$_POST war

2021-03-24 19:53:31 +01:00
parent 047471c220
commit a5034d44f7
34 changed files with 122 additions and 136 deletions
--- a/htdocs/accountancy/admin/accountmodel.php
+++ b/htdocs/accountancy/admin/accountmodel.php
@@ -180,10 +180,6 @@ if (GETPOST('actionadd', 'alpha') || GETPOST('actionmodify', 'alpha')) {
 		}
 	}
 	// Other checks
 	if ($tabname[$id] == MAIN_DB_PREFIX."c_actioncomm" && GETPOSTISSET("type") && in_array($_POST["type"], array('system', 'systemauto'))) {
 		$ok = 0;
 		setEventMessages($langs->transnoentities('ErrorReservedTypeSystemSystemAuto'), null, 'errors');
 	}
 	if (GETPOSTISSET("pcg_version")) {
 		if (GETPOST("pcg_version") == '0') {
 			$ok = 0;
--- a/htdocs/accountancy/admin/categories_list.php
+++ b/htdocs/accountancy/admin/categories_list.php
@@ -185,7 +185,7 @@ if (GETPOST('actionadd', 'alpha') || GETPOST('actionmodify', 'alpha')) {
 		}
 	}
 	if (GETPOSTISSET("code")) {
-		if ($_POST["code"] == '0') {
+		if (GETPOST("code") == '0') {
 			$ok = 0;
 			setEventMessages($langs->transnoentities('ErrorCodeCantContainZero'), null, 'errors');
 		}
--- a/htdocs/accountancy/admin/fiscalyear_card.php
+++ b/htdocs/accountancy/admin/fiscalyear_card.php
@@ -121,8 +121,8 @@ if ($action == 'confirm_delete' && $confirm == "yes") {
 	if (!GETPOST('cancel', 'alpha')) {
 		$result = $object->fetch($id);
-		$object->date_start = empty($_POST["fiscalyear"]) ? '' : $date_start;
+		$object->date_start = GETPOST("fiscalyear") ? $date_start : '';
-		$object->date_end = empty($_POST["fiscalyearend"]) ? '' : $date_end;
+		$object->date_end = GETPOST("fiscalyearend") ? $date_end : '';
 		$object->label = GETPOST('label', 'alpha');
 		$object->statut = GETPOST('statut', 'int');
--- a/htdocs/adherents/canvas/actions_adherentcard_common.class.php
+++ b/htdocs/adherents/canvas/actions_adherentcard_common.class.php
@@ -253,23 +253,23 @@ abstract class ActionsAdherentCardCommon
 		// phpcs:enable
 		global $langs, $mysoc;
-		$this->object->old_name = $_POST["old_name"];
+		$this->object->old_name = GETPOST("old_name");
-		$this->object->old_firstname = $_POST["old_firstname"];
+		$this->object->old_firstname = GETPOST("old_firstname");
-		$this->object->fk_soc = $_POST["fk_soc"];
+		$this->object->fk_soc = GETPOST("fk_soc");
-		$this->object->lastname			= $_POST["lastname"];
+		$this->object->lastname			= GETPOST("lastname");
-		$this->object->firstname		= $_POST["firstname"];
+		$this->object->firstname		= GETPOST("firstname");
-		$this->object->civility_id = $_POST["civility_id"];
+		$this->object->civility_id = GETPOST("civility_id");
-		$this->object->address = $_POST["address"];
+		$this->object->address = GETPOST("address");
-		$this->object->zip = $_POST["zipcode"];
+		$this->object->zip = GETPOST("zipcode");
-		$this->object->town = $_POST["town"];
+		$this->object->town = GETPOST("town");
-		$this->object->country_id = $_POST["country_id"] ? $_POST["country_id"] : $mysoc->country_id;
+		$this->object->country_id = GETPOST("country_id", 'int') ? GETPOST("country_id", 'int') : $mysoc->country_id;
-		$this->object->state_id = $_POST["state_id"];
+		$this->object->state_id = GETPOST("state_id", 'int');
-		$this->object->phone_perso = $_POST["phone_perso"];
+		$this->object->phone_perso = GETPOST("phone_perso");
-		$this->object->phone_mobile = $_POST["phone_mobile"];
+		$this->object->phone_mobile = GETPOST("phone_mobile");
-		$this->object->email			= $_POST["email"];
+		$this->object->email			= GETPOST("email", 'alphawithlgt');
-		$this->object->note				= $_POST["note"];
+		$this->object->note				= GETPOST("note", 'restricthtml');
-		$this->object->canvas = $_POST["canvas"];
+		$this->object->canvas = GETPOST("canvas");
 		// We set country_id, and country_code label of the chosen country
 		if ($this->object->country_id) {
--- a/htdocs/core/class/commonobject.class.php
+++ b/htdocs/core/class/commonobject.class.php
@@ -1072,9 +1072,9 @@ abstract class CommonObject
 			// Insert into database
 			$sql = "INSERT INTO ".MAIN_DB_PREFIX."element_contact";
 			$sql .= " (element_id, fk_socpeople, datecreate, statut, fk_c_type_contact) ";
-			$sql .= " VALUES (".$this->id.", ".$fk_socpeople." , ";
+			$sql .= " VALUES (".$this->id.", ".((int) $fk_socpeople)." , ";
 			$sql .= "'".$this->db->idate($datecreate)."'";
-			$sql .= ", 4, ".$id_type_contact;
+			$sql .= ", 4, ".((int) $id_type_contact);
 			$sql .= ")";
 			$resql = $this->db->query($sql);
--- a/htdocs/core/class/discount.class.php
+++ b/htdocs/core/class/discount.class.php
@@ -144,13 +144,13 @@ class DiscountAbsolute
 		$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."facture as fsup ON sr.fk_invoice_supplier_source = fsup.rowid";
 		$sql .= " WHERE sr.entity IN (".getEntity('invoice').")";
 		if ($rowid) {
-			$sql .= " AND sr.rowid=".$rowid;
+			$sql .= " AND sr.rowid=".((int) $rowid);
 		}
 		if ($fk_facture_source) {
-			$sql .= " AND sr.fk_facture_source=".$fk_facture_source;
+			$sql .= " AND sr.fk_facture_source = ".((int) $fk_facture_source);
 		}
 		if ($fk_invoice_supplier_source) {
-			$sql .= " AND sr.fk_invoice_supplier_source=".$fk_invoice_supplier_source;
+			$sql .= " AND sr.fk_invoice_supplier_source = ".((int) $fk_invoice_supplier_source);
 		}
 		dol_syslog(get_class($this)."::fetch", LOG_DEBUG);
--- a/htdocs/core/lib/functions.lib.php
+++ b/htdocs/core/lib/functions.lib.php
@@ -355,6 +355,7 @@ function GETPOSTISSET($paramname)
 *                               'int'=check it's numeric (integer or float)
 *                               'intcomma'=check it's integer+comma ('1,2,3,4...')
 *                               'alpha'=Same than alphanohtml since v13
 *                               'alphawithlgt'=alpha with lgt
 *                               'alphanohtml'=check there is no html content and no " and no ../
 *                               'aZ'=check it's a-z only
 *                               'aZ09'=check it's simple alpha string (recommended for keys)
--- a/htdocs/core/modules/mailings/thirdparties.modules.php
+++ b/htdocs/core/modules/mailings/thirdparties.modules.php
@@ -83,13 +83,13 @@ class mailing_thirdparties extends MailingTargets
 			if (GETPOSTISSET("filter_client") && GETPOST("filter_client") <> '-1') {
 				$addFilter .= " AND s.client=".((int) GETPOST("filter_client", 'int'));
 				$addDescription = $langs->trans('ProspectCustomer')."=";
-				if ($_POST["filter_client"] == 0) {
+				if (GETPOST("filter_client") == 0) {
 					$addDescription .= $langs->trans('NorProspectNorCustomer');
-				} elseif ($_POST["filter_client"] == 1) {
+				} elseif (GETPOST("filter_client") == 1) {
 					$addDescription .= $langs->trans('Customer');
-				} elseif ($_POST["filter_client"] == 2) {
+				} elseif (GETPOST("filter_client") == 2) {
 					$addDescription .= $langs->trans('Prospect');
-				} elseif ($_POST["filter_client"] == 3) {
+				} elseif (GETPOST("filter_client") == 3) {
 					$addDescription .= $langs->trans('ProspectCustomer');
 				} else {
 					$addDescription .= "Unknown status ".GETPOST("filter_client");
--- a/htdocs/core/tpl/extrafields_view.tpl.php
+++ b/htdocs/core/tpl/extrafields_view.tpl.php
@@ -81,7 +81,7 @@ if (empty($reshook) && is_array($extrafields->attributes[$object->table_element]
 		if ($perms && isset($extrafields->attributes[$object->table_element]['perms'][$tmpkeyextra])) {
 			$perms = dol_eval($extrafields->attributes[$object->table_element]['perms'][$tmpkeyextra], 1);
 		}
-		//print $tmpkeyextra.'-'.$enabled.'-'.$perms.'-'.$tmplabelextra.$_POST["options_" . $tmpkeyextra].'<br>'."\n";
+		//print $tmpkeyextra.'-'.$enabled.'-'.$perms.'<br>'."\n";
 		if (empty($enabled)) {
 			continue; // 0 = Never visible field
--- a/htdocs/don/payment/payment.php
+++ b/htdocs/don/payment/payment.php
@@ -29,9 +29,10 @@ require_once DOL_DOCUMENT_ROOT.'/compta/bank/class/account.class.php';
 $langs->load("bills");
-$chid = GETPOST("rowid");
+$chid = GETPOST("rowid", 'int');
 $action = GETPOST('action', 'aZ09');
 $amounts = array();
 $cancel = GETPOST('cancel');
 // Security check
 $socid = 0;
@@ -49,15 +50,15 @@ $object = new Don($db);
 if ($action == 'add_payment') {
 	$error = 0;
-	if ($_POST["cancel"]) {
+	if ($cancel) {
 		$loc = DOL_URL_ROOT.'/don/card.php?rowid='.$chid;
 		header("Location: ".$loc);
 		exit;
 	}
-	$datepaid = dol_mktime(12, 0, 0, $_POST["remonth"], $_POST["reday"], $_POST["reyear"]);
+	$datepaid = dol_mktime(12, 0, 0, GETPOST("remonth"), GETPOST("reday"), GETPOST("reyear"));
-	if (!$_POST["paymenttype"] > 0) {
+	if (!(GETPOST("paymenttype") > 0)) {
 		setEventMessages($langs->trans("ErrorFieldRequired", $langs->transnoentities("PaymentMode")), null, 'errors');
 		$error++;
 	}
@@ -65,7 +66,7 @@ if ($action == 'add_payment') {
 		setEventMessages($langs->trans("ErrorFieldRequired", $langs->transnoentities("Date")), null, 'errors');
 		$error++;
 	}
-	if (!empty($conf->banque->enabled) && !$_POST["accountid"] > 0) {
+	if (!empty($conf->banque->enabled) && !(GETPOST("accountid", 'int') > 0)) {
 		setEventMessages($langs->trans("ErrorFieldRequired", $langs->transnoentities("AccountToCredit")), null, 'errors');
 		$error++;
 	}
@@ -183,8 +184,8 @@ if ($action == 'create') {
 	print '<table class="border centpercent tableforfieldcreate">';
 	print '<tr><td class="fieldrequired">'.$langs->trans("Date").'</td><td colspan="2">';
-	$datepaid = dol_mktime(12, 0, 0, $_POST["remonth"], $_POST["reday"], $_POST["reyear"]);
+	$datepaid = dol_mktime(12, 0, 0, GETPOST("remonth"), GETPOST("reday"), GETPOST("reyear"));
-	$datepayment = empty($conf->global->MAIN_AUTOFILL_DATE) ? (empty($_POST["remonth"]) ?-1 : $datepaid) : 0;
+	$datepayment = empty($conf->global->MAIN_AUTOFILL_DATE) ? (GETPOST("remonth") ? $datepaid : -1) : 0;
 	print $form->selectDate($datepayment, '', 0, 0, 0, "add_payment", 1, 1, 0, '', '', $object->date, '', 1, $langs->trans("DonationDate"));
 	print "</td>";
 	print '</tr>';
--- a/htdocs/expensereport/card.php
+++ b/htdocs/expensereport/card.php
@@ -2257,7 +2257,7 @@ if ($action == 'create') {
 							// VAT
 							print '<td class="right">';
-							print $form->load_tva('vatrate', (isset($_POST["vatrate"]) ? $_POST["vatrate"] : $line->vatrate), $mysoc, '', 0, 0, '', false, 1);
+							print $form->load_tva('vatrate', (GETPOSTISSET("vatrate") ? GETPOST("vatrate") : $line->vatrate), $mysoc, '', 0, 0, '', false, 1);
 							print '</td>';
 							// Unit price
--- a/htdocs/expensereport/payment/payment.php
+++ b/htdocs/expensereport/payment/payment.php
@@ -36,6 +36,7 @@ $ref = GETPOST('ref', 'alpha');
 $action = GETPOST('action', 'aZ09');
 $amounts = array();
 $accountid = GETPOST('accountid', 'int');
 $cancel = GETPOST('cancel');
 // Security check
 $socid = 0;
@@ -51,7 +52,7 @@ if ($user->socid > 0) {
 if ($action == 'add_payment') {
 	$error = 0;
-	if ($_POST["cancel"]) {
+	if ($cancel) {
 		$loc = DOL_URL_ROOT.'/expensereport/card.php?id='.$id;
 		header("Location: ".$loc);
 		exit;
@@ -64,9 +65,9 @@ if ($action == 'add_payment') {
 		setEventMessages($expensereport->error, $expensereport->errors, 'errors');
 	}
-	$datepaid = dol_mktime(12, 0, 0, $_POST["remonth"], $_POST["reday"], $_POST["reyear"]);
+	$datepaid = dol_mktime(12, 0, 0, GETPOST("remonth", 'int'), GETPOST("reday", 'int'), GETPOST("reyear", 'int'));
-	if (!($_POST["fk_typepayment"] > 0)) {
+	if (!(GETPOST("fk_typepayment", 'int') > 0)) {
 		setEventMessages($langs->trans("ErrorFieldRequired", $langs->transnoentities("PaymentMode")), null, 'errors');
 		$error++;
 	}
--- a/htdocs/fichinter/card.php
+++ b/htdocs/fichinter/card.php
@@ -875,9 +875,9 @@ if ($action == 'create') {
 			print '<tr><td>'.$langs->trans("Project").'</td><td>';
 			/* Fix: If a project must be linked to any companies (suppliers or not), project must be not be set as limited to customer but must be not linked to any particular thirdparty
 			if ($societe->fournisseur==1)
-				$numprojet=select_projects(-1,$_POST["projectid"],'projectid');
+				$numprojet=select_projects(-1, GETPOST("projectid", 'int'), 'projectid');
 			else
-				$numprojet=select_projects($societe->id,$_POST["projectid"],'projectid');
+				$numprojet=select_projects($societe->id, GETPOST("projectid", 'int'), 'projectid');
 				*/
 			$numprojet = $formproject->select_projects($soc->id, $projectid, 'projectid');
 			if ($numprojet == 0) {
--- a/htdocs/fourn/commande/card.php
+++ b/htdocs/fourn/commande/card.php
@@ -1883,7 +1883,7 @@ if ($action == 'create') {
 	// Confirmation de l'envoi de la commande
 	if ($action == 'commande') {
 		$date_com = dol_mktime(GETPOST('rehour'), GETPOST('remin'), GETPOST('resec'), GETPOST("remonth"), GETPOST("reday"), GETPOST("reyear"));
-		$formconfirm = $form->formconfirm($_SERVER['PHP_SELF']."?id=".$object->id."&datecommande=".$date_com."&methode=".$_POST["methodecommande"]."&comment=".urlencode($_POST["comment"]), $langs->trans("MakeOrder"), $langs->trans("ConfirmMakeOrder", dol_print_date($date_com, 'day')), "confirm_commande", '', 0, 2);
+		$formconfirm = $form->formconfirm($_SERVER['PHP_SELF']."?id=".$object->id."&datecommande=".$date_com."&methode=".GETPOST("methodecommande")."&comment=".urlencode(GETPOST("comment")), $langs->trans("MakeOrder"), $langs->trans("ConfirmMakeOrder", dol_print_date($date_com, 'day')), "confirm_commande", '', 0, 2);
 	}
 	// Confirmation to delete line
--- a/htdocs/fourn/commande/dispatch.php
+++ b/htdocs/fourn/commande/dispatch.php
@@ -1046,7 +1046,7 @@ if ($id > 0 || !empty($ref)) {
 				if (empty($conf->reception->enabled)) {
 					print $langs->trans("Comment").' : ';
 					print '<input type="text" class="minwidth400" maxlength="128" name="comment" value="';
-					print $_POST["comment"] ? GETPOST("comment") : $langs->trans("DispatchSupplierOrder", $object->ref);
+					print GETPOSTISSET("comment") ? GETPOST("comment") : $langs->trans("DispatchSupplierOrder", $object->ref);
 					// print ' / '.$object->ref_supplier; // Not yet available
 					print '" class="flat"><br>';
--- a/htdocs/ftp/admin/ftpclient.php
+++ b/htdocs/ftp/admin/ftpclient.php
@@ -58,8 +58,8 @@ if ($result) {
 }
 if ($action == 'add' || GETPOST('modify', 'alpha')) {
-	$ftp_name = "FTP_NAME_".$entry; // $_POST["numero_entry"];
+	$ftp_name = "FTP_NAME_".$entry;
-	$ftp_server = "FTP_SERVER_".$entry; //$_POST["numero_entry"];
+	$ftp_server = "FTP_SERVER_".$entry;
 	$error = 0;
@@ -203,7 +203,7 @@ if (!function_exists('ftp_connect')) {
 	print '<tr class="impair">';
 	print '<td>'.$langs->trans("FTPPassiveMode").'</td>';
 	$defaultpassive = GETPOST("FTP_PASSIVE_".($lastftpentry + 1));
-	if (!isset($_POST["FTP_PASSIVE_".($lastftpentry + 1)])) {
+	if (!GETPOSTISSET("FTP_PASSIVE_".($lastftpentry + 1))) {
 		$defaultpassive = empty($conf->global->FTP_SUGGEST_PASSIVE_BYDEFAULT) ? 0 : 1;
 	}
 	print '<td>'.$form->selectyesno('FTP_PASSIVE_'.($lastftpentry + 1), $defaultpassive, 2).'</td>';
--- a/htdocs/hrm/establishment/card.php
+++ b/htdocs/hrm/establishment/card.php
@@ -80,9 +80,9 @@ if ($action == 'confirm_delete' && $confirm == "yes") {
 		if (empty($error)) {
 			$object->address = GETPOST('address', 'alpha');
-			$object->zip 			= GETPOST('zipcode', 'alpha');
+			$object->zip = GETPOST('zipcode', 'alpha');
-			$object->town			= GETPOST('town', 'alpha');
+			$object->town = GETPOST('town', 'alpha');
-			$object->country_id     = $_POST["country_id"];
+			$object->country_id = GETPOST("country_id", 'int');
 			$object->status = GETPOST('status', 'int');
 			$object->fk_user_author	= $user->id;
 			$object->datec = dol_now();
--- a/htdocs/install/step1.php
+++ b/htdocs/install/step1.php
@@ -231,7 +231,6 @@ if (!$error) {
 					$databasefortest = 'master';
 				}
 			}
 			//print $_POST["db_type"].",".$_POST["db_host"].",$userroot,$passroot,$databasefortest,".$_POST["db_port"];
 			$db = getDoliDBInstance($db_type, $db_host, $userroot, $passroot, $databasefortest, $db_port);
--- a/htdocs/paybox/admin/paybox.php
+++ b/htdocs/paybox/admin/paybox.php
@@ -41,7 +41,7 @@ $action = GETPOST('action', 'aZ09');
 if ($action == 'setvalue' && $user->admin) {
 	$db->begin();
-	//$result=dolibarr_set_const($db, "PAYBOX_IBS_DEVISE",$_POST["PAYBOX_IBS_DEVISE"],'chaine',0,'',$conf->entity);
+	//$result=dolibarr_set_const($db, "PAYBOX_IBS_DEVISE", GETPOST("PAYBOX_IBS_DEVISE"),'chaine',0,'',$conf->entity);
 	$result = dolibarr_set_const($db, "PAYBOX_CGI_URL_V1", GETPOST('PAYBOX_CGI_URL_V1', 'alpha'), 'chaine', 0, '', $conf->entity);
 	if (!$result > 0) {
 		$error++;
--- a/htdocs/projet/card.php
+++ b/htdocs/projet/card.php
@@ -224,12 +224,10 @@ if (empty($reshook)) {
 		if (empty($ref)) {
 			$error++;
 			//$_GET["id"]=$_POST["id"]; // We return on the project card
 			setEventMessages($langs->trans("ErrorFieldRequired", $langs->transnoentities("Ref")), null, 'errors');
 		}
-		if (empty($_POST["title"])) {
+		if (!GETPOST("title")) {
 			$error++;
 			//$_GET["id"]=$_POST["id"]; // We return on the project card
 			setEventMessages($langs->trans("ErrorFieldRequired", $langs->transnoentities("ProjectLabel")), null, 'errors');
 		}
@@ -512,7 +510,7 @@ if ($action == 'create' && $user->rights->projet->creer) {
 	}
 	// Ref
-	$suggestedref = ($_POST["ref"] ? $_POST["ref"] : $defaultref);
+	$suggestedref = (GETPOST("ref") ? GETPOST("ref") : $defaultref);
 	print '<tr><td class="titlefieldcreate"><span class="fieldrequired">'.$langs->trans("Ref").'</span></td><td><input size="12" type="text" name="ref" value="'.dol_escape_htmltag($suggestedref).'">';
 	print ' '.$form->textwithpicto('', $langs->trans("YouCanCompleteRef", $suggestedref));
 	print '</td></tr>';
--- a/htdocs/projet/tasks.php
+++ b/htdocs/projet/tasks.php
@@ -297,7 +297,7 @@ if ($action == 'createtask' && $user->rights->projet->creer) {
 			$taskid = $task->create($user);
 			if ($taskid > 0) {
-				$result = $task->add_contact($_POST["userid"], 'TASKEXECUTIVE', 'internal');
+				$result = $task->add_contact(GETPOST("userid", 'int'), 'TASKEXECUTIVE', 'internal');
 			} else {
 				if ($db->lasterrno() == 'DB_ERROR_RECORD_ALREADY_EXISTS') {
 					$langs->load("projects");
--- a/htdocs/projet/tasks/task.php
+++ b/htdocs/projet/tasks/task.php
@@ -80,7 +80,7 @@ if ($action == 'update' && !GETPOST("cancel") && $user->rights->projet->creer) {
 		$error++;
 		setEventMessages($langs->trans("ErrorFieldRequired", $langs->transnoentities("Ref")), null, 'errors');
 	}
-	if (empty($_POST["label"])) {
+	if (!GETPOST("label")) {
 		$error++;
 		setEventMessages($langs->trans("ErrorFieldRequired", $langs->transnoentities("Label")), null, 'errors');
 	}
--- a/htdocs/projet/tasks/time.php
+++ b/htdocs/projet/tasks/time.php
@@ -158,7 +158,7 @@ if ($action == 'addtimespent' && $user->rights->projet->lire) {
 		setEventMessages($langs->trans('ErrorFieldRequired', $langs->transnoentitiesnoconv("Duration")), null, 'errors');
 		$error++;
 	}
-	if (empty($_POST["userid"])) {
+	if (!GETPOST("userid", 'int')) {
 		$langs->load("errors");
 		setEventMessages($langs->trans('ErrorUserNotAssignedToTask'), null, 'errors');
 		$error++;
@@ -185,19 +185,19 @@ if ($action == 'addtimespent' && $user->rights->projet->lire) {
 				$action = 'createtime';
 				$error++;
 			} else {
-				$object->timespent_note = $_POST["timespent_note"];
+				$object->timespent_note = GETPOST("timespent_note");
 				if (GETPOST('progress', 'int') > 0) {
 					$object->progress = GETPOST('progress', 'int'); // If progress is -1 (not defined), we do not change value
 				}
-				$object->timespent_duration = $_POST["timespent_durationhour"] * 60 * 60; // We store duration in seconds
+				$object->timespent_duration = GETPOST("timespent_durationhour") * 60 * 60; // We store duration in seconds
-				$object->timespent_duration += ($_POST["timespent_durationmin"] ? $_POST["timespent_durationmin"] : 0) * 60; // We store duration in seconds
+				$object->timespent_duration += (GETPOST("timespent_durationmin") ? GETPOST("timespent_durationmin") : 0) * 60; // We store duration in seconds
 				if (GETPOST("timehour") != '' && GETPOST("timehour") >= 0) {	// If hour was entered
 					$object->timespent_date = dol_mktime(GETPOST("timehour"), GETPOST("timemin"), 0, GETPOST("timemonth"), GETPOST("timeday"), GETPOST("timeyear"));
 					$object->timespent_withhour = 1;
 				} else {
 					$object->timespent_date = dol_mktime(12, 0, 0, GETPOST("timemonth"), GETPOST("timeday"), GETPOST("timeyear"));
 				}
-				$object->timespent_fk_user = $_POST["userid"];
+				$object->timespent_fk_user = GETPOST("userid", 'int');
 				$result = $object->addTimeSpent($user);
 				if ($result >= 0) {
 					setEventMessages($langs->trans("RecordSaved"), null, 'mesgs');
@@ -233,17 +233,17 @@ if (($action == 'updateline' || $action == 'updatesplitline') && !$cancel && $us
 			$result = $object->delTimeSpent($user);
 			$object->fetch($id, $ref);
-			$object->timespent_note = $_POST["timespent_note_line"];
+			$object->timespent_note = GETPOST("timespent_note_line");
-			$object->timespent_old_duration = $_POST["old_duration"];
+			$object->timespent_old_duration = GETPOST("old_duration");
-			$object->timespent_duration = $_POST["new_durationhour"] * 60 * 60; // We store duration in seconds
+			$object->timespent_duration = GETPOST("new_durationhour") * 60 * 60; // We store duration in seconds
-			$object->timespent_duration += ($_POST["new_durationmin"] ? $_POST["new_durationmin"] : 0) * 60; // We store duration in seconds
+			$object->timespent_duration += (GETPOST("new_durationmin") ? GETPOST("new_durationmin") : 0) * 60; // We store duration in seconds
 			if (GETPOST("timelinehour") != '' && GETPOST("timelinehour") >= 0) {	// If hour was entered
 				$object->timespent_date = dol_mktime(GETPOST("timelinehour"), GETPOST("timelinemin"), 0, GETPOST("timelinemonth"), GETPOST("timelineday"), GETPOST("timelineyear"));
 				$object->timespent_withhour = 1;
 			} else {
 				$object->timespent_date = dol_mktime(12, 0, 0, GETPOST("timelinemonth"), GETPOST("timelineday"), GETPOST("timelineyear"));
 			}
-			$object->timespent_fk_user = $_POST["userid_line"];
+			$object->timespent_fk_user = GETPOST("userid_line", 'int');
 			$result = $object->addTimeSpent($user);
 			if ($result >= 0) {
 				setEventMessages($langs->trans("RecordSaved"), null, 'mesgs');
@@ -255,18 +255,18 @@ if (($action == 'updateline' || $action == 'updatesplitline') && !$cancel && $us
 			$object->fetch($id, $ref);
 			// TODO Check that ($task_time->fk_user == $user->id || in_array($task_time->fk_user, $childids))
-			$object->timespent_id = $_POST["lineid"];
+			$object->timespent_id = GETPOST("lineid", 'int');
-			$object->timespent_note = $_POST["timespent_note_line"];
+			$object->timespent_note = GETPOST("timespent_note_line");
-			$object->timespent_old_duration = $_POST["old_duration"];
+			$object->timespent_old_duration = GETPOST("old_duration");
-			$object->timespent_duration = $_POST["new_durationhour"] * 60 * 60; // We store duration in seconds
+			$object->timespent_duration = GETPOST("new_durationhour") * 60 * 60; // We store duration in seconds
-			$object->timespent_duration += ($_POST["new_durationmin"] ? $_POST["new_durationmin"] : 0) * 60; // We store duration in seconds
+			$object->timespent_duration += (GETPOST("new_durationmin") ? GETPOST("new_durationmin") : 0) * 60; // We store duration in seconds
 			if (GETPOST("timelinehour") != '' && GETPOST("timelinehour") >= 0) {	// If hour was entered
 				$object->timespent_date = dol_mktime(GETPOST("timelinehour"), GETPOST("timelinemin"), 0, GETPOST("timelinemonth"), GETPOST("timelineday"), GETPOST("timelineyear"));
 				$object->timespent_withhour = 1;
 			} else {
 				$object->timespent_date = dol_mktime(12, 0, 0, GETPOST("timelinemonth"), GETPOST("timelineday"), GETPOST("timelineyear"));
 			}
-			$object->timespent_fk_user = $_POST["userid_line"];
+			$object->timespent_fk_user = GETPOST("userid_line", 'int');
 			$result = $object->updateTimeSpent($user);
 			if ($result >= 0) {
@@ -1141,7 +1141,6 @@ if (($id > 0 || !empty($ref)) || $projectidforalltimes > 0) {
 			// Date
 			print '<td class="maxwidthonsmartphone">';
 			//$newdate=dol_mktime(12,0,0,$_POST["timemonth"],$_POST["timeday"],$_POST["timeyear"]);
 			$newdate = '';
 			print $form->selectDate($newdate, 'time', ($conf->browser->layout == 'phone' ? 2 : 1), 1, 2, "timespent_date", 1, 0);
 			print '</td>';
--- a/htdocs/public/opensurvey/studs.php
+++ b/htdocs/public/opensurvey/studs.php
@@ -203,7 +203,6 @@ if ($testmodifier) {
 	//var_dump($_POST);exit;
 	$nouveauchoix = '';
 	for ($i = 0; $i < $nbcolonnes; $i++) {
 		//var_dump($_POST["choix$i"]);
 		if (GETPOSTISSET("choix".$i) && GETPOST("choix".$i) == '1') {
 			$nouveauchoix .= "1";
 		} elseif (GETPOSTISSET("choix".$i) && GETPOST("choix".$i) == '2') {
@@ -217,7 +216,7 @@ if ($testmodifier) {
 		accessforbidden('', 0, 0, 1);
 	}
-	$idtomodify = $_POST["idtomodify".$modifier];
+	$idtomodify = GETPOST("idtomodify".$modifier);
 	$sql = 'UPDATE '.MAIN_DB_PREFIX."opensurvey_user_studs";
 	$sql .= " SET reponses = '".$db->escape($nouveauchoix)."'";
 	$sql .= " WHERE id_users = '".$db->escape($idtomodify)."'";
--- a/htdocs/public/project/new.php
+++ b/htdocs/public/project/new.php
@@ -223,11 +223,11 @@ if (empty($reshook) && $action == 'add') {
 		$error++;
 		$errmsg .= $langs->trans("ErrorFieldRequired", $langs->transnoentitiesnoconv('Nature'))."<br>\n";
 	}
-	if (empty($_POST["lastname"])) {
+	if (!GETPOST("lastname")) {
 		$error++;
 		$errmsg .= $langs->trans("ErrorFieldRequired", $langs->transnoentitiesnoconv("Lastname"))."<br>\n";
 	}
-	if (empty($_POST["firstname"])) {
+	if (!GETPOST("firstname")) {
 		$error++;
 		$errmsg .= $langs->trans("ErrorFieldRequired", $langs->transnoentitiesnoconv("Firstname"))."<br>\n";
 	}
--- a/htdocs/salaries/paiement_salary.php
+++ b/htdocs/salaries/paiement_salary.php
@@ -33,6 +33,7 @@ $langs->load("bills");
 $chid = GETPOST("id", 'int');
 $action = GETPOST('action', 'alpha');
 $cancel = GETPOST('cancel', 'alpha');
 $amounts = array();
 // Security check
@@ -49,7 +50,7 @@ if ($user->socid > 0) {
 if ($action == 'add_payment' || ($action == 'confirm_paiement' && $confirm == 'yes')) {
 	$error = 0;
-	if ($_POST["cancel"]) {
+	if ($cancel) {
 		$loc = DOL_URL_ROOT.'/salaries/card.php?id='.$chid;
 		header("Location: ".$loc);
 		exit;
@@ -198,21 +199,21 @@ if ($action == 'create') {
 	print '<tr><td class="tdtop">'.$langs->trans("RemainderToPay").'</td><td>'.price($total-$sumpaid,0,$outputlangs,1,-1,-1,$conf->currency).'</td></tr>';*/
 	print '<tr><td class="fieldrequired">'.$langs->trans("Date").'</td><td>';
-	$datepaye = dol_mktime(12, 0, 0, $_POST["remonth"], $_POST["reday"], $_POST["reyear"]);
+	$datepaye = dol_mktime(12, 0, 0, GETPOST("remonth", 'int'), GETPOST("reday", 'int'), GETPOST("reyear", 'int'));
-	$datepayment = empty($conf->global->MAIN_AUTOFILL_DATE) ? (empty($_POST["remonth"]) ?-1 : $datepaye) : '';
+	$datepayment = empty($conf->global->MAIN_AUTOFILL_DATE) ? (GETPOST("remonth") ? $datepaye : -1) : '';
 	print $form->selectDate($datepayment, '', '', '', '', "add_payment", 1, 1);
 	print "</td>";
 	print '</tr>';
 	print '<tr><td class="fieldrequired">'.$langs->trans("PaymentMode").'</td><td>';
-	$form->select_types_paiements(isset($_POST["paiementtype"]) ? $_POST["paiementtype"] : $salary->type_payment, "paiementtype");
+	$form->select_types_paiements(GETPOSTISSET("paiementtype") ? GETPOST("paiementtype") : $salary->type_payment, "paiementtype");
 	print "</td>\n";
 	print '</tr>';
 	print '<tr>';
 	print '<td class="fieldrequired">'.$langs->trans('AccountToDebit').'</td>';
 	print '<td>';
-	$form->select_comptes(isset($_POST["accountid"]) ? $_POST["accountid"] : $salary->accountid, "accountid", 0, '', 1); // Show opend bank account list
+	$form->select_comptes(GETPOSTISSET("accountid") ? GETPOST("accountid", 'int') : $salary->accountid, "accountid", 0, '', 1); // Show opend bank account list
 	print '</td></tr>';
 	// Number
--- a/htdocs/societe/canvas/actions_card_common.class.php
+++ b/htdocs/societe/canvas/actions_card_common.class.php
@@ -387,40 +387,40 @@ abstract class ActionsCardCommon
 		// phpcs:enable
 		global $langs, $mysoc;
-		$this->object->id = $_POST["socid"];
+		$this->object->id = GETPOST("socid");
-		$this->object->name = $_POST["nom"];
+		$this->object->name = GETPOST("nom");
-		$this->object->prefix_comm			= $_POST["prefix_comm"];
+		$this->object->prefix_comm			= GETPOST("prefix_comm");
-		$this->object->client = $_POST["client"];
+		$this->object->client = GETPOST("client");
-		$this->object->code_client			= $_POST["code_client"];
+		$this->object->code_client			= GETPOST("code_client");
-		$this->object->fournisseur			= $_POST["fournisseur"];
+		$this->object->fournisseur			= GETPOST("fournisseur");
-		$this->object->code_fournisseur = $_POST["code_fournisseur"];
+		$this->object->code_fournisseur = GETPOST("code_fournisseur");
-		$this->object->address = $_POST["adresse"];
+		$this->object->address = GETPOST("adresse");
-		$this->object->zip = $_POST["zipcode"];
+		$this->object->zip = GETPOST("zipcode");
-		$this->object->town					= $_POST["town"];
+		$this->object->town					= GETPOST("town");
-		$this->object->country_id = $_POST["country_id"] ? $_POST["country_id"] : $mysoc->country_id;
+		$this->object->country_id = GETPOST("country_id") ? GETPOST("country_id") : $mysoc->country_id;
-		$this->object->state_id = $_POST["state_id"];
+		$this->object->state_id = GETPOST("state_id");
-		$this->object->phone				= $_POST["tel"];
+		$this->object->phone				= GETPOST("tel");
-		$this->object->fax					= $_POST["fax"];
+		$this->object->fax					= GETPOST("fax");
-		$this->object->email				= $_POST["email"];
+		$this->object->email				= GETPOST("email", 'alphawithlgt');
-		$this->object->url					= $_POST["url"];
+		$this->object->url					= GETPOST("url");
-		$this->object->capital				= $_POST["capital"];
+		$this->object->capital				= GETPOST("capital");
-		$this->object->idprof1				= $_POST["idprof1"];
+		$this->object->idprof1				= GETPOST("idprof1");
-		$this->object->idprof2				= $_POST["idprof2"];
+		$this->object->idprof2				= GETPOST("idprof2");
-		$this->object->idprof3				= $_POST["idprof3"];
+		$this->object->idprof3				= GETPOST("idprof3");
-		$this->object->idprof4				= $_POST["idprof4"];
+		$this->object->idprof4				= GETPOST("idprof4");
-		$this->object->typent_id = $_POST["typent_id"];
+		$this->object->typent_id = GETPOST("typent_id");
-		$this->object->effectif_id = $_POST["effectif_id"];
+		$this->object->effectif_id = GETPOST("effectif_id");
-		$this->object->barcode				= $_POST["barcode"];
+		$this->object->barcode				= GETPOST("barcode");
-		$this->object->forme_juridique_code = $_POST["forme_juridique_code"];
+		$this->object->forme_juridique_code = GETPOST("forme_juridique_code");
-		$this->object->default_lang			= $_POST["default_lang"];
+		$this->object->default_lang			= GETPOST("default_lang");
-		$this->object->commercial_id		= $_POST["commercial_id"];
+		$this->object->commercial_id		= GETPOST("commercial_id");
-		$this->object->tva_assuj = $_POST["assujtva_value"] ? $_POST["assujtva_value"] : 1;
+		$this->object->tva_assuj = GETPOST("assujtva_value") ? GETPOST("assujtva_value") : 1;
-		$this->object->tva_intra = $_POST["tva_intra"];
+		$this->object->tva_intra = GETPOST("tva_intra");
 		//Local Taxes
-		$this->object->localtax1_assuj		= $_POST["localtax1assuj_value"];
+		$this->object->localtax1_assuj		= GETPOST("localtax1assuj_value");
-		$this->object->localtax2_assuj		= $_POST["localtax2assuj_value"];
+		$this->object->localtax2_assuj		= GETPOST("localtax2assuj_value");
 		// We set country_id, and country_code label of the chosen country
 		if ($this->object->country_id) {
--- a/htdocs/supplier_proposal/card.php
+++ b/htdocs/supplier_proposal/card.php
@@ -505,9 +505,9 @@ if (empty($reshook)) {
 			$object->generateDocument($object->model_pdf, $outputlangs, $hidedetails, $hidedesc, $hideref);
 		}
 	} elseif ($action == "setabsolutediscount" && $usercancreate) {
-		if ($_POST["remise_id"]) {
+		if (GETPOST("remise_id", 'int')) {
 			if ($object->id > 0) {
-				$result = $object->insert_discount($_POST["remise_id"]);
+				$result = $object->insert_discount(GETPOST("remise_id", 'int'));
 				if ($result < 0) {
 					setEventMessages($object->error, $object->errors, 'errors');
 				}
--- a/htdocs/supplier_proposal/contact.php
+++ b/htdocs/supplier_proposal/contact.php
@@ -58,7 +58,7 @@ if ($action == 'addcontact' && $permissiontoedit) {
 	if ($result > 0 && $id > 0) {
 		$contactid = (GETPOST('userid') ? GETPOST('userid') : GETPOST('contactid'));
-		$result = $object->add_contact($contactid, $_POST["type"], $_POST["source"]);
+		$result = $object->add_contact($contactid, GETPOST("type"), GETPOST("source"));
 	}
 	if ($result >= 0) {
--- a/htdocs/takepos/admin/other.php
+++ b/htdocs/takepos/admin/other.php
@@ -63,9 +63,6 @@ if ($resql) {
 if (GETPOST('action', 'alpha') == 'set') {
 	$db->begin();
 	if (GETPOST('socid', 'int') < 0) {
 		$_POST["socid"] = '';
 	}
 	$res = dolibarr_set_const($db, "CASHDESK_SERVICES", GETPOST('CASHDESK_SERVICES', 'alpha'), 'chaine', 0, '', $conf->entity);
 	$res = dolibarr_set_const($db, "TAKEPOS_ROOT_CATEGORY_ID", GETPOST('TAKEPOS_ROOT_CATEGORY_ID', 'alpha'), 'chaine', 0, '', $conf->entity);
--- a/htdocs/takepos/admin/setup.php
+++ b/htdocs/takepos/admin/setup.php
@@ -70,9 +70,6 @@ $error = 0;
 if ($action == 'set') {
 	$db->begin();
 	if (GETPOST('socid', 'int') < 0) {
 		$_POST["socid"] = '';
 	}
 	$res = dolibarr_set_const($db, "TAKEPOS_ROOT_CATEGORY_ID", GETPOST('TAKEPOS_ROOT_CATEGORY_ID', 'alpha'), 'chaine', 0, '', $conf->entity);
 	$res = dolibarr_set_const($db, "TAKEPOS_SUPPLEMENTS_CATEGORY", GETPOST('TAKEPOS_SUPPLEMENTS_CATEGORY', 'alpha'), 'chaine', 0, '', $conf->entity);
--- a/htdocs/takepos/admin/terminal.php
+++ b/htdocs/takepos/admin/terminal.php
@@ -67,9 +67,6 @@ $terminaltouse = $terminal;
 if (GETPOST('action', 'alpha') == 'set') {
 	$db->begin();
 	if (GETPOST('socid', 'int') < 0) {
 		$_POST["socid"] = '';
 	}
 	$res = dolibarr_set_const($db, "CASHDESK_ID_THIRDPARTY".$terminaltouse, (GETPOST('socid', 'int') > 0 ? GETPOST('socid', 'int') : ''), 'chaine', 0, '', $conf->entity);
--- a/htdocs/user/card.php
+++ b/htdocs/user/card.php
@@ -199,12 +199,12 @@ if (empty($reshook)) {
 	if ($action == 'add' && $canadduser) {
 		$error = 0;
-		if (!$_POST["lastname"]) {
+		if (!GETPOST("lastname")) {
 			$error++;
 			setEventMessages($langs->trans("NameNotDefined"), null, 'errors');
 			$action = "create"; // Go back to create page
 		}
-		if (!$_POST["login"]) {
+		if (!GETPOST("login")) {
 			$error++;
 			setEventMessages($langs->trans("LoginNotDefined"), null, 'errors');
 			$action = "create"; // Go back to create page
@@ -441,7 +441,7 @@ if (empty($reshook)) {
 				$object->lang = GETPOST('default_lang', 'aZ09');
 				if (!empty($conf->multicompany->enabled)) {
-					if (!empty($_POST["superadmin"])) {
+					if (GETPOST("superadmin")) {
 						$object->entity = 0;
 					} elseif (!empty($conf->global->MULTICOMPANY_TRANSVERSE_MODE)) {
 						$object->entity = 1; // all users in master entity
--- a/htdocs/user/group/card.php
+++ b/htdocs/user/group/card.php
@@ -138,7 +138,7 @@ if (empty($reshook)) {
 				if (!empty($conf->multicompany->enabled) && !empty($conf->global->MULTICOMPANY_TRANSVERSE_MODE)) {
 					$object->entity = 0;
 				} else {
-					$object->entity = $_POST["entity"];
+					$object->entity = GETPOST("entity");
 				}
 				$db->begin();
@@ -214,7 +214,7 @@ if (empty($reshook)) {
 			if (!empty($conf->multicompany->enabled) && !empty($conf->global->MULTICOMPANY_TRANSVERSE_MODE)) {
 				$object->entity = 0;
 			} else {
-				$object->entity = $_POST["entity"];
+				$object->entity = GETPOST("entity");
 			}
 			$ret = $object->update();