Wavyzz/dolibarr-fork
2
0
Fork 0
forked from Wavyzz/dolibarr
Code Pull Requests Activity

Fix: Form should use POST. GET has too much bad side effects.

Browse Source
This commit is contained in:
Laurent Destailleur
2015-11-29 14:09:22 +01:00
parent b0e938fab4
commit bb627e32d3
1 changed files with 11 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
htdocs/commande/list.php
View File

@@ -251,7 +251,9 @@ if ($resql)
if ($viewstatut == -3) if ($viewstatut == -3)
$title.=' - '.$langs->trans('StatusOrderValidated').', '.(empty($conf->expedition->enabled)?'':$langs->trans("StatusOrderSent").', ').$langs->trans('StatusOrderToBill'); $title.=' - '.$langs->trans('StatusOrderValidated').', '.(empty($conf->expedition->enabled)?'':$langs->trans("StatusOrderSent").', ').$langs->trans('StatusOrderToBill');
$param='&socid='.$socid.'&viewstatut='.$viewstatut; $param='';
if ($socid > 0) $param.='&socid='.$socid;
if ($viewstatut != '') $param.='&viewstatut='.$viewstatut;
if ($ordermonth) $param.='&ordermonth='.$ordermonth; if ($ordermonth) $param.='&ordermonth='.$ordermonth;
if ($orderyear) $param.='&orderyear='.$orderyear; if ($orderyear) $param.='&orderyear='.$orderyear;
if ($deliverymonth) $param.='&deliverymonth='.$deliverymonth; if ($deliverymonth) $param.='&deliverymonth='.$deliverymonth;
@@ -262,14 +264,13 @@ if ($resql)
if ($search_user > 0) $param.='&search_user='.$search_user; if ($search_user > 0) $param.='&search_user='.$search_user;
if ($search_sale > 0) $param.='&search_sale='.$search_sale; if ($search_sale > 0) $param.='&search_sale='.$search_sale;
if ($search_total_ht != '') $param.='&search_total_ht='.$search_total_ht; if ($search_total_ht != '') $param.='&search_total_ht='.$search_total_ht;
if ($optioncss != '') $param.='&optioncss='.$optioncss; if ($optioncss != '') $param.='&optioncss='.$optioncss;
$num = $db->num_rows($resql); $num = $db->num_rows($resql);
print_barre_liste($title, $page,$_SERVER["PHP_SELF"],$param,$sortfield,$sortorder,'',$num,$nbtotalofrecords,'title_commercial.png'); print_barre_liste($title, $page,$_SERVER["PHP_SELF"],$param,$sortfield,$sortorder,'',$num,$nbtotalofrecords,'title_commercial.png');
$i = 0;
// Lignes des champs de filtre // Lignes des champs de filtre
print '<form method="GET" action="'.$_SERVER["PHP_SELF"].'">'; print '<form method="POST" action="'.$_SERVER["PHP_SELF"].'">';
if ($optioncss != '') print '<input type="hidden" name="optioncss" value="'.$optioncss.'">'; if ($optioncss != '') print '<input type="hidden" name="optioncss" value="'.$optioncss.'">';
print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">'; print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
print '<input type="hidden" name="action" value="list">'; print '<input type="hidden" name="action" value="list">';
@@ -376,7 +377,8 @@ if ($resql)
$total=0; $total=0;
$subtotal=0; $subtotal=0;
$productstat_cache=array(); $productstat_cache=array();
$i=0;
$generic_commande = new Commande($db); $generic_commande = new Commande($db);
$generic_product = new Product($db); $generic_product = new Product($db);
while ($i < min($num,$limit)) while ($i < min($num,$limit))
@@ -413,8 +415,8 @@ if ($resql)
$text_info=''; $text_info='';
$nbprod=0; $nbprod=0;
$num = count($generic_commande->lines); // Loop on each line of order $numlines = count($generic_commande->lines); // Loop on each line of order
for ($lig=0; $lig < $num; $lig++) for ($lig=0; $lig < $numlines; $lig++)
{ {
if ($generic_commande->lines[$lig]->product_type == 0 && $generic_commande->lines[$lig]->fk_product > 0) // If line is a product and not a service if ($generic_commande->lines[$lig]->product_type == 0 && $generic_commande->lines[$lig]->fk_product > 0) // If line is a product and not a service
{ {
@@ -497,6 +499,7 @@ if ($resql)
$text_info = $langs->trans('NonShippable').'<br>'.$text_info; $text_info = $langs->trans('NonShippable').'<br>'.$text_info;
} }
} }
print '<td>'; print '<td>';
if ($nbprod) if ($nbprod)
{ {