diff --git a/htdocs/accountancy/admin/accountmodel.php b/htdocs/accountancy/admin/accountmodel.php index 8f7d869479d..0ebba6c18a4 100644 --- a/htdocs/accountancy/admin/accountmodel.php +++ b/htdocs/accountancy/admin/accountmodel.php @@ -180,10 +180,6 @@ if (GETPOST('actionadd', 'alpha') || GETPOST('actionmodify', 'alpha')) { } } // Other checks - if ($tabname[$id] == MAIN_DB_PREFIX."c_actioncomm" && GETPOSTISSET("type") && in_array($_POST["type"], array('system', 'systemauto'))) { - $ok = 0; - setEventMessages($langs->transnoentities('ErrorReservedTypeSystemSystemAuto'), null, 'errors'); - } if (GETPOSTISSET("pcg_version")) { if (GETPOST("pcg_version") == '0') { $ok = 0; diff --git a/htdocs/accountancy/admin/categories_list.php b/htdocs/accountancy/admin/categories_list.php index 89c8a2b3b71..deae39aef54 100644 --- a/htdocs/accountancy/admin/categories_list.php +++ b/htdocs/accountancy/admin/categories_list.php @@ -185,7 +185,7 @@ if (GETPOST('actionadd', 'alpha') || GETPOST('actionmodify', 'alpha')) { } } if (GETPOSTISSET("code")) { - if ($_POST["code"] == '0') { + if (GETPOST("code") == '0') { $ok = 0; setEventMessages($langs->transnoentities('ErrorCodeCantContainZero'), null, 'errors'); } diff --git a/htdocs/accountancy/admin/fiscalyear_card.php b/htdocs/accountancy/admin/fiscalyear_card.php index 410807144f5..16463ec027b 100644 --- a/htdocs/accountancy/admin/fiscalyear_card.php +++ b/htdocs/accountancy/admin/fiscalyear_card.php @@ -121,8 +121,8 @@ if ($action == 'confirm_delete' && $confirm == "yes") { if (!GETPOST('cancel', 'alpha')) { $result = $object->fetch($id); - $object->date_start = empty($_POST["fiscalyear"]) ? '' : $date_start; - $object->date_end = empty($_POST["fiscalyearend"]) ? '' : $date_end; + $object->date_start = GETPOST("fiscalyear") ? $date_start : ''; + $object->date_end = GETPOST("fiscalyearend") ? $date_end : ''; $object->label = GETPOST('label', 'alpha'); $object->statut = GETPOST('statut', 'int'); diff --git a/htdocs/adherents/canvas/actions_adherentcard_common.class.php b/htdocs/adherents/canvas/actions_adherentcard_common.class.php index 970609fce65..3c6e72cc783 100644 --- a/htdocs/adherents/canvas/actions_adherentcard_common.class.php +++ b/htdocs/adherents/canvas/actions_adherentcard_common.class.php @@ -253,23 +253,23 @@ abstract class ActionsAdherentCardCommon // phpcs:enable global $langs, $mysoc; - $this->object->old_name = $_POST["old_name"]; - $this->object->old_firstname = $_POST["old_firstname"]; + $this->object->old_name = GETPOST("old_name"); + $this->object->old_firstname = GETPOST("old_firstname"); - $this->object->fk_soc = $_POST["fk_soc"]; - $this->object->lastname = $_POST["lastname"]; - $this->object->firstname = $_POST["firstname"]; - $this->object->civility_id = $_POST["civility_id"]; - $this->object->address = $_POST["address"]; - $this->object->zip = $_POST["zipcode"]; - $this->object->town = $_POST["town"]; - $this->object->country_id = $_POST["country_id"] ? $_POST["country_id"] : $mysoc->country_id; - $this->object->state_id = $_POST["state_id"]; - $this->object->phone_perso = $_POST["phone_perso"]; - $this->object->phone_mobile = $_POST["phone_mobile"]; - $this->object->email = $_POST["email"]; - $this->object->note = $_POST["note"]; - $this->object->canvas = $_POST["canvas"]; + $this->object->fk_soc = GETPOST("fk_soc"); + $this->object->lastname = GETPOST("lastname"); + $this->object->firstname = GETPOST("firstname"); + $this->object->civility_id = GETPOST("civility_id"); + $this->object->address = GETPOST("address"); + $this->object->zip = GETPOST("zipcode"); + $this->object->town = GETPOST("town"); + $this->object->country_id = GETPOST("country_id", 'int') ? GETPOST("country_id", 'int') : $mysoc->country_id; + $this->object->state_id = GETPOST("state_id", 'int'); + $this->object->phone_perso = GETPOST("phone_perso"); + $this->object->phone_mobile = GETPOST("phone_mobile"); + $this->object->email = GETPOST("email", 'alphawithlgt'); + $this->object->note = GETPOST("note", 'restricthtml'); + $this->object->canvas = GETPOST("canvas"); // We set country_id, and country_code label of the chosen country if ($this->object->country_id) { diff --git a/htdocs/core/class/commonobject.class.php b/htdocs/core/class/commonobject.class.php index e36e96f0833..d857a789df1 100644 --- a/htdocs/core/class/commonobject.class.php +++ b/htdocs/core/class/commonobject.class.php @@ -1072,9 +1072,9 @@ abstract class CommonObject // Insert into database $sql = "INSERT INTO ".MAIN_DB_PREFIX."element_contact"; $sql .= " (element_id, fk_socpeople, datecreate, statut, fk_c_type_contact) "; - $sql .= " VALUES (".$this->id.", ".$fk_socpeople." , "; + $sql .= " VALUES (".$this->id.", ".((int) $fk_socpeople)." , "; $sql .= "'".$this->db->idate($datecreate)."'"; - $sql .= ", 4, ".$id_type_contact; + $sql .= ", 4, ".((int) $id_type_contact); $sql .= ")"; $resql = $this->db->query($sql); diff --git a/htdocs/core/class/discount.class.php b/htdocs/core/class/discount.class.php index 061332c2e8b..4afcf295d40 100644 --- a/htdocs/core/class/discount.class.php +++ b/htdocs/core/class/discount.class.php @@ -144,13 +144,13 @@ class DiscountAbsolute $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."facture as fsup ON sr.fk_invoice_supplier_source = fsup.rowid"; $sql .= " WHERE sr.entity IN (".getEntity('invoice').")"; if ($rowid) { - $sql .= " AND sr.rowid=".$rowid; + $sql .= " AND sr.rowid=".((int) $rowid); } if ($fk_facture_source) { - $sql .= " AND sr.fk_facture_source=".$fk_facture_source; + $sql .= " AND sr.fk_facture_source = ".((int) $fk_facture_source); } if ($fk_invoice_supplier_source) { - $sql .= " AND sr.fk_invoice_supplier_source=".$fk_invoice_supplier_source; + $sql .= " AND sr.fk_invoice_supplier_source = ".((int) $fk_invoice_supplier_source); } dol_syslog(get_class($this)."::fetch", LOG_DEBUG); diff --git a/htdocs/core/lib/functions.lib.php b/htdocs/core/lib/functions.lib.php index 6ba05b04d9c..5a1745a9822 100644 --- a/htdocs/core/lib/functions.lib.php +++ b/htdocs/core/lib/functions.lib.php @@ -355,6 +355,7 @@ function GETPOSTISSET($paramname) * 'int'=check it's numeric (integer or float) * 'intcomma'=check it's integer+comma ('1,2,3,4...') * 'alpha'=Same than alphanohtml since v13 + * 'alphawithlgt'=alpha with lgt * 'alphanohtml'=check there is no html content and no " and no ../ * 'aZ'=check it's a-z only * 'aZ09'=check it's simple alpha string (recommended for keys) diff --git a/htdocs/core/modules/mailings/thirdparties.modules.php b/htdocs/core/modules/mailings/thirdparties.modules.php index 8b8a57f6628..b3b88224df6 100644 --- a/htdocs/core/modules/mailings/thirdparties.modules.php +++ b/htdocs/core/modules/mailings/thirdparties.modules.php @@ -83,13 +83,13 @@ class mailing_thirdparties extends MailingTargets if (GETPOSTISSET("filter_client") && GETPOST("filter_client") <> '-1') { $addFilter .= " AND s.client=".((int) GETPOST("filter_client", 'int')); $addDescription = $langs->trans('ProspectCustomer')."="; - if ($_POST["filter_client"] == 0) { + if (GETPOST("filter_client") == 0) { $addDescription .= $langs->trans('NorProspectNorCustomer'); - } elseif ($_POST["filter_client"] == 1) { + } elseif (GETPOST("filter_client") == 1) { $addDescription .= $langs->trans('Customer'); - } elseif ($_POST["filter_client"] == 2) { + } elseif (GETPOST("filter_client") == 2) { $addDescription .= $langs->trans('Prospect'); - } elseif ($_POST["filter_client"] == 3) { + } elseif (GETPOST("filter_client") == 3) { $addDescription .= $langs->trans('ProspectCustomer'); } else { $addDescription .= "Unknown status ".GETPOST("filter_client"); diff --git a/htdocs/core/tpl/extrafields_view.tpl.php b/htdocs/core/tpl/extrafields_view.tpl.php index 3940f0c38e5..9f77eaca415 100644 --- a/htdocs/core/tpl/extrafields_view.tpl.php +++ b/htdocs/core/tpl/extrafields_view.tpl.php @@ -81,7 +81,7 @@ if (empty($reshook) && is_array($extrafields->attributes[$object->table_element] if ($perms && isset($extrafields->attributes[$object->table_element]['perms'][$tmpkeyextra])) { $perms = dol_eval($extrafields->attributes[$object->table_element]['perms'][$tmpkeyextra], 1); } - //print $tmpkeyextra.'-'.$enabled.'-'.$perms.'-'.$tmplabelextra.$_POST["options_" . $tmpkeyextra].'
'."\n"; + //print $tmpkeyextra.'-'.$enabled.'-'.$perms.'
'."\n"; if (empty($enabled)) { continue; // 0 = Never visible field diff --git a/htdocs/don/payment/payment.php b/htdocs/don/payment/payment.php index ca33d6ffc23..d571940cc9b 100644 --- a/htdocs/don/payment/payment.php +++ b/htdocs/don/payment/payment.php @@ -29,9 +29,10 @@ require_once DOL_DOCUMENT_ROOT.'/compta/bank/class/account.class.php'; $langs->load("bills"); -$chid = GETPOST("rowid"); +$chid = GETPOST("rowid", 'int'); $action = GETPOST('action', 'aZ09'); $amounts = array(); +$cancel = GETPOST('cancel'); // Security check $socid = 0; @@ -49,15 +50,15 @@ $object = new Don($db); if ($action == 'add_payment') { $error = 0; - if ($_POST["cancel"]) { + if ($cancel) { $loc = DOL_URL_ROOT.'/don/card.php?rowid='.$chid; header("Location: ".$loc); exit; } - $datepaid = dol_mktime(12, 0, 0, $_POST["remonth"], $_POST["reday"], $_POST["reyear"]); + $datepaid = dol_mktime(12, 0, 0, GETPOST("remonth"), GETPOST("reday"), GETPOST("reyear")); - if (!$_POST["paymenttype"] > 0) { + if (!(GETPOST("paymenttype") > 0)) { setEventMessages($langs->trans("ErrorFieldRequired", $langs->transnoentities("PaymentMode")), null, 'errors'); $error++; } @@ -65,7 +66,7 @@ if ($action == 'add_payment') { setEventMessages($langs->trans("ErrorFieldRequired", $langs->transnoentities("Date")), null, 'errors'); $error++; } - if (!empty($conf->banque->enabled) && !$_POST["accountid"] > 0) { + if (!empty($conf->banque->enabled) && !(GETPOST("accountid", 'int') > 0)) { setEventMessages($langs->trans("ErrorFieldRequired", $langs->transnoentities("AccountToCredit")), null, 'errors'); $error++; } @@ -183,8 +184,8 @@ if ($action == 'create') { print ''; print '"; print ''; diff --git a/htdocs/expensereport/card.php b/htdocs/expensereport/card.php index 020c34dc0c6..1c3e8594c41 100644 --- a/htdocs/expensereport/card.php +++ b/htdocs/expensereport/card.php @@ -2257,7 +2257,7 @@ if ($action == 'create') { // VAT print ''; // Unit price diff --git a/htdocs/expensereport/payment/payment.php b/htdocs/expensereport/payment/payment.php index 926559769b4..d50f6336669 100644 --- a/htdocs/expensereport/payment/payment.php +++ b/htdocs/expensereport/payment/payment.php @@ -36,6 +36,7 @@ $ref = GETPOST('ref', 'alpha'); $action = GETPOST('action', 'aZ09'); $amounts = array(); $accountid = GETPOST('accountid', 'int'); +$cancel = GETPOST('cancel'); // Security check $socid = 0; @@ -51,7 +52,7 @@ if ($user->socid > 0) { if ($action == 'add_payment') { $error = 0; - if ($_POST["cancel"]) { + if ($cancel) { $loc = DOL_URL_ROOT.'/expensereport/card.php?id='.$id; header("Location: ".$loc); exit; @@ -64,9 +65,9 @@ if ($action == 'add_payment') { setEventMessages($expensereport->error, $expensereport->errors, 'errors'); } - $datepaid = dol_mktime(12, 0, 0, $_POST["remonth"], $_POST["reday"], $_POST["reyear"]); + $datepaid = dol_mktime(12, 0, 0, GETPOST("remonth", 'int'), GETPOST("reday", 'int'), GETPOST("reyear", 'int')); - if (!($_POST["fk_typepayment"] > 0)) { + if (!(GETPOST("fk_typepayment", 'int') > 0)) { setEventMessages($langs->trans("ErrorFieldRequired", $langs->transnoentities("PaymentMode")), null, 'errors'); $error++; } diff --git a/htdocs/fichinter/card.php b/htdocs/fichinter/card.php index ebc884eb033..88c5a1cefc0 100644 --- a/htdocs/fichinter/card.php +++ b/htdocs/fichinter/card.php @@ -875,9 +875,9 @@ if ($action == 'create') { print ''; print ''; $defaultpassive = GETPOST("FTP_PASSIVE_".($lastftpentry + 1)); - if (!isset($_POST["FTP_PASSIVE_".($lastftpentry + 1)])) { + if (!GETPOSTISSET("FTP_PASSIVE_".($lastftpentry + 1))) { $defaultpassive = empty($conf->global->FTP_SUGGEST_PASSIVE_BYDEFAULT) ? 0 : 1; } print ''; diff --git a/htdocs/hrm/establishment/card.php b/htdocs/hrm/establishment/card.php index a46ebfa28f3..96874db6504 100644 --- a/htdocs/hrm/establishment/card.php +++ b/htdocs/hrm/establishment/card.php @@ -80,9 +80,9 @@ if ($action == 'confirm_delete' && $confirm == "yes") { if (empty($error)) { $object->address = GETPOST('address', 'alpha'); - $object->zip = GETPOST('zipcode', 'alpha'); - $object->town = GETPOST('town', 'alpha'); - $object->country_id = $_POST["country_id"]; + $object->zip = GETPOST('zipcode', 'alpha'); + $object->town = GETPOST('town', 'alpha'); + $object->country_id = GETPOST("country_id", 'int'); $object->status = GETPOST('status', 'int'); $object->fk_user_author = $user->id; $object->datec = dol_now(); diff --git a/htdocs/install/step1.php b/htdocs/install/step1.php index e841a352b40..86e970f8194 100644 --- a/htdocs/install/step1.php +++ b/htdocs/install/step1.php @@ -231,7 +231,6 @@ if (!$error) { $databasefortest = 'master'; } } - //print $_POST["db_type"].",".$_POST["db_host"].",$userroot,$passroot,$databasefortest,".$_POST["db_port"]; $db = getDoliDBInstance($db_type, $db_host, $userroot, $passroot, $databasefortest, $db_port); diff --git a/htdocs/paybox/admin/paybox.php b/htdocs/paybox/admin/paybox.php index 7bba308ba9c..41ad839cb94 100644 --- a/htdocs/paybox/admin/paybox.php +++ b/htdocs/paybox/admin/paybox.php @@ -41,7 +41,7 @@ $action = GETPOST('action', 'aZ09'); if ($action == 'setvalue' && $user->admin) { $db->begin(); - //$result=dolibarr_set_const($db, "PAYBOX_IBS_DEVISE",$_POST["PAYBOX_IBS_DEVISE"],'chaine',0,'',$conf->entity); + //$result=dolibarr_set_const($db, "PAYBOX_IBS_DEVISE", GETPOST("PAYBOX_IBS_DEVISE"),'chaine',0,'',$conf->entity); $result = dolibarr_set_const($db, "PAYBOX_CGI_URL_V1", GETPOST('PAYBOX_CGI_URL_V1', 'alpha'), 'chaine', 0, '', $conf->entity); if (!$result > 0) { $error++; diff --git a/htdocs/projet/card.php b/htdocs/projet/card.php index d65ea3499fc..916f23eb056 100644 --- a/htdocs/projet/card.php +++ b/htdocs/projet/card.php @@ -224,12 +224,10 @@ if (empty($reshook)) { if (empty($ref)) { $error++; - //$_GET["id"]=$_POST["id"]; // We return on the project card setEventMessages($langs->trans("ErrorFieldRequired", $langs->transnoentities("Ref")), null, 'errors'); } - if (empty($_POST["title"])) { + if (!GETPOST("title")) { $error++; - //$_GET["id"]=$_POST["id"]; // We return on the project card setEventMessages($langs->trans("ErrorFieldRequired", $langs->transnoentities("ProjectLabel")), null, 'errors'); } @@ -512,7 +510,7 @@ if ($action == 'create' && $user->rights->projet->creer) { } // Ref - $suggestedref = ($_POST["ref"] ? $_POST["ref"] : $defaultref); + $suggestedref = (GETPOST("ref") ? GETPOST("ref") : $defaultref); print ''; diff --git a/htdocs/projet/tasks.php b/htdocs/projet/tasks.php index cb2f92c34a4..df4a94b6dfd 100644 --- a/htdocs/projet/tasks.php +++ b/htdocs/projet/tasks.php @@ -297,7 +297,7 @@ if ($action == 'createtask' && $user->rights->projet->creer) { $taskid = $task->create($user); if ($taskid > 0) { - $result = $task->add_contact($_POST["userid"], 'TASKEXECUTIVE', 'internal'); + $result = $task->add_contact(GETPOST("userid", 'int'), 'TASKEXECUTIVE', 'internal'); } else { if ($db->lasterrno() == 'DB_ERROR_RECORD_ALREADY_EXISTS') { $langs->load("projects"); diff --git a/htdocs/projet/tasks/task.php b/htdocs/projet/tasks/task.php index 430210fe11b..0f6b67a0482 100644 --- a/htdocs/projet/tasks/task.php +++ b/htdocs/projet/tasks/task.php @@ -80,7 +80,7 @@ if ($action == 'update' && !GETPOST("cancel") && $user->rights->projet->creer) { $error++; setEventMessages($langs->trans("ErrorFieldRequired", $langs->transnoentities("Ref")), null, 'errors'); } - if (empty($_POST["label"])) { + if (!GETPOST("label")) { $error++; setEventMessages($langs->trans("ErrorFieldRequired", $langs->transnoentities("Label")), null, 'errors'); } diff --git a/htdocs/projet/tasks/time.php b/htdocs/projet/tasks/time.php index 883fe737e56..2fb226b5eb2 100644 --- a/htdocs/projet/tasks/time.php +++ b/htdocs/projet/tasks/time.php @@ -158,7 +158,7 @@ if ($action == 'addtimespent' && $user->rights->projet->lire) { setEventMessages($langs->trans('ErrorFieldRequired', $langs->transnoentitiesnoconv("Duration")), null, 'errors'); $error++; } - if (empty($_POST["userid"])) { + if (!GETPOST("userid", 'int')) { $langs->load("errors"); setEventMessages($langs->trans('ErrorUserNotAssignedToTask'), null, 'errors'); $error++; @@ -185,19 +185,19 @@ if ($action == 'addtimespent' && $user->rights->projet->lire) { $action = 'createtime'; $error++; } else { - $object->timespent_note = $_POST["timespent_note"]; + $object->timespent_note = GETPOST("timespent_note"); if (GETPOST('progress', 'int') > 0) { $object->progress = GETPOST('progress', 'int'); // If progress is -1 (not defined), we do not change value } - $object->timespent_duration = $_POST["timespent_durationhour"] * 60 * 60; // We store duration in seconds - $object->timespent_duration += ($_POST["timespent_durationmin"] ? $_POST["timespent_durationmin"] : 0) * 60; // We store duration in seconds + $object->timespent_duration = GETPOST("timespent_durationhour") * 60 * 60; // We store duration in seconds + $object->timespent_duration += (GETPOST("timespent_durationmin") ? GETPOST("timespent_durationmin") : 0) * 60; // We store duration in seconds if (GETPOST("timehour") != '' && GETPOST("timehour") >= 0) { // If hour was entered $object->timespent_date = dol_mktime(GETPOST("timehour"), GETPOST("timemin"), 0, GETPOST("timemonth"), GETPOST("timeday"), GETPOST("timeyear")); $object->timespent_withhour = 1; } else { $object->timespent_date = dol_mktime(12, 0, 0, GETPOST("timemonth"), GETPOST("timeday"), GETPOST("timeyear")); } - $object->timespent_fk_user = $_POST["userid"]; + $object->timespent_fk_user = GETPOST("userid", 'int'); $result = $object->addTimeSpent($user); if ($result >= 0) { setEventMessages($langs->trans("RecordSaved"), null, 'mesgs'); @@ -233,17 +233,17 @@ if (($action == 'updateline' || $action == 'updatesplitline') && !$cancel && $us $result = $object->delTimeSpent($user); $object->fetch($id, $ref); - $object->timespent_note = $_POST["timespent_note_line"]; - $object->timespent_old_duration = $_POST["old_duration"]; - $object->timespent_duration = $_POST["new_durationhour"] * 60 * 60; // We store duration in seconds - $object->timespent_duration += ($_POST["new_durationmin"] ? $_POST["new_durationmin"] : 0) * 60; // We store duration in seconds + $object->timespent_note = GETPOST("timespent_note_line"); + $object->timespent_old_duration = GETPOST("old_duration"); + $object->timespent_duration = GETPOST("new_durationhour") * 60 * 60; // We store duration in seconds + $object->timespent_duration += (GETPOST("new_durationmin") ? GETPOST("new_durationmin") : 0) * 60; // We store duration in seconds if (GETPOST("timelinehour") != '' && GETPOST("timelinehour") >= 0) { // If hour was entered $object->timespent_date = dol_mktime(GETPOST("timelinehour"), GETPOST("timelinemin"), 0, GETPOST("timelinemonth"), GETPOST("timelineday"), GETPOST("timelineyear")); $object->timespent_withhour = 1; } else { $object->timespent_date = dol_mktime(12, 0, 0, GETPOST("timelinemonth"), GETPOST("timelineday"), GETPOST("timelineyear")); } - $object->timespent_fk_user = $_POST["userid_line"]; + $object->timespent_fk_user = GETPOST("userid_line", 'int'); $result = $object->addTimeSpent($user); if ($result >= 0) { setEventMessages($langs->trans("RecordSaved"), null, 'mesgs'); @@ -255,18 +255,18 @@ if (($action == 'updateline' || $action == 'updatesplitline') && !$cancel && $us $object->fetch($id, $ref); // TODO Check that ($task_time->fk_user == $user->id || in_array($task_time->fk_user, $childids)) - $object->timespent_id = $_POST["lineid"]; - $object->timespent_note = $_POST["timespent_note_line"]; - $object->timespent_old_duration = $_POST["old_duration"]; - $object->timespent_duration = $_POST["new_durationhour"] * 60 * 60; // We store duration in seconds - $object->timespent_duration += ($_POST["new_durationmin"] ? $_POST["new_durationmin"] : 0) * 60; // We store duration in seconds + $object->timespent_id = GETPOST("lineid", 'int'); + $object->timespent_note = GETPOST("timespent_note_line"); + $object->timespent_old_duration = GETPOST("old_duration"); + $object->timespent_duration = GETPOST("new_durationhour") * 60 * 60; // We store duration in seconds + $object->timespent_duration += (GETPOST("new_durationmin") ? GETPOST("new_durationmin") : 0) * 60; // We store duration in seconds if (GETPOST("timelinehour") != '' && GETPOST("timelinehour") >= 0) { // If hour was entered $object->timespent_date = dol_mktime(GETPOST("timelinehour"), GETPOST("timelinemin"), 0, GETPOST("timelinemonth"), GETPOST("timelineday"), GETPOST("timelineyear")); $object->timespent_withhour = 1; } else { $object->timespent_date = dol_mktime(12, 0, 0, GETPOST("timelinemonth"), GETPOST("timelineday"), GETPOST("timelineyear")); } - $object->timespent_fk_user = $_POST["userid_line"]; + $object->timespent_fk_user = GETPOST("userid_line", 'int'); $result = $object->updateTimeSpent($user); if ($result >= 0) { @@ -1141,7 +1141,6 @@ if (($id > 0 || !empty($ref)) || $projectidforalltimes > 0) { // Date print ''; diff --git a/htdocs/public/opensurvey/studs.php b/htdocs/public/opensurvey/studs.php index 90dab0379ff..5f5446ae3f1 100644 --- a/htdocs/public/opensurvey/studs.php +++ b/htdocs/public/opensurvey/studs.php @@ -203,7 +203,6 @@ if ($testmodifier) { //var_dump($_POST);exit; $nouveauchoix = ''; for ($i = 0; $i < $nbcolonnes; $i++) { - //var_dump($_POST["choix$i"]); if (GETPOSTISSET("choix".$i) && GETPOST("choix".$i) == '1') { $nouveauchoix .= "1"; } elseif (GETPOSTISSET("choix".$i) && GETPOST("choix".$i) == '2') { @@ -217,7 +216,7 @@ if ($testmodifier) { accessforbidden('', 0, 0, 1); } - $idtomodify = $_POST["idtomodify".$modifier]; + $idtomodify = GETPOST("idtomodify".$modifier); $sql = 'UPDATE '.MAIN_DB_PREFIX."opensurvey_user_studs"; $sql .= " SET reponses = '".$db->escape($nouveauchoix)."'"; $sql .= " WHERE id_users = '".$db->escape($idtomodify)."'"; diff --git a/htdocs/public/project/new.php b/htdocs/public/project/new.php index f25843f69e4..048df9c41b3 100644 --- a/htdocs/public/project/new.php +++ b/htdocs/public/project/new.php @@ -223,11 +223,11 @@ if (empty($reshook) && $action == 'add') { $error++; $errmsg .= $langs->trans("ErrorFieldRequired", $langs->transnoentitiesnoconv('Nature'))."
\n"; } - if (empty($_POST["lastname"])) { + if (!GETPOST("lastname")) { $error++; $errmsg .= $langs->trans("ErrorFieldRequired", $langs->transnoentitiesnoconv("Lastname"))."
\n"; } - if (empty($_POST["firstname"])) { + if (!GETPOST("firstname")) { $error++; $errmsg .= $langs->trans("ErrorFieldRequired", $langs->transnoentitiesnoconv("Firstname"))."
\n"; } diff --git a/htdocs/salaries/paiement_salary.php b/htdocs/salaries/paiement_salary.php index ac70d5c4a8c..0010484a280 100644 --- a/htdocs/salaries/paiement_salary.php +++ b/htdocs/salaries/paiement_salary.php @@ -33,6 +33,7 @@ $langs->load("bills"); $chid = GETPOST("id", 'int'); $action = GETPOST('action', 'alpha'); +$cancel = GETPOST('cancel', 'alpha'); $amounts = array(); // Security check @@ -49,7 +50,7 @@ if ($user->socid > 0) { if ($action == 'add_payment' || ($action == 'confirm_paiement' && $confirm == 'yes')) { $error = 0; - if ($_POST["cancel"]) { + if ($cancel) { $loc = DOL_URL_ROOT.'/salaries/card.php?id='.$chid; header("Location: ".$loc); exit; @@ -198,21 +199,21 @@ if ($action == 'create') { print '';*/ print '"; print ''; print '\n"; print ''; print ''; print ''; print ''; // Number diff --git a/htdocs/societe/canvas/actions_card_common.class.php b/htdocs/societe/canvas/actions_card_common.class.php index da7e68d4849..53748c1465a 100644 --- a/htdocs/societe/canvas/actions_card_common.class.php +++ b/htdocs/societe/canvas/actions_card_common.class.php @@ -387,40 +387,40 @@ abstract class ActionsCardCommon // phpcs:enable global $langs, $mysoc; - $this->object->id = $_POST["socid"]; - $this->object->name = $_POST["nom"]; - $this->object->prefix_comm = $_POST["prefix_comm"]; - $this->object->client = $_POST["client"]; - $this->object->code_client = $_POST["code_client"]; - $this->object->fournisseur = $_POST["fournisseur"]; - $this->object->code_fournisseur = $_POST["code_fournisseur"]; - $this->object->address = $_POST["adresse"]; - $this->object->zip = $_POST["zipcode"]; - $this->object->town = $_POST["town"]; - $this->object->country_id = $_POST["country_id"] ? $_POST["country_id"] : $mysoc->country_id; - $this->object->state_id = $_POST["state_id"]; - $this->object->phone = $_POST["tel"]; - $this->object->fax = $_POST["fax"]; - $this->object->email = $_POST["email"]; - $this->object->url = $_POST["url"]; - $this->object->capital = $_POST["capital"]; - $this->object->idprof1 = $_POST["idprof1"]; - $this->object->idprof2 = $_POST["idprof2"]; - $this->object->idprof3 = $_POST["idprof3"]; - $this->object->idprof4 = $_POST["idprof4"]; - $this->object->typent_id = $_POST["typent_id"]; - $this->object->effectif_id = $_POST["effectif_id"]; - $this->object->barcode = $_POST["barcode"]; - $this->object->forme_juridique_code = $_POST["forme_juridique_code"]; - $this->object->default_lang = $_POST["default_lang"]; - $this->object->commercial_id = $_POST["commercial_id"]; + $this->object->id = GETPOST("socid"); + $this->object->name = GETPOST("nom"); + $this->object->prefix_comm = GETPOST("prefix_comm"); + $this->object->client = GETPOST("client"); + $this->object->code_client = GETPOST("code_client"); + $this->object->fournisseur = GETPOST("fournisseur"); + $this->object->code_fournisseur = GETPOST("code_fournisseur"); + $this->object->address = GETPOST("adresse"); + $this->object->zip = GETPOST("zipcode"); + $this->object->town = GETPOST("town"); + $this->object->country_id = GETPOST("country_id") ? GETPOST("country_id") : $mysoc->country_id; + $this->object->state_id = GETPOST("state_id"); + $this->object->phone = GETPOST("tel"); + $this->object->fax = GETPOST("fax"); + $this->object->email = GETPOST("email", 'alphawithlgt'); + $this->object->url = GETPOST("url"); + $this->object->capital = GETPOST("capital"); + $this->object->idprof1 = GETPOST("idprof1"); + $this->object->idprof2 = GETPOST("idprof2"); + $this->object->idprof3 = GETPOST("idprof3"); + $this->object->idprof4 = GETPOST("idprof4"); + $this->object->typent_id = GETPOST("typent_id"); + $this->object->effectif_id = GETPOST("effectif_id"); + $this->object->barcode = GETPOST("barcode"); + $this->object->forme_juridique_code = GETPOST("forme_juridique_code"); + $this->object->default_lang = GETPOST("default_lang"); + $this->object->commercial_id = GETPOST("commercial_id"); - $this->object->tva_assuj = $_POST["assujtva_value"] ? $_POST["assujtva_value"] : 1; - $this->object->tva_intra = $_POST["tva_intra"]; + $this->object->tva_assuj = GETPOST("assujtva_value") ? GETPOST("assujtva_value") : 1; + $this->object->tva_intra = GETPOST("tva_intra"); //Local Taxes - $this->object->localtax1_assuj = $_POST["localtax1assuj_value"]; - $this->object->localtax2_assuj = $_POST["localtax2assuj_value"]; + $this->object->localtax1_assuj = GETPOST("localtax1assuj_value"); + $this->object->localtax2_assuj = GETPOST("localtax2assuj_value"); // We set country_id, and country_code label of the chosen country if ($this->object->country_id) { diff --git a/htdocs/supplier_proposal/card.php b/htdocs/supplier_proposal/card.php index 21bb18dda93..92b43902405 100644 --- a/htdocs/supplier_proposal/card.php +++ b/htdocs/supplier_proposal/card.php @@ -505,9 +505,9 @@ if (empty($reshook)) { $object->generateDocument($object->model_pdf, $outputlangs, $hidedetails, $hidedesc, $hideref); } } elseif ($action == "setabsolutediscount" && $usercancreate) { - if ($_POST["remise_id"]) { + if (GETPOST("remise_id", 'int')) { if ($object->id > 0) { - $result = $object->insert_discount($_POST["remise_id"]); + $result = $object->insert_discount(GETPOST("remise_id", 'int')); if ($result < 0) { setEventMessages($object->error, $object->errors, 'errors'); } diff --git a/htdocs/supplier_proposal/contact.php b/htdocs/supplier_proposal/contact.php index 527ba87cb3e..d106ce0506f 100644 --- a/htdocs/supplier_proposal/contact.php +++ b/htdocs/supplier_proposal/contact.php @@ -58,7 +58,7 @@ if ($action == 'addcontact' && $permissiontoedit) { if ($result > 0 && $id > 0) { $contactid = (GETPOST('userid') ? GETPOST('userid') : GETPOST('contactid')); - $result = $object->add_contact($contactid, $_POST["type"], $_POST["source"]); + $result = $object->add_contact($contactid, GETPOST("type"), GETPOST("source")); } if ($result >= 0) { diff --git a/htdocs/takepos/admin/other.php b/htdocs/takepos/admin/other.php index 7d0ce8897e3..f933472a443 100644 --- a/htdocs/takepos/admin/other.php +++ b/htdocs/takepos/admin/other.php @@ -63,9 +63,6 @@ if ($resql) { if (GETPOST('action', 'alpha') == 'set') { $db->begin(); - if (GETPOST('socid', 'int') < 0) { - $_POST["socid"] = ''; - } $res = dolibarr_set_const($db, "CASHDESK_SERVICES", GETPOST('CASHDESK_SERVICES', 'alpha'), 'chaine', 0, '', $conf->entity); $res = dolibarr_set_const($db, "TAKEPOS_ROOT_CATEGORY_ID", GETPOST('TAKEPOS_ROOT_CATEGORY_ID', 'alpha'), 'chaine', 0, '', $conf->entity); diff --git a/htdocs/takepos/admin/setup.php b/htdocs/takepos/admin/setup.php index 67bc8edcdf3..0364ff4e64f 100644 --- a/htdocs/takepos/admin/setup.php +++ b/htdocs/takepos/admin/setup.php @@ -70,9 +70,6 @@ $error = 0; if ($action == 'set') { $db->begin(); - if (GETPOST('socid', 'int') < 0) { - $_POST["socid"] = ''; - } $res = dolibarr_set_const($db, "TAKEPOS_ROOT_CATEGORY_ID", GETPOST('TAKEPOS_ROOT_CATEGORY_ID', 'alpha'), 'chaine', 0, '', $conf->entity); $res = dolibarr_set_const($db, "TAKEPOS_SUPPLEMENTS_CATEGORY", GETPOST('TAKEPOS_SUPPLEMENTS_CATEGORY', 'alpha'), 'chaine', 0, '', $conf->entity); diff --git a/htdocs/takepos/admin/terminal.php b/htdocs/takepos/admin/terminal.php index 3e5bb4ccc46..52f451ae163 100644 --- a/htdocs/takepos/admin/terminal.php +++ b/htdocs/takepos/admin/terminal.php @@ -67,9 +67,6 @@ $terminaltouse = $terminal; if (GETPOST('action', 'alpha') == 'set') { $db->begin(); - if (GETPOST('socid', 'int') < 0) { - $_POST["socid"] = ''; - } $res = dolibarr_set_const($db, "CASHDESK_ID_THIRDPARTY".$terminaltouse, (GETPOST('socid', 'int') > 0 ? GETPOST('socid', 'int') : ''), 'chaine', 0, '', $conf->entity); diff --git a/htdocs/user/card.php b/htdocs/user/card.php index cfc63a01411..4c7063b5a32 100644 --- a/htdocs/user/card.php +++ b/htdocs/user/card.php @@ -199,12 +199,12 @@ if (empty($reshook)) { if ($action == 'add' && $canadduser) { $error = 0; - if (!$_POST["lastname"]) { + if (!GETPOST("lastname")) { $error++; setEventMessages($langs->trans("NameNotDefined"), null, 'errors'); $action = "create"; // Go back to create page } - if (!$_POST["login"]) { + if (!GETPOST("login")) { $error++; setEventMessages($langs->trans("LoginNotDefined"), null, 'errors'); $action = "create"; // Go back to create page @@ -441,7 +441,7 @@ if (empty($reshook)) { $object->lang = GETPOST('default_lang', 'aZ09'); if (!empty($conf->multicompany->enabled)) { - if (!empty($_POST["superadmin"])) { + if (GETPOST("superadmin")) { $object->entity = 0; } elseif (!empty($conf->global->MULTICOMPANY_TRANSVERSE_MODE)) { $object->entity = 1; // all users in master entity diff --git a/htdocs/user/group/card.php b/htdocs/user/group/card.php index 0d6d413ba0f..33921544b45 100644 --- a/htdocs/user/group/card.php +++ b/htdocs/user/group/card.php @@ -138,7 +138,7 @@ if (empty($reshook)) { if (!empty($conf->multicompany->enabled) && !empty($conf->global->MULTICOMPANY_TRANSVERSE_MODE)) { $object->entity = 0; } else { - $object->entity = $_POST["entity"]; + $object->entity = GETPOST("entity"); } $db->begin(); @@ -214,7 +214,7 @@ if (empty($reshook)) { if (!empty($conf->multicompany->enabled) && !empty($conf->global->MULTICOMPANY_TRANSVERSE_MODE)) { $object->entity = 0; } else { - $object->entity = $_POST["entity"]; + $object->entity = GETPOST("entity"); } $ret = $object->update();
'.$langs->trans("Date").''; - $datepaid = dol_mktime(12, 0, 0, $_POST["remonth"], $_POST["reday"], $_POST["reyear"]); - $datepayment = empty($conf->global->MAIN_AUTOFILL_DATE) ? (empty($_POST["remonth"]) ?-1 : $datepaid) : 0; + $datepaid = dol_mktime(12, 0, 0, GETPOST("remonth"), GETPOST("reday"), GETPOST("reyear")); + $datepayment = empty($conf->global->MAIN_AUTOFILL_DATE) ? (GETPOST("remonth") ? $datepaid : -1) : 0; print $form->selectDate($datepayment, '', 0, 0, 0, "add_payment", 1, 1, 0, '', '', $object->date, '', 1, $langs->trans("DonationDate")); print "
'; - print $form->load_tva('vatrate', (isset($_POST["vatrate"]) ? $_POST["vatrate"] : $line->vatrate), $mysoc, '', 0, 0, '', false, 1); + print $form->load_tva('vatrate', (GETPOSTISSET("vatrate") ? GETPOST("vatrate") : $line->vatrate), $mysoc, '', 0, 0, '', false, 1); print '
'.$langs->trans("Project").''; /* Fix: If a project must be linked to any companies (suppliers or not), project must be not be set as limited to customer but must be not linked to any particular thirdparty if ($societe->fournisseur==1) - $numprojet=select_projects(-1,$_POST["projectid"],'projectid'); + $numprojet=select_projects(-1, GETPOST("projectid", 'int'), 'projectid'); else - $numprojet=select_projects($societe->id,$_POST["projectid"],'projectid'); + $numprojet=select_projects($societe->id, GETPOST("projectid", 'int'), 'projectid'); */ $numprojet = $formproject->select_projects($soc->id, $projectid, 'projectid'); if ($numprojet == 0) { diff --git a/htdocs/fourn/commande/card.php b/htdocs/fourn/commande/card.php index fe854c72d48..6def24cf64b 100644 --- a/htdocs/fourn/commande/card.php +++ b/htdocs/fourn/commande/card.php @@ -1883,7 +1883,7 @@ if ($action == 'create') { // Confirmation de l'envoi de la commande if ($action == 'commande') { $date_com = dol_mktime(GETPOST('rehour'), GETPOST('remin'), GETPOST('resec'), GETPOST("remonth"), GETPOST("reday"), GETPOST("reyear")); - $formconfirm = $form->formconfirm($_SERVER['PHP_SELF']."?id=".$object->id."&datecommande=".$date_com."&methode=".$_POST["methodecommande"]."&comment=".urlencode($_POST["comment"]), $langs->trans("MakeOrder"), $langs->trans("ConfirmMakeOrder", dol_print_date($date_com, 'day')), "confirm_commande", '', 0, 2); + $formconfirm = $form->formconfirm($_SERVER['PHP_SELF']."?id=".$object->id."&datecommande=".$date_com."&methode=".GETPOST("methodecommande")."&comment=".urlencode(GETPOST("comment")), $langs->trans("MakeOrder"), $langs->trans("ConfirmMakeOrder", dol_print_date($date_com, 'day')), "confirm_commande", '', 0, 2); } // Confirmation to delete line diff --git a/htdocs/fourn/commande/dispatch.php b/htdocs/fourn/commande/dispatch.php index 0d48c7d30dd..0402fa7a99b 100644 --- a/htdocs/fourn/commande/dispatch.php +++ b/htdocs/fourn/commande/dispatch.php @@ -1046,7 +1046,7 @@ if ($id > 0 || !empty($ref)) { if (empty($conf->reception->enabled)) { print $langs->trans("Comment").' : '; print 'trans("DispatchSupplierOrder", $object->ref); + print GETPOSTISSET("comment") ? GETPOST("comment") : $langs->trans("DispatchSupplierOrder", $object->ref); // print ' / '.$object->ref_supplier; // Not yet available print '" class="flat">
'; diff --git a/htdocs/ftp/admin/ftpclient.php b/htdocs/ftp/admin/ftpclient.php index ab673e45447..5094f178cea 100644 --- a/htdocs/ftp/admin/ftpclient.php +++ b/htdocs/ftp/admin/ftpclient.php @@ -58,8 +58,8 @@ if ($result) { } if ($action == 'add' || GETPOST('modify', 'alpha')) { - $ftp_name = "FTP_NAME_".$entry; // $_POST["numero_entry"]; - $ftp_server = "FTP_SERVER_".$entry; //$_POST["numero_entry"]; + $ftp_name = "FTP_NAME_".$entry; + $ftp_server = "FTP_SERVER_".$entry; $error = 0; @@ -203,7 +203,7 @@ if (!function_exists('ftp_connect')) { print '
'.$langs->trans("FTPPassiveMode").''.$form->selectyesno('FTP_PASSIVE_'.($lastftpentry + 1), $defaultpassive, 2).'
'.$langs->trans("Ref").''; print ' '.$form->textwithpicto('', $langs->trans("YouCanCompleteRef", $suggestedref)); print '
'; - //$newdate=dol_mktime(12,0,0,$_POST["timemonth"],$_POST["timeday"],$_POST["timeyear"]); $newdate = ''; print $form->selectDate($newdate, 'time', ($conf->browser->layout == 'phone' ? 2 : 1), 1, 2, "timespent_date", 1, 0); print '
'.$langs->trans("RemainderToPay").''.price($total-$sumpaid,0,$outputlangs,1,-1,-1,$conf->currency).'
'.$langs->trans("Date").''; - $datepaye = dol_mktime(12, 0, 0, $_POST["remonth"], $_POST["reday"], $_POST["reyear"]); - $datepayment = empty($conf->global->MAIN_AUTOFILL_DATE) ? (empty($_POST["remonth"]) ?-1 : $datepaye) : ''; + $datepaye = dol_mktime(12, 0, 0, GETPOST("remonth", 'int'), GETPOST("reday", 'int'), GETPOST("reyear", 'int')); + $datepayment = empty($conf->global->MAIN_AUTOFILL_DATE) ? (GETPOST("remonth") ? $datepaye : -1) : ''; print $form->selectDate($datepayment, '', '', '', '', "add_payment", 1, 1); print "
'.$langs->trans("PaymentMode").''; - $form->select_types_paiements(isset($_POST["paiementtype"]) ? $_POST["paiementtype"] : $salary->type_payment, "paiementtype"); + $form->select_types_paiements(GETPOSTISSET("paiementtype") ? GETPOST("paiementtype") : $salary->type_payment, "paiementtype"); print "
'.$langs->trans('AccountToDebit').''; - $form->select_comptes(isset($_POST["accountid"]) ? $_POST["accountid"] : $salary->accountid, "accountid", 0, '', 1); // Show opend bank account list + $form->select_comptes(GETPOSTISSET("accountid") ? GETPOST("accountid", 'int') : $salary->accountid, "accountid", 0, '', 1); // Show opend bank account list print '