$cochemail.'> '.$langs->trans("ToReceiveEMailForEachVote").'<br>'."\n";
if ($_SESSION['allow_comments']) $allow_comments = 'checked';
if (isset($_POST['allow_comments'])) $allow_comments = GETPOST('allow_comments') ? 'checked' : '';
if (GETPOSTISSET('allow_comments')) $allow_comments = GETPOST('allow_comments') ? 'checked' : '';
print '<input type="checkbox" name="allow_comments" '.$allow_comments.'"> '.$langs->trans('CanComment').'<br>'."\n";
if ($_SESSION['allow_spy']) $allow_spy = 'checked';
if (isset($_POST['allow_spy'])) $allow_spy = GETPOST('allow_spy') ? 'checked' : '';
if (GETPOSTISSET('allow_spy')) $allow_spy = GETPOST('allow_spy') ? 'checked' : '';
print '<input type="checkbox" name="allow_spy" '.$allow_spy.'> '.$langs->trans('CanSeeOthersVote').'<br>'."\n";
if (GETPOST('choix_sondage'))

12
htdocs/product/card.php
View File

@@ -1034,8 +1034,7 @@ if (is_object($objcanvas) && $objcanvas->displayCanvasExists($action))
if ($showbarcode)
{
print '<tr><td>'.$langs->trans('BarcodeType').'</td><td>';
if (isset($_POST['fk_barcode_type']))
{
if (GETPOSTISSET('fk_barcode_type')) {
$fk_barcode_type = GETPOST('fk_barcode_type');
} else {
if (empty($fk_barcode_type) && !empty($conf->global->PRODUIT_DEFAULT_BARCODE_TYPE)) $fk_barcode_type = $conf->global->PRODUIT_DEFAULT_BARCODE_TYPE;
@@ -1046,7 +1045,7 @@ if (is_object($objcanvas) && $objcanvas->displayCanvasExists($action))
print '</td>';
if ($conf->browser->layout == 'phone') print '</tr><tr>';
print '<td>'.$langs->trans("BarcodeValue").'</td><td>';
$tmpcode = isset($_POST['barcode']) ?GETPOST('barcode') : $object->barcode;
$tmpcode = GETPOSTISSET('barcode') ? GETPOST('barcode') : $object->barcode;
if (empty($tmpcode) && !empty($modBarCodeProduct->code_auto)) $tmpcode = $modBarCodeProduct->getNextValue($object, $type);
print '<input class="maxwidth100" type="text" name="barcode" value="'.dol_escape_htmltag($tmpcode).'">';
print '</td></tr>';
@@ -1497,8 +1496,7 @@ if (is_object($objcanvas) && $objcanvas->displayCanvasExists($action))
if ($showbarcode)
{
print '<tr><td>'.$langs->trans('BarcodeType').'</td><td>';
if (isset($_POST['fk_barcode_type']))
{
if (GETPOSTISSET('fk_barcode_type')) {
$fk_barcode_type = GETPOST('fk_barcode_type');
} else {
$fk_barcode_type = $object->barcode_type;
@@ -1508,7 +1506,7 @@ if (is_object($objcanvas) && $objcanvas->displayCanvasExists($action))
$formbarcode = new FormBarCode($db);
print $formbarcode->selectBarcodeType($fk_barcode_type, 'fk_barcode_type', 1);
print '</td><td>'.$langs->trans("BarcodeValue").'</td><td>';
$tmpcode = isset($_POST['barcode']) ?GETPOST('barcode') : $object->barcode;
$tmpcode = GETPOSTISSET('barcode') ? GETPOST('barcode') : $object->barcode;
if (empty($tmpcode) && !empty($modBarCodeProduct->code_auto)) $tmpcode = $modBarCodeProduct->getNextValue($object, $type);
print '<input size="40" class="maxwidthonsmartphone" type="text" name="barcode" value="'.dol_escape_htmltag($tmpcode).'">';
print '</td></tr>';
@@ -1853,7 +1851,7 @@ if (is_object($objcanvas) && $objcanvas->displayCanvasExists($action))
print '</td><td colspan="2">';
if ($action == 'editbarcode')
{
$tmpcode = isset($_POST['barcode']) ?GETPOST('barcode') : $object->barcode;
$tmpcode = GETPOSTISSET('barcode') ? GETPOST('barcode') : $object->barcode;
if (empty($tmpcode) && !empty($modBarCodeProduct->code_auto)) $tmpcode = $modBarCodeProduct->getNextValue($object, $type);
print '<form method="post" action="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'">';

2
htdocs/product/stock/massstockmove.php
View File

@@ -428,7 +428,7 @@ print '<input type="hidden" name="token" value="'.newToken().'">';
print '<input type="hidden" name="action" value="createmovements">';
// Button to record mass movement
$codemove = (isset($_POST["codemove"]) ? GETPOST("codemove", 'alpha') : dol_print_date(dol_now(), '%Y%m%d%H%M%S'));
$codemove = (GETPOSTISSET("codemove") ? GETPOST("codemove", 'alpha') : dol_print_date(dol_now(), '%Y%m%d%H%M%S'));
$labelmovement = GETPOST("label") ? GETPOST('label') : $langs->trans("StockTransfer").' '.dol_print_date($now, '%Y-%m-%d %H:%M');
print '<div class="center">';

4
htdocs/product/stock/replenish.php
View File

@@ -108,7 +108,7 @@ if ($reshook < 0) setEventMessages($hookmanager->error, $hookmanager->errors, 'e
* Actions
*/
if (GETPOST('button_removefilter_x', 'alpha') || GETPOST('button_removefilter.x', 'alpha') || GETPOST('button_removefilter', 'alpha') || isset($_POST['valid'])) // Both test are required to be compatible with all browsers
if (GETPOST('button_removefilter_x', 'alpha') || GETPOST('button_removefilter.x', 'alpha') || GETPOST('button_removefilter', 'alpha') || GETPOST('valid')) // Both test are required to be compatible with all browsers
{
$search_ref = '';
$search_label = '';
@@ -120,7 +120,7 @@ if (GETPOST('button_removefilter_x', 'alpha') || GETPOST('button_removefilter.x'
if ($draftorder == 'on') $draftchecked = "checked";
// Create orders
if ($action == 'order' && isset($_POST['valid']))
if ($action == 'order' && GETPOST('valid'))
{
$linecount = GETPOST('linecount', 'int');
$box = 0;

2
htdocs/product/stock/tpl/stockcorrection.tpl.php
View File

@@ -138,7 +138,7 @@ print '<td>'.$langs->trans("MovementLabel").'</td>';
print '<td>';
print '<input type="text" name="label" class="minwidth300" value="'.$valformovementlabel.'">';
print '</td>';
print '<td>'.$langs->trans("InventoryCode").'</td><td><input class="maxwidth100onsmartphone" name="inventorycode" id="inventorycode" value="'.(isset($_POST["inventorycode"]) ?GETPOST("inventorycode", 'alpha') : dol_print_date(dol_now(), '%y%m%d%H%M%S')).'"></td>';
print '<td>'.$langs->trans("InventoryCode").'</td><td><input class="maxwidth100onsmartphone" name="inventorycode" id="inventorycode" value="'.(GETPOSTISSET("inventorycode") ? GETPOST("inventorycode", 'alpha') : dol_print_date(dol_now(), '%y%m%d%H%M%S')).'"></td>';
print '</tr>';
print '</table>';

2
htdocs/product/stock/tpl/stocktransfer.tpl.php
View File

@@ -127,7 +127,7 @@ print '<td>'.$langs->trans("MovementLabel").'</td>';
print '<td>';
print '<input type="text" name="label" class="minwidth300" value="'.dol_escape_htmltag($valformovementlabel).'">';
print '</td>';
print '<td>'.$langs->trans("InventoryCode").'</td><td><input class="maxwidth100onsmartphone" name="inventorycode" id="inventorycode" value="'.(isset($_POST["inventorycode"]) ?GETPOST("inventorycode", 'alpha') : dol_print_date(dol_now(), '%y%m%d%H%M%S')).'"></td>';
print '<td>'.$langs->trans("InventoryCode").'</td><td><input class="maxwidth100onsmartphone" name="inventorycode" id="inventorycode" value="'.(GETPOSTISSET("inventorycode") ? GETPOST("inventorycode", 'alpha') : dol_print_date(dol_now(), '%y%m%d%H%M%S')).'"></td>';
print '</tr>';
print '</table>';

3
htdocs/projet/element.php
View File

@@ -79,8 +79,7 @@ $dates = dol_mktime(0, 0, 0, GETPOST('datesmonth'), GETPOST('datesday'), GETPOST
$datee = dol_mktime(23, 59, 59, GETPOST('dateemonth'), GETPOST('dateeday'), GETPOST('dateeyear'));
if (empty($dates) && !empty($datesrfc)) $dates = dol_stringtotime($datesrfc);
if (empty($datee) && !empty($dateerfc)) $datee = dol_stringtotime($dateerfc);
if (!isset($_POST['datesrfc']) && !isset($_POST['datesday']) && !empty($conf->global->PROJECT_LINKED_ELEMENT_DEFAULT_FILTER_YEAR))
{
if (!GETPOSTISSET('datesrfc') && !GETPOSTISSET('datesday') && !empty($conf->global->PROJECT_LINKED_ELEMENT_DEFAULT_FILTER_YEAR)) {
$new = dol_now();
$tmp = dol_getdate($new);
//$datee=$now

2
htdocs/public/members/new.php
View File

@@ -182,7 +182,7 @@ if (empty($reshook) && $action == 'add') {
$langs->load("errors");
$errmsg .= $langs->trans("ErrorLoginAlreadyExists")."<br>\n";
}
if (!isset($_POST["pass1"]) || !isset($_POST["pass2"]) || $_POST["pass1"] == '' || $_POST["pass2"] == '' || $_POST["pass1"] != $_POST["pass2"]) {
if (!GETPOSTISSET("pass1") || !GETPOSTISSET("pass2") || GETPOST("pass1", 'none') == '' || GETPOST("pass2", 'none') == '' || GETPOST("pass1", 'none') != GETPOST("pass2", 'none')) {
$error++;
$langs->load("errors");
$errmsg .= $langs->trans("ErrorPasswordsMustMatch")."<br>\n";

25
htdocs/public/opensurvey/studs.php
View File

@@ -108,13 +108,11 @@ if (GETPOST("boutonp") || GETPOST("boutonp.x") || GETPOST("boutonp_x")) // bout
$nouveauchoix = '';
for ($i = 0; $i < $nbcolonnes; $i++)
{
if (isset($_POST["choix$i"]) && $_POST["choix$i"] == '1')
{
if (GETPOSTISSET("choix$i") && GETPOST("choix$i") == '1') {
$nouveauchoix .= "1";
} elseif (isset($_POST["choix$i"]) && $_POST["choix$i"] == '2')
{
} elseif (GETPOSTISSET("choix$i") && GETPOST("choix$i") == '2') {
$nouveauchoix .= "2";
} else { // sinon c'est 0
} else {
$nouveauchoix .= "0";
}
}
@@ -182,14 +180,14 @@ $testligneamodifier = false;
$ligneamodifier = -1;
for ($i = 0; $i < $nblines; $i++)
{
if (isset($_POST['modifierligne'.$i]))
if (GETPOSTISSET('modifierligne'.$i))
{
$ligneamodifier = $i;
$testligneamodifier = true;
}
//test to see if a line is to be modified
if (isset($_POST['validermodifier'.$i]))
if (GETPOSTISSET('validermodifier'.$i))
{
$modifier = $i;
$testmodifier = true;
@@ -203,13 +201,11 @@ if ($testmodifier)
for ($i = 0; $i < $nbcolonnes; $i++)
{
//var_dump($_POST["choix$i"]);
if (isset($_POST["choix".$i]) && $_POST["choix".$i] == '1')
{
if (GETPOSTISSET("choix".$i) && GETPOST("choix".$i) == '1') {
$nouveauchoix .= "1";
} elseif (isset($_POST["choix".$i]) && $_POST["choix".$i] == '2')
{
} elseif (GETPOSTISSET("choix".$i) && GETPOST("choix".$i) == '2') {
$nouveauchoix .= "2";
} else { // sinon c'est 0
} else {
$nouveauchoix .= "0";
}
}
@@ -545,7 +541,7 @@ while ($compteur < $num)
//demande de confirmation pour modification de ligne
for ($i = 0; $i < $nblines; $i++)
{
if (isset($_POST["modifierligne".$i]))
if (GETPOSTISSET("modifierligne".$i))
{
if ($compteur == $i)
{
@@ -581,8 +577,7 @@ if ($ligneamodifier < 0 && (!isset($_SESSION['nom'])))
if (empty($listofanswers[$i]['format']) || !in_array($listofanswers[$i]['format'], array('yesno', 'foragainst')))
{
print '<input type="checkbox" name="choix'.$i.'" value="1"';
if (isset($_POST['choix'.$i]) && $_POST['choix'.$i] == '1')
{
if (GETPOSTISSET('choix'.$i) && GETPOST('choix'.$i) == '1') {
print ' checked';
}
print '>';

4
htdocs/public/test/test_arrays.php
View File

@@ -162,8 +162,8 @@ if (!empty($conf->use_javascript_ajax)) include DOL_DOCUMENT_ROOT.'/core/tpl/aja
$nav = '';
$nav .= '<form name="dateselect" action="'.$_SERVER["PHP_SELF"].'?action=show_peruser'.$param.'">';
if ($actioncode || isset($_GET['actioncode']) || isset($_POST['actioncode'])) $nav .= '<input type="hidden" name="actioncode" value="'.$actioncode.'">';
if ($status || isset($_GET['status']) || isset($_POST['status'])) $nav .= '<input type="hidden" name="status" value="'.$status.'">';
if ($actioncode || GETPOSTISSET('actioncode')) $nav .= '<input type="hidden" name="actioncode" value="'.$actioncode.'">';
if ($status || GETPOSTISSET('status')) $nav .= '<input type="hidden" name="status" value="'.$status.'">';
if ($filter) $nav .= '<input type="hidden" name="filter" value="'.$filter.'">';
if ($filtert) $nav .= '<input type="hidden" name="filtert" value="'.$filtert.'">';
if ($socid) $nav .= '<input type="hidden" name="socid" value="'.$socid.'">';