diff --git a/ChangeLog b/ChangeLog index a00f52055f4..2c0e2377f61 100644 --- a/ChangeLog +++ b/ChangeLog @@ -54,8 +54,10 @@ For users: suppliers invoice, orders, customers orders, proposals and social contributions. - New: All professional id can contains up to 128 chars instead of 32. - New: [ task #176 ] Allow to use ODT templates for proposals and orders like it's done for invoices +- New: Add hidden option MAIN_ADD_PDF_BACKGROUND to add a PDF as background of invoice/order generated PDF. - Fix: Can use POS module with several concurrent users. - Fix: Installer don't fails with Mysql version that added a ssl_cypher field. +- Fix: Sanitize input parameters. For developers: - New: Can add a left menu into an existing top menu or left menu. diff --git a/htdocs/adherents/agenda.php b/htdocs/adherents/agenda.php index 973762b780c..bd5f0f66894 100644 --- a/htdocs/adherents/agenda.php +++ b/htdocs/adherents/agenda.php @@ -37,7 +37,7 @@ $langs->load("members"); $mesg=isset($_GET["mesg"])?'
'.$_GET["mesg"].'
':''; -$id = GETPOST("id"); +$id = GETPOST('id','int'); // Security check if (! $user->rights->adherent->lire) accessforbidden(); diff --git a/htdocs/adherents/card_subscriptions.php b/htdocs/adherents/card_subscriptions.php index 4291d998559..a831ec46a2e 100644 --- a/htdocs/adherents/card_subscriptions.php +++ b/htdocs/adherents/card_subscriptions.php @@ -141,10 +141,10 @@ if ($action == 'setsocid') $error=0; if (! $error) { - if (GETPOST("socid") != $adh->fk_soc) // If link differs from currently in database + if (GETPOST('socid','int') != $adh->fk_soc) // If link differs from currently in database { $sql ="SELECT rowid FROM ".MAIN_DB_PREFIX."adherent"; - $sql.=" WHERE fk_soc = '".GETPOST("socid")."'"; + $sql.=" WHERE fk_soc = '".GETPOST('socid','int')."'"; $resql = $db->query($sql); if ($resql) { @@ -154,7 +154,7 @@ if ($action == 'setsocid') $othermember=new Adherent($db); $othermember->fetch($obj->rowid); $thirdparty=new Societe($db); - $thirdparty->fetch(GETPOST("socid")); + $thirdparty->fetch(GETPOST('socid','int')); $error++; $mesg='
'.$langs->trans("ErrorMemberIsAlreadyLinkedToThisThirdParty",$othermember->getFullName($langs),$othermember->login,$thirdparty->name).'
'; } @@ -162,7 +162,7 @@ if ($action == 'setsocid') if (! $error) { - $result=$adh->setThirdPartyId(GETPOST("socid")); + $result=$adh->setThirdPartyId(GETPOST('socid','int')); if ($result < 0) dol_print_error($adh->db,$adh->error); $_POST['action']=''; $action=''; diff --git a/htdocs/adherents/document.php b/htdocs/adherents/document.php index c7e596fe1a1..f62b7781be8 100644 --- a/htdocs/adherents/document.php +++ b/htdocs/adherents/document.php @@ -37,7 +37,7 @@ $langs->load('other'); $mesg = ""; // Security check -$id = GETPOST('id'); +$id = GETPOST('id','int'); if ($user->societe_id > 0) { $id = $user->societe_id; diff --git a/htdocs/adherents/fiche.php b/htdocs/adherents/fiche.php index 3278d89ae44..27acbae6c54 100644 --- a/htdocs/adherents/fiche.php +++ b/htdocs/adherents/fiche.php @@ -782,7 +782,7 @@ if ($action == 'create') { foreach($extrafields->attribute_label as $key=>$label) { - $value=(GETPOST('options_'.$key,'alpha')?GETPOST('options_'.$key,'alpha'):$object->array_options["options_".$key]); + $value=(isset($_POST["options_".$key])?GETPOST('options_'.$key,'alpha'):$object->array_options["options_".$key]); print ''.$label.''; print $extrafields->showInputField($key,$value); print ''."\n"; diff --git a/htdocs/adherents/ldap.php b/htdocs/adherents/ldap.php index 5e3456c2cfd..304e0664225 100644 --- a/htdocs/adherents/ldap.php +++ b/htdocs/adherents/ldap.php @@ -34,7 +34,7 @@ $langs->load("members"); $langs->load("ldap"); $langs->load("admin"); -$rowid = GETPOST("id"); +$rowid = GETPOST('id','int'); $action = GETPOST('action'); // Protection diff --git a/htdocs/adherents/note.php b/htdocs/adherents/note.php index 7a2b9c3aca3..0cae0490222 100644 --- a/htdocs/adherents/note.php +++ b/htdocs/adherents/note.php @@ -28,7 +28,7 @@ require_once(DOL_DOCUMENT_ROOT.'/adherents/class/adherent.class.php'); require_once(DOL_DOCUMENT_ROOT."/adherents/class/adherent_type.class.php"); $action=GETPOST('action'); -$id=GETPOST("id"); +$id=GETPOST('id','int'); $langs->load("companies"); $langs->load("members"); diff --git a/htdocs/adherents/stats/index.php b/htdocs/adherents/stats/index.php index c3486f5aeb1..8c5484d3e92 100644 --- a/htdocs/adherents/stats/index.php +++ b/htdocs/adherents/stats/index.php @@ -31,8 +31,8 @@ require_once(DOL_DOCUMENT_ROOT."/core/lib/member.lib.php"); $WIDTH=500; $HEIGHT=200; -$userid=GETPOST('userid'); if ($userid < 0) $userid=0; -$socid=GETPOST('socid'); if ($socid < 0) $socid=0; +$userid=GETPOST('userid','int'); if ($userid < 0) $userid=0; +$socid=GETPOST('socid','int'); if ($socid < 0) $socid=0; // Security check if ($user->societe_id > 0) { diff --git a/htdocs/admin/dict.php b/htdocs/admin/dict.php index 65f1fc4f64a..3b5baa48d1e 100644 --- a/htdocs/admin/dict.php +++ b/htdocs/admin/dict.php @@ -296,7 +296,7 @@ complete_dictionnary_with_modules($taborder,$tabname,$tablib,$tabsql,$tabsqlsort // Define elementList and sourceList (used for dictionnary "type of contacts") $elementList = array(); $sourceList=array(); -if (GETPOST("id") == 11) +if (GETPOST('id','int') == 11) { $langs->load("orders"); $langs->load("contracts"); @@ -702,7 +702,7 @@ if ($_GET["id"]) if ($num > $listlimit) { print ''; - print_fleche_navigation($page,$_SERVER["PHP_SELF"],'&id='.GETPOST('id'),($num > $listlimit),$langs->trans("Page").' '.($page+1)); + print_fleche_navigation($page,$_SERVER["PHP_SELF"],'&id='.GETPOST('id','int'),($num > $listlimit),$langs->trans("Page").' '.($page+1)); print ''; } @@ -737,10 +737,10 @@ if ($_GET["id"]) // Affiche nom du champ if ($showfield) { - print_liste_field_titre($valuetoshow,"dict.php",$fieldlist[$field],($page?'page='.$page.'&':'').'&id='.GETPOST("id"),"","",$sortfield,$sortorder); + print_liste_field_titre($valuetoshow,"dict.php",$fieldlist[$field],($page?'page='.$page.'&':'').'&id='.GETPOST('id','int'),"","",$sortfield,$sortorder); } } - print_liste_field_titre($langs->trans("Status"),"dict.php","active",($page?'page='.$page.'&':'').'&id='.GETPOST("id"),"",'align="center"',$sortfield,$sortorder); + print_liste_field_titre($langs->trans("Status"),"dict.php","active",($page?'page='.$page.'&':'').'&id='.GETPOST('id','int'),"",'align="center"',$sortfield,$sortorder); print ' '; print ''; @@ -756,7 +756,7 @@ if ($_GET["id"]) { print '
'; print ''; - print ''; + print ''; print ''; print ''; diff --git a/htdocs/cashdesk/admin/cashdesk.php b/htdocs/cashdesk/admin/cashdesk.php index 254ea1c6263..8b3bb8a9fcf 100644 --- a/htdocs/cashdesk/admin/cashdesk.php +++ b/htdocs/cashdesk/admin/cashdesk.php @@ -49,11 +49,11 @@ if (GETPOST("action") == 'set') { $db->begin(); - if (GETPOST("socid") < 0) $_POST["socid"]=''; + if (GETPOST('socid','int') < 0) $_POST["socid"]=''; /*if (GETPOST("CASHDESK_ID_BANKACCOUNT") < 0) $_POST["CASHDESK_ID_BANKACCOUNT"]=''; if (GETPOST("CASHDESK_ID_WAREHOUSE") < 0) $_POST["CASHDESK_ID_WAREHOUSE"]='';*/ - $res = dolibarr_set_const($db,"CASHDESK_ID_THIRDPARTY",GETPOST("socid"),'chaine',0,'',$conf->entity); + $res = dolibarr_set_const($db,"CASHDESK_ID_THIRDPARTY",GETPOST('socid','int'),'chaine',0,'',$conf->entity); $res = dolibarr_set_const($db,"CASHDESK_ID_BANKACCOUNT_CASH",GETPOST("CASHDESK_ID_BANKACCOUNT_CASH"),'chaine',0,'',$conf->entity); $res = dolibarr_set_const($db,"CASHDESK_ID_BANKACCOUNT_CHEQUE",GETPOST("CASHDESK_ID_BANKACCOUNT_CHEQUE"),'chaine',0,'',$conf->entity); $res = dolibarr_set_const($db,"CASHDESK_ID_BANKACCOUNT_CB",GETPOST("CASHDESK_ID_BANKACCOUNT_CB"),'chaine',0,'',$conf->entity); diff --git a/htdocs/cashdesk/index.php b/htdocs/cashdesk/index.php index 104532b469d..3f5edb9e290 100644 --- a/htdocs/cashdesk/index.php +++ b/htdocs/cashdesk/index.php @@ -93,7 +93,7 @@ print ''; $disabled=0; $langs->load("companies"); if (! empty($conf->global->CASHDESK_ID_THIRDPARTY)) $disabled=1; // If a particular third party is defined, we disable choice -print $form->select_company(GETPOST('socid')?GETPOST('socid'):$conf->global->CASHDESK_ID_THIRDPARTY,'socid','s.client in (1,3)',!$disabled,$disabled,1); +print $form->select_company(GETPOST('socid','int')?GETPOST('socid','int'):$conf->global->CASHDESK_ID_THIRDPARTY,'socid','s.client in (1,3)',!$disabled,$disabled,1); //print ''; print ''; print "\n"; diff --git a/htdocs/cashdesk/index_verif.php b/htdocs/cashdesk/index_verif.php index 104035ce6e3..50b18218902 100644 --- a/htdocs/cashdesk/index_verif.php +++ b/htdocs/cashdesk/index_verif.php @@ -30,7 +30,7 @@ $langs->load("cashdesk"); $username = GETPOST("txtUsername"); $password = GETPOST("pwdPassword"); -$thirdpartyid = (GETPOST("socid")!='')?GETPOST("socid"):$conf->global->CASHDESK_ID_THIRDPARTY; +$thirdpartyid = (GETPOST('socid','int')!='')?GETPOST('socid','int'):$conf->global->CASHDESK_ID_THIRDPARTY; $warehouseid = (GETPOST("warehouseid")!='')?GETPOST("warehouseid"):$conf->global->CASHDESK_ID_WAREHOUSE; // Check username diff --git a/htdocs/cashdesk/tpl/ticket.tpl.php b/htdocs/cashdesk/tpl/ticket.tpl.php index af52f517f8d..a3a055ac082 100644 --- a/htdocs/cashdesk/tpl/ticket.tpl.php +++ b/htdocs/cashdesk/tpl/ticket.tpl.php @@ -20,7 +20,7 @@ include_once(DOL_DOCUMENT_ROOT.'/compta/facture/class/facture.class.php'); $langs->load("main"); header("Content-type: text/html; charset=".$conf->file->character_set_client); -$facid=GETPOST('facid'); +$facid=GETPOST('facid','int'); $object=new Facture($db); $object->fetch($facid); diff --git a/htdocs/categories/categorie.php b/htdocs/categories/categorie.php index 5ca949410b6..1a159d03257 100644 --- a/htdocs/categories/categorie.php +++ b/htdocs/categories/categorie.php @@ -32,8 +32,8 @@ require_once(DOL_DOCUMENT_ROOT."/categories/class/categorie.class.php"); $langs->load("categories"); $langs->load("products"); -$socid = GETPOST('socid'); -$id = GETPOST('id'); +$socid = GETPOST('socid','int'); +$id = GETPOST('id','int'); $ref = GETPOST('ref'); $type = GETPOST('type'); $mesg = GETPOST('mesg'); diff --git a/htdocs/categories/edit.php b/htdocs/categories/edit.php index efc432e7f94..ca82944a32a 100644 --- a/htdocs/categories/edit.php +++ b/htdocs/categories/edit.php @@ -28,7 +28,7 @@ require("../main.inc.php"); require_once(DOL_DOCUMENT_ROOT."/categories/class/categorie.class.php"); -$id=GETPOST('id'); +$id=GETPOST('id','int'); $ref=GETPOST('ref'); $type=GETPOST('type'); $action=GETPOST('action'); diff --git a/htdocs/categories/fiche.php b/htdocs/categories/fiche.php index 6cc51539721..ac5c9a1c978 100644 --- a/htdocs/categories/fiche.php +++ b/htdocs/categories/fiche.php @@ -31,7 +31,7 @@ $langs->load("categories"); // Security check -$socid=GETPOST('socid'); +$socid=GETPOST('socid','int'); if (!$user->rights->categorie->lire) accessforbidden(); $action = GETPOST('action','alpha'); diff --git a/htdocs/categories/photos.php b/htdocs/categories/photos.php index 76f65ac07a0..747d2c92a5b 100644 --- a/htdocs/categories/photos.php +++ b/htdocs/categories/photos.php @@ -35,7 +35,7 @@ $langs->load("bills"); $mesg = ''; -$id=GETPOST('id'); +$id=GETPOST('id','int'); $ref=GETPOST('ref'); $type=GETPOST('type'); $action=GETPOST('action'); diff --git a/htdocs/categories/viewcat.php b/htdocs/categories/viewcat.php index 88f5dcec269..5efa8c9ecec 100644 --- a/htdocs/categories/viewcat.php +++ b/htdocs/categories/viewcat.php @@ -31,7 +31,7 @@ require_once(DOL_DOCUMENT_ROOT."/core/lib/categories.lib.php"); $langs->load("categories"); $mesg = ''; -$id=GETPOST('id'); +$id=GETPOST('id','int'); $ref=GETPOST('ref'); $type=GETPOST('type'); $action=GETPOST('action'); diff --git a/htdocs/comm/action/document.php b/htdocs/comm/action/document.php index 88fa0f440ea..9993faac02b 100755 --- a/htdocs/comm/action/document.php +++ b/htdocs/comm/action/document.php @@ -40,7 +40,7 @@ $langs->load("other"); $langs->load("bills"); if (isset($_GET["error"])) $error=$_GET["error"]; -$objectid = GETPOST("id"); +$objectid = GETPOST('id','int'); // Security check if ($user->societe_id > 0) diff --git a/htdocs/comm/action/fiche.php b/htdocs/comm/action/fiche.php index 2951f701c77..023a12b1fee 100644 --- a/htdocs/comm/action/fiche.php +++ b/htdocs/comm/action/fiche.php @@ -153,10 +153,10 @@ if ($action == 'add_action') $actioncomm->note = trim($_POST["note"]); if (isset($_POST["contactid"])) $actioncomm->contact = $contact; - if (GETPOST("socid") > 0) + if (GETPOST('socid','int') > 0) { $societe = new Societe($db); - $societe->fetch(GETPOST("socid")); + $societe->fetch(GETPOST('socid','int')); $actioncomm->societe = $societe; } @@ -508,12 +508,12 @@ if ($action == 'create') // Societe, contact print ''.$langs->trans("ActionOnCompany").''; - if (GETPOST("socid") > 0) + if (GETPOST('socid','int') > 0) { $societe = new Societe($db); - $societe->fetch(GETPOST("socid")); + $societe->fetch(GETPOST('socid','int')); print $societe->getNomUrl(1); - print ''; + print ''; } else { @@ -522,10 +522,10 @@ if ($action == 'create') print ''; // If company is forced, we propose contacts (may be contact is also forced) - if (GETPOST("contactid") > 0 || GETPOST("socid") > 0) + if (GETPOST("contactid") > 0 || GETPOST('socid','int') > 0) { print ''.$langs->trans("ActionOnContact").''; - $form->select_contacts(GETPOST("socid"),GETPOST('contactid'),'contactid',1); + $form->select_contacts(GETPOST('socid','int'),GETPOST('contactid'),'contactid',1); print ''; } diff --git a/htdocs/comm/action/rapport/index.php b/htdocs/comm/action/rapport/index.php index 25d0403f3c4..57c23879b45 100644 --- a/htdocs/comm/action/rapport/index.php +++ b/htdocs/comm/action/rapport/index.php @@ -40,7 +40,7 @@ if (! $sortorder) $sortorder="DESC"; if (! $sortfield) $sortfield="a.datep"; // Security check -$socid = GETPOST("socid"); +$socid = GETPOST('socid','int'); if ($user->societe_id) $socid=$user->societe_id; $result = restrictedArea($user, 'agenda', $socid, '', 'myactions'); @@ -53,7 +53,7 @@ $langs->load("commercial"); if ($_GET["action"] == 'builddoc') { $cat = new CommActionRapport($db, $_GET["month"], $_GET["year"]); - $result=$cat->write_file(GETPOST("id")); + $result=$cat->write_file(GETPOST('id','int')); if ($result < 0) { $mesg=$cat->error; diff --git a/htdocs/comm/contact.php b/htdocs/comm/contact.php index 38c9c4bed4c..38c20e438a6 100644 --- a/htdocs/comm/contact.php +++ b/htdocs/comm/contact.php @@ -40,7 +40,7 @@ $offset = $limit * $page ; $type=$_GET["type"]; // Security check -$socid = GETPOST('socid'); +$socid = GETPOST('socid','int'); if ($user->societe_id) $socid=$user->societe_id; $result = restrictedArea($user, 'societe',$socid,''); diff --git a/htdocs/comm/fiche.php b/htdocs/comm/fiche.php index 56e78a0f523..cc83e426ca0 100644 --- a/htdocs/comm/fiche.php +++ b/htdocs/comm/fiche.php @@ -49,7 +49,7 @@ if ($conf->notification->enabled) $langs->load("mails"); if (!empty($conf->global->MAIN_MODULE_CHRONODOCS)) $langs->load("chronodocs"); // Security check -$id = (GETPOST('socid','int') ? GETPOST('socid','int') : GETPOST('id')); +$id = (GETPOST('socid','int') ? GETPOST('socid','int') : GETPOST('id','int')); if ($user->societe_id > 0) $id=$user->societe_id; $result = restrictedArea($user,'societe',$id,'&societe'); diff --git a/htdocs/comm/list.php b/htdocs/comm/list.php index 0c47814e6f1..b636c8bd3b7 100755 --- a/htdocs/comm/list.php +++ b/htdocs/comm/list.php @@ -32,7 +32,7 @@ $langs->load("suppliers"); $langs->load("commercial"); // Security check -$socid = GETPOST("socid"); +$socid = GETPOST('socid','int'); if ($user->societe_id) $socid=$user->societe_id; $result = restrictedArea($user,'societe',$socid,''); diff --git a/htdocs/comm/mailing/cibles.php b/htdocs/comm/mailing/cibles.php index 45092f15267..01cd0bd4347 100644 --- a/htdocs/comm/mailing/cibles.php +++ b/htdocs/comm/mailing/cibles.php @@ -47,7 +47,7 @@ $pagenext = $page + 1; if (! $sortorder) $sortorder="ASC"; if (! $sortfield) $sortfield="email"; -$id=GETPOST('rowid')?GETPOST('rowid'):GETPOST('id'); +$id=GETPOST('rowid')?GETPOST('rowid'):GETPOST('id','int'); $action=GETPOST("action"); $search_nom=GETPOST("search_nom"); $search_prenom=GETPOST("search_prenom"); diff --git a/htdocs/comm/propal.php b/htdocs/comm/propal.php index cab31680ba3..4310a9de860 100644 --- a/htdocs/comm/propal.php +++ b/htdocs/comm/propal.php @@ -1080,7 +1080,7 @@ if ($id > 0 || ! empty($ref)) //'text' => $langs->trans("ConfirmClone"), //array('type' => 'checkbox', 'name' => 'clone_content', 'label' => $langs->trans("CloneMainAttributes"), 'value' => 1), //array('type' => 'checkbox', 'name' => 'update_prices', 'label' => $langs->trans("PuttingPricesUpToDate"), 'value' => 1), - array('type' => 'other', 'name' => 'socid', 'label' => $langs->trans("SelectThirdParty"), 'value' => $form->select_company(GETPOST('socid'),'socid','(s.client=1 OR s.client=3)')) + array('type' => 'other', 'name' => 'socid', 'label' => $langs->trans("SelectThirdParty"), 'value' => $form->select_company(GETPOST('socid','int'),'socid','(s.client=1 OR s.client=3)')) ); // Paiement incomplet. On demande si motif = escompte ou autre $formconfirm=$form->formconfirm($_SERVER["PHP_SELF"].'?id='.$object->id,$langs->trans('ClonePropal'),$langs->trans('ConfirmClonePropal',$object->ref),'confirm_clone',$formquestion,'yes',1); @@ -1352,11 +1352,11 @@ if ($id > 0 || ! empty($ref)) if ($action == 'editdelivery_address') { - $formother->form_address($_SERVER['PHP_SELF'].'?id='.$object->id,$object->fk_delivery_address,GETPOST('socid'),'fk_address','propal',$object->id); + $formother->form_address($_SERVER['PHP_SELF'].'?id='.$object->id,$object->fk_delivery_address,GETPOST('socid','int'),'fk_address','propal',$object->id); } else { - $formother->form_address($_SERVER['PHP_SELF'].'?id='.$object->id,$object->fk_delivery_address,GETPOST('socid'),'none','propal',$object->id); + $formother->form_address($_SERVER['PHP_SELF'].'?id='.$object->id,$object->fk_delivery_address,GETPOST('socid','int'),'none','propal',$object->id); } print ''; } diff --git a/htdocs/comm/propal/apercu.php b/htdocs/comm/propal/apercu.php index 56a0c9c06de..ea03bf2875a 100644 --- a/htdocs/comm/propal/apercu.php +++ b/htdocs/comm/propal/apercu.php @@ -37,7 +37,7 @@ $langs->load('compta'); // Security check $socid=0; -$id = GETPOST("id"); +$id = GETPOST('id','int'); $ref = GETPOST("ref"); if ($user->societe_id) $socid=$user->societe_id; $result = restrictedArea($user, 'propale', $id, 'propal'); diff --git a/htdocs/comm/propal/document.php b/htdocs/comm/propal/document.php index 56f8fd581fa..30592f90426 100644 --- a/htdocs/comm/propal/document.php +++ b/htdocs/comm/propal/document.php @@ -35,7 +35,7 @@ $langs->load('other'); $action = GETPOST('action'); $confirm = GETPOST('confirm'); -$id = GETPOST('id'); +$id = GETPOST('id','int'); $ref = GETPOST('ref'); // Security check diff --git a/htdocs/comm/propal/stats/index.php b/htdocs/comm/propal/stats/index.php index 7dcff4a5b54..408abed65cf 100644 --- a/htdocs/comm/propal/stats/index.php +++ b/htdocs/comm/propal/stats/index.php @@ -30,8 +30,8 @@ require_once(DOL_DOCUMENT_ROOT."/core/class/dolgraph.class.php"); $WIDTH=500; $HEIGHT=200; -$userid=GETPOST('userid'); if ($userid < 0) $userid=0; -$socid=GETPOST('socid'); if ($socid < 0) $socid=0; +$userid=GETPOST('userid','int'); if ($userid < 0) $userid=0; +$socid=GETPOST('socid','int'); if ($socid < 0) $socid=0; // Security check if ($user->societe_id > 0) { diff --git a/htdocs/comm/prospect/fiche.php b/htdocs/comm/prospect/fiche.php index db6a493c54e..020cc203f10 100644 --- a/htdocs/comm/prospect/fiche.php +++ b/htdocs/comm/prospect/fiche.php @@ -37,7 +37,7 @@ $langs->load('projects'); $langs->load('propal'); // Security check -$socid = GETPOST("socid"); +$socid = GETPOST('socid','int'); if ($user->societe_id) $socid=$user->societe_id; $result = restrictedArea($user, 'societe', $socid, '&societe'); diff --git a/htdocs/comm/remx.php b/htdocs/comm/remx.php index 42bac50817f..828d231d3b8 100644 --- a/htdocs/comm/remx.php +++ b/htdocs/comm/remx.php @@ -36,7 +36,7 @@ $action=GETPOST('action','alpha'); $backtopage=GETPOST('backtopage','alpha'); // Security check -$socid = GETPOST("id"); +$socid = GETPOST('id','int'); if ($user->societe_id > 0) { $socid = $user->societe_id; @@ -189,7 +189,7 @@ if (GETPOST("action") == 'confirm_remove' && GETPOST("confirm")=='yes') if ($result > 0) { $db->commit(); - header("Location: ".$_SERVER["PHP_SELF"].'?id='.GETPOST('id')); // To avoid pb whith back + header("Location: ".$_SERVER["PHP_SELF"].'?id='.GETPOST('id','int')); // To avoid pb whith back exit; } else diff --git a/htdocs/commande/apercu.php b/htdocs/commande/apercu.php index 70561e6b8d4..0407eced627 100644 --- a/htdocs/commande/apercu.php +++ b/htdocs/commande/apercu.php @@ -40,7 +40,7 @@ $langs->load('sendings'); // Security check $socid=0; -$id = GETPOST("id"); +$id = GETPOST('id','int'); $ref = GETPOST("ref"); if ($user->societe_id) $socid=$user->societe_id; $result=restrictedArea($user,'commande',$id,''); diff --git a/htdocs/commande/contact.php b/htdocs/commande/contact.php index 966e2c660fc..828dc7c0a26 100644 --- a/htdocs/commande/contact.php +++ b/htdocs/commande/contact.php @@ -79,7 +79,7 @@ if ($_POST["action"] == 'addcontact' && $user->rights->commande->creer) if ($_GET["action"] == 'swapstatut' && $user->rights->commande->creer) { $commande = new Commande($db); - if ($commande->fetch(GETPOST("id"))) + if ($commande->fetch(GETPOST('id','int'))) { $result=$commande->swapContactStatus(GETPOST('ligne')); } diff --git a/htdocs/commande/document.php b/htdocs/commande/document.php index e2b9f431043..f4838e1663e 100644 --- a/htdocs/commande/document.php +++ b/htdocs/commande/document.php @@ -36,7 +36,7 @@ $langs->load('other'); $action = GETPOST('action'); $confirm = GETPOST('confirm'); -$id = GETPOST('id'); +$id = GETPOST('id','int'); $ref = GETPOST('ref'); // Security check diff --git a/htdocs/commande/fiche.php b/htdocs/commande/fiche.php index f8b2a4049cf..a8383c52d55 100644 --- a/htdocs/commande/fiche.php +++ b/htdocs/commande/fiche.php @@ -51,9 +51,9 @@ $langs->load('propal'); $langs->load('deliveries'); $langs->load('products'); -$id = (GETPOST("id")?GETPOST("id"):GETPOST("orderid")); +$id = (GETPOST('id','int')?GETPOST('id','int'):GETPOST("orderid")); $ref = GETPOST('ref'); -$socid = GETPOST('socid'); +$socid = GETPOST('socid','int'); $action = GETPOST('action'); $confirm = GETPOST('confirm'); $lineid = GETPOST('lineid'); @@ -191,7 +191,7 @@ if ($action == 'add' && $user->rights->commande->creer) $datecommande = dol_mktime(12, 0, 0, $_POST['remonth'], $_POST['reday'], $_POST['reyear']); $datelivraison = dol_mktime(12, 0, 0, $_POST['liv_month'],$_POST['liv_day'],$_POST['liv_year']); - $object->socid=GETPOST('socid'); + $object->socid=GETPOST('socid','int'); $object->fetch_thirdparty(); $db->begin(); @@ -1652,7 +1652,7 @@ else //'text' => $langs->trans("ConfirmClone"), //array('type' => 'checkbox', 'name' => 'clone_content', 'label' => $langs->trans("CloneMainAttributes"), 'value' => 1), //array('type' => 'checkbox', 'name' => 'update_prices', 'label' => $langs->trans("PuttingPricesUpToDate"), 'value' => 1), - array('type' => 'other', 'name' => 'socid', 'label' => $langs->trans("SelectThirdParty"), 'value' => $form->select_company(GETPOST('socid'),'socid','(s.client=1 OR s.client=3)')) + array('type' => 'other', 'name' => 'socid', 'label' => $langs->trans("SelectThirdParty"), 'value' => $form->select_company(GETPOST('socid','int'),'socid','(s.client=1 OR s.client=3)')) ); // Paiement incomplet. On demande si motif = escompte ou autre $formconfirm=$form->formconfirm($_SERVER["PHP_SELF"].'?id='.$object->id,$langs->trans('CloneOrder'),$langs->trans('ConfirmCloneOrder',$object->ref),'confirm_clone',$formquestion,'yes',1); diff --git a/htdocs/commande/index.php b/htdocs/commande/index.php index 94946d75c65..d70aaf52af1 100644 --- a/htdocs/commande/index.php +++ b/htdocs/commande/index.php @@ -33,7 +33,7 @@ if (!$user->rights->commande->lire) accessforbidden(); $langs->load("orders"); // Security check -$socid=GETPOST('socid'); +$socid=GETPOST('socid','int'); if ($user->societe_id > 0) { $action = ''; diff --git a/htdocs/commande/liste.php b/htdocs/commande/liste.php index 6ffe19b3df9..d628610b94c 100644 --- a/htdocs/commande/liste.php +++ b/htdocs/commande/liste.php @@ -44,7 +44,7 @@ $sall=GETPOST('sall'); $socid=GETPOST('socid','int'); // Security check -$id = (GETPOST('orderid')?GETPOST('orderid'):GETPOST('id')); +$id = (GETPOST('orderid')?GETPOST('orderid'):GETPOST('id','int')); if ($user->societe_id) $socid=$user->societe_id; $result = restrictedArea($user, 'commande', $id,''); diff --git a/htdocs/commande/stats/index.php b/htdocs/commande/stats/index.php index 57ce188be25..6ef7e808126 100644 --- a/htdocs/commande/stats/index.php +++ b/htdocs/commande/stats/index.php @@ -34,8 +34,8 @@ $mode=GETPOST("mode")?GETPOST("mode"):'customer'; if ($mode == 'customer' && ! $user->rights->commande->lire) accessforbidden(); if ($mode == 'supplier' && ! $user->rights->fournisseur->commande->lire) accessforbidden(); -$userid=GETPOST('userid'); if ($userid < 0) $userid=0; -$socid=GETPOST('socid'); if ($socid < 0) $socid=0; +$userid=GETPOST('userid','int'); if ($userid < 0) $userid=0; +$socid=GETPOST('socid','int'); if ($socid < 0) $socid=0; // Security check if ($user->societe_id > 0) { diff --git a/htdocs/compta/bank/fiche.php b/htdocs/compta/bank/fiche.php index 5a57bef27b7..f61d78641bb 100644 --- a/htdocs/compta/bank/fiche.php +++ b/htdocs/compta/bank/fiche.php @@ -468,10 +468,10 @@ else /* */ /* ************************************************************************** */ - if (GETPOST("id") && $action == 'edit' && $user->rights->banque->configurer) + if (GETPOST('id','int') && $action == 'edit' && $user->rights->banque->configurer) { $account = new Account($db); - $account->fetch(GETPOST("id")); + $account->fetch(GETPOST('id','int')); print_fiche_titre($langs->trans("EditFinancialAccount")); print "
"; diff --git a/htdocs/compta/deplacement/fiche.php b/htdocs/compta/deplacement/fiche.php index fce385ea57e..66680ef089d 100644 --- a/htdocs/compta/deplacement/fiche.php +++ b/htdocs/compta/deplacement/fiche.php @@ -36,7 +36,7 @@ $langs->load("trips"); // Security check -$id = GETPOST('id'); +$id = GETPOST('id','int'); if ($user->societe_id) $socid=$user->societe_id; $result = restrictedArea($user, 'deplacement', $id,''); @@ -287,7 +287,7 @@ if ($action == 'create') // Company print ""; print ''.$langs->trans("CompanyVisited").''; - print $form->select_company(GETPOST("socid"),'socid','',1); + print $form->select_company(GETPOST('socid','int'),'socid','',1); print ''; // Public note diff --git a/htdocs/compta/deplacement/index.php b/htdocs/compta/deplacement/index.php index 273e27bec66..1fe0e9549ac 100644 --- a/htdocs/compta/deplacement/index.php +++ b/htdocs/compta/deplacement/index.php @@ -32,7 +32,7 @@ $langs->load("users"); $langs->load("trips"); // Security check -$socid = GETPOST('socid'); +$socid = GETPOST('socid','int'); if ($user->societe_id) $socid=$user->societe_id; $result = restrictedArea($user, 'deplacement','',''); diff --git a/htdocs/compta/deplacement/info.php b/htdocs/compta/deplacement/info.php index 7dee9417339..1d0874af388 100644 --- a/htdocs/compta/deplacement/info.php +++ b/htdocs/compta/deplacement/info.php @@ -30,7 +30,7 @@ require_once(DOL_DOCUMENT_ROOT."/compta/deplacement/class/deplacement.class.php" $langs->load("trips"); // Security check -$id = GETPOST('id'); +$id = GETPOST('id','int'); if ($user->societe_id) $socid=$user->societe_id; $result = restrictedArea($user, 'deplacement', $id, ''); diff --git a/htdocs/compta/deplacement/list.php b/htdocs/compta/deplacement/list.php index bd3ffc66e36..cc3d4542316 100755 --- a/htdocs/compta/deplacement/list.php +++ b/htdocs/compta/deplacement/list.php @@ -32,7 +32,7 @@ $langs->load("users"); $langs->load("trips"); // Security check -$socid = GETPOST('socid'); +$socid = GETPOST('socid','int'); if ($user->societe_id) $socid=$user->societe_id; $result = restrictedArea($user, 'deplacement','',''); diff --git a/htdocs/compta/deplacement/stats/index.php b/htdocs/compta/deplacement/stats/index.php index d9847f8cb52..d07f816f1bc 100755 --- a/htdocs/compta/deplacement/stats/index.php +++ b/htdocs/compta/deplacement/stats/index.php @@ -31,8 +31,8 @@ $langs->load("trips"); $WIDTH=500; $HEIGHT=200; -$userid=GETPOST('userid'); if ($userid < 0) $userid=0; -$socid=GETPOST('socid'); if ($socid < 0) $socid=0; +$userid=GETPOST('userid','int'); if ($userid < 0) $userid=0; +$socid=GETPOST('socid','int'); if ($socid < 0) $socid=0; // Securite acces client if ($user->societe_id > 0) { diff --git a/htdocs/compta/dons/fiche.php b/htdocs/compta/dons/fiche.php index 5ee0351d559..5ee0ae1c95b 100644 --- a/htdocs/compta/dons/fiche.php +++ b/htdocs/compta/dons/fiche.php @@ -34,7 +34,7 @@ $langs->load("companies"); $langs->load("donations"); $langs->load("bills"); -$id=GETPOST('rowid')?GETPOST('rowid'):GETPOST('id'); +$id=GETPOST('rowid')?GETPOST('rowid'):GETPOST('id','int'); $action=GETPOST('action'); $mesg=""; diff --git a/htdocs/compta/facture.php b/htdocs/compta/facture.php index 33ef351b0f8..e608d07d1a9 100644 --- a/htdocs/compta/facture.php +++ b/htdocs/compta/facture.php @@ -53,7 +53,7 @@ if (GETPOST('mesg','int',1) && isset($_SESSION['message'])) $mesg=$_SESSION['mes $sall=trim(GETPOST('sall')); $projectid=(GETPOST('projectid')?GETPOST('projectid','int'):0); -$id=(GETPOST('id')?GETPOST('id','int'):GETPOST('facid','int')); // For backward compatibility +$id=(GETPOST('id','int')?GETPOST('id','int'):GETPOST('facid','int')); // For backward compatibility $ref=GETPOST('ref','alpha'); $socid=GETPOST('socid','int'); $action=GETPOST('action','alpha'); @@ -558,7 +558,7 @@ if ($action == 'confirm_converttoreduc' && $confirm == 'yes' && $user->rights->f */ if ($action == 'add' && $user->rights->facture->creer) { - $object->socid=GETPOST('socid'); + $object->socid=GETPOST('socid','int'); $db->begin(); diff --git a/htdocs/compta/facture/apercu.php b/htdocs/compta/facture/apercu.php index 6c07791e272..f29038bf0d3 100644 --- a/htdocs/compta/facture/apercu.php +++ b/htdocs/compta/facture/apercu.php @@ -36,7 +36,7 @@ $langs->load("bills"); // Security check $socid=0; -$id = GETPOST("facid"); +$id = GETPOST('facid','int'); $ref = GETPOST("ref"); if ($user->societe_id) $socid=$user->societe_id; $result = restrictedArea($user, 'facture', $id); diff --git a/htdocs/compta/facture/contact.php b/htdocs/compta/facture/contact.php index 410cfcff75e..8e34d0aa48f 100644 --- a/htdocs/compta/facture/contact.php +++ b/htdocs/compta/facture/contact.php @@ -32,7 +32,9 @@ require_once(DOL_DOCUMENT_ROOT.'/core/class/html.formcompany.class.php'); $langs->load("bills"); $langs->load("companies"); -$facid = isset($_GET["facid"])?$_GET["facid"]:''; +$facid = GETPOST('facid'); +$id = GETPOST('facid'); +$ref= GETPOST('ref'); // Security check if ($user->societe_id) $socid=$user->societe_id; @@ -45,12 +47,11 @@ $result = restrictedArea($user, 'facture', $facid); if ($_POST["action"] == 'addcontact' && $user->rights->facture->creer) { - $result = 0; $facture = new Facture($db); - $result = $facture->fetch($_GET["facid"]); + $result = $facture->fetch($facid); - if ($result > 0 && $_GET["facid"] > 0) + if ($result > 0 && $facid > 0) { $result = $facture->add_contact($_POST["contactid"], $_POST["type"], $_POST["source"]); } @@ -78,7 +79,7 @@ if ($_POST["action"] == 'addcontact' && $user->rights->facture->creer) if ($_GET["action"] == 'swapstatut' && $user->rights->facture->creer) { $facture = new Facture($db); - if ($facture->fetch(GETPOST("facid"))) + if ($facture->fetch($facid)) { $result=$facture->swapContactStatus(GETPOST('ligne')); } @@ -92,7 +93,7 @@ if ($_GET["action"] == 'swapstatut' && $user->rights->facture->creer) if ($_GET["action"] == 'deleteline' && $user->rights->facture->creer) { $facture = new Facture($db); - $facture->fetch($_GET["facid"]); + $facture->fetch($facid); $result = $facture->delete_contact($_GET["lineid"]); if ($result >= 0) @@ -125,8 +126,6 @@ $userstatic=new User($db); /* *************************************************************************** */ dol_htmloutput_mesg($mesg); -$id = $_GET['facid']; -$ref= $_GET['ref']; if ($id > 0 || ! empty($ref)) { $facture = new Facture($db); diff --git a/htdocs/compta/facture/document.php b/htdocs/compta/facture/document.php index 720d37f7772..d76b6fc4b2d 100644 --- a/htdocs/compta/facture/document.php +++ b/htdocs/compta/facture/document.php @@ -39,7 +39,7 @@ $langs->load("bills"); $action = GETPOST('action'); $confirm = GETPOST('confirm'); -$id = GETPOST('facid'); +$id = GETPOST('facid','int'); $ref = GETPOST('ref'); // Security check diff --git a/htdocs/compta/facture/fiche-rec.php b/htdocs/compta/facture/fiche-rec.php index 36f8777f234..2960624597a 100644 --- a/htdocs/compta/facture/fiche-rec.php +++ b/htdocs/compta/facture/fiche-rec.php @@ -31,7 +31,7 @@ require_once(DOL_DOCUMENT_ROOT."/product/class/product.class.php"); $langs->load('bills'); // Security check -$facid=GETPOST("facid"); +$facid=GETPOST('facid','int'); $action=GETPOST("action"); if ($user->societe_id) $socid=$user->societe_id; $objecttype = 'facture_rec'; @@ -81,7 +81,7 @@ if ($_POST["action"] == 'add') if ($_REQUEST["action"] == 'delete' && $user->rights->facture->supprimer) { $facrec = new FactureRec($db); - $facrec->fetch(GETPOST("facid")); + $facrec->fetch(GETPOST('facid','int')); $facrec->delete(); $facid = 0 ; } diff --git a/htdocs/compta/facture/stats/index.php b/htdocs/compta/facture/stats/index.php index 54dc1244aeb..3b579f6e56f 100644 --- a/htdocs/compta/facture/stats/index.php +++ b/htdocs/compta/facture/stats/index.php @@ -33,8 +33,8 @@ $mode=GETPOST("mode")?GETPOST("mode"):'customer'; if ($mode == 'customer' && ! $user->rights->facture->lire) accessforbidden(); if ($mode == 'supplier' && ! $user->rights->fournisseur->facture->lire) accessforbidden(); -$userid=GETPOST('userid'); if ($userid < 0) $userid=0; -$socid=GETPOST('socid'); if ($socid < 0) $socid=0; +$userid=GETPOST('userid','int'); if ($userid < 0) $userid=0; +$socid=GETPOST('socid','int'); if ($socid < 0) $socid=0; // Security check if ($user->societe_id > 0) { diff --git a/htdocs/compta/localtax/clients.php b/htdocs/compta/localtax/clients.php index ce0dbf389d8..bea4c61aec4 100644 --- a/htdocs/compta/localtax/clients.php +++ b/htdocs/compta/localtax/clients.php @@ -75,7 +75,7 @@ $modetax = $conf->global->TAX_MODE; if (isset($_REQUEST["modetax"])) $modetax=$_REQUEST["modetax"]; // Security check -$socid = GETPOST("socid"); +$socid = GETPOST('socid','int'); if ($user->societe_id) $socid=$user->societe_id; $result = restrictedArea($user, 'tax', '', '', 'charges'); diff --git a/htdocs/compta/paiement.php b/htdocs/compta/paiement.php index 95658793d12..7d8caf6e69c 100644 --- a/htdocs/compta/paiement.php +++ b/htdocs/compta/paiement.php @@ -37,7 +37,7 @@ $langs->load('banks'); $action = GETPOST('action'); $confirm = GETPOST('confirm'); -$facid = GETPOST('facid'); +$facid = GETPOST('facid','int'); $socname = GETPOST('socname'); $accountid = GETPOST('accountid'); $paymentnum = GETPOST('num_paiement'); diff --git a/htdocs/compta/paiement/cheque/fiche.php b/htdocs/compta/paiement/cheque/fiche.php index a67c000f748..6c49ce2a582 100644 --- a/htdocs/compta/paiement/cheque/fiche.php +++ b/htdocs/compta/paiement/cheque/fiche.php @@ -35,7 +35,7 @@ $langs->load('banks'); $langs->load('companies'); $langs->load('compta'); -$id =GETPOST("id"); +$id =GETPOST('id','int'); $ref=GETPOST("ref"); $action=GETPOST('action'); @@ -67,7 +67,7 @@ $filteraccountid=GETPOST('accountid'); if ($action == 'setdate' && $user->rights->banque->cheque) { $remisecheque = new RemiseCheque($db); - $result = $remisecheque->fetch(GETPOST('id')); + $result = $remisecheque->fetch(GETPOST('id','int')); if ($result > 0) { //print "x ".$_POST['liv_month'].", ".$_POST['liv_day'].", ".$_POST['liv_year']; diff --git a/htdocs/compta/paiement/liste.php b/htdocs/compta/paiement/liste.php index ddc95aa5642..b7c53db2c67 100644 --- a/htdocs/compta/paiement/liste.php +++ b/htdocs/compta/paiement/liste.php @@ -30,9 +30,9 @@ require_once(DOL_DOCUMENT_ROOT.'/compta/bank/class/account.class.php'); $langs->load("bills"); // Security check -$facid =GETPOST("facid"); -$socid =GETPOST("socid"); -$userid=GETPOST('userid'); +$facid =GETPOST('facid','int'); +$socid =GETPOST('socid','int'); +$userid=GETPOST('userid','int'); if ($user->societe_id) $socid=$user->societe_id; $result = restrictedArea($user, 'facture',$facid,''); diff --git a/htdocs/compta/prelevement/bon.php b/htdocs/compta/prelevement/bon.php index 67d7baee6ef..4a42b1fb08e 100644 --- a/htdocs/compta/prelevement/bon.php +++ b/htdocs/compta/prelevement/bon.php @@ -33,7 +33,7 @@ $langs->load("categories"); // Security check $socid=0; -$id = GETPOST("id"); +$id = GETPOST('id','int'); $ref = GETPOST("ref"); if ($user->societe_id) $socid=$user->societe_id; $result = restrictedArea($user, 'prelevement', $id); diff --git a/htdocs/compta/prelevement/bons.php b/htdocs/compta/prelevement/bons.php index ff656c9857e..4cfbbf0a481 100644 --- a/htdocs/compta/prelevement/bons.php +++ b/htdocs/compta/prelevement/bons.php @@ -31,7 +31,7 @@ $langs->load("widthdrawals"); $langs->load("categories"); // Security check -$socid = GETPOST("socid"); +$socid = GETPOST('socid','int'); if ($user->societe_id) $socid=$user->societe_id; $result = restrictedArea($user, 'prelevement','','','bons'); diff --git a/htdocs/compta/prelevement/demandes.php b/htdocs/compta/prelevement/demandes.php index 82ab1bb4402..4038446afb1 100644 --- a/htdocs/compta/prelevement/demandes.php +++ b/htdocs/compta/prelevement/demandes.php @@ -32,7 +32,7 @@ $langs->load("companies"); $langs->load("categories"); // Security check -$socid = GETPOST("socid"); +$socid = GETPOST('socid','int'); if ($user->societe_id) $socid=$user->societe_id; $result = restrictedArea($user, 'prelevement','','','bons'); diff --git a/htdocs/compta/prelevement/factures.php b/htdocs/compta/prelevement/factures.php index 58fe3761db9..67e47420061 100644 --- a/htdocs/compta/prelevement/factures.php +++ b/htdocs/compta/prelevement/factures.php @@ -37,8 +37,8 @@ $langs->load("categories"); if ($user->societe_id > 0) accessforbidden(); // Get supervariables -$prev_id = GETPOST("id"); -$socid = GETPOST("socid"); +$prev_id = GETPOST('id','int'); +$socid = GETPOST('socid','int'); $page = GETPOST("page"); $sortorder = ((GETPOST("sortorder")=="")) ? "DESC" : GETPOST("sortorder"); $sortfield = ((GETPOST("sortfield")=="")) ? "p.ref" : GETPOST("sortfield"); diff --git a/htdocs/compta/prelevement/fiche-rejet.php b/htdocs/compta/prelevement/fiche-rejet.php index 0fb5e55cf77..f3ad78b9b64 100644 --- a/htdocs/compta/prelevement/fiche-rejet.php +++ b/htdocs/compta/prelevement/fiche-rejet.php @@ -35,7 +35,7 @@ $langs->load("categories"); if ($user->societe_id > 0) accessforbidden(); // Get supervariables -$prev_id = GETPOST("id"); +$prev_id = GETPOST('id','int'); $page = GETPOST("page"); /* diff --git a/htdocs/compta/prelevement/fiche-stat.php b/htdocs/compta/prelevement/fiche-stat.php index 9d8261cf209..63b269c6286 100644 --- a/htdocs/compta/prelevement/fiche-stat.php +++ b/htdocs/compta/prelevement/fiche-stat.php @@ -34,7 +34,7 @@ $langs->load("withdrawals"); $langs->load("categories"); // Get supervariables -$prev_id = GETPOST("id"); +$prev_id = GETPOST('id','int'); $page = GETPOST("page"); /* diff --git a/htdocs/compta/prelevement/fiche.php b/htdocs/compta/prelevement/fiche.php index 4b76e9c3a02..e2d5a32fafe 100644 --- a/htdocs/compta/prelevement/fiche.php +++ b/htdocs/compta/prelevement/fiche.php @@ -40,7 +40,7 @@ if ($user->societe_id > 0) accessforbidden(); // Get supervariables $action = GETPOST("action"); -$id = GETPOST("id"); +$id = GETPOST('id','int'); /* * Actions diff --git a/htdocs/compta/prelevement/index.php b/htdocs/compta/prelevement/index.php index 7c9a1347d9b..a208b9d6b47 100644 --- a/htdocs/compta/prelevement/index.php +++ b/htdocs/compta/prelevement/index.php @@ -32,7 +32,7 @@ $langs->load("withdrawals"); $langs->load("categories"); // Security check -$socid = GETPOST("socid"); +$socid = GETPOST('socid','int'); if ($user->societe_id) $socid=$user->societe_id; $result = restrictedArea($user, 'prelevement','',''); diff --git a/htdocs/compta/prelevement/ligne.php b/htdocs/compta/prelevement/ligne.php index 0914abbdc65..9af1d17b642 100644 --- a/htdocs/compta/prelevement/ligne.php +++ b/htdocs/compta/prelevement/ligne.php @@ -39,8 +39,8 @@ $langs->load("categories"); // Get supervariables $action = GETPOST("action"); -$id = GETPOST("id"); -$socid = GETPOST("socid"); +$id = GETPOST('id','int'); +$socid = GETPOST('socid','int'); $page = GETPOST("page"); $sortorder = GETPOST("sortorder"); diff --git a/htdocs/compta/prelevement/lignes.php b/htdocs/compta/prelevement/lignes.php index 6df698b529a..4d0db99de3c 100644 --- a/htdocs/compta/prelevement/lignes.php +++ b/htdocs/compta/prelevement/lignes.php @@ -36,8 +36,8 @@ if ($user->societe_id > 0) accessforbidden(); $langs->load("categories"); // Get supervariables -$prev_id = GETPOST("id"); -$socid = GETPOST("socid"); +$prev_id = GETPOST('id','int'); +$socid = GETPOST('socid','int'); $page = GETPOST("page"); $sortorder = ((GETPOST("sortorder")=="")) ? "DESC" : GETPOST("sortorder"); $sortfield = ((GETPOST("sortfield")=="")) ? "pl.fk_soc" : GETPOST("sortfield"); diff --git a/htdocs/compta/prelevement/liste.php b/htdocs/compta/prelevement/liste.php index ba827ad3675..c27e09502d6 100644 --- a/htdocs/compta/prelevement/liste.php +++ b/htdocs/compta/prelevement/liste.php @@ -32,7 +32,7 @@ $langs->load("companies"); $langs->load("categories"); // Security check -$socid = GETPOST("socid"); +$socid = GETPOST('socid','int'); if ($user->societe_id) $socid=$user->societe_id; $result = restrictedArea($user, 'prelevement','','','bons'); diff --git a/htdocs/compta/prelevement/rejets.php b/htdocs/compta/prelevement/rejets.php index 7a2faf26d59..2428cd8c016 100644 --- a/htdocs/compta/prelevement/rejets.php +++ b/htdocs/compta/prelevement/rejets.php @@ -30,7 +30,7 @@ $langs->load("companies"); $langs->load("categories"); // Security check -$socid = GETPOST("socid"); +$socid = GETPOST('socid','int'); if ($user->societe_id) $socid=$user->societe_id; $result = restrictedArea($user, 'prelevement','','','bons'); diff --git a/htdocs/compta/prelevement/stats.php b/htdocs/compta/prelevement/stats.php index 85b525d2917..62ec73caa64 100644 --- a/htdocs/compta/prelevement/stats.php +++ b/htdocs/compta/prelevement/stats.php @@ -31,7 +31,7 @@ $langs->load("companies"); $langs->load("categories"); // Security check -$socid = GETPOST("socid"); +$socid = GETPOST('socid','int'); if ($user->societe_id) $socid=$user->societe_id; $result = restrictedArea($user, 'prelevement','','','bons'); diff --git a/htdocs/compta/resultat/clientfourn.php b/htdocs/compta/resultat/clientfourn.php index e023149849a..4160071c1e4 100644 --- a/htdocs/compta/resultat/clientfourn.php +++ b/htdocs/compta/resultat/clientfourn.php @@ -33,7 +33,7 @@ require_once(DOL_DOCUMENT_ROOT."/core/lib/date.lib.php"); $langs->load("bills"); // Security check -$socid = GETPOST("socid"); +$socid = GETPOST('socid','int'); if ($user->societe_id > 0) $socid = $user->societe_id; if (!$user->rights->compta->resultat->lire && !$user->rights->accounting->comptarapport->lire) accessforbidden(); diff --git a/htdocs/compta/resultat/index.php b/htdocs/compta/resultat/index.php index 5237142309c..928c74e24ce 100644 --- a/htdocs/compta/resultat/index.php +++ b/htdocs/compta/resultat/index.php @@ -38,7 +38,7 @@ else { } // Security check -$socid = GETPOST('socid'); +$socid = GETPOST('socid','int'); if ($user->societe_id > 0) $socid = $user->societe_id; if (!$user->rights->compta->resultat->lire && !$user->rights->accounting->comptarapport->lire) accessforbidden(); diff --git a/htdocs/compta/sociales/charges.php b/htdocs/compta/sociales/charges.php index 097571677f7..f9124c2edfd 100644 --- a/htdocs/compta/sociales/charges.php +++ b/htdocs/compta/sociales/charges.php @@ -30,11 +30,11 @@ require_once(DOL_DOCUMENT_ROOT."/core/lib/tax.lib.php"); $langs->load("compta"); $langs->load("bills"); -$id=GETPOST("id"); +$id=GETPOST('id','int'); $action=GETPOST("action"); // Security check -$socid = GETPOST("socid"); +$socid = GETPOST('socid','int'); if ($user->societe_id) $socid=$user->societe_id; $result = restrictedArea($user, 'tax', $langs->trans("SocialContribution"), '', 'charges'); diff --git a/htdocs/compta/sociales/document.php b/htdocs/compta/sociales/document.php index 953d394896c..3261fab405a 100644 --- a/htdocs/compta/sociales/document.php +++ b/htdocs/compta/sociales/document.php @@ -38,7 +38,7 @@ $langs->load("companies"); $langs->load("compta"); $langs->load("bills"); -$id = GETPOST("id"); +$id = GETPOST('id','int'); $action = GETPOST("action"); // Security check diff --git a/htdocs/compta/sociales/info.php b/htdocs/compta/sociales/info.php index fc1a30fc15e..d48386bb623 100644 --- a/htdocs/compta/sociales/info.php +++ b/htdocs/compta/sociales/info.php @@ -29,11 +29,11 @@ require_once(DOL_DOCUMENT_ROOT."/core/lib/functions2.lib.php"); $langs->load("compta"); $langs->load("bills"); -$id=GETPOST("id"); +$id=GETPOST('id','int'); $action=GETPOST("action"); // Security check -$socid = GETPOST("socid"); +$socid = GETPOST('socid','int'); if ($user->societe_id) $socid=$user->societe_id; $result = restrictedArea($user, 'tax', $langs->trans("SocialContribution"), '', 'charges'); diff --git a/htdocs/compta/stats/index.php b/htdocs/compta/stats/index.php index 8d2ed89267d..8fef71e5ff8 100644 --- a/htdocs/compta/stats/index.php +++ b/htdocs/compta/stats/index.php @@ -37,8 +37,8 @@ else { $year_end=$year_start + ($nbofyear-1); } -$userid=GETPOST('userid'); -$socid=GETPOST('socid'); +$userid=GETPOST('userid','int'); +$socid=GETPOST('socid','int'); // Security check if ($user->societe_id > 0) $socid = $user->societe_id; if (!$user->rights->compta->resultat->lire && !$user->rights->accounting->comptarapport->lire) accessforbidden(); diff --git a/htdocs/compta/tva/clients.php b/htdocs/compta/tva/clients.php index be5ab8163ab..9aeb55fa505 100644 --- a/htdocs/compta/tva/clients.php +++ b/htdocs/compta/tva/clients.php @@ -78,7 +78,7 @@ $modetax = $conf->global->TAX_MODE; if (isset($_REQUEST["modetax"])) $modetax=$_REQUEST["modetax"]; // Security check -$socid = GETPOST("socid"); +$socid = GETPOST('socid','int'); if ($user->societe_id) $socid=$user->societe_id; $result = restrictedArea($user, 'tax', '', '', 'charges'); diff --git a/htdocs/compta/tva/quadri_detail.php b/htdocs/compta/tva/quadri_detail.php index 62c3a1f052e..7123e828c1d 100644 --- a/htdocs/compta/tva/quadri_detail.php +++ b/htdocs/compta/tva/quadri_detail.php @@ -85,7 +85,7 @@ if (isset($_REQUEST["modetax"])) $modetax=$_REQUEST["modetax"]; if (empty($modetax)) $modetax=0; // Security check -$socid = GETPOST("socid"); +$socid = GETPOST('socid','int'); if ($user->societe_id) $socid=$user->societe_id; $result = restrictedArea($user, 'tax', '', '', 'charges'); diff --git a/htdocs/contact/canvas/default/tpl/contactcard_edit.tpl.php b/htdocs/contact/canvas/default/tpl/contactcard_edit.tpl.php index 43278ab3794..2ba3716dc6d 100644 --- a/htdocs/contact/canvas/default/tpl/contactcard_edit.tpl.php +++ b/htdocs/contact/canvas/default/tpl/contactcard_edit.tpl.php @@ -32,10 +32,10 @@ echo $this->control->tpl['ajax_selectcountry'];
-"> -"> + diff --git a/htdocs/contact/canvas/default/tpl/contactcard_view.tpl.php b/htdocs/contact/canvas/default/tpl/contactcard_view.tpl.php index 20e8f544bb4..53531c72d0e 100644 --- a/htdocs/contact/canvas/default/tpl/contactcard_view.tpl.php +++ b/htdocs/contact/canvas/default/tpl/contactcard_view.tpl.php @@ -17,7 +17,6 @@ */ $contact = $GLOBALS['objcanvas']->control->object; - ?> @@ -98,7 +97,7 @@ dol_htmloutput_errors($this->control->tpl['error'],$this->control->tpl['errors'] control->tpl['email']; ?> control->tpl['nb_emailing']) { ?> trans("NbOfEMailingsReceived"); ?> - control->tpl['nb_emailing']; ?> + control->tpl['nb_emailing']; ?>   diff --git a/htdocs/contact/fiche.php b/htdocs/contact/fiche.php index bb6ff79a06d..d50dd537181 100644 --- a/htdocs/contact/fiche.php +++ b/htdocs/contact/fiche.php @@ -249,10 +249,12 @@ if (empty($reshook)) { $object->old_name=''; $object->old_firstname=''; + $action = 'view'; } else { $error=$object->error; $errors=$object->errors; + $action = 'edit'; } } } @@ -277,7 +279,7 @@ if ($socid > 0) $objsoc->fetch($socid); } -if (is_object($objcanvas) && $objcanvas->displayCanvasExists()) +if (is_object($objcanvas) && $objcanvas->displayCanvasExists($action)) { // ----------------------------------------- // When used with CANVAS @@ -288,7 +290,7 @@ if (is_object($objcanvas) && $objcanvas->displayCanvasExists()) $object->fetch($id); // For use with "pure canvas" (canvas that contains templates only) } $objcanvas->assign_values($action, $id); // Set value for templates - $objcanvas->display_canvas(); // Show template + $objcanvas->display_canvas($action); // Show template } else { @@ -390,7 +392,7 @@ else } else { print ''.$langs->trans("Company").''; - print $form->select_company(GETPOST("socid"),'socid','',1); + print $form->select_company(GETPOST('socid','int'),'socid','',1); print ''; } } @@ -562,7 +564,7 @@ else { print ''.$langs->trans("Company").''; print ''; - print $form->select_company(GETPOST("socid")?GETPOST("socid"):($object->socid?$object->socid:-1),'socid','',1); + print $form->select_company(GETPOST('socid','int')?GETPOST('socid','int'):($object->socid?$object->socid:-1),'socid','',1); print ''; print ''; } diff --git a/htdocs/contrat/contact.php b/htdocs/contrat/contact.php index df9f6cc6126..158fe53da6c 100644 --- a/htdocs/contrat/contact.php +++ b/htdocs/contrat/contact.php @@ -77,7 +77,7 @@ if ($_POST["action"] == 'addcontact' && $user->rights->contrat->creer) if ($_GET["action"] == 'swapstatut' && $user->rights->contrat->creer) { $contrat = new Contrat($db); - if ($contrat->fetch(GETPOST("id"))) + if ($contrat->fetch(GETPOST('id','int'))) { $result=$contrat->swapContactStatus(GETPOST('ligne')); } diff --git a/htdocs/contrat/fiche.php b/htdocs/contrat/fiche.php index 769190bbae4..0714edb72c2 100644 --- a/htdocs/contrat/fiche.php +++ b/htdocs/contrat/fiche.php @@ -41,8 +41,8 @@ $langs->load("bills"); $langs->load("products"); $action=GETPOST('action'); -$socid = GETPOST("socid"); -$contratid = GETPOST("id"); +$socid = GETPOST('socid','int'); +$contratid = GETPOST('id','int'); // Security check if ($user->societe_id) $socid=$user->societe_id; diff --git a/htdocs/contrat/services.php b/htdocs/contrat/services.php index fdcf83dba1f..30e0e81a72c 100644 --- a/htdocs/contrat/services.php +++ b/htdocs/contrat/services.php @@ -48,10 +48,10 @@ $search_nom=GETPOST("search_nom"); $search_contract=GETPOST("search_contract"); $search_service=GETPOST("search_service"); $statut=isset($_GET["statut"])?$_GET["statut"]:1; -$socid=GETPOST("socid"); +$socid=GETPOST('socid','int'); // Security check -$contratid = GETPOST("id"); +$contratid = GETPOST('id','int'); if ($user->societe_id) $socid=$user->societe_id; $result = restrictedArea($user, 'contrat',$contratid,''); diff --git a/htdocs/core/class/canvas.class.php b/htdocs/core/class/canvas.class.php index a2b88dc7572..6caf410ee85 100644 --- a/htdocs/core/class/canvas.class.php +++ b/htdocs/core/class/canvas.class.php @@ -50,9 +50,9 @@ class Canvas * @param DoliDB $DB Database handler * @param string $actiontype Action type ('create', 'view', 'edit', 'list') */ - function __construct($DB, $actiontype='view') + function __construct($db, $actiontype='view') { - $this->db = $DB; + $this->db = $db; $this->actiontype = $actiontype; if ($this->actiontype == 'add') $this->actiontype='create'; @@ -128,11 +128,11 @@ class Canvas * * @return int 0=Canvas template file does not exist, 1=Canvas template file exists */ - function displayCanvasExists() - { + function displayCanvasExists($action) + { if (empty($this->template_dir)) return 0; - //print $this->template_dir.($this->card?$this->card.'_':'').$this->actiontype.'.tpl.php'; - if (file_exists($this->template_dir.($this->card?$this->card.'_':'').$this->actiontype.'.tpl.php')) return 1; + + if (file_exists($this->template_dir.($this->card?$this->card.'_':'').$this->action.'.tpl.php')) return 1; else return 0; } @@ -142,12 +142,12 @@ class Canvas * * @return void */ - function display_canvas() + function display_canvas($action) { global $db, $conf, $langs, $user, $canvas; global $form, $formfile; - include($this->template_dir.($this->card?$this->card.'_':'').$this->actiontype.'.tpl.php'); // Include native PHP template + include($this->template_dir.($this->card?$this->card.'_':'').$this->action.'.tpl.php'); // Include native PHP template } diff --git a/htdocs/core/modules/commande/doc/pdf_edison.modules.php b/htdocs/core/modules/commande/doc/pdf_edison.modules.php index 0da4c51ca34..ed649b24c62 100644 --- a/htdocs/core/modules/commande/doc/pdf_edison.modules.php +++ b/htdocs/core/modules/commande/doc/pdf_edison.modules.php @@ -148,6 +148,12 @@ class pdf_edison extends ModelePDFCommandes $pdf->setPrintFooter(false); } $pdf->SetFont(pdf_getPDFFont($outputlangs)); + // Set path to the background PDF File + if (empty($conf->global->MAIN_DISABLE_FPDI) && ! empty($conf->global->MAIN_ADD_PDF_BACKGROUND)) + { + $pagecount = $pdf->setSourceFile($conf->mycompany->dir_output.'/'.$conf->global->MAIN_ADD_PDF_BACKGROUND); + $tplidx = $pdf->importPage(1); + } $pdf->Open(); $pagenb=0; @@ -165,6 +171,7 @@ class pdf_edison extends ModelePDFCommandes // New page $pdf->AddPage(); + if (! empty($tplidx)) $pdf->useTemplate($tplidx); $pagenb++; $this->_pagehead($pdf, $object, 1, $outputlangs); $pdf->SetFont('','', $default_font_size - 1); @@ -240,6 +247,7 @@ class pdf_edison extends ModelePDFCommandes // New page $pdf->AddPage(); + if (! empty($tplidx)) $pdf->useTemplate($tplidx); $pagenb++; $this->_pagehead($pdf, $object, 0, $outputlangs); $pdf->SetFont('','', $default_font_size - 1); diff --git a/htdocs/core/modules/commande/doc/pdf_einstein.modules.php b/htdocs/core/modules/commande/doc/pdf_einstein.modules.php index ffe6d287de8..67794b02c91 100644 --- a/htdocs/core/modules/commande/doc/pdf_einstein.modules.php +++ b/htdocs/core/modules/commande/doc/pdf_einstein.modules.php @@ -185,6 +185,12 @@ class pdf_einstein extends ModelePDFCommandes $pdf->setPrintFooter(false); } $pdf->SetFont(pdf_getPDFFont($outputlangs)); + // Set path to the background PDF File + if (empty($conf->global->MAIN_DISABLE_FPDI) && ! empty($conf->global->MAIN_ADD_PDF_BACKGROUND)) + { + $pagecount = $pdf->setSourceFile($conf->mycompany->dir_output.'/'.$conf->global->MAIN_ADD_PDF_BACKGROUND); + $tplidx = $pdf->importPage(1); + } $pdf->Open(); $pagenb=0; @@ -211,6 +217,7 @@ class pdf_einstein extends ModelePDFCommandes // New page $pdf->AddPage(); + if (! empty($tplidx)) $pdf->useTemplate($tplidx); $pagenb++; $this->_pagehead($pdf, $object, 1, $outputlangs); $pdf->SetFont('','', $default_font_size - 1); @@ -356,6 +363,7 @@ class pdf_einstein extends ModelePDFCommandes // New page $pdf->AddPage(); + if (! empty($tplidx)) $pdf->useTemplate($tplidx); $pagenb++; $this->_pagehead($pdf, $object, 0, $outputlangs); $pdf->SetFont('','', $default_font_size - 1); diff --git a/htdocs/core/modules/expedition/doc/pdf_expedition_merou.modules.php b/htdocs/core/modules/expedition/doc/pdf_expedition_merou.modules.php index 68e59eb3f40..eca5df7abd3 100644 --- a/htdocs/core/modules/expedition/doc/pdf_expedition_merou.modules.php +++ b/htdocs/core/modules/expedition/doc/pdf_expedition_merou.modules.php @@ -155,6 +155,12 @@ Class pdf_expedition_merou extends ModelePdfExpedition $pdf->setPrintFooter(false); } $pdf->SetFont(pdf_getPDFFont($outputlangs)); + // Set path to the background PDF File + if (empty($conf->global->MAIN_DISABLE_FPDI) && ! empty($conf->global->MAIN_ADD_PDF_BACKGROUND)) + { + $pagecount = $pdf->setSourceFile($conf->mycompany->dir_output.'/'.$conf->global->MAIN_ADD_PDF_BACKGROUND); + $tplidx = $pdf->importPage(1); + } $pdf->Open(); $pagenb=0; diff --git a/htdocs/core/modules/expedition/doc/pdf_expedition_rouget.modules.php b/htdocs/core/modules/expedition/doc/pdf_expedition_rouget.modules.php index 22a8b55ca60..4a813247a3b 100644 --- a/htdocs/core/modules/expedition/doc/pdf_expedition_rouget.modules.php +++ b/htdocs/core/modules/expedition/doc/pdf_expedition_rouget.modules.php @@ -74,10 +74,11 @@ Class pdf_expedition_rouget extends ModelePdfExpedition } /** - * \brief Fonction generant le document sur le disque - * \param object Objet expedition a generer (ou id si ancienne methode) - * \param outputlangs Lang output object - * \return int 1=ok, 0=ko + * Fonction generant le document sur le disque + * + * @param object Objet expedition a generer (ou id si ancienne methode) + * @param outputlangs Lang output object + * @return int 1=ok, 0=ko */ function write_file(&$object, $outputlangs) { @@ -133,6 +134,12 @@ Class pdf_expedition_rouget extends ModelePdfExpedition $pdf->setPrintFooter(false); } $pdf->SetFont(pdf_getPDFFont($outputlangs)); + // Set path to the background PDF File + if (empty($conf->global->MAIN_DISABLE_FPDI) && ! empty($conf->global->MAIN_ADD_PDF_BACKGROUND)) + { + $pagecount = $pdf->setSourceFile($conf->mycompany->dir_output.'/'.$conf->global->MAIN_ADD_PDF_BACKGROUND); + $tplidx = $pdf->importPage(1); + } $pdf->Open(); $pagenb=0; @@ -152,6 +159,7 @@ Class pdf_expedition_rouget extends ModelePdfExpedition // New page $pdf->AddPage(); + if (! empty($tplidx)) $pdf->useTemplate($tplidx); $pagenb++; $this->_pagehead($pdf, $object, 1, $outputlangs); $pdf->SetFont('','', $default_font_size - 1); diff --git a/htdocs/core/modules/facture/doc/pdf_crabe.modules.php b/htdocs/core/modules/facture/doc/pdf_crabe.modules.php index fb7e0ee8b80..01002ddf9f9 100755 --- a/htdocs/core/modules/facture/doc/pdf_crabe.modules.php +++ b/htdocs/core/modules/facture/doc/pdf_crabe.modules.php @@ -185,6 +185,12 @@ class pdf_crabe extends ModelePDFFactures $pdf->setPrintFooter(false); } $pdf->SetFont(pdf_getPDFFont($outputlangs)); + // Set path to the background PDF File + if (empty($conf->global->MAIN_DISABLE_FPDI) && ! empty($conf->global->MAIN_ADD_PDF_BACKGROUND)) + { + $pagecount = $pdf->setSourceFile($conf->mycompany->dir_output.'/'.$conf->global->MAIN_ADD_PDF_BACKGROUND); + $tplidx = $pdf->importPage(1); + } $pdf->Open(); $pagenb=0; @@ -211,6 +217,7 @@ class pdf_crabe extends ModelePDFFactures // New page $pdf->AddPage(); + if (! empty($tplidx)) $pdf->useTemplate($tplidx); $pagenb++; $this->_pagehead($pdf, $object, 1, $outputlangs); $pdf->SetFont('','', $default_font_size - 1); @@ -360,6 +367,7 @@ class pdf_crabe extends ModelePDFFactures // New page $pdf->AddPage(); + if (! empty($tplidx)) $pdf->useTemplate($tplidx); $pagenb++; $this->_pagehead($pdf, $object, 0, $outputlangs); $pdf->SetFont('','', $default_font_size - 1); diff --git a/htdocs/core/modules/facture/doc/pdf_oursin.modules.php b/htdocs/core/modules/facture/doc/pdf_oursin.modules.php index a4e96ce799f..db3cc2218b6 100755 --- a/htdocs/core/modules/facture/doc/pdf_oursin.modules.php +++ b/htdocs/core/modules/facture/doc/pdf_oursin.modules.php @@ -174,6 +174,12 @@ class pdf_oursin extends ModelePDFFactures $pdf->setPrintFooter(false); } $pdf->SetFont(pdf_getPDFFont($outputlangs)); + // Set path to the background PDF File + if (empty($conf->global->MAIN_DISABLE_FPDI) && ! empty($conf->global->MAIN_ADD_PDF_BACKGROUND)) + { + $pagecount = $pdf->setSourceFile($conf->mycompany->dir_output.'/'.$conf->global->MAIN_ADD_PDF_BACKGROUND); + $tplidx = $pdf->importPage(1); + } $pdf->Open(); $pagenb=0; @@ -191,6 +197,7 @@ class pdf_oursin extends ModelePDFFactures // New page $pdf->AddPage(); + if (! empty($tplidx)) $pdf->useTemplate($tplidx); $pagenb++; $this->_pagehead($pdf, $object, 1, $outputlangs); $pdf->SetFont('','', $default_font_size - 1); @@ -260,6 +267,7 @@ class pdf_oursin extends ModelePDFFactures // New page $pdf->AddPage(); + if (! empty($tplidx)) $pdf->useTemplate($tplidx); $pagenb++; $this->_pagehead($pdf, $object, 0, $outputlangs); $pdf->SetFont('','', $default_font_size - 1); diff --git a/htdocs/core/modules/fichinter/doc/pdf_soleil.modules.php b/htdocs/core/modules/fichinter/doc/pdf_soleil.modules.php index ea0e332b1b9..a173051ec76 100644 --- a/htdocs/core/modules/fichinter/doc/pdf_soleil.modules.php +++ b/htdocs/core/modules/fichinter/doc/pdf_soleil.modules.php @@ -142,6 +142,12 @@ class pdf_soleil extends ModelePDFFicheinter $pdf->setPrintFooter(false); } $pdf->SetFont(pdf_getPDFFont($outputlangs)); + // Set path to the background PDF File + if (empty($conf->global->MAIN_DISABLE_FPDI) && ! empty($conf->global->MAIN_ADD_PDF_BACKGROUND)) + { + $pagecount = $pdf->setSourceFile($conf->mycompany->dir_output.'/'.$conf->global->MAIN_ADD_PDF_BACKGROUND); + $tplidx = $pdf->importPage(1); + } $pdf->Open(); $pagenb=0; @@ -159,6 +165,7 @@ class pdf_soleil extends ModelePDFFicheinter // New page $pdf->AddPage(); + if (! empty($tplidx)) $pdf->useTemplate($tplidx); $pagenb++; $this->_pagehead($pdf, $object, 1, $outputlangs); $pdf->SetTextColor(0,0,0); @@ -289,6 +296,7 @@ class pdf_soleil extends ModelePDFFicheinter // New page $pdf->AddPage(); + if (! empty($tplidx)) $pdf->useTemplate($tplidx); $pagenb++; $this->_pagehead($pdf, $object, 0, $outputlangs); $pdf->SetFont('','', $default_font_size - 1); diff --git a/htdocs/core/modules/livraison/pdf/pdf_sirocco.modules.php b/htdocs/core/modules/livraison/pdf/pdf_sirocco.modules.php index 860cabb1fea..e401d748da7 100644 --- a/htdocs/core/modules/livraison/pdf/pdf_sirocco.modules.php +++ b/htdocs/core/modules/livraison/pdf/pdf_sirocco.modules.php @@ -126,6 +126,12 @@ class pdf_sirocco extends ModelePDFDeliveryOrder $pdf->setPrintFooter(false); } $pdf->SetFont(pdf_getPDFFont($outputlangs)); + // Set path to the background PDF File + if (empty($conf->global->MAIN_DISABLE_FPDI) && ! empty($conf->global->MAIN_ADD_PDF_BACKGROUND)) + { + $pagecount = $pdf->setSourceFile($conf->mycompany->dir_output.'/'.$conf->global->MAIN_ADD_PDF_BACKGROUND); + $tplidx = $pdf->importPage(1); + } // Complete object by loading several other informations $expedition=new Expedition($this->db); @@ -155,6 +161,7 @@ class pdf_sirocco extends ModelePDFDeliveryOrder // New page $pdf->AddPage(); + if (! empty($tplidx)) $pdf->useTemplate($tplidx); $pagenb++; $this->_pagehead($pdf, $object, 1, $outputlangs); $pdf->SetFont('','', $default_font_size - 1); diff --git a/htdocs/core/modules/livraison/pdf/pdf_typhon.modules.php b/htdocs/core/modules/livraison/pdf/pdf_typhon.modules.php index 361e9b0c168..dc129126ccb 100644 --- a/htdocs/core/modules/livraison/pdf/pdf_typhon.modules.php +++ b/htdocs/core/modules/livraison/pdf/pdf_typhon.modules.php @@ -148,6 +148,12 @@ class pdf_typhon extends ModelePDFDeliveryOrder $pdf->setPrintFooter(false); } $pdf->SetFont(pdf_getPDFFont($outputlangs)); + // Set path to the background PDF File + if (empty($conf->global->MAIN_DISABLE_FPDI) && ! empty($conf->global->MAIN_ADD_PDF_BACKGROUND)) + { + $pagecount = $pdf->setSourceFile($conf->mycompany->dir_output.'/'.$conf->global->MAIN_ADD_PDF_BACKGROUND); + $tplidx = $pdf->importPage(1); + } // Complete object by loading several other informations $expedition=new Expedition($this->db); @@ -188,6 +194,7 @@ class pdf_typhon extends ModelePDFDeliveryOrder // New page $pdf->AddPage(); + if (! empty($tplidx)) $pdf->useTemplate($tplidx); $pagenb++; $this->_pagehead($pdf, $object, 1, $outputlangs); $pdf->SetFont('','', $default_font_size - 1); diff --git a/htdocs/core/modules/modSociete.class.php b/htdocs/core/modules/modSociete.class.php index 111c9dd4c09..6f5f3080ef2 100644 --- a/htdocs/core/modules/modSociete.class.php +++ b/htdocs/core/modules/modSociete.class.php @@ -199,6 +199,7 @@ class modSociete extends DolibarrModules $this->export_icon[$r]='company'; $this->export_permission[$r]=array(array("societe","export")); $this->export_fields_array[$r]=array('s.rowid'=>"Id",'s.nom'=>"Name",'s.status'=>"Status",'s.client'=>"Customer",'s.fournisseur'=>"Supplier",'s.datec'=>"DateCreation",'s.tms'=>"DateLastModification",'s.code_client'=>"CustomerCode",'s.code_fournisseur'=>"SupplierCode",'s.address'=>"Address",'s.cp'=>"Zip",'s.ville'=>"Town",'p.libelle'=>"Country",'p.code'=>"CountryCode",'s.tel'=>"Phone",'s.fax'=>"Fax",'s.url'=>"Url",'s.email'=>"Email",'s.default_lang'=>"DefaultLang",'s.siret'=>"IdProf1",'s.siren'=>"IdProf2",'s.ape'=>"IdProf3",'s.idprof4'=>"IdProf4",'s.tva_intra'=>"VATIntraShort",'s.capital'=>"Capital",'s.note'=>"Note",'t.libelle'=>"ThirdPartyType",'ce.code'=>"Effectif","cfj.libelle"=>"JuridicalStatus",'s.fk_prospectlevel'=>'ProspectLevel','s.fk_stcomm'=>'ProspectStatus','d.nom'=>'State'); + if (! empty($conf->global->SOCIETE_USEPREFIX)) $this->export_fields_array[$r]['s.prefix']='Prefix'; $this->export_entities_array[$r]=array(); // We define here only fields that use another picto // Add extra fields $sql="SELECT name, label FROM ".MAIN_DB_PREFIX."extrafields WHERE elementtype = 'company'"; diff --git a/htdocs/core/modules/propale/doc/pdf_azur.modules.php b/htdocs/core/modules/propale/doc/pdf_azur.modules.php index 227a354aa66..0a710b986c4 100644 --- a/htdocs/core/modules/propale/doc/pdf_azur.modules.php +++ b/htdocs/core/modules/propale/doc/pdf_azur.modules.php @@ -170,6 +170,12 @@ class pdf_azur extends ModelePDFPropales $pdf->setPrintFooter(false); } $pdf->SetFont(pdf_getPDFFont($outputlangs)); + // Set path to the background PDF File + if (empty($conf->global->MAIN_DISABLE_FPDI) && ! empty($conf->global->MAIN_ADD_PDF_BACKGROUND)) + { + $pagecount = $pdf->setSourceFile($conf->mycompany->dir_output.'/'.$conf->global->MAIN_ADD_PDF_BACKGROUND); + $tplidx = $pdf->importPage(1); + } $pdf->Open(); $pagenb=0; @@ -196,6 +202,7 @@ class pdf_azur extends ModelePDFPropales // New page $pdf->AddPage(); + if (! empty($tplidx)) $pdf->useTemplate($tplidx); $pagenb++; $this->_pagehead($pdf, $object, 1, $outputlangs); $pdf->SetFont('','', $default_font_size - 1); @@ -341,6 +348,7 @@ class pdf_azur extends ModelePDFPropales // New page $pdf->AddPage(); + if (! empty($tplidx)) $pdf->useTemplate($tplidx); $pagenb++; $this->_pagehead($pdf, $object, 0, $outputlangs); $pdf->SetFont('','', $default_font_size - 1); diff --git a/htdocs/core/modules/propale/doc/pdf_jaune.modules.php b/htdocs/core/modules/propale/doc/pdf_jaune.modules.php index b4c5f485542..2873569fab9 100644 --- a/htdocs/core/modules/propale/doc/pdf_jaune.modules.php +++ b/htdocs/core/modules/propale/doc/pdf_jaune.modules.php @@ -170,6 +170,12 @@ class pdf_jaune extends ModelePDFPropales $pdf->setPrintFooter(false); } $pdf->SetFont(pdf_getPDFFont($outputlangs)); + // Set path to the background PDF File + if (empty($conf->global->MAIN_DISABLE_FPDI) && ! empty($conf->global->MAIN_ADD_PDF_BACKGROUND)) + { + $pagecount = $pdf->setSourceFile($conf->mycompany->dir_output.'/'.$conf->global->MAIN_ADD_PDF_BACKGROUND); + $tplidx = $pdf->importPage(1); + } $pdf->Open(); $pagenb=0; @@ -196,6 +202,7 @@ class pdf_jaune extends ModelePDFPropales // New page $pdf->AddPage(); + if (! empty($tplidx)) $pdf->useTemplate($tplidx); $pagenb++; $this->_pagehead($pdf, $object, 1, $outputlangs); $pdf->SetFont('','', $default_font_size - 1); @@ -341,6 +348,7 @@ class pdf_jaune extends ModelePDFPropales // New page $pdf->AddPage(); + if (! empty($tplidx)) $pdf->useTemplate($tplidx); $pagenb++; $this->_pagehead($pdf, $object, 0, $outputlangs); $pdf->SetFont('','', $default_font_size - 1); diff --git a/htdocs/core/modules/supplier_invoice/pdf/pdf_canelle.modules.php b/htdocs/core/modules/supplier_invoice/pdf/pdf_canelle.modules.php index cda3b1d39fd..4cd34062c50 100755 --- a/htdocs/core/modules/supplier_invoice/pdf/pdf_canelle.modules.php +++ b/htdocs/core/modules/supplier_invoice/pdf/pdf_canelle.modules.php @@ -177,6 +177,12 @@ class pdf_canelle extends ModelePDFSuppliersInvoices $pdf->setPrintFooter(false); } $pdf->SetFont(pdf_getPDFFont($outputlangs)); + // Set path to the background PDF File + if (empty($conf->global->MAIN_DISABLE_FPDI) && ! empty($conf->global->MAIN_ADD_PDF_BACKGROUND)) + { + $pagecount = $pdf->setSourceFile($conf->mycompany->dir_output.'/'.$conf->global->MAIN_ADD_PDF_BACKGROUND); + $tplidx = $pdf->importPage(1); + } $pdf->Open(); $pagenb=0; @@ -203,6 +209,7 @@ class pdf_canelle extends ModelePDFSuppliersInvoices // New page $pdf->AddPage(); + if (! empty($tplidx)) $pdf->useTemplate($tplidx); $pagenb++; $this->_pagehead($pdf, $object, 1, $outputlangs); $pdf->SetFont('','', $default_font_size - 1); @@ -347,6 +354,7 @@ class pdf_canelle extends ModelePDFSuppliersInvoices // New page $pdf->AddPage(); + if (! empty($tplidx)) $pdf->useTemplate($tplidx); $pagenb++; $this->_pagehead($pdf, $object, 0, $outputlangs); $pdf->SetFont('','', $default_font_size - 1); diff --git a/htdocs/core/modules/supplier_order/pdf/pdf_muscadet.modules.php b/htdocs/core/modules/supplier_order/pdf/pdf_muscadet.modules.php index 096cdaae868..257b44340fb 100644 --- a/htdocs/core/modules/supplier_order/pdf/pdf_muscadet.modules.php +++ b/htdocs/core/modules/supplier_order/pdf/pdf_muscadet.modules.php @@ -183,6 +183,12 @@ class pdf_muscadet extends ModelePDFSuppliersOrders $pdf->setPrintFooter(false); } $pdf->SetFont(pdf_getPDFFont($outputlangs)); + // Set path to the background PDF File + if (empty($conf->global->MAIN_DISABLE_FPDI) && ! empty($conf->global->MAIN_ADD_PDF_BACKGROUND)) + { + $pagecount = $pdf->setSourceFile($conf->mycompany->dir_output.'/'.$conf->global->MAIN_ADD_PDF_BACKGROUND); + $tplidx = $pdf->importPage(1); + } $pdf->Open(); $pagenb=0; @@ -209,6 +215,7 @@ class pdf_muscadet extends ModelePDFSuppliersOrders // New page $pdf->AddPage(); + if (! empty($tplidx)) $pdf->useTemplate($tplidx); $pagenb++; $this->_pagehead($pdf, $object, 1, $outputlangs); $pdf->SetFont('','', $default_font_size - 1); @@ -353,6 +360,7 @@ class pdf_muscadet extends ModelePDFSuppliersOrders // New page $pdf->AddPage(); + if (! empty($tplidx)) $pdf->useTemplate($tplidx); $pagenb++; $this->_pagehead($pdf, $object, 0, $outputlangs); $pdf->SetFont('','', $default_font_size - 1); diff --git a/htdocs/ecm/index.php b/htdocs/ecm/index.php index 712f51e2cda..4258632f8c2 100644 --- a/htdocs/ecm/index.php +++ b/htdocs/ecm/index.php @@ -50,7 +50,7 @@ $result = restrictedArea($user, 'ecm', 0); $user->getrights('ecm'); // Get parameters -$socid=GETPOST('socid'); +$socid=GETPOST('socid','int'); $action=GETPOST("action"); $section=GETPOST("section"); $module=GETPOST("module"); diff --git a/htdocs/expedition/fiche.php b/htdocs/expedition/fiche.php index ac06265df3f..40fb5917e89 100644 --- a/htdocs/expedition/fiche.php +++ b/htdocs/expedition/fiche.php @@ -50,7 +50,7 @@ $langs->load('other'); $langs->load('propal'); $origin = GETPOST("origin")?GETPOST("origin"):'expedition'; // Example: commande, propal -$origin_id = GETPOST("id")?GETPOST("id"):''; +$origin_id = GETPOST('id','int')?GETPOST('id','int'):''; if (empty($origin_id)) $origin_id = GETPOST("origin_id"); // Id of order or propal if (empty($origin_id)) $origin_id = GETPOST("object_id"); // Id of order or propal $id = $origin_id; diff --git a/htdocs/fichinter/apercu.php b/htdocs/fichinter/apercu.php index 5d713eda2ca..f338c0b5b0d 100644 --- a/htdocs/fichinter/apercu.php +++ b/htdocs/fichinter/apercu.php @@ -35,7 +35,7 @@ $langs->load('interventions'); // Security check $socid=0; -$id = GETPOST("id"); +$id = GETPOST('id','int'); $ref = GETPOST("ref"); if ($user->societe_id) $socid=$user->societe_id; $result = restrictedArea($user, 'ficheinter', $id, 'fichinter'); diff --git a/htdocs/fichinter/contact.php b/htdocs/fichinter/contact.php index 467e8683527..74fa3b5b9a3 100644 --- a/htdocs/fichinter/contact.php +++ b/htdocs/fichinter/contact.php @@ -78,7 +78,7 @@ if ($_POST["action"] == 'addcontact' && $user->rights->ficheinter->creer) if ($_GET["action"] == 'swapstatut' && $user->rights->ficheinter->creer) { $fichinter = new Fichinter($db); - if ($fichinter->fetch(GETPOST("id"))) + if ($fichinter->fetch(GETPOST('id','int'))) { $result=$fichinter->swapContactStatus(GETPOST('ligne')); } diff --git a/htdocs/fichinter/document.php b/htdocs/fichinter/document.php index be142263326..23c1196a088 100644 --- a/htdocs/fichinter/document.php +++ b/htdocs/fichinter/document.php @@ -38,7 +38,7 @@ $langs->load("fichinter"); $langs->load("companies"); $langs->load("interventions"); -$id = GETPOST("id"); +$id = GETPOST('id','int'); $action = GETPOST("action"); // Security check diff --git a/htdocs/fichinter/fiche.php b/htdocs/fichinter/fiche.php index 40c42a2e81c..9f753db3060 100644 --- a/htdocs/fichinter/fiche.php +++ b/htdocs/fichinter/fiche.php @@ -43,9 +43,9 @@ if (! empty($conf->global->FICHEINTER_ADDON) && is_readable(DOL_DOCUMENT_ROOT ." $langs->load("companies"); $langs->load("interventions"); -$id = GETPOST('id'); +$id = GETPOST('id','int'); $ref = GETPOST('ref'); -$socid = GETPOST('socid'); +$socid = GETPOST('socid','int'); $action = GETPOST("action"); $confirm = GETPOST("confirm"); $mesg = GETPOST("msg"); diff --git a/htdocs/fichinter/info.php b/htdocs/fichinter/info.php index 05c74544d24..1029880d487 100644 --- a/htdocs/fichinter/info.php +++ b/htdocs/fichinter/info.php @@ -31,7 +31,7 @@ require_once(DOL_DOCUMENT_ROOT."/core/lib/fichinter.lib.php"); $langs->load('companies'); $langs->load("interventions"); -$fichinterid = GETPOST("id"); +$fichinterid = GETPOST('id','int'); // Security check if ($user->societe_id) $socid=$user->societe_id; diff --git a/htdocs/fichinter/list.php b/htdocs/fichinter/list.php index dfd0b4d39e5..a693e261e6c 100755 --- a/htdocs/fichinter/list.php +++ b/htdocs/fichinter/list.php @@ -40,11 +40,11 @@ $offset = $conf->liste_limit * $page; $pageprev = $page - 1; $pagenext = $page + 1; -$socid=GETPOST("socid"); +$socid=GETPOST('socid','int'); $page=GETPOST("page"); // Security check -$fichinterid = GETPOST("id"); +$fichinterid = GETPOST('id','int'); if ($user->societe_id) $socid=$user->societe_id; $result = restrictedArea($user, 'ficheinter', $fichinterid,'fichinter'); diff --git a/htdocs/fichinter/note.php b/htdocs/fichinter/note.php index 2622e58c6f2..891ffca9036 100644 --- a/htdocs/fichinter/note.php +++ b/htdocs/fichinter/note.php @@ -29,7 +29,7 @@ require_once(DOL_DOCUMENT_ROOT."/core/lib/fichinter.lib.php"); $langs->load('companies'); $langs->load("interventions"); -$fichinterid = GETPOST("id"); +$fichinterid = GETPOST('id','int'); $action=GETPOST("action"); // Security check diff --git a/htdocs/fourn/commande/fiche.php b/htdocs/fourn/commande/fiche.php index 5d18b8bbed2..9a8d2d9f637 100644 --- a/htdocs/fourn/commande/fiche.php +++ b/htdocs/fourn/commande/fiche.php @@ -47,12 +47,12 @@ $langs->load('deliveries'); $langs->load('products'); $langs->load('stocks'); -$id = GETPOST("id"); +$id = GETPOST('id','int'); $ref = GETPOST("ref"); $action = GETPOST("action"); $confirm = GETPOST("confirm"); $comclientid = GETPOST("comid"); -$socid = GETPOST("socid"); +$socid = GETPOST('socid','int'); $projectid = GETPOST("projectid"); // Security check diff --git a/htdocs/fourn/facture/contact.php b/htdocs/fourn/facture/contact.php index c10bf7bca87..42993e32703 100644 --- a/htdocs/fourn/facture/contact.php +++ b/htdocs/fourn/facture/contact.php @@ -80,7 +80,7 @@ if ($_POST["action"] == 'addcontact' && $user->rights->fournisseur->facture->cre if ($_GET["action"] == 'swapstatut' && $user->rights->fournisseur->facture->creer) { $facture = new FactureFournisseur($db); - if ($facture->fetch(GETPOST("facid"))) + if ($facture->fetch(GETPOST('facid','int'))) { $result=$facture->swapContactStatus(GETPOST('ligne')); } diff --git a/htdocs/fourn/facture/document.php b/htdocs/fourn/facture/document.php index 5a934218c9f..f007070618c 100644 --- a/htdocs/fourn/facture/document.php +++ b/htdocs/fourn/facture/document.php @@ -35,7 +35,7 @@ $langs->load('bills'); $langs->load('other'); $langs->load("companies"); -$facid = GETPOST("facid")?GETPOST("facid"):GETPOST("id"); +$facid = GETPOST('facid','int')?GETPOST('facid','int'):GETPOST('id','int'); $action=empty($_GET['action']) ? (empty($_POST['action']) ? '' : $_POST['action']) : $_GET['action']; // Security check diff --git a/htdocs/fourn/facture/fiche.php b/htdocs/fourn/facture/fiche.php index afae39f9309..ec0ca5d6ec4 100644 --- a/htdocs/fourn/facture/fiche.php +++ b/htdocs/fourn/facture/fiche.php @@ -42,7 +42,7 @@ $langs->load('suppliers'); $langs->load('companies'); $mesg=''; -$id = (GETPOST("facid") ? GETPOST("facid") : GETPOST("id")); +$id = (GETPOST('facid','int') ? GETPOST('facid','int') : GETPOST('id','int')); $action = GETPOST("action"); $confirm = GETPOST("confirm"); diff --git a/htdocs/fourn/facture/index.php b/htdocs/fourn/facture/index.php index 372534d9bc0..eabafefda14 100644 --- a/htdocs/fourn/facture/index.php +++ b/htdocs/fourn/facture/index.php @@ -34,7 +34,7 @@ if (!$user->rights->fournisseur->facture->lire) accessforbidden(); $langs->load("companies"); $langs->load("bills"); -$socid = GETPOST("socid"); +$socid = GETPOST('socid','int'); // Security check if ($user->societe_id > 0) diff --git a/htdocs/fourn/facture/note.php b/htdocs/fourn/facture/note.php index 98b73a767f6..7522b527fdb 100644 --- a/htdocs/fourn/facture/note.php +++ b/htdocs/fourn/facture/note.php @@ -31,7 +31,7 @@ require_once(DOL_DOCUMENT_ROOT.'/fourn/class/fournisseur.facture.class.php'); $langs->load('bills'); $langs->load("companies"); -$facid = GETPOST("facid")?GETPOST("facid"):GETPOST('id'); +$facid = GETPOST('facid','int')?GETPOST('facid','int'):GETPOST('id','int'); $action = GETPOST('action'); // Security check diff --git a/htdocs/fourn/facture/paiement.php b/htdocs/fourn/facture/paiement.php index e36158bfa00..1024a16c8f9 100644 --- a/htdocs/fourn/facture/paiement.php +++ b/htdocs/fourn/facture/paiement.php @@ -34,7 +34,7 @@ $langs->load('companies'); $langs->load('bills'); $langs->load('banks'); -$facid=GETPOST('facid'); +$facid=GETPOST('facid','int'); $action=GETPOST('action'); $socid=GETPOST('socid','int'); diff --git a/htdocs/fourn/fiche.php b/htdocs/fourn/fiche.php index 7741ddfc42f..abf566aab22 100644 --- a/htdocs/fourn/fiche.php +++ b/htdocs/fourn/fiche.php @@ -42,7 +42,7 @@ $langs->load('commercial'); $action = GETPOST('action'); // Security check -$id = (GETPOST("socid") ? GETPOST("socid") : GETPOST("id")); +$id = (GETPOST('socid','int') ? GETPOST('socid','int') : GETPOST('id','int')); if ($user->societe_id) $id=$user->societe_id; $result = restrictedArea($user, 'societe&fournisseur', $id, ''); diff --git a/htdocs/fourn/liste.php b/htdocs/fourn/liste.php index 71da3a75c5b..c8fdfb40d83 100644 --- a/htdocs/fourn/liste.php +++ b/htdocs/fourn/liste.php @@ -39,7 +39,7 @@ $search_compta_fournisseur = GETPOST("search_compta_fournisseur"); $search_datec = GETPOST("search_datec"); // Security check -$socid = GETPOST('socid'); +$socid = GETPOST('socid','int'); if ($user->societe_id) $socid=$user->societe_id; $result = restrictedArea($user,'societe',$socid,''); diff --git a/htdocs/product/fiche.php b/htdocs/product/fiche.php index a81069d21dd..d6360b1dd6f 100644 --- a/htdocs/product/fiche.php +++ b/htdocs/product/fiche.php @@ -49,7 +49,7 @@ $id = GETPOST('id', 'int'); $ref = GETPOST('ref', 'alpha'); $action=(GETPOST('action') ? GETPOST('action') : 'view'); $confirm=GETPOST('confirm'); -$socid=GETPOST("socid"); +$socid=GETPOST('socid','int'); if ($user->societe_id) $socid=$user->societe_id; $object = new Product($db); @@ -661,7 +661,7 @@ if (is_object($objcanvas) && $objcanvas->displayCanvasExists($action)) $object->fetch($id, $ref); // For use with "pure canvas" (canvas that contains templates only) } $objcanvas->assign_values($action, $id, $ref); // Set value for templates - $objcanvas->display_canvas(); // Show template + $objcanvas->display_canvas($action); // Show template } else { diff --git a/htdocs/product/stats/fiche.php b/htdocs/product/stats/fiche.php index c567b876561..8c0752d0c7c 100644 --- a/htdocs/product/stats/fiche.php +++ b/htdocs/product/stats/fiche.php @@ -34,7 +34,7 @@ $langs->load("products"); $langs->load("bills"); $langs->load("other"); -$id = GETPOST('id'); +$id = GETPOST('id','int'); $ref = GETPOST('ref'); $mode = (GETPOST('mode') ? GETPOST('mode') : 'byunit'); $error = 0; diff --git a/htdocs/projet/activity/list.php b/htdocs/projet/activity/list.php index 254beb16949..fc876fcc7a5 100644 --- a/htdocs/projet/activity/list.php +++ b/htdocs/projet/activity/list.php @@ -34,7 +34,7 @@ $langs->load('projects'); $action=GETPOST('action'); $mode=GETPOST("mode"); -$id=GETPOST('id'); +$id=GETPOST('id','int'); $mine=0; if ($mode == 'mine') $mine=1; diff --git a/htdocs/projet/contact.php b/htdocs/projet/contact.php index 2a218703394..d7f501e0a0f 100644 --- a/htdocs/projet/contact.php +++ b/htdocs/projet/contact.php @@ -30,7 +30,7 @@ require_once(DOL_DOCUMENT_ROOT.'/core/class/html.formcompany.class.php'); $langs->load("projects"); $langs->load("companies"); -$id = GETPOST('id'); +$id = GETPOST('id','int'); $ref= GETPOST('ref'); $mine = $_REQUEST['mode']=='mine' ? 1 : 0; diff --git a/htdocs/projet/document.php b/htdocs/projet/document.php index 9d2fc5cbaff..5bf9971b9d7 100644 --- a/htdocs/projet/document.php +++ b/htdocs/projet/document.php @@ -33,7 +33,7 @@ $langs->load('other'); $action=GETPOST('action'); $mine = $_REQUEST['mode']=='mine' ? 1 : 0; //if (! $user->rights->projet->all->lire) $mine=1; // Special for projects -$id = GETPOST('id'); +$id = GETPOST('id','int'); $ref= GETPOST('ref'); // Security check diff --git a/htdocs/projet/fiche.php b/htdocs/projet/fiche.php index 371028f02fd..d93a6462db6 100644 --- a/htdocs/projet/fiche.php +++ b/htdocs/projet/fiche.php @@ -302,7 +302,7 @@ if ($action == 'create' && $user->rights->projet->creer) // Customer print ''.$langs->trans("ThirdParty").''; - $text=$form->select_company(GETPOST("socid"),'socid','',1,1); + $text=$form->select_company(GETPOST('socid','int'),'socid','',1,1); $texthelp=$langs->trans("IfNeedToUseOhterObjectKeepEmpty"); print $form->textwithtooltip($text.' '.img_help(),$texthelp,1); print ''; diff --git a/htdocs/projet/ganttview.php b/htdocs/projet/ganttview.php index b22deee7ff7..bd759d27bbe 100644 --- a/htdocs/projet/ganttview.php +++ b/htdocs/projet/ganttview.php @@ -30,7 +30,7 @@ require_once(DOL_DOCUMENT_ROOT."/core/lib/project.lib.php"); require_once(DOL_DOCUMENT_ROOT."/core/lib/date.lib.php"); require_once(DOL_DOCUMENT_ROOT."/core/class/html.formother.class.php"); -$id=GETPOST('id'); +$id=GETPOST('id','int'); $ref=GETPOST('ref'); $mine = $_REQUEST['mode']=='mine' ? 1 : 0; //if (! $user->rights->projet->all->lire) $mine=1; // Special for projects diff --git a/htdocs/projet/note.php b/htdocs/projet/note.php index dc7a81e7774..51493df8346 100644 --- a/htdocs/projet/note.php +++ b/htdocs/projet/note.php @@ -28,7 +28,7 @@ require_once(DOL_DOCUMENT_ROOT."/core/lib/project.lib.php"); $langs->load('projects'); $action=GETPOST('action'); -$id = GETPOST('id'); +$id = GETPOST('id','int'); $ref= GETPOST('ref'); $mine = $_REQUEST['mode']=='mine' ? 1 : 0; diff --git a/htdocs/projet/tasks/contact.php b/htdocs/projet/tasks/contact.php index bf1cd5ae804..0e745f928ca 100644 --- a/htdocs/projet/tasks/contact.php +++ b/htdocs/projet/tasks/contact.php @@ -34,7 +34,7 @@ $langs->load("projects"); $langs->load("companies"); $taskid = isset($_GET["id"])?$_GET["id"]:''; -$id = GETPOST('id'); +$id = GETPOST('id','int'); $ref= GETPOST('ref'); $action=GETPOST('action'); $withproject=GETPOST('withproject'); diff --git a/htdocs/projet/tasks/document.php b/htdocs/projet/tasks/document.php index 3b8b260d9ee..bb5fd636665 100644 --- a/htdocs/projet/tasks/document.php +++ b/htdocs/projet/tasks/document.php @@ -35,7 +35,7 @@ $langs->load('other'); $action=GETPOST('action'); $mine = $_REQUEST['mode']=='mine' ? 1 : 0; //if (! $user->rights->projet->all->lire) $mine=1; // Special for projects -$id = GETPOST('id'); +$id = GETPOST('id','int'); $ref= GETPOST('ref'); $withproject=GETPOST('withproject'); diff --git a/htdocs/projet/tasks/index.php b/htdocs/projet/tasks/index.php index 406eae738a5..94bb854e933 100644 --- a/htdocs/projet/tasks/index.php +++ b/htdocs/projet/tasks/index.php @@ -32,7 +32,7 @@ require_once(DOL_DOCUMENT_ROOT."/core/lib/date.lib.php"); $langs->load('projects'); $langs->load('users'); -$id=GETPOST('id'); +$id=GETPOST('id','int'); // Security check $socid=0; diff --git a/htdocs/projet/tasks/note.php b/htdocs/projet/tasks/note.php index 2fb8e0c9bdf..b22351ac2bd 100644 --- a/htdocs/projet/tasks/note.php +++ b/htdocs/projet/tasks/note.php @@ -31,7 +31,7 @@ $langs->load('projects'); $action=GETPOST('action'); $mine = $_REQUEST['mode']=='mine' ? 1 : 0; //if (! $user->rights->projet->all->lire) $mine=1; // Special for projects -$id = GETPOST('id'); +$id = GETPOST('id','int'); $ref= GETPOST('ref'); $withproject=GETPOST('withproject'); diff --git a/htdocs/projet/tasks/task.php b/htdocs/projet/tasks/task.php index 821ff229059..5903649c5e5 100644 --- a/htdocs/projet/tasks/task.php +++ b/htdocs/projet/tasks/task.php @@ -29,9 +29,9 @@ require_once(DOL_DOCUMENT_ROOT."/projet/class/task.class.php"); require_once(DOL_DOCUMENT_ROOT."/core/lib/project.lib.php"); require_once(DOL_DOCUMENT_ROOT."/core/class/html.formother.class.php"); -$taskid = GETPOST("id"); +$taskid = GETPOST('id','int'); $taskref = GETPOST("ref"); -$id = GETPOST('id'); +$id = GETPOST('id','int'); $ref= GETPOST('ref'); $action=GETPOST('action'); $withproject=GETPOST('withproject'); diff --git a/htdocs/projet/tasks/time.php b/htdocs/projet/tasks/time.php index bed27babac4..ac6bda48e22 100644 --- a/htdocs/projet/tasks/time.php +++ b/htdocs/projet/tasks/time.php @@ -33,7 +33,7 @@ require_once(DOL_DOCUMENT_ROOT."/core/lib/date.lib.php"); $langs->load('projects'); $taskid = isset($_GET["id"])?$_GET["id"]:''; -$id = GETPOST('id'); +$id = GETPOST('id','int'); $ref= GETPOST('ref'); $action=GETPOST('action'); $withproject=GETPOST('withproject'); diff --git a/htdocs/societe/agenda.php b/htdocs/societe/agenda.php index 330cff56858..3c033a9f80e 100644 --- a/htdocs/societe/agenda.php +++ b/htdocs/societe/agenda.php @@ -35,7 +35,7 @@ $langs->load("companies"); $mesg=isset($_GET["mesg"])?'
'.$_GET["mesg"].'
':''; // Security check -$socid = GETPOST("socid"); +$socid = GETPOST('socid','int'); if ($user->societe_id) $socid=$user->societe_id; $result = restrictedArea($user, 'societe', $socid); diff --git a/htdocs/societe/ajaxcompanies.php b/htdocs/societe/ajaxcompanies.php index 1127542dc78..49b49988eaf 100644 --- a/htdocs/societe/ajaxcompanies.php +++ b/htdocs/societe/ajaxcompanies.php @@ -50,7 +50,7 @@ dol_syslog(join(',',$_GET)); // Generation liste des societes -if (GETPOST('newcompany') || GETPOST('socid') || GETPOST('id_fourn')) +if (GETPOST('newcompany') || GETPOST('socid','int') || GETPOST('id_fourn')) { $return_arr = array(); diff --git a/htdocs/societe/document.php b/htdocs/societe/document.php index fe2ec2a24f7..792ef0e99cc 100644 --- a/htdocs/societe/document.php +++ b/htdocs/societe/document.php @@ -37,7 +37,7 @@ $mesg=''; $action = GETPOST('action'); $confirm = GETPOST('confirm'); -$socid = (GETPOST('socid') ? GETPOST('socid') : GETPOST('id')); +$socid = (GETPOST('socid','int') ? GETPOST('socid','int') : GETPOST('id','int')); // Security check if ($user->societe_id > 0) diff --git a/htdocs/societe/lien.php b/htdocs/societe/lien.php index 6ae5d7fb4dc..a8d80f2f84a 100644 --- a/htdocs/societe/lien.php +++ b/htdocs/societe/lien.php @@ -33,7 +33,7 @@ $langs->load("suppliers"); $langs->load("banks"); // Security check -$socid = GETPOST("socid"); +$socid = GETPOST('socid','int'); if ($user->societe_id) $socid=$user->societe_id; $result = restrictedArea($user, 'societe','',''); diff --git a/htdocs/societe/soc.php b/htdocs/societe/soc.php index 4ebe1a4aeb3..0ba5c8e23fb 100644 --- a/htdocs/societe/soc.php +++ b/htdocs/societe/soc.php @@ -49,7 +49,7 @@ $mesg=''; $error=0; $errors=array(); $action = (GETPOST('action') ? GETPOST('action') : 'view'); $confirm = GETPOST('confirm'); -$socid = GETPOST("socid"); +$socid = GETPOST('socid','int'); if ($user->societe_id) $socid=$user->societe_id; $object = new Societe($db); @@ -468,7 +468,7 @@ $formcompany = new FormCompany($db); $countrynotdefined=$langs->trans("ErrorSetACountryFirst").' ('.$langs->trans("SeeAbove").')'; -if (is_object($objcanvas) && $objcanvas->displayCanvasExists()) +if (is_object($objcanvas) && $objcanvas->displayCanvasExists($action)) { // ----------------------------------------- // When used with CANVAS @@ -479,7 +479,7 @@ if (is_object($objcanvas) && $objcanvas->displayCanvasExists()) $object->fetch($socid); // For use with "pure canvas" (canvas that contains templates only) } $objcanvas->assign_values($action, $socid); // Set value for templates - $objcanvas->display_canvas(); // Show template + $objcanvas->display_canvas($action); // Show template } else { diff --git a/htdocs/societe/societe.php b/htdocs/societe/societe.php index 99f456cdd73..2403a204c02 100644 --- a/htdocs/societe/societe.php +++ b/htdocs/societe/societe.php @@ -32,7 +32,7 @@ $langs->load("customers"); $langs->load("suppliers"); // Security check -$socid = GETPOST("socid"); +$socid = GETPOST('socid','int'); if ($user->societe_id) $socid=$user->societe_id; $result = restrictedArea($user,'societe',$socid,''); diff --git a/htdocs/user/group/perms.php b/htdocs/user/group/perms.php index 9b367e7aeb4..175f005646a 100644 --- a/htdocs/user/group/perms.php +++ b/htdocs/user/group/perms.php @@ -30,7 +30,7 @@ require_once(DOL_DOCUMENT_ROOT."/core/lib/usergroups.lib.php"); $langs->load("users"); -$id=GETPOST("id"); +$id=GETPOST('id','int'); $action=GETPOST("action"); $confirm=GETPOST("confirm"); $module=GETPOST("module"); diff --git a/test/phpunit/SecurityTest.php b/test/phpunit/SecurityTest.php index f4deb98b7a3..ef231baa464 100755 --- a/test/phpunit/SecurityTest.php +++ b/test/phpunit/SecurityTest.php @@ -145,7 +145,7 @@ class SecurityTest extends PHPUnit_Framework_TestCase $_GET["param2"]='a/b#e(pr)qq-rr\cc'; $_GET["param3"]='"a/b#e(pr)qq-rr\cc'; // Same than param2 + " - $result=GETPOST("id"); // Must return nothing + $result=GETPOST('id','int'); // Must return nothing print __METHOD__." result=".$result."\n"; $this->assertEquals($result,'');