Merge branch 'develop' of git+ssh://git@github.com/Dolibarr/dolibarr.git into develop

2012-02-28 19:18:34 +01:00
parent ffc492ba1f 5e32fc70ad
commit 27d88b34d8
137 changed files with 297 additions and 194 deletions
--- a/2
+++ b/2
@@ -54,8 +54,10 @@ For users:
       suppliers invoice, orders, customers orders, proposals and social contributions.
 - New: All professional id can contains up to 128 chars instead of 32. 
 - New: [ task #176 ] Allow to use ODT templates for proposals and orders like it's done for invoices
 - New: Add hidden option MAIN_ADD_PDF_BACKGROUND to add a PDF as background of invoice/order generated PDF.
 - Fix: Can use POS module with several concurrent users.
 - Fix: Installer don't fails with Mysql version that added a ssl_cypher field.
 - Fix: Sanitize input parameters.
 For developers:
 - New: Can add a left menu into an existing top menu or left menu.
--- a/htdocs/adherents/agenda.php
+++ b/htdocs/adherents/agenda.php
@@ -37,7 +37,7 @@ $langs->load("members");
 $mesg=isset($_GET["mesg"])?'<div class="ok">'.$_GET["mesg"].'</div>':'';
-$id = GETPOST("id");
+$id = GETPOST('id','int');
 // Security check
 if (! $user->rights->adherent->lire) accessforbidden();
--- a/htdocs/adherents/card_subscriptions.php
+++ b/htdocs/adherents/card_subscriptions.php
@@ -141,10 +141,10 @@ if ($action == 'setsocid')
    $error=0;
    if (! $error)
    {
-        if (GETPOST("socid") != $adh->fk_soc)    // If link differs from currently in database
+        if (GETPOST('socid','int') != $adh->fk_soc)    // If link differs from currently in database
        {
            $sql ="SELECT rowid FROM ".MAIN_DB_PREFIX."adherent";
-            $sql.=" WHERE fk_soc = '".GETPOST("socid")."'";
+            $sql.=" WHERE fk_soc = '".GETPOST('socid','int')."'";
            $resql = $db->query($sql);
            if ($resql)
            {
@@ -154,7 +154,7 @@ if ($action == 'setsocid')
                    $othermember=new Adherent($db);
                    $othermember->fetch($obj->rowid);
                    $thirdparty=new Societe($db);
-                    $thirdparty->fetch(GETPOST("socid"));
+                    $thirdparty->fetch(GETPOST('socid','int'));
                    $error++;
                    $mesg='<div class="error">'.$langs->trans("ErrorMemberIsAlreadyLinkedToThisThirdParty",$othermember->getFullName($langs),$othermember->login,$thirdparty->name).'</div>';
                }
@@ -162,7 +162,7 @@ if ($action == 'setsocid')
            if (! $error)
            {
-                $result=$adh->setThirdPartyId(GETPOST("socid"));
+                $result=$adh->setThirdPartyId(GETPOST('socid','int'));
                if ($result < 0) dol_print_error($adh->db,$adh->error);
                $_POST['action']='';
                $action='';
--- a/htdocs/adherents/document.php
+++ b/htdocs/adherents/document.php
@@ -37,7 +37,7 @@ $langs->load('other');
 $mesg = "";
 // Security check
-$id = GETPOST('id');
+$id = GETPOST('id','int');
 if ($user->societe_id > 0)
 {
 	$id = $user->societe_id;
--- a/htdocs/adherents/fiche.php
+++ b/htdocs/adherents/fiche.php
@@ -782,7 +782,7 @@ if ($action == 'create')
    {
        foreach($extrafields->attribute_label as $key=>$label)
        {
-            $value=(GETPOST('options_'.$key,'alpha')?GETPOST('options_'.$key,'alpha'):$object->array_options["options_".$key]);
+            $value=(isset($_POST["options_".$key])?GETPOST('options_'.$key,'alpha'):$object->array_options["options_".$key]);
            print '<tr><td>'.$label.'</td><td>';
            print $extrafields->showInputField($key,$value);
            print '</td></tr>'."\n";
--- a/htdocs/adherents/ldap.php
+++ b/htdocs/adherents/ldap.php
@@ -34,7 +34,7 @@ $langs->load("members");
 $langs->load("ldap");
 $langs->load("admin");
-$rowid = GETPOST("id");
+$rowid = GETPOST('id','int');
 $action = GETPOST('action');
 // Protection
--- a/htdocs/adherents/note.php
+++ b/htdocs/adherents/note.php
@@ -28,7 +28,7 @@ require_once(DOL_DOCUMENT_ROOT.'/adherents/class/adherent.class.php');
 require_once(DOL_DOCUMENT_ROOT."/adherents/class/adherent_type.class.php");
 $action=GETPOST('action');
-$id=GETPOST("id");
+$id=GETPOST('id','int');
 $langs->load("companies");
 $langs->load("members");
--- a/htdocs/adherents/stats/index.php
+++ b/htdocs/adherents/stats/index.php
@@ -31,8 +31,8 @@ require_once(DOL_DOCUMENT_ROOT."/core/lib/member.lib.php");
 $WIDTH=500;
 $HEIGHT=200;
-$userid=GETPOST('userid'); if ($userid < 0) $userid=0;
+$userid=GETPOST('userid','int'); if ($userid < 0) $userid=0;
-$socid=GETPOST('socid'); if ($socid < 0) $socid=0;
+$socid=GETPOST('socid','int'); if ($socid < 0) $socid=0;
 // Security check
 if ($user->societe_id > 0)
 {
--- a/htdocs/admin/dict.php
+++ b/htdocs/admin/dict.php
@@ -296,7 +296,7 @@ complete_dictionnary_with_modules($taborder,$tabname,$tablib,$tabsql,$tabsqlsort
 // Define elementList and sourceList (used for dictionnary "type of contacts")
 $elementList = array();
 $sourceList=array();
-if (GETPOST("id") == 11)
+if (GETPOST('id','int') == 11)
 {
    $langs->load("orders");
    $langs->load("contracts");
@@ -702,7 +702,7 @@ if ($_GET["id"])
            if ($num > $listlimit)
            {
                print '<tr class="none"><td align="right" colspan="'.(3+count($fieldlist)).'">';
-                print_fleche_navigation($page,$_SERVER["PHP_SELF"],'&id='.GETPOST('id'),($num > $listlimit),$langs->trans("Page").' '.($page+1));
+                print_fleche_navigation($page,$_SERVER["PHP_SELF"],'&id='.GETPOST('id','int'),($num > $listlimit),$langs->trans("Page").' '.($page+1));
                print '</td></tr>';
            }
@@ -737,10 +737,10 @@ if ($_GET["id"])
                // Affiche nom du champ
                if ($showfield)
                {
-                    print_liste_field_titre($valuetoshow,"dict.php",$fieldlist[$field],($page?'page='.$page.'&':'').'&id='.GETPOST("id"),"","",$sortfield,$sortorder);
+                    print_liste_field_titre($valuetoshow,"dict.php",$fieldlist[$field],($page?'page='.$page.'&':'').'&id='.GETPOST('id','int'),"","",$sortfield,$sortorder);
                }
            }
-            print_liste_field_titre($langs->trans("Status"),"dict.php","active",($page?'page='.$page.'&':'').'&id='.GETPOST("id"),"",'align="center"',$sortfield,$sortorder);
+            print_liste_field_titre($langs->trans("Status"),"dict.php","active",($page?'page='.$page.'&':'').'&id='.GETPOST('id','int'),"",'align="center"',$sortfield,$sortorder);
            print '<td colspan="2"  class="liste_titre">&nbsp;</td>';
            print '</tr>';
@@ -756,7 +756,7 @@ if ($_GET["id"])
                {
                    print '<form action="dict.php" method="post">';
                    print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
-                    print '<input type="hidden" name="id" value="'.GETPOST("id").'">';
+                    print '<input type="hidden" name="id" value="'.GETPOST('id','int').'">';
                    print '<input type="hidden" name="page" value="'.$page.'">';
                    print '<input type="hidden" name="rowid" value="'.$_GET["rowid"].'">';
--- a/htdocs/cashdesk/admin/cashdesk.php
+++ b/htdocs/cashdesk/admin/cashdesk.php
@@ -49,11 +49,11 @@ if (GETPOST("action") == 'set')
 {
 	$db->begin();
-	if (GETPOST("socid") < 0) $_POST["socid"]='';
+	if (GETPOST('socid','int') < 0) $_POST["socid"]='';
 	/*if (GETPOST("CASHDESK_ID_BANKACCOUNT") < 0)  $_POST["CASHDESK_ID_BANKACCOUNT"]='';
 	if (GETPOST("CASHDESK_ID_WAREHOUSE") < 0)  $_POST["CASHDESK_ID_WAREHOUSE"]='';*/
-	$res = dolibarr_set_const($db,"CASHDESK_ID_THIRDPARTY",GETPOST("socid"),'chaine',0,'',$conf->entity);
+	$res = dolibarr_set_const($db,"CASHDESK_ID_THIRDPARTY",GETPOST('socid','int'),'chaine',0,'',$conf->entity);
 	$res = dolibarr_set_const($db,"CASHDESK_ID_BANKACCOUNT_CASH",GETPOST("CASHDESK_ID_BANKACCOUNT_CASH"),'chaine',0,'',$conf->entity);
 	$res = dolibarr_set_const($db,"CASHDESK_ID_BANKACCOUNT_CHEQUE",GETPOST("CASHDESK_ID_BANKACCOUNT_CHEQUE"),'chaine',0,'',$conf->entity);
 	$res = dolibarr_set_const($db,"CASHDESK_ID_BANKACCOUNT_CB",GETPOST("CASHDESK_ID_BANKACCOUNT_CB"),'chaine',0,'',$conf->entity);
--- a/htdocs/cashdesk/index.php
+++ b/htdocs/cashdesk/index.php
@@ -93,7 +93,7 @@ print '<td>';
 $disabled=0;
 $langs->load("companies");
 if (! empty($conf->global->CASHDESK_ID_THIRDPARTY)) $disabled=1; // If a particular third party is defined, we disable choice
-print $form->select_company(GETPOST('socid')?GETPOST('socid'):$conf->global->CASHDESK_ID_THIRDPARTY,'socid','s.client in (1,3)',!$disabled,$disabled,1);
+print $form->select_company(GETPOST('socid','int')?GETPOST('socid','int'):$conf->global->CASHDESK_ID_THIRDPARTY,'socid','s.client in (1,3)',!$disabled,$disabled,1);
 //print '<input name="warehouse_id" class="texte_login" type="warehouse_id" value="" />';
 print '</td>';
 print "</tr>\n";
--- a/htdocs/cashdesk/index_verif.php
+++ b/htdocs/cashdesk/index_verif.php
@@ -30,7 +30,7 @@ $langs->load("cashdesk");
 $username = GETPOST("txtUsername");
 $password = GETPOST("pwdPassword");
-$thirdpartyid = (GETPOST("socid")!='')?GETPOST("socid"):$conf->global->CASHDESK_ID_THIRDPARTY;
+$thirdpartyid = (GETPOST('socid','int')!='')?GETPOST('socid','int'):$conf->global->CASHDESK_ID_THIRDPARTY;
 $warehouseid = (GETPOST("warehouseid")!='')?GETPOST("warehouseid"):$conf->global->CASHDESK_ID_WAREHOUSE;
 // Check username
--- a/htdocs/cashdesk/tpl/ticket.tpl.php
+++ b/htdocs/cashdesk/tpl/ticket.tpl.php
@@ -20,7 +20,7 @@ include_once(DOL_DOCUMENT_ROOT.'/compta/facture/class/facture.class.php');
 $langs->load("main");
 header("Content-type: text/html; charset=".$conf->file->character_set_client);
-$facid=GETPOST('facid');
+$facid=GETPOST('facid','int');
 $object=new Facture($db);
 $object->fetch($facid);
--- a/htdocs/categories/categorie.php
+++ b/htdocs/categories/categorie.php
@@ -32,8 +32,8 @@ require_once(DOL_DOCUMENT_ROOT."/categories/class/categorie.class.php");
 $langs->load("categories");
 $langs->load("products");
-$socid	= GETPOST('socid');
+$socid	= GETPOST('socid','int');
-$id		= GETPOST('id');
+$id		= GETPOST('id','int');
 $ref	= GETPOST('ref');
 $type	= GETPOST('type');
 $mesg	= GETPOST('mesg');
--- a/htdocs/categories/edit.php
+++ b/htdocs/categories/edit.php
@@ -28,7 +28,7 @@ require("../main.inc.php");
 require_once(DOL_DOCUMENT_ROOT."/categories/class/categorie.class.php");
-$id=GETPOST('id');
+$id=GETPOST('id','int');
 $ref=GETPOST('ref');
 $type=GETPOST('type');
 $action=GETPOST('action');
--- a/htdocs/categories/fiche.php
+++ b/htdocs/categories/fiche.php
@@ -31,7 +31,7 @@ $langs->load("categories");
 // Security check
-$socid=GETPOST('socid');
+$socid=GETPOST('socid','int');
 if (!$user->rights->categorie->lire) accessforbidden();
 $action		= GETPOST('action','alpha');
--- a/htdocs/categories/photos.php
+++ b/htdocs/categories/photos.php
@@ -35,7 +35,7 @@ $langs->load("bills");
 $mesg = '';
-$id=GETPOST('id');
+$id=GETPOST('id','int');
 $ref=GETPOST('ref');
 $type=GETPOST('type');
 $action=GETPOST('action');
--- a/htdocs/categories/viewcat.php
+++ b/htdocs/categories/viewcat.php
@@ -31,7 +31,7 @@ require_once(DOL_DOCUMENT_ROOT."/core/lib/categories.lib.php");
 $langs->load("categories");
 $mesg = '';
-$id=GETPOST('id');
+$id=GETPOST('id','int');
 $ref=GETPOST('ref');
 $type=GETPOST('type');
 $action=GETPOST('action');
--- a/htdocs/comm/action/document.php
+++ b/htdocs/comm/action/document.php
@@ -40,7 +40,7 @@ $langs->load("other");
 $langs->load("bills");
 if (isset($_GET["error"])) $error=$_GET["error"];
-$objectid = GETPOST("id");
+$objectid = GETPOST('id','int');
 // Security check
 if ($user->societe_id > 0)
--- a/htdocs/comm/action/fiche.php
+++ b/htdocs/comm/action/fiche.php
@@ -153,10 +153,10 @@ if ($action == 'add_action')
 	$actioncomm->note = trim($_POST["note"]);
 	if (isset($_POST["contactid"])) $actioncomm->contact = $contact;
-	if (GETPOST("socid") > 0)
+	if (GETPOST('socid','int') > 0)
 	{
 		$societe = new Societe($db);
-		$societe->fetch(GETPOST("socid"));
+		$societe->fetch(GETPOST('socid','int'));
 		$actioncomm->societe = $societe;
 	}
@@ -508,12 +508,12 @@ if ($action == 'create')
 	// Societe, contact
 	print '<tr><td width="30%" nowrap="nowrap">'.$langs->trans("ActionOnCompany").'</td><td>';
-	if (GETPOST("socid") > 0)
+	if (GETPOST('socid','int') > 0)
 	{
 		$societe = new Societe($db);
-		$societe->fetch(GETPOST("socid"));
+		$societe->fetch(GETPOST('socid','int'));
 		print $societe->getNomUrl(1);
-		print '<input type="hidden" name="socid" value="'.GETPOST("socid").'">';
+		print '<input type="hidden" name="socid" value="'.GETPOST('socid','int').'">';
 	}
 	else
 	{
@@ -522,10 +522,10 @@ if ($action == 'create')
 	print '</td></tr>';
 	// If company is forced, we propose contacts (may be contact is also forced)
-	if (GETPOST("contactid") > 0 || GETPOST("socid") > 0)
+	if (GETPOST("contactid") > 0 || GETPOST('socid','int') > 0)
 	{
 		print '<tr><td nowrap>'.$langs->trans("ActionOnContact").'</td><td>';
-		$form->select_contacts(GETPOST("socid"),GETPOST('contactid'),'contactid',1);
+		$form->select_contacts(GETPOST('socid','int'),GETPOST('contactid'),'contactid',1);
 		print '</td></tr>';
 	}
--- a/htdocs/comm/action/rapport/index.php
+++ b/htdocs/comm/action/rapport/index.php
@@ -40,7 +40,7 @@ if (! $sortorder) $sortorder="DESC";
 if (! $sortfield) $sortfield="a.datep";
 // Security check
-$socid = GETPOST("socid");
+$socid = GETPOST('socid','int');
 if ($user->societe_id) $socid=$user->societe_id;
 $result = restrictedArea($user, 'agenda', $socid, '', 'myactions');
@@ -53,7 +53,7 @@ $langs->load("commercial");
 if ($_GET["action"] == 'builddoc')
 {
 	$cat = new CommActionRapport($db, $_GET["month"], $_GET["year"]);
-	$result=$cat->write_file(GETPOST("id"));
+	$result=$cat->write_file(GETPOST('id','int'));
 	if ($result < 0)
 	{
 		$mesg=$cat->error;
--- a/htdocs/comm/contact.php
+++ b/htdocs/comm/contact.php
@@ -40,7 +40,7 @@ $offset = $limit * $page ;
 $type=$_GET["type"];
 // Security check
-$socid = GETPOST('socid');
+$socid = GETPOST('socid','int');
 if ($user->societe_id) $socid=$user->societe_id;
 $result = restrictedArea($user, 'societe',$socid,'');
--- a/htdocs/comm/fiche.php
+++ b/htdocs/comm/fiche.php
@@ -49,7 +49,7 @@ if ($conf->notification->enabled) $langs->load("mails");
 if (!empty($conf->global->MAIN_MODULE_CHRONODOCS)) $langs->load("chronodocs");
 // Security check
-$id = (GETPOST('socid','int') ? GETPOST('socid','int') : GETPOST('id'));
+$id = (GETPOST('socid','int') ? GETPOST('socid','int') : GETPOST('id','int'));
 if ($user->societe_id > 0) $id=$user->societe_id;
 $result = restrictedArea($user,'societe',$id,'&societe');
--- a/htdocs/comm/list.php
+++ b/htdocs/comm/list.php
@@ -32,7 +32,7 @@ $langs->load("suppliers");
 $langs->load("commercial");
 // Security check
-$socid = GETPOST("socid");
+$socid = GETPOST('socid','int');
 if ($user->societe_id) $socid=$user->societe_id;
 $result = restrictedArea($user,'societe',$socid,'');
--- a/htdocs/comm/mailing/cibles.php
+++ b/htdocs/comm/mailing/cibles.php
@@ -47,7 +47,7 @@ $pagenext = $page + 1;
 if (! $sortorder) $sortorder="ASC";
 if (! $sortfield) $sortfield="email";
-$id=GETPOST('rowid')?GETPOST('rowid'):GETPOST('id');
+$id=GETPOST('rowid')?GETPOST('rowid'):GETPOST('id','int');
 $action=GETPOST("action");
 $search_nom=GETPOST("search_nom");
 $search_prenom=GETPOST("search_prenom");
--- a/htdocs/comm/propal.php
+++ b/htdocs/comm/propal.php
@@ -1080,7 +1080,7 @@ if ($id > 0 || ! empty($ref))
 		//'text' => $langs->trans("ConfirmClone"),
 		//array('type' => 'checkbox', 'name' => 'clone_content',   'label' => $langs->trans("CloneMainAttributes"),   'value' => 1),
 		//array('type' => 'checkbox', 'name' => 'update_prices',   'label' => $langs->trans("PuttingPricesUpToDate"),   'value' => 1),
-		array('type' => 'other', 'name' => 'socid',   'label' => $langs->trans("SelectThirdParty"),   'value' => $form->select_company(GETPOST('socid'),'socid','(s.client=1 OR s.client=3)'))
+		array('type' => 'other', 'name' => 'socid',   'label' => $langs->trans("SelectThirdParty"),   'value' => $form->select_company(GETPOST('socid','int'),'socid','(s.client=1 OR s.client=3)'))
 		);
 		// Paiement incomplet. On demande si motif = escompte ou autre
 		$formconfirm=$form->formconfirm($_SERVER["PHP_SELF"].'?id='.$object->id,$langs->trans('ClonePropal'),$langs->trans('ConfirmClonePropal',$object->ref),'confirm_clone',$formquestion,'yes',1);
@@ -1352,11 +1352,11 @@ if ($id > 0 || ! empty($ref))
 		if ($action == 'editdelivery_address')
 		{
-			$formother->form_address($_SERVER['PHP_SELF'].'?id='.$object->id,$object->fk_delivery_address,GETPOST('socid'),'fk_address','propal',$object->id);
+			$formother->form_address($_SERVER['PHP_SELF'].'?id='.$object->id,$object->fk_delivery_address,GETPOST('socid','int'),'fk_address','propal',$object->id);
 		}
 		else
 		{
-			$formother->form_address($_SERVER['PHP_SELF'].'?id='.$object->id,$object->fk_delivery_address,GETPOST('socid'),'none','propal',$object->id);
+			$formother->form_address($_SERVER['PHP_SELF'].'?id='.$object->id,$object->fk_delivery_address,GETPOST('socid','int'),'none','propal',$object->id);
 		}
 		print '</td></tr>';
 	}
--- a/htdocs/comm/propal/apercu.php
+++ b/htdocs/comm/propal/apercu.php
@@ -37,7 +37,7 @@ $langs->load('compta');
 // Security check
 $socid=0;
-$id = GETPOST("id");
+$id = GETPOST('id','int');
 $ref = GETPOST("ref");
 if ($user->societe_id) $socid=$user->societe_id;
 $result = restrictedArea($user, 'propale', $id, 'propal');
--- a/htdocs/comm/propal/document.php
+++ b/htdocs/comm/propal/document.php
@@ -35,7 +35,7 @@ $langs->load('other');
 $action		= GETPOST('action');
 $confirm	= GETPOST('confirm');
-$id			= GETPOST('id');
+$id			= GETPOST('id','int');
 $ref		= GETPOST('ref');
 // Security check
--- a/htdocs/comm/propal/stats/index.php
+++ b/htdocs/comm/propal/stats/index.php
@@ -30,8 +30,8 @@ require_once(DOL_DOCUMENT_ROOT."/core/class/dolgraph.class.php");
 $WIDTH=500;
 $HEIGHT=200;
-$userid=GETPOST('userid'); if ($userid < 0) $userid=0;
+$userid=GETPOST('userid','int'); if ($userid < 0) $userid=0;
-$socid=GETPOST('socid'); if ($socid < 0) $socid=0;
+$socid=GETPOST('socid','int'); if ($socid < 0) $socid=0;
 // Security check
 if ($user->societe_id > 0)
 {
--- a/htdocs/comm/prospect/fiche.php
+++ b/htdocs/comm/prospect/fiche.php
@@ -37,7 +37,7 @@ $langs->load('projects');
 $langs->load('propal');
 // Security check
-$socid = GETPOST("socid");
+$socid = GETPOST('socid','int');
 if ($user->societe_id) $socid=$user->societe_id;
 $result = restrictedArea($user, 'societe', $socid, '&societe');
--- a/htdocs/comm/remx.php
+++ b/htdocs/comm/remx.php
@@ -36,7 +36,7 @@ $action=GETPOST('action','alpha');
 $backtopage=GETPOST('backtopage','alpha');
 // Security check
-$socid = GETPOST("id");
+$socid = GETPOST('id','int');
 if ($user->societe_id > 0)
 {
 	$socid = $user->societe_id;
@@ -189,7 +189,7 @@ if (GETPOST("action") == 'confirm_remove' && GETPOST("confirm")=='yes')
 	if ($result > 0)
 	{
 		$db->commit();
-		header("Location: ".$_SERVER["PHP_SELF"].'?id='.GETPOST('id'));	// To avoid pb whith back
+		header("Location: ".$_SERVER["PHP_SELF"].'?id='.GETPOST('id','int'));	// To avoid pb whith back
 		exit;
 	}
 	else
--- a/htdocs/commande/apercu.php
+++ b/htdocs/commande/apercu.php
@@ -40,7 +40,7 @@ $langs->load('sendings');
 // Security check
 $socid=0;
-$id = GETPOST("id");
+$id = GETPOST('id','int');
 $ref = GETPOST("ref");
 if ($user->societe_id) $socid=$user->societe_id;
 $result=restrictedArea($user,'commande',$id,'');
--- a/htdocs/commande/contact.php
+++ b/htdocs/commande/contact.php
@@ -79,7 +79,7 @@ if ($_POST["action"] == 'addcontact' && $user->rights->commande->creer)
 if ($_GET["action"] == 'swapstatut' && $user->rights->commande->creer)
 {
 	$commande = new Commande($db);
-	if ($commande->fetch(GETPOST("id")))
+	if ($commande->fetch(GETPOST('id','int')))
 	{
 	    $result=$commande->swapContactStatus(GETPOST('ligne'));
 	}
--- a/htdocs/commande/document.php
+++ b/htdocs/commande/document.php
@@ -36,7 +36,7 @@ $langs->load('other');
 $action		= GETPOST('action');
 $confirm	= GETPOST('confirm');
-$id			= GETPOST('id');
+$id			= GETPOST('id','int');
 $ref		= GETPOST('ref');
 // Security check
--- a/htdocs/commande/fiche.php
+++ b/htdocs/commande/fiche.php
@@ -51,9 +51,9 @@ $langs->load('propal');
 $langs->load('deliveries');
 $langs->load('products');
-$id      = (GETPOST("id")?GETPOST("id"):GETPOST("orderid"));
+$id      = (GETPOST('id','int')?GETPOST('id','int'):GETPOST("orderid"));
 $ref     = GETPOST('ref');
-$socid   = GETPOST('socid');
+$socid   = GETPOST('socid','int');
 $action  = GETPOST('action');
 $confirm = GETPOST('confirm');
 $lineid  = GETPOST('lineid');
@@ -191,7 +191,7 @@ if ($action == 'add' && $user->rights->commande->creer)
    $datecommande  = dol_mktime(12, 0, 0, $_POST['remonth'],  $_POST['reday'],  $_POST['reyear']);
    $datelivraison = dol_mktime(12, 0, 0, $_POST['liv_month'],$_POST['liv_day'],$_POST['liv_year']);
-    $object->socid=GETPOST('socid');
+    $object->socid=GETPOST('socid','int');
    $object->fetch_thirdparty();
    $db->begin();
@@ -1652,7 +1652,7 @@ else
                //'text' => $langs->trans("ConfirmClone"),
                //array('type' => 'checkbox', 'name' => 'clone_content',   'label' => $langs->trans("CloneMainAttributes"),   'value' => 1),
                //array('type' => 'checkbox', 'name' => 'update_prices',   'label' => $langs->trans("PuttingPricesUpToDate"),   'value' => 1),
-                array('type' => 'other', 'name' => 'socid',   'label' => $langs->trans("SelectThirdParty"),   'value' => $form->select_company(GETPOST('socid'),'socid','(s.client=1 OR s.client=3)'))
+                array('type' => 'other', 'name' => 'socid',   'label' => $langs->trans("SelectThirdParty"),   'value' => $form->select_company(GETPOST('socid','int'),'socid','(s.client=1 OR s.client=3)'))
                );
                // Paiement incomplet. On demande si motif = escompte ou autre
                $formconfirm=$form->formconfirm($_SERVER["PHP_SELF"].'?id='.$object->id,$langs->trans('CloneOrder'),$langs->trans('ConfirmCloneOrder',$object->ref),'confirm_clone',$formquestion,'yes',1);
--- a/htdocs/commande/index.php
+++ b/htdocs/commande/index.php
@@ -33,7 +33,7 @@ if (!$user->rights->commande->lire) accessforbidden();
 $langs->load("orders");
 // Security check
-$socid=GETPOST('socid');
+$socid=GETPOST('socid','int');
 if ($user->societe_id > 0)
 {
 	$action = '';
--- a/htdocs/commande/liste.php
+++ b/htdocs/commande/liste.php
@@ -44,7 +44,7 @@ $sall=GETPOST('sall');
 $socid=GETPOST('socid','int');
 // Security check
-$id = (GETPOST('orderid')?GETPOST('orderid'):GETPOST('id'));
+$id = (GETPOST('orderid')?GETPOST('orderid'):GETPOST('id','int'));
 if ($user->societe_id) $socid=$user->societe_id;
 $result = restrictedArea($user, 'commande', $id,'');
--- a/htdocs/commande/stats/index.php
+++ b/htdocs/commande/stats/index.php
@@ -34,8 +34,8 @@ $mode=GETPOST("mode")?GETPOST("mode"):'customer';
 if ($mode == 'customer' && ! $user->rights->commande->lire) accessforbidden();
 if ($mode == 'supplier' && ! $user->rights->fournisseur->commande->lire) accessforbidden();
-$userid=GETPOST('userid'); if ($userid < 0) $userid=0;
+$userid=GETPOST('userid','int'); if ($userid < 0) $userid=0;
-$socid=GETPOST('socid'); if ($socid < 0) $socid=0;
+$socid=GETPOST('socid','int'); if ($socid < 0) $socid=0;
 // Security check
 if ($user->societe_id > 0)
 {
--- a/htdocs/compta/bank/fiche.php
+++ b/htdocs/compta/bank/fiche.php
@@ -468,10 +468,10 @@ else
    /*                                                                            */
    /* ************************************************************************** */
-    if (GETPOST("id") && $action == 'edit' && $user->rights->banque->configurer)
+    if (GETPOST('id','int') && $action == 'edit' && $user->rights->banque->configurer)
    {
        $account = new Account($db);
-        $account->fetch(GETPOST("id"));
+        $account->fetch(GETPOST('id','int'));
        print_fiche_titre($langs->trans("EditFinancialAccount"));
        print "<br>";
--- a/htdocs/compta/deplacement/fiche.php
+++ b/htdocs/compta/deplacement/fiche.php
@@ -36,7 +36,7 @@ $langs->load("trips");
 // Security check
-$id = GETPOST('id');
+$id = GETPOST('id','int');
 if ($user->societe_id) $socid=$user->societe_id;
 $result = restrictedArea($user, 'deplacement', $id,'');
@@ -287,7 +287,7 @@ if ($action == 'create')
    // Company
    print "<tr>";
    print '<td>'.$langs->trans("CompanyVisited").'</td><td>';
-    print $form->select_company(GETPOST("socid"),'socid','',1);
+    print $form->select_company(GETPOST('socid','int'),'socid','',1);
    print '</td></tr>';
    // Public note
--- a/htdocs/compta/deplacement/index.php
+++ b/htdocs/compta/deplacement/index.php
@@ -32,7 +32,7 @@ $langs->load("users");
 $langs->load("trips");
 // Security check
-$socid = GETPOST('socid');
+$socid = GETPOST('socid','int');
 if ($user->societe_id) $socid=$user->societe_id;
 $result = restrictedArea($user, 'deplacement','','');
--- a/htdocs/compta/deplacement/info.php
+++ b/htdocs/compta/deplacement/info.php
@@ -30,7 +30,7 @@ require_once(DOL_DOCUMENT_ROOT."/compta/deplacement/class/deplacement.class.php"
 $langs->load("trips");
 // Security check
-$id = GETPOST('id');
+$id = GETPOST('id','int');
 if ($user->societe_id) $socid=$user->societe_id;
 $result = restrictedArea($user, 'deplacement', $id, '');
--- a/htdocs/compta/deplacement/list.php
+++ b/htdocs/compta/deplacement/list.php
@@ -32,7 +32,7 @@ $langs->load("users");
 $langs->load("trips");
 // Security check
-$socid = GETPOST('socid');
+$socid = GETPOST('socid','int');
 if ($user->societe_id) $socid=$user->societe_id;
 $result = restrictedArea($user, 'deplacement','','');
--- a/htdocs/compta/deplacement/stats/index.php
+++ b/htdocs/compta/deplacement/stats/index.php
@@ -31,8 +31,8 @@ $langs->load("trips");
 $WIDTH=500;
 $HEIGHT=200;
-$userid=GETPOST('userid'); if ($userid < 0) $userid=0;
+$userid=GETPOST('userid','int'); if ($userid < 0) $userid=0;
-$socid=GETPOST('socid'); if ($socid < 0) $socid=0;
+$socid=GETPOST('socid','int'); if ($socid < 0) $socid=0;
 // Securite acces client
 if ($user->societe_id > 0)
 {
--- a/htdocs/compta/dons/fiche.php
+++ b/htdocs/compta/dons/fiche.php
@@ -34,7 +34,7 @@ $langs->load("companies");
 $langs->load("donations");
 $langs->load("bills");
-$id=GETPOST('rowid')?GETPOST('rowid'):GETPOST('id');
+$id=GETPOST('rowid')?GETPOST('rowid'):GETPOST('id','int');
 $action=GETPOST('action');
 $mesg="";
--- a/htdocs/compta/facture.php
+++ b/htdocs/compta/facture.php
@@ -53,7 +53,7 @@ if (GETPOST('mesg','int',1) && isset($_SESSION['message'])) $mesg=$_SESSION['mes
 $sall=trim(GETPOST('sall'));
 $projectid=(GETPOST('projectid')?GETPOST('projectid','int'):0);
-$id=(GETPOST('id')?GETPOST('id','int'):GETPOST('facid','int'));  // For backward compatibility
+$id=(GETPOST('id','int')?GETPOST('id','int'):GETPOST('facid','int'));  // For backward compatibility
 $ref=GETPOST('ref','alpha');
 $socid=GETPOST('socid','int');
 $action=GETPOST('action','alpha');
@@ -558,7 +558,7 @@ if ($action == 'confirm_converttoreduc' && $confirm == 'yes' && $user->rights->f
 */
 if ($action == 'add' && $user->rights->facture->creer)
 {
-    $object->socid=GETPOST('socid');
+    $object->socid=GETPOST('socid','int');
    $db->begin();
--- a/htdocs/compta/facture/apercu.php
+++ b/htdocs/compta/facture/apercu.php
@@ -36,7 +36,7 @@ $langs->load("bills");
 // Security check
 $socid=0;
-$id = GETPOST("facid");
+$id = GETPOST('facid','int');
 $ref = GETPOST("ref");
 if ($user->societe_id) $socid=$user->societe_id;
 $result = restrictedArea($user, 'facture', $id);
--- a/htdocs/compta/facture/contact.php
+++ b/htdocs/compta/facture/contact.php
@@ -32,7 +32,9 @@ require_once(DOL_DOCUMENT_ROOT.'/core/class/html.formcompany.class.php');
 $langs->load("bills");
 $langs->load("companies");
-$facid = isset($_GET["facid"])?$_GET["facid"]:'';
+$facid = GETPOST('facid');
 $id = GETPOST('facid');
 $ref= GETPOST('ref');
 // Security check
 if ($user->societe_id) $socid=$user->societe_id;
@@ -45,12 +47,11 @@ $result = restrictedArea($user, 'facture', $facid);
 if ($_POST["action"] == 'addcontact' && $user->rights->facture->creer)
 {
 	$result = 0;
 	$facture = new Facture($db);
-	$result = $facture->fetch($_GET["facid"]);
+	$result = $facture->fetch($facid);
-    if ($result > 0 && $_GET["facid"] > 0)
+    if ($result > 0 && $facid > 0)
    {
  		$result = $facture->add_contact($_POST["contactid"], $_POST["type"], $_POST["source"]);
    }
@@ -78,7 +79,7 @@ if ($_POST["action"] == 'addcontact' && $user->rights->facture->creer)
 if ($_GET["action"] == 'swapstatut' && $user->rights->facture->creer)
 {
 	$facture = new Facture($db);
-	if ($facture->fetch(GETPOST("facid")))
+	if ($facture->fetch($facid))
 	{
 	    $result=$facture->swapContactStatus(GETPOST('ligne'));
 	}
@@ -92,7 +93,7 @@ if ($_GET["action"] == 'swapstatut' && $user->rights->facture->creer)
 if ($_GET["action"] == 'deleteline' && $user->rights->facture->creer)
 {
 	$facture = new Facture($db);
-	$facture->fetch($_GET["facid"]);
+	$facture->fetch($facid);
 	$result = $facture->delete_contact($_GET["lineid"]);
 	if ($result >= 0)
@@ -125,8 +126,6 @@ $userstatic=new User($db);
 /* *************************************************************************** */
 dol_htmloutput_mesg($mesg);
 $id = $_GET['facid'];
 $ref= $_GET['ref'];
 if ($id > 0 || ! empty($ref))
 {
 	$facture = new Facture($db);
--- a/htdocs/compta/facture/document.php
+++ b/htdocs/compta/facture/document.php
@@ -39,7 +39,7 @@ $langs->load("bills");
 $action		= GETPOST('action');
 $confirm	= GETPOST('confirm');
-$id			= GETPOST('facid');
+$id			= GETPOST('facid','int');
 $ref		= GETPOST('ref');
 // Security check
--- a/htdocs/compta/facture/fiche-rec.php
+++ b/htdocs/compta/facture/fiche-rec.php
@@ -31,7 +31,7 @@ require_once(DOL_DOCUMENT_ROOT."/product/class/product.class.php");
 $langs->load('bills');
 // Security check
-$facid=GETPOST("facid");
+$facid=GETPOST('facid','int');
 $action=GETPOST("action");
 if ($user->societe_id) $socid=$user->societe_id;
 $objecttype = 'facture_rec';
@@ -81,7 +81,7 @@ if ($_POST["action"] == 'add')
 if ($_REQUEST["action"] == 'delete' && $user->rights->facture->supprimer)
 {
 	$facrec = new FactureRec($db);
-	$facrec->fetch(GETPOST("facid"));
+	$facrec->fetch(GETPOST('facid','int'));
 	$facrec->delete();
 	$facid = 0 ;
 }
--- a/htdocs/compta/facture/stats/index.php
+++ b/htdocs/compta/facture/stats/index.php
@@ -33,8 +33,8 @@ $mode=GETPOST("mode")?GETPOST("mode"):'customer';
 if ($mode == 'customer' && ! $user->rights->facture->lire) accessforbidden();
 if ($mode == 'supplier' && ! $user->rights->fournisseur->facture->lire) accessforbidden();
-$userid=GETPOST('userid'); if ($userid < 0) $userid=0;
+$userid=GETPOST('userid','int'); if ($userid < 0) $userid=0;
-$socid=GETPOST('socid'); if ($socid < 0) $socid=0;
+$socid=GETPOST('socid','int'); if ($socid < 0) $socid=0;
 // Security check
 if ($user->societe_id > 0)
 {
--- a/htdocs/compta/localtax/clients.php
+++ b/htdocs/compta/localtax/clients.php
@@ -75,7 +75,7 @@ $modetax = $conf->global->TAX_MODE;
 if (isset($_REQUEST["modetax"])) $modetax=$_REQUEST["modetax"];
 // Security check
-$socid = GETPOST("socid");
+$socid = GETPOST('socid','int');
 if ($user->societe_id) $socid=$user->societe_id;
 $result = restrictedArea($user, 'tax', '', '', 'charges');
--- a/htdocs/compta/paiement.php
+++ b/htdocs/compta/paiement.php
@@ -37,7 +37,7 @@ $langs->load('banks');
 $action		= GETPOST('action');
 $confirm	= GETPOST('confirm');
-$facid		= GETPOST('facid');
+$facid		= GETPOST('facid','int');
 $socname	= GETPOST('socname');
 $accountid	= GETPOST('accountid');
 $paymentnum	= GETPOST('num_paiement');
--- a/htdocs/compta/paiement/cheque/fiche.php
+++ b/htdocs/compta/paiement/cheque/fiche.php
@@ -35,7 +35,7 @@ $langs->load('banks');
 $langs->load('companies');
 $langs->load('compta');
-$id =GETPOST("id");
+$id =GETPOST('id','int');
 $ref=GETPOST("ref");
 $action=GETPOST('action');
@@ -67,7 +67,7 @@ $filteraccountid=GETPOST('accountid');
 if ($action == 'setdate' && $user->rights->banque->cheque)
 {
    $remisecheque = new RemiseCheque($db);
-    $result = $remisecheque->fetch(GETPOST('id'));
+    $result = $remisecheque->fetch(GETPOST('id','int'));
    if ($result > 0)
    {
        //print "x ".$_POST['liv_month'].", ".$_POST['liv_day'].", ".$_POST['liv_year'];
--- a/htdocs/compta/paiement/liste.php
+++ b/htdocs/compta/paiement/liste.php
@@ -30,9 +30,9 @@ require_once(DOL_DOCUMENT_ROOT.'/compta/bank/class/account.class.php');
 $langs->load("bills");
 // Security check
-$facid =GETPOST("facid");
+$facid =GETPOST('facid','int');
-$socid =GETPOST("socid");
+$socid =GETPOST('socid','int');
-$userid=GETPOST('userid');
+$userid=GETPOST('userid','int');
 if ($user->societe_id) $socid=$user->societe_id;
 $result = restrictedArea($user, 'facture',$facid,'');
--- a/htdocs/compta/prelevement/bon.php
+++ b/htdocs/compta/prelevement/bon.php
@@ -33,7 +33,7 @@ $langs->load("categories");
 // Security check
 $socid=0;
-$id = GETPOST("id");
+$id = GETPOST('id','int');
 $ref = GETPOST("ref");
 if ($user->societe_id) $socid=$user->societe_id;
 $result = restrictedArea($user, 'prelevement', $id);
--- a/htdocs/compta/prelevement/bons.php
+++ b/htdocs/compta/prelevement/bons.php
@@ -31,7 +31,7 @@ $langs->load("widthdrawals");
 $langs->load("categories");
 // Security check
-$socid = GETPOST("socid");
+$socid = GETPOST('socid','int');
 if ($user->societe_id) $socid=$user->societe_id;
 $result = restrictedArea($user, 'prelevement','','','bons');
--- a/htdocs/compta/prelevement/demandes.php
+++ b/htdocs/compta/prelevement/demandes.php
@@ -32,7 +32,7 @@ $langs->load("companies");
 $langs->load("categories");
 // Security check
-$socid = GETPOST("socid");
+$socid = GETPOST('socid','int');
 if ($user->societe_id) $socid=$user->societe_id;
 $result = restrictedArea($user, 'prelevement','','','bons');
--- a/htdocs/compta/prelevement/factures.php
+++ b/htdocs/compta/prelevement/factures.php
@@ -37,8 +37,8 @@ $langs->load("categories");
 if ($user->societe_id > 0) accessforbidden();
 // Get supervariables
-$prev_id = GETPOST("id");
+$prev_id = GETPOST('id','int');
-$socid = GETPOST("socid");
+$socid = GETPOST('socid','int');
 $page = GETPOST("page");
 $sortorder = ((GETPOST("sortorder")=="")) ? "DESC" : GETPOST("sortorder");
 $sortfield = ((GETPOST("sortfield")=="")) ? "p.ref" : GETPOST("sortfield");
--- a/htdocs/compta/prelevement/fiche-rejet.php
+++ b/htdocs/compta/prelevement/fiche-rejet.php
@@ -35,7 +35,7 @@ $langs->load("categories");
 if ($user->societe_id > 0) accessforbidden();
 // Get supervariables
-$prev_id = GETPOST("id");
+$prev_id = GETPOST('id','int');
 $page = GETPOST("page");
 /*
--- a/htdocs/compta/prelevement/fiche-stat.php
+++ b/htdocs/compta/prelevement/fiche-stat.php
@@ -34,7 +34,7 @@ $langs->load("withdrawals");
 $langs->load("categories");
 // Get supervariables
-$prev_id = GETPOST("id");
+$prev_id = GETPOST('id','int');
 $page = GETPOST("page");
 /*
--- a/htdocs/compta/prelevement/fiche.php
+++ b/htdocs/compta/prelevement/fiche.php
@@ -40,7 +40,7 @@ if ($user->societe_id > 0) accessforbidden();
 // Get supervariables
 $action = GETPOST("action");
-$id = GETPOST("id");
+$id = GETPOST('id','int');
 /*
 * Actions
--- a/htdocs/compta/prelevement/index.php
+++ b/htdocs/compta/prelevement/index.php
@@ -32,7 +32,7 @@ $langs->load("withdrawals");
 $langs->load("categories");
 // Security check
-$socid = GETPOST("socid");
+$socid = GETPOST('socid','int');
 if ($user->societe_id) $socid=$user->societe_id;
 $result = restrictedArea($user, 'prelevement','','');
--- a/htdocs/compta/prelevement/ligne.php
+++ b/htdocs/compta/prelevement/ligne.php
@@ -39,8 +39,8 @@ $langs->load("categories");
 // Get supervariables
 $action = GETPOST("action");
-$id = GETPOST("id");
+$id = GETPOST('id','int');
-$socid = GETPOST("socid");
+$socid = GETPOST('socid','int');
 $page = GETPOST("page");
 $sortorder = GETPOST("sortorder");
--- a/htdocs/compta/prelevement/lignes.php
+++ b/htdocs/compta/prelevement/lignes.php
@@ -36,8 +36,8 @@ if ($user->societe_id > 0) accessforbidden();
 $langs->load("categories");
 // Get supervariables
-$prev_id = GETPOST("id");
+$prev_id = GETPOST('id','int');
-$socid = GETPOST("socid");
+$socid = GETPOST('socid','int');
 $page = GETPOST("page");
 $sortorder = ((GETPOST("sortorder")=="")) ? "DESC" : GETPOST("sortorder");
 $sortfield = ((GETPOST("sortfield")=="")) ? "pl.fk_soc" : GETPOST("sortfield");
--- a/htdocs/compta/prelevement/liste.php
+++ b/htdocs/compta/prelevement/liste.php
@@ -32,7 +32,7 @@ $langs->load("companies");
 $langs->load("categories");
 // Security check
-$socid = GETPOST("socid");
+$socid = GETPOST('socid','int');
 if ($user->societe_id) $socid=$user->societe_id;
 $result = restrictedArea($user, 'prelevement','','','bons');
--- a/htdocs/compta/prelevement/rejets.php
+++ b/htdocs/compta/prelevement/rejets.php
@@ -30,7 +30,7 @@ $langs->load("companies");
 $langs->load("categories");
 // Security check
-$socid = GETPOST("socid");
+$socid = GETPOST('socid','int');
 if ($user->societe_id) $socid=$user->societe_id;
 $result = restrictedArea($user, 'prelevement','','','bons');
--- a/htdocs/compta/prelevement/stats.php
+++ b/htdocs/compta/prelevement/stats.php
@@ -31,7 +31,7 @@ $langs->load("companies");
 $langs->load("categories");
 // Security check
-$socid = GETPOST("socid");
+$socid = GETPOST('socid','int');
 if ($user->societe_id) $socid=$user->societe_id;
 $result = restrictedArea($user, 'prelevement','','','bons');
--- a/htdocs/compta/resultat/clientfourn.php
+++ b/htdocs/compta/resultat/clientfourn.php
@@ -33,7 +33,7 @@ require_once(DOL_DOCUMENT_ROOT."/core/lib/date.lib.php");
 $langs->load("bills");
 // Security check
-$socid = GETPOST("socid");
+$socid = GETPOST('socid','int');
 if ($user->societe_id > 0) $socid = $user->societe_id;
 if (!$user->rights->compta->resultat->lire && !$user->rights->accounting->comptarapport->lire) accessforbidden();
--- a/htdocs/compta/resultat/index.php
+++ b/htdocs/compta/resultat/index.php
@@ -38,7 +38,7 @@ else {
 }
 // Security check
-$socid = GETPOST('socid');
+$socid = GETPOST('socid','int');
 if ($user->societe_id > 0) $socid = $user->societe_id;
 if (!$user->rights->compta->resultat->lire && !$user->rights->accounting->comptarapport->lire)
 accessforbidden();
--- a/htdocs/compta/sociales/charges.php
+++ b/htdocs/compta/sociales/charges.php
@@ -30,11 +30,11 @@ require_once(DOL_DOCUMENT_ROOT."/core/lib/tax.lib.php");
 $langs->load("compta");
 $langs->load("bills");
-$id=GETPOST("id");
+$id=GETPOST('id','int');
 $action=GETPOST("action");
 // Security check
-$socid = GETPOST("socid");
+$socid = GETPOST('socid','int');
 if ($user->societe_id) $socid=$user->societe_id;
 $result = restrictedArea($user, 'tax', $langs->trans("SocialContribution"), '', 'charges');
--- a/htdocs/compta/sociales/document.php
+++ b/htdocs/compta/sociales/document.php
@@ -38,7 +38,7 @@ $langs->load("companies");
 $langs->load("compta");
 $langs->load("bills");
-$id = GETPOST("id");
+$id = GETPOST('id','int');
 $action = GETPOST("action");
 // Security check
--- a/htdocs/compta/sociales/info.php
+++ b/htdocs/compta/sociales/info.php
@@ -29,11 +29,11 @@ require_once(DOL_DOCUMENT_ROOT."/core/lib/functions2.lib.php");
 $langs->load("compta");
 $langs->load("bills");
-$id=GETPOST("id");
+$id=GETPOST('id','int');
 $action=GETPOST("action");
 // Security check
-$socid = GETPOST("socid");
+$socid = GETPOST('socid','int');
 if ($user->societe_id) $socid=$user->societe_id;
 $result = restrictedArea($user, 'tax', $langs->trans("SocialContribution"), '', 'charges');
--- a/htdocs/compta/stats/index.php
+++ b/htdocs/compta/stats/index.php
@@ -37,8 +37,8 @@ else {
    $year_end=$year_start + ($nbofyear-1);
 }
-$userid=GETPOST('userid');
+$userid=GETPOST('userid','int');
-$socid=GETPOST('socid');
+$socid=GETPOST('socid','int');
 // Security check
 if ($user->societe_id > 0) $socid = $user->societe_id;
 if (!$user->rights->compta->resultat->lire && !$user->rights->accounting->comptarapport->lire) accessforbidden();
--- a/htdocs/compta/tva/clients.php
+++ b/htdocs/compta/tva/clients.php
@@ -78,7 +78,7 @@ $modetax = $conf->global->TAX_MODE;
 if (isset($_REQUEST["modetax"])) $modetax=$_REQUEST["modetax"];
 // Security check
-$socid = GETPOST("socid");
+$socid = GETPOST('socid','int');
 if ($user->societe_id) $socid=$user->societe_id;
 $result = restrictedArea($user, 'tax', '', '', 'charges');
--- a/htdocs/compta/tva/quadri_detail.php
+++ b/htdocs/compta/tva/quadri_detail.php
@@ -85,7 +85,7 @@ if (isset($_REQUEST["modetax"])) $modetax=$_REQUEST["modetax"];
 if (empty($modetax)) $modetax=0;
 // Security check
-$socid = GETPOST("socid");
+$socid = GETPOST('socid','int');
 if ($user->societe_id) $socid=$user->societe_id;
 $result = restrictedArea($user, 'tax', '', '', 'charges');
--- a/htdocs/contact/canvas/default/tpl/contactcard_edit.tpl.php
+++ b/htdocs/contact/canvas/default/tpl/contactcard_edit.tpl.php
@@ -32,10 +32,10 @@ echo $this->control->tpl['ajax_selectcountry'];
 <br>
-<form method="post" name="formsoc" action="<?php echo $_SERVER["PHP_SELF"].'?id='.GETPOST("id"); ?>">
+<form method="post" name="formsoc" action="<?php echo $_SERVER["PHP_SELF"].'?id='.GETPOST('id','int'); ?>">
 <input type="hidden" name="token" value="<?php echo $_SESSION['newtoken']; ?>">
 <input type="hidden" name="canvas" value="<?php echo $canvas ?>">
-<input type="hidden" name="id" value="<?php echo GETPOST("id"); ?>">
+<input type="hidden" name="id" value="<?php echo GETPOST('id','int'); ?>">
 <input type="hidden" name="action" value="update">
 <input type="hidden" name="contactid" value="<?php echo $this->control->tpl['id']; ?>">
 <input type="hidden" name="old_name" value="<?php echo $this->control->tpl['name']; ?>">
--- a/htdocs/contact/canvas/default/tpl/contactcard_view.tpl.php
+++ b/htdocs/contact/canvas/default/tpl/contactcard_view.tpl.php
@@ -17,7 +17,6 @@
 */
 $contact = $GLOBALS['objcanvas']->control->object;
 ?>
 <!-- BEGIN PHP TEMPLATE CONTACTCARD_VIEW.TPL.PHP DEFAULT -->
@@ -98,7 +97,7 @@ dol_htmloutput_errors($this->control->tpl['error'],$this->control->tpl['errors']
 	<td><?php echo $this->control->tpl['email']; ?></td>
 	<?php if ($this->control->tpl['nb_emailing']) { ?>
 	<td nowrap><?php echo $langs->trans("NbOfEMailingsReceived"); ?></td>
-	<td><a href="<?php echo DOL_URL_ROOT.'/comm/mailing/liste.php?filteremail='.urlencode($this->control->tpl['email']); ?>"><?php echo $this->control->tpl['nb_emailing']; ?></a></td>
+	<td><?php echo $this->control->tpl['nb_emailing']; ?></td>
 	<?php } else { ?>
 	<td colspan="2">&nbsp;</td>
 	<?php } ?>
--- a/htdocs/contact/fiche.php
+++ b/htdocs/contact/fiche.php
@@ -249,10 +249,12 @@ if (empty($reshook))
            {
                $object->old_name='';
                $object->old_firstname='';
                $action = 'view';
            }
            else
            {
                $error=$object->error; $errors=$object->errors;
                $action = 'edit';
            }
        }
    }
@@ -277,7 +279,7 @@ if ($socid > 0)
    $objsoc->fetch($socid);
 }
-if (is_object($objcanvas) && $objcanvas->displayCanvasExists())
+if (is_object($objcanvas) && $objcanvas->displayCanvasExists($action))
 {
    // -----------------------------------------
    // When used with CANVAS
@@ -288,7 +290,7 @@ if (is_object($objcanvas) && $objcanvas->displayCanvasExists())
 	     $object->fetch($id);                   // For use with "pure canvas" (canvas that contains templates only)
 	}
 	$objcanvas->assign_values($action, $id);	// Set value for templates
-	$objcanvas->display_canvas();				// Show template
+	$objcanvas->display_canvas($action);		// Show template
 }
 else
 {
@@ -390,7 +392,7 @@ else
                }
                else {
                    print '<tr><td>'.$langs->trans("Company").'</td><td colspan="3">';
-                    print $form->select_company(GETPOST("socid"),'socid','',1);
+                    print $form->select_company(GETPOST('socid','int'),'socid','',1);
                    print '</td></tr>';
                }
            }
@@ -562,7 +564,7 @@ else
            {
                print '<tr><td>'.$langs->trans("Company").'</td>';
                print '<td colspan="3">';
-                print $form->select_company(GETPOST("socid")?GETPOST("socid"):($object->socid?$object->socid:-1),'socid','',1);
+                print $form->select_company(GETPOST('socid','int')?GETPOST('socid','int'):($object->socid?$object->socid:-1),'socid','',1);
                print '</td>';
                print '</tr>';
            }
--- a/htdocs/contrat/contact.php
+++ b/htdocs/contrat/contact.php
@@ -77,7 +77,7 @@ if ($_POST["action"] == 'addcontact' && $user->rights->contrat->creer)
 if ($_GET["action"] == 'swapstatut' && $user->rights->contrat->creer)
 {
 	$contrat = new Contrat($db);
-	if ($contrat->fetch(GETPOST("id")))
+	if ($contrat->fetch(GETPOST('id','int')))
 	{
 	    $result=$contrat->swapContactStatus(GETPOST('ligne'));
 	}
--- a/htdocs/contrat/fiche.php
+++ b/htdocs/contrat/fiche.php
@@ -41,8 +41,8 @@ $langs->load("bills");
 $langs->load("products");
 $action=GETPOST('action');
-$socid = GETPOST("socid");
+$socid = GETPOST('socid','int');
-$contratid = GETPOST("id");
+$contratid = GETPOST('id','int');
 // Security check
 if ($user->societe_id) $socid=$user->societe_id;
--- a/htdocs/contrat/services.php
+++ b/htdocs/contrat/services.php
@@ -48,10 +48,10 @@ $search_nom=GETPOST("search_nom");
 $search_contract=GETPOST("search_contract");
 $search_service=GETPOST("search_service");
 $statut=isset($_GET["statut"])?$_GET["statut"]:1;
-$socid=GETPOST("socid");
+$socid=GETPOST('socid','int');
 // Security check
-$contratid = GETPOST("id");
+$contratid = GETPOST('id','int');
 if ($user->societe_id) $socid=$user->societe_id;
 $result = restrictedArea($user, 'contrat',$contratid,'');
--- a/htdocs/core/class/canvas.class.php
+++ b/htdocs/core/class/canvas.class.php
@@ -50,9 +50,9 @@ class Canvas
 	*   @param     DoliDB	$DB          	Database handler
 	*   @param     string   $actiontype		Action type ('create', 'view', 'edit', 'list')
 	*/
-	function __construct($DB, $actiontype='view')
+	function __construct($db, $actiontype='view')
 	{
-		$this->db = $DB;
+		$this->db = $db;
 		$this->actiontype = $actiontype;
        if ($this->actiontype == 'add')    $this->actiontype='create';
@@ -128,11 +128,11 @@ class Canvas
 	 *
     *	@return		int		0=Canvas template file does not exist, 1=Canvas template file exists
     */
-    function displayCanvasExists()
+    function displayCanvasExists($action)
-    {
+    {	
        if (empty($this->template_dir)) return 0;
-        //print $this->template_dir.($this->card?$this->card.'_':'').$this->actiontype.'.tpl.php';
+
-        if (file_exists($this->template_dir.($this->card?$this->card.'_':'').$this->actiontype.'.tpl.php')) return 1;
+        if (file_exists($this->template_dir.($this->card?$this->card.'_':'').$this->action.'.tpl.php')) return 1;
        else return 0;
    }
@@ -142,12 +142,12 @@ class Canvas
 	 *
 	 *	@return		void
 	 */
-	function display_canvas()
+	function display_canvas($action)
 	{
 		global $db, $conf, $langs, $user, $canvas;
 		global $form, $formfile;
-		include($this->template_dir.($this->card?$this->card.'_':'').$this->actiontype.'.tpl.php');        // Include native PHP template
+		include($this->template_dir.($this->card?$this->card.'_':'').$this->action.'.tpl.php');        // Include native PHP template
 	}
--- a/htdocs/core/modules/commande/doc/pdf_edison.modules.php
+++ b/htdocs/core/modules/commande/doc/pdf_edison.modules.php
@@ -148,6 +148,12 @@ class pdf_edison extends ModelePDFCommandes
                    $pdf->setPrintFooter(false);
                }
                $pdf->SetFont(pdf_getPDFFont($outputlangs));
                // Set path to the background PDF File
                if (empty($conf->global->MAIN_DISABLE_FPDI) && ! empty($conf->global->MAIN_ADD_PDF_BACKGROUND))
                {
                    $pagecount = $pdf->setSourceFile($conf->mycompany->dir_output.'/'.$conf->global->MAIN_ADD_PDF_BACKGROUND);
                    $tplidx = $pdf->importPage(1);
                }
 				$pdf->Open();
 				$pagenb=0;
@@ -165,6 +171,7 @@ class pdf_edison extends ModelePDFCommandes
 				// New page
 				$pdf->AddPage();
 				if (! empty($tplidx)) $pdf->useTemplate($tplidx);
 				$pagenb++;
 				$this->_pagehead($pdf, $object, 1, $outputlangs);
 				$pdf->SetFont('','', $default_font_size - 1);
@@ -240,6 +247,7 @@ class pdf_edison extends ModelePDFCommandes
 						// New page
 						$pdf->AddPage();
 				        if (! empty($tplidx)) $pdf->useTemplate($tplidx);
 						$pagenb++;
 						$this->_pagehead($pdf, $object, 0, $outputlangs);
 						$pdf->SetFont('','', $default_font_size - 1);
--- a/htdocs/core/modules/commande/doc/pdf_einstein.modules.php
+++ b/htdocs/core/modules/commande/doc/pdf_einstein.modules.php
@@ -185,6 +185,12 @@ class pdf_einstein extends ModelePDFCommandes
                    $pdf->setPrintFooter(false);
                }
                $pdf->SetFont(pdf_getPDFFont($outputlangs));
                // Set path to the background PDF File
                if (empty($conf->global->MAIN_DISABLE_FPDI) && ! empty($conf->global->MAIN_ADD_PDF_BACKGROUND))
                {
                    $pagecount = $pdf->setSourceFile($conf->mycompany->dir_output.'/'.$conf->global->MAIN_ADD_PDF_BACKGROUND);
                    $tplidx = $pdf->importPage(1);
                }
 				$pdf->Open();
 				$pagenb=0;
@@ -211,6 +217,7 @@ class pdf_einstein extends ModelePDFCommandes
 				// New page
 				$pdf->AddPage();
 				if (! empty($tplidx)) $pdf->useTemplate($tplidx);
 				$pagenb++;
 				$this->_pagehead($pdf, $object, 1, $outputlangs);
 				$pdf->SetFont('','', $default_font_size - 1);
@@ -356,6 +363,7 @@ class pdf_einstein extends ModelePDFCommandes
 						// New page
 						$pdf->AddPage();
 				        if (! empty($tplidx)) $pdf->useTemplate($tplidx);
 						$pagenb++;
 						$this->_pagehead($pdf, $object, 0, $outputlangs);
 						$pdf->SetFont('','', $default_font_size - 1);
--- a/htdocs/core/modules/expedition/doc/pdf_expedition_merou.modules.php
+++ b/htdocs/core/modules/expedition/doc/pdf_expedition_merou.modules.php
@@ -155,6 +155,12 @@ Class pdf_expedition_merou extends ModelePdfExpedition
                    $pdf->setPrintFooter(false);
                }
                $pdf->SetFont(pdf_getPDFFont($outputlangs));
                // Set path to the background PDF File
                if (empty($conf->global->MAIN_DISABLE_FPDI) && ! empty($conf->global->MAIN_ADD_PDF_BACKGROUND))
                {
                    $pagecount = $pdf->setSourceFile($conf->mycompany->dir_output.'/'.$conf->global->MAIN_ADD_PDF_BACKGROUND);
                    $tplidx = $pdf->importPage(1);
                }
 				$pdf->Open();
 				$pagenb=0;
--- a/htdocs/core/modules/expedition/doc/pdf_expedition_rouget.modules.php
+++ b/htdocs/core/modules/expedition/doc/pdf_expedition_rouget.modules.php
@@ -74,10 +74,11 @@ Class pdf_expedition_rouget extends ModelePdfExpedition
 	}
 	/**
-	 *		\brief      Fonction generant le document sur le disque
+	 *	Fonction generant le document sur le disque
-	 *		\param	    object			Objet expedition a generer (ou id si ancienne methode)
+	 *
-	 *		\param		outputlangs		Lang output object
+	 *	@param	    object			Objet expedition a generer (ou id si ancienne methode)
-	 * 	 	\return	    int     		1=ok, 0=ko
+	 *	@param		outputlangs		Lang output object
 	 * 	@return	    int     		1=ok, 0=ko
 	 */
 	function write_file(&$object, $outputlangs)
 	{
@@ -133,6 +134,12 @@ Class pdf_expedition_rouget extends ModelePdfExpedition
                    $pdf->setPrintFooter(false);
                }
                $pdf->SetFont(pdf_getPDFFont($outputlangs));
                // Set path to the background PDF File
                if (empty($conf->global->MAIN_DISABLE_FPDI) && ! empty($conf->global->MAIN_ADD_PDF_BACKGROUND))
                {
                    $pagecount = $pdf->setSourceFile($conf->mycompany->dir_output.'/'.$conf->global->MAIN_ADD_PDF_BACKGROUND);
                    $tplidx = $pdf->importPage(1);
                }
 				$pdf->Open();
 				$pagenb=0;
@@ -152,6 +159,7 @@ Class pdf_expedition_rouget extends ModelePdfExpedition
 				// New page
 				$pdf->AddPage();
 				if (! empty($tplidx)) $pdf->useTemplate($tplidx);
 				$pagenb++;
 				$this->_pagehead($pdf, $object, 1, $outputlangs);
 				$pdf->SetFont('','', $default_font_size - 1);
--- a/htdocs/core/modules/facture/doc/pdf_crabe.modules.php
+++ b/htdocs/core/modules/facture/doc/pdf_crabe.modules.php
@@ -185,6 +185,12 @@ class pdf_crabe extends ModelePDFFactures
                    $pdf->setPrintFooter(false);
                }
                $pdf->SetFont(pdf_getPDFFont($outputlangs));
                // Set path to the background PDF File
                if (empty($conf->global->MAIN_DISABLE_FPDI) && ! empty($conf->global->MAIN_ADD_PDF_BACKGROUND))
                {
 				    $pagecount = $pdf->setSourceFile($conf->mycompany->dir_output.'/'.$conf->global->MAIN_ADD_PDF_BACKGROUND);
 				    $tplidx = $pdf->importPage(1);
                }
 				$pdf->Open();
 				$pagenb=0;
@@ -211,6 +217,7 @@ class pdf_crabe extends ModelePDFFactures
 				// New page
 				$pdf->AddPage();
 				if (! empty($tplidx)) $pdf->useTemplate($tplidx);
 				$pagenb++;
 				$this->_pagehead($pdf, $object, 1, $outputlangs);
 				$pdf->SetFont('','', $default_font_size - 1);
@@ -360,6 +367,7 @@ class pdf_crabe extends ModelePDFFactures
 						// New page
 						$pdf->AddPage();
 				        if (! empty($tplidx)) $pdf->useTemplate($tplidx);
 						$pagenb++;
 						$this->_pagehead($pdf, $object, 0, $outputlangs);
 						$pdf->SetFont('','', $default_font_size - 1);
--- a/htdocs/core/modules/facture/doc/pdf_oursin.modules.php
+++ b/htdocs/core/modules/facture/doc/pdf_oursin.modules.php
@@ -174,6 +174,12 @@ class pdf_oursin extends ModelePDFFactures
                    $pdf->setPrintFooter(false);
                }
                $pdf->SetFont(pdf_getPDFFont($outputlangs));
                // Set path to the background PDF File
                if (empty($conf->global->MAIN_DISABLE_FPDI) && ! empty($conf->global->MAIN_ADD_PDF_BACKGROUND))
                {
                    $pagecount = $pdf->setSourceFile($conf->mycompany->dir_output.'/'.$conf->global->MAIN_ADD_PDF_BACKGROUND);
                    $tplidx = $pdf->importPage(1);
                }
 				$pdf->Open();
 				$pagenb=0;
@@ -191,6 +197,7 @@ class pdf_oursin extends ModelePDFFactures
 				// New page
 				$pdf->AddPage();
 				if (! empty($tplidx)) $pdf->useTemplate($tplidx);
 				$pagenb++;
 				$this->_pagehead($pdf, $object, 1, $outputlangs);
 				$pdf->SetFont('','', $default_font_size - 1);
@@ -260,6 +267,7 @@ class pdf_oursin extends ModelePDFFactures
 						// New page
 						$pdf->AddPage();
 				        if (! empty($tplidx)) $pdf->useTemplate($tplidx);
 						$pagenb++;
 						$this->_pagehead($pdf, $object, 0, $outputlangs);
 						$pdf->SetFont('','', $default_font_size - 1);
--- a/htdocs/core/modules/fichinter/doc/pdf_soleil.modules.php
+++ b/htdocs/core/modules/fichinter/doc/pdf_soleil.modules.php
@@ -142,6 +142,12 @@ class pdf_soleil extends ModelePDFFicheinter
                    $pdf->setPrintFooter(false);
                }
                $pdf->SetFont(pdf_getPDFFont($outputlangs));
                // Set path to the background PDF File
                if (empty($conf->global->MAIN_DISABLE_FPDI) && ! empty($conf->global->MAIN_ADD_PDF_BACKGROUND))
                {
                    $pagecount = $pdf->setSourceFile($conf->mycompany->dir_output.'/'.$conf->global->MAIN_ADD_PDF_BACKGROUND);
                    $tplidx = $pdf->importPage(1);
                }
 				$pdf->Open();
 				$pagenb=0;
@@ -159,6 +165,7 @@ class pdf_soleil extends ModelePDFFicheinter
 				// New page
 				$pdf->AddPage();
 				if (! empty($tplidx)) $pdf->useTemplate($tplidx);
 				$pagenb++;
 				$this->_pagehead($pdf, $object, 1, $outputlangs);
 				$pdf->SetTextColor(0,0,0);
@@ -289,6 +296,7 @@ class pdf_soleil extends ModelePDFFicheinter
 							// New page
 							$pdf->AddPage();
 				            if (! empty($tplidx)) $pdf->useTemplate($tplidx);
 							$pagenb++;
 							$this->_pagehead($pdf, $object, 0, $outputlangs);
 							$pdf->SetFont('','', $default_font_size - 1);
--- a/htdocs/core/modules/livraison/pdf/pdf_sirocco.modules.php
+++ b/htdocs/core/modules/livraison/pdf/pdf_sirocco.modules.php
@@ -126,6 +126,12 @@ class pdf_sirocco extends ModelePDFDeliveryOrder
                    $pdf->setPrintFooter(false);
                }
                $pdf->SetFont(pdf_getPDFFont($outputlangs));
                // Set path to the background PDF File
                if (empty($conf->global->MAIN_DISABLE_FPDI) && ! empty($conf->global->MAIN_ADD_PDF_BACKGROUND))
                {
                    $pagecount = $pdf->setSourceFile($conf->mycompany->dir_output.'/'.$conf->global->MAIN_ADD_PDF_BACKGROUND);
                    $tplidx = $pdf->importPage(1);
                }
 				// Complete object by loading several other informations
 				$expedition=new Expedition($this->db);
@@ -155,6 +161,7 @@ class pdf_sirocco extends ModelePDFDeliveryOrder
 				// New page
 				$pdf->AddPage();
 				if (! empty($tplidx)) $pdf->useTemplate($tplidx);
 				$pagenb++;
 				$this->_pagehead($pdf, $object, 1, $outputlangs);
 				$pdf->SetFont('','', $default_font_size - 1);
--- a/htdocs/core/modules/livraison/pdf/pdf_typhon.modules.php
+++ b/htdocs/core/modules/livraison/pdf/pdf_typhon.modules.php
@@ -148,6 +148,12 @@ class pdf_typhon extends ModelePDFDeliveryOrder
                    $pdf->setPrintFooter(false);
                }
                $pdf->SetFont(pdf_getPDFFont($outputlangs));
                // Set path to the background PDF File
                if (empty($conf->global->MAIN_DISABLE_FPDI) && ! empty($conf->global->MAIN_ADD_PDF_BACKGROUND))
                {
                    $pagecount = $pdf->setSourceFile($conf->mycompany->dir_output.'/'.$conf->global->MAIN_ADD_PDF_BACKGROUND);
                    $tplidx = $pdf->importPage(1);
                }
 				// Complete object by loading several other informations
 				$expedition=new Expedition($this->db);
@@ -188,6 +194,7 @@ class pdf_typhon extends ModelePDFDeliveryOrder
 				// New page
 				$pdf->AddPage();
 				if (! empty($tplidx)) $pdf->useTemplate($tplidx);
 				$pagenb++;
 				$this->_pagehead($pdf, $object, 1, $outputlangs);
 				$pdf->SetFont('','', $default_font_size - 1);
--- a/htdocs/core/modules/modSociete.class.php
+++ b/htdocs/core/modules/modSociete.class.php
@@ -199,6 +199,7 @@ class modSociete extends DolibarrModules
 		$this->export_icon[$r]='company';
 		$this->export_permission[$r]=array(array("societe","export"));
 		$this->export_fields_array[$r]=array('s.rowid'=>"Id",'s.nom'=>"Name",'s.status'=>"Status",'s.client'=>"Customer",'s.fournisseur'=>"Supplier",'s.datec'=>"DateCreation",'s.tms'=>"DateLastModification",'s.code_client'=>"CustomerCode",'s.code_fournisseur'=>"SupplierCode",'s.address'=>"Address",'s.cp'=>"Zip",'s.ville'=>"Town",'p.libelle'=>"Country",'p.code'=>"CountryCode",'s.tel'=>"Phone",'s.fax'=>"Fax",'s.url'=>"Url",'s.email'=>"Email",'s.default_lang'=>"DefaultLang",'s.siret'=>"IdProf1",'s.siren'=>"IdProf2",'s.ape'=>"IdProf3",'s.idprof4'=>"IdProf4",'s.tva_intra'=>"VATIntraShort",'s.capital'=>"Capital",'s.note'=>"Note",'t.libelle'=>"ThirdPartyType",'ce.code'=>"Effectif","cfj.libelle"=>"JuridicalStatus",'s.fk_prospectlevel'=>'ProspectLevel','s.fk_stcomm'=>'ProspectStatus','d.nom'=>'State');
 		if (! empty($conf->global->SOCIETE_USEPREFIX)) $this->export_fields_array[$r]['s.prefix']='Prefix';
 		$this->export_entities_array[$r]=array();	// We define here only fields that use another picto
        // Add extra fields
        $sql="SELECT name, label FROM ".MAIN_DB_PREFIX."extrafields WHERE elementtype = 'company'";
--- a/htdocs/core/modules/propale/doc/pdf_azur.modules.php
+++ b/htdocs/core/modules/propale/doc/pdf_azur.modules.php
@@ -170,6 +170,12 @@ class pdf_azur extends ModelePDFPropales
                    $pdf->setPrintFooter(false);
                }
                $pdf->SetFont(pdf_getPDFFont($outputlangs));
                // Set path to the background PDF File
                if (empty($conf->global->MAIN_DISABLE_FPDI) && ! empty($conf->global->MAIN_ADD_PDF_BACKGROUND))
                {
                    $pagecount = $pdf->setSourceFile($conf->mycompany->dir_output.'/'.$conf->global->MAIN_ADD_PDF_BACKGROUND);
                    $tplidx = $pdf->importPage(1);
                }
 				$pdf->Open();
 				$pagenb=0;
@@ -196,6 +202,7 @@ class pdf_azur extends ModelePDFPropales
 				// New page
 				$pdf->AddPage();
 				if (! empty($tplidx)) $pdf->useTemplate($tplidx);
 				$pagenb++;
 				$this->_pagehead($pdf, $object, 1, $outputlangs);
 				$pdf->SetFont('','', $default_font_size - 1);
@@ -341,6 +348,7 @@ class pdf_azur extends ModelePDFPropales
 						// New page
 						$pdf->AddPage();
 				        if (! empty($tplidx)) $pdf->useTemplate($tplidx);
 						$pagenb++;
 						$this->_pagehead($pdf, $object, 0, $outputlangs);
 						$pdf->SetFont('','', $default_font_size - 1);
--- a/htdocs/core/modules/propale/doc/pdf_jaune.modules.php
+++ b/htdocs/core/modules/propale/doc/pdf_jaune.modules.php
@@ -170,6 +170,12 @@ class pdf_jaune extends ModelePDFPropales
                    $pdf->setPrintFooter(false);
                }
                $pdf->SetFont(pdf_getPDFFont($outputlangs));
                // Set path to the background PDF File
                if (empty($conf->global->MAIN_DISABLE_FPDI) && ! empty($conf->global->MAIN_ADD_PDF_BACKGROUND))
                {
                    $pagecount = $pdf->setSourceFile($conf->mycompany->dir_output.'/'.$conf->global->MAIN_ADD_PDF_BACKGROUND);
                    $tplidx = $pdf->importPage(1);
                }
 				$pdf->Open();
 				$pagenb=0;
@@ -196,6 +202,7 @@ class pdf_jaune extends ModelePDFPropales
 				// New page
 				$pdf->AddPage();
 				if (! empty($tplidx)) $pdf->useTemplate($tplidx);
 				$pagenb++;
 				$this->_pagehead($pdf, $object, 1, $outputlangs);
 				$pdf->SetFont('','', $default_font_size - 1);
@@ -341,6 +348,7 @@ class pdf_jaune extends ModelePDFPropales
 						// New page
 						$pdf->AddPage();
 				        if (! empty($tplidx)) $pdf->useTemplate($tplidx);
 						$pagenb++;
 						$this->_pagehead($pdf, $object, 0, $outputlangs);
 						$pdf->SetFont('','', $default_font_size - 1);
--- a/htdocs/core/modules/supplier_invoice/pdf/pdf_canelle.modules.php
+++ b/htdocs/core/modules/supplier_invoice/pdf/pdf_canelle.modules.php
@@ -177,6 +177,12 @@ class pdf_canelle extends ModelePDFSuppliersInvoices
                    $pdf->setPrintFooter(false);
                }
                $pdf->SetFont(pdf_getPDFFont($outputlangs));
                // Set path to the background PDF File
                if (empty($conf->global->MAIN_DISABLE_FPDI) && ! empty($conf->global->MAIN_ADD_PDF_BACKGROUND))
                {
                    $pagecount = $pdf->setSourceFile($conf->mycompany->dir_output.'/'.$conf->global->MAIN_ADD_PDF_BACKGROUND);
                    $tplidx = $pdf->importPage(1);
                }
 				$pdf->Open();
 				$pagenb=0;
@@ -203,6 +209,7 @@ class pdf_canelle extends ModelePDFSuppliersInvoices
                // New page
 				$pdf->AddPage();
 				if (! empty($tplidx)) $pdf->useTemplate($tplidx);
 				$pagenb++;
 				$this->_pagehead($pdf, $object, 1, $outputlangs);
 				$pdf->SetFont('','', $default_font_size - 1);
@@ -347,6 +354,7 @@ class pdf_canelle extends ModelePDFSuppliersInvoices
 						// New page
 						$pdf->AddPage();
 				        if (! empty($tplidx)) $pdf->useTemplate($tplidx);
 						$pagenb++;
 						$this->_pagehead($pdf, $object, 0, $outputlangs);
 						$pdf->SetFont('','', $default_font_size - 1);
--- a/htdocs/core/modules/supplier_order/pdf/pdf_muscadet.modules.php
+++ b/htdocs/core/modules/supplier_order/pdf/pdf_muscadet.modules.php
@@ -183,6 +183,12 @@ class pdf_muscadet extends ModelePDFSuppliersOrders
                    $pdf->setPrintFooter(false);
                }
                $pdf->SetFont(pdf_getPDFFont($outputlangs));
                // Set path to the background PDF File
                if (empty($conf->global->MAIN_DISABLE_FPDI) && ! empty($conf->global->MAIN_ADD_PDF_BACKGROUND))
                {
                    $pagecount = $pdf->setSourceFile($conf->mycompany->dir_output.'/'.$conf->global->MAIN_ADD_PDF_BACKGROUND);
                    $tplidx = $pdf->importPage(1);
                }
 				$pdf->Open();
 				$pagenb=0;
@@ -209,6 +215,7 @@ class pdf_muscadet extends ModelePDFSuppliersOrders
 				// New page
 				$pdf->AddPage();
 				if (! empty($tplidx)) $pdf->useTemplate($tplidx);
 				$pagenb++;
 				$this->_pagehead($pdf, $object, 1, $outputlangs);
 				$pdf->SetFont('','', $default_font_size - 1);
@@ -353,6 +360,7 @@ class pdf_muscadet extends ModelePDFSuppliersOrders
 						// New page
 						$pdf->AddPage();
 				        if (! empty($tplidx)) $pdf->useTemplate($tplidx);
 						$pagenb++;
 						$this->_pagehead($pdf, $object, 0, $outputlangs);
 						$pdf->SetFont('','', $default_font_size - 1);
--- a/htdocs/ecm/index.php
+++ b/htdocs/ecm/index.php
@@ -50,7 +50,7 @@ $result = restrictedArea($user, 'ecm', 0);
 $user->getrights('ecm');
 // Get parameters
-$socid=GETPOST('socid');
+$socid=GETPOST('socid','int');
 $action=GETPOST("action");
 $section=GETPOST("section");
 $module=GETPOST("module");
--- a/htdocs/expedition/fiche.php
+++ b/htdocs/expedition/fiche.php
@@ -50,7 +50,7 @@ $langs->load('other');
 $langs->load('propal');
 $origin		= GETPOST("origin")?GETPOST("origin"):'expedition';   // Example: commande, propal
-$origin_id 	= GETPOST("id")?GETPOST("id"):'';
+$origin_id 	= GETPOST('id','int')?GETPOST('id','int'):'';
 if (empty($origin_id)) $origin_id  = GETPOST("origin_id");    // Id of order or propal
 if (empty($origin_id)) $origin_id  = GETPOST("object_id");    // Id of order or propal
 $id = $origin_id;
--- a/htdocs/fichinter/apercu.php
+++ b/htdocs/fichinter/apercu.php
@@ -35,7 +35,7 @@ $langs->load('interventions');
 // Security check
 $socid=0;
-$id = GETPOST("id");
+$id = GETPOST('id','int');
 $ref = GETPOST("ref");
 if ($user->societe_id) $socid=$user->societe_id;
 $result = restrictedArea($user, 'ficheinter', $id, 'fichinter');
--- a/Show More
+++ b/Show More