From c4b5f5a24919ddcf91b86f1d1bafd0bdeec153b5 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Fri, 18 Sep 2020 01:29:17 +0200 Subject: [PATCH] Maxi clean of code --- htdocs/adherents/admin/adherent_emails.php | 4 +- htdocs/adherents/card.php | 1 - htdocs/adherents/type.php | 4 +- htdocs/admin/accountant.php | 4 +- htdocs/admin/bom.php | 2 +- htdocs/admin/chequereceipts.php | 2 +- htdocs/admin/commande.php | 2 +- htdocs/admin/company.php | 4 +- htdocs/admin/const.php | 2 +- htdocs/admin/contract.php | 2 +- htdocs/admin/defaultvalues.php | 2 +- htdocs/admin/emailcollector_card.php | 4 +- htdocs/admin/expedition.php | 2 +- htdocs/admin/expensereport.php | 2 +- htdocs/admin/facture.php | 2 +- htdocs/admin/fichinter.php | 2 +- htdocs/admin/holiday.php | 2 +- htdocs/admin/ihm.php | 4 +- htdocs/admin/livraison.php | 2 +- htdocs/admin/mrp.php | 2 +- htdocs/admin/notification.php | 2 +- htdocs/admin/payment.php | 2 +- htdocs/admin/propal.php | 2 +- htdocs/admin/reception_setup.php | 2 +- htdocs/admin/security_file.php | 4 +- htdocs/admin/supplier_invoice.php | 2 +- htdocs/admin/supplier_order.php | 2 +- htdocs/admin/supplier_proposal.php | 2 +- htdocs/admin/tools/listevents.php | 4 +- htdocs/admin/translation.php | 2 +- htdocs/categories/traduction.php | 4 +- htdocs/comm/action/card.php | 8 +- htdocs/comm/action/index.php | 6 +- htdocs/comm/card.php | 2 +- htdocs/comm/mailing/card.php | 2 +- htdocs/comm/propal/card.php | 20 ++-- htdocs/commande/card.php | 8 +- htdocs/compta/bank/card.php | 4 +- htdocs/compta/bank/various_payment/card.php | 4 +- htdocs/compta/facture/card-rec.php | 12 +-- htdocs/compta/facture/card.php | 92 +++++++++---------- htdocs/compta/facture/class/facture.class.php | 4 +- htdocs/compta/paiement.php | 2 +- htdocs/compta/paiement/card.php | 2 +- htdocs/compta/paiement_charge.php | 4 +- htdocs/compta/tva/card.php | 2 +- htdocs/contact/card.php | 8 +- htdocs/contrat/card.php | 4 +- htdocs/core/actions_addupdatedelete.inc.php | 8 +- .../core/actions_changeselectedfields.inc.php | 2 +- htdocs/core/actions_comments.inc.php | 4 +- htdocs/core/actions_linkedfiles.inc.php | 2 +- htdocs/core/actions_massactions.inc.php | 6 +- htdocs/core/actions_sendmails.inc.php | 4 +- htdocs/core/actions_setnotes.inc.php | 4 +- htdocs/core/ajax/selectsearchbox.php | 2 +- htdocs/core/class/commonobject.class.php | 8 +- htdocs/core/class/html.formmail.class.php | 10 +- htdocs/core/class/html.formticket.class.php | 2 +- htdocs/core/tpl/admin_extrafields_add.tpl.php | 2 +- htdocs/core/tpl/commonfields_add.tpl.php | 2 +- htdocs/core/tpl/commonfields_edit.tpl.php | 2 +- htdocs/core/tpl/extrafields_view.tpl.php | 2 +- htdocs/core/tpl/objectline_create.tpl.php | 2 +- htdocs/don/admin/donation.php | 2 +- htdocs/don/card.php | 10 +- htdocs/don/payment/payment.php | 2 +- htdocs/ecm/index.php | 2 +- htdocs/expedition/card.php | 6 +- htdocs/expedition/shipment.php | 2 +- htdocs/expensereport/card.php | 14 +-- htdocs/expensereport/payment/payment.php | 2 +- htdocs/externalsite/admin/externalsite.php | 4 +- htdocs/fichinter/card.php | 16 ++-- htdocs/fourn/card.php | 2 +- htdocs/fourn/commande/card.php | 10 +- htdocs/fourn/commande/orderstoinvoice.php | 4 +- htdocs/fourn/facture/card.php | 20 ++-- htdocs/fourn/paiement/card.php | 2 +- htdocs/holiday/card.php | 2 +- htdocs/install/step1.php | 4 +- htdocs/livraison/card.php | 2 +- htdocs/loan/card.php | 4 +- htdocs/loan/payment/payment.php | 4 +- htdocs/modulebuilder/admin/setup.php | 2 +- htdocs/modulebuilder/index.php | 4 +- htdocs/product/card.php | 12 +-- htdocs/product/stock/card.php | 2 +- htdocs/product/stock/movement_list.php | 2 +- htdocs/product/stock/productlot_card.php | 2 +- htdocs/projet/card.php | 6 +- htdocs/public/members/new.php | 4 +- htdocs/public/opensurvey/studs.php | 4 +- htdocs/public/payment/paymentko.php | 2 +- htdocs/public/ticket/create_ticket.php | 8 +- htdocs/reception/card.php | 7 +- .../recruitmentjobposition_card.php | 2 +- htdocs/salaries/card.php | 2 +- htdocs/salaries/list.php | 2 +- htdocs/societe/card.php | 2 +- htdocs/societe/list.php | 6 +- htdocs/supplier_proposal/card.php | 12 ++- htdocs/ticket/card.php | 2 +- htdocs/ticket/class/ticket.class.php | 2 +- htdocs/user/card.php | 7 +- htdocs/user/group/card.php | 4 +- htdocs/user/note.php | 2 +- htdocs/website/index.php | 12 +-- htdocs/website/samples/wrapper.php | 4 +- 109 files changed, 276 insertions(+), 277 deletions(-) diff --git a/htdocs/adherents/admin/adherent_emails.php b/htdocs/adherents/admin/adherent_emails.php index 4c4e86cbcff..a3550e4a35a 100644 --- a/htdocs/adherents/admin/adherent_emails.php +++ b/htdocs/adherents/admin/adherent_emails.php @@ -83,9 +83,9 @@ if ($action == 'update' || $action == 'add') { $constlineid = GETPOST('rowid', 'int'); $constname = GETPOST('constname', 'alpha'); - $constvalue = (GETPOSTISSET('constvalue_'.$constname) ? GETPOST('constvalue_'.$constname, 'alpha') : GETPOST('constvalue')); + $constvalue = (GETPOSTISSET('constvalue_'.$constname) ? GETPOST('constvalue_'.$constname, 'alphanohtml') : GETPOST('constvalue')); $consttype = (GETPOSTISSET('consttype_'.$constname) ? GETPOST('consttype_'.$constname, 'alphanohtml') : GETPOST('consttype')); - $constnote = (GETPOSTISSET('constnote_'.$constname) ? GETPOST('constnote_'.$constname, 'none') : GETPOST('constnote')); + $constnote = (GETPOSTISSET('constnote_'.$constname) ? GETPOST('constnote_'.$constname, 'restricthtml') : GETPOST('constnote')); $typetouse = empty($oldtypetonewone[$consttype]) ? $consttype : $oldtypetonewone[$consttype]; $constvalue = preg_replace('/:member$/', '', $constvalue); diff --git a/htdocs/adherents/card.php b/htdocs/adherents/card.php index 3ca274741d9..90151eca32b 100644 --- a/htdocs/adherents/card.php +++ b/htdocs/adherents/card.php @@ -407,7 +407,6 @@ if (empty($reshook)) { $login = GETPOST("member_login", 'alphanohtml'); $pass = GETPOST("password", 'alpha'); $photo = GETPOST("photo", 'alpha'); - //$comment=GETPOST("comment",'none'); $morphy = GETPOST("morphy", 'alphanohtml'); $public = GETPOST("public", 'alphanohtml'); diff --git a/htdocs/adherents/type.php b/htdocs/adherents/type.php index 10d7b52bf5d..853e22bfbc9 100644 --- a/htdocs/adherents/type.php +++ b/htdocs/adherents/type.php @@ -66,8 +66,8 @@ $subscription = GETPOST("subscription", "int"); $duration_value = GETPOST('duration_value', 'int'); $duration_unit = GETPOST('duration_unit', 'alpha'); $vote = GETPOST("vote", "int"); -$comment = GETPOST("comment", 'none'); -$mail_valid = GETPOST("mail_valid", 'none'); +$comment = GETPOST("comment", 'restricthtml'); +$mail_valid = GETPOST("mail_valid", 'restricthtml'); // Security check $result = restrictedArea($user, 'adherent', $rowid, 'adherent_type'); diff --git a/htdocs/admin/accountant.php b/htdocs/admin/accountant.php index c8c082db6ae..b039032b9c2 100644 --- a/htdocs/admin/accountant.php +++ b/htdocs/admin/accountant.php @@ -62,7 +62,7 @@ if (($action == 'update' && !GETPOST("cancel", 'alpha')) dolibarr_set_const($db, "MAIN_INFO_ACCOUNTANT_MAIL", GETPOST("mail", 'alpha'), 'chaine', 0, '', $conf->entity); dolibarr_set_const($db, "MAIN_INFO_ACCOUNTANT_WEB", GETPOST("web", 'alpha'), 'chaine', 0, '', $conf->entity); dolibarr_set_const($db, "MAIN_INFO_ACCOUNTANT_CODE", GETPOST("code", 'nohtml'), 'chaine', 0, '', $conf->entity); - dolibarr_set_const($db, "MAIN_INFO_ACCOUNTANT_NOTE", GETPOST("note", 'none'), 'chaine', 0, '', $conf->entity); + dolibarr_set_const($db, "MAIN_INFO_ACCOUNTANT_NOTE", GETPOST("note", 'restricthtml'), 'chaine', 0, '', $conf->entity); if ($action != 'updateedit' && !$error) { @@ -164,7 +164,7 @@ print ''; -print ''; +print ''; print ''; print ''; diff --git a/htdocs/admin/bom.php b/htdocs/admin/bom.php index 5c19bd516ea..1f19cb75b77 100644 --- a/htdocs/admin/bom.php +++ b/htdocs/admin/bom.php @@ -151,7 +151,7 @@ elseif ($action == 'setdoc') } } elseif ($action == 'set_BOM_FREE_TEXT') { - $freetext = GETPOST("BOM_FREE_TEXT", 'none'); // No alpha here, we want exact string + $freetext = GETPOST("BOM_FREE_TEXT", 'restricthtml'); // No alpha here, we want exact string $res = dolibarr_set_const($db, "BOM_FREE_TEXT", $freetext, 'chaine', 0, '', $conf->entity); diff --git a/htdocs/admin/chequereceipts.php b/htdocs/admin/chequereceipts.php index ab506a08fde..096ffbe02c8 100644 --- a/htdocs/admin/chequereceipts.php +++ b/htdocs/admin/chequereceipts.php @@ -72,7 +72,7 @@ if ($action == 'setmod') if ($action == 'set_BANK_CHEQUERECEIPT_FREE_TEXT') { - $freetext = GETPOST('BANK_CHEQUERECEIPT_FREE_TEXT', 'none'); // No alpha here, we want exact string + $freetext = GETPOST('BANK_CHEQUERECEIPT_FREE_TEXT', 'restricthtml'); // No alpha here, we want exact string $res = dolibarr_set_const($db, "BANK_CHEQUERECEIPT_FREE_TEXT", $freetext, 'chaine', 0, '', $conf->entity); diff --git a/htdocs/admin/commande.php b/htdocs/admin/commande.php index 74dbfcf75c7..9add7675da6 100644 --- a/htdocs/admin/commande.php +++ b/htdocs/admin/commande.php @@ -160,7 +160,7 @@ elseif ($action == 'setdoc') } } elseif ($action == 'set_ORDER_FREE_TEXT') { - $freetext = GETPOST("ORDER_FREE_TEXT", 'none'); // No alpha here, we want exact string + $freetext = GETPOST("ORDER_FREE_TEXT", 'restricthtml'); // No alpha here, we want exact string $res = dolibarr_set_const($db, "ORDER_FREE_TEXT", $freetext, 'chaine', 0, '', $conf->entity); diff --git a/htdocs/admin/company.php b/htdocs/admin/company.php index e5c20f647e5..8211fd1cadf 100644 --- a/htdocs/admin/company.php +++ b/htdocs/admin/company.php @@ -100,7 +100,7 @@ if (($action == 'update' && !GETPOST("cancel", 'alpha')) dolibarr_set_const($db, "MAIN_INFO_SOCIETE_FAX", GETPOST("fax", 'alphanohtml'), 'chaine', 0, '', $conf->entity); dolibarr_set_const($db, "MAIN_INFO_SOCIETE_MAIL", GETPOST("mail", 'alphanohtml'), 'chaine', 0, '', $conf->entity); dolibarr_set_const($db, "MAIN_INFO_SOCIETE_WEB", GETPOST("web", 'alphanohtml'), 'chaine', 0, '', $conf->entity); - dolibarr_set_const($db, "MAIN_INFO_SOCIETE_NOTE", GETPOST("note", 'none'), 'chaine', 0, '', $conf->entity); + dolibarr_set_const($db, "MAIN_INFO_SOCIETE_NOTE", GETPOST("note", 'restricthtml'), 'chaine', 0, '', $conf->entity); dolibarr_set_const($db, "MAIN_INFO_SOCIETE_GENCOD", GETPOST("barcode", 'alphanohtml'), 'chaine', 0, '', $conf->entity); $dirforimage = $conf->mycompany->dir_output.'/logos/'; @@ -524,7 +524,7 @@ print ''; // Note print ''; -print ''; +print ''; print ''; print ''; diff --git a/htdocs/admin/const.php b/htdocs/admin/const.php index 33d3951236a..7c08a7d0201 100644 --- a/htdocs/admin/const.php +++ b/htdocs/admin/const.php @@ -41,7 +41,7 @@ $delete = GETPOST('delete', 'none'); // Do not use alpha here $debug = GETPOST('debug', 'int'); $consts = GETPOST('const', 'array'); $constname = GETPOST('constname', 'alphanohtml'); -$constvalue = GETPOST('constvalue', 'none'); // We shoul dbe able to send everything here +$constvalue = GETPOST('constvalue', 'restricthtml'); // We should be able to send everything here $constnote = GETPOST('constnote', 'alpha'); // Load variable for pagination diff --git a/htdocs/admin/contract.php b/htdocs/admin/contract.php index 7390ceaa75f..0b84e23d992 100644 --- a/htdocs/admin/contract.php +++ b/htdocs/admin/contract.php @@ -143,7 +143,7 @@ elseif ($action == 'setdoc') dolibarr_set_const($db, "CONTRACT_ADDON", $value, 'chaine', 0, '', $conf->entity); } elseif ($action == 'set_other') { - $freetext = GETPOST('CONTRACT_FREE_TEXT', 'none'); // No alpha here, we want exact string + $freetext = GETPOST('CONTRACT_FREE_TEXT', 'restricthtml'); // No alpha here, we want exact string $res1 = dolibarr_set_const($db, "CONTRACT_FREE_TEXT", $freetext, 'chaine', 0, '', $conf->entity); $draft = GETPOST('CONTRACT_DRAFT_WATERMARK', 'alpha'); diff --git a/htdocs/admin/defaultvalues.php b/htdocs/admin/defaultvalues.php index 05af7b4c3ee..f4e33bb7259 100644 --- a/htdocs/admin/defaultvalues.php +++ b/htdocs/admin/defaultvalues.php @@ -61,7 +61,7 @@ $defaulturl = preg_replace('/^\//', '', $defaulturl); $urlpage = GETPOST('urlpage', 'alphanohtml'); $key = GETPOST('key', 'alphanohtml'); -$value = GETPOST('value', 'none'); +$value = GETPOST('value', 'restricthtml'); // Initialize technical object to manage hooks of page. Note that conf->hooks_modules contains array of hook context $hookmanager->initHooks(array('admindefaultvalues', 'globaladmin')); diff --git a/htdocs/admin/emailcollector_card.php b/htdocs/admin/emailcollector_card.php index f8129a887a8..cb48336e72c 100644 --- a/htdocs/admin/emailcollector_card.php +++ b/htdocs/admin/emailcollector_card.php @@ -148,7 +148,7 @@ if (GETPOST('addoperation', 'alpha')) { $emailcollectoroperation = new EmailCollectorAction($db); $emailcollectoroperation->type = GETPOST('operationtype', 'aZ09'); - $emailcollectoroperation->actionparam = GETPOST('operationparam', 'none'); + $emailcollectoroperation->actionparam = GETPOST('operationparam', 'restricthtml'); $emailcollectoroperation->fk_emailcollector = $object->id; $emailcollectoroperation->status = 1; $emailcollectoroperation->position = 50; @@ -168,7 +168,7 @@ if ($action == 'updateoperation') $emailcollectoroperation = new EmailCollectorAction($db); $emailcollectoroperation->fetch(GETPOST('rowidoperation2', 'int')); - $emailcollectoroperation->actionparam = GETPOST('operationparam2', 'none'); + $emailcollectoroperation->actionparam = GETPOST('operationparam2', 'restricthtml'); $result = $emailcollectoroperation->update($user); diff --git a/htdocs/admin/expedition.php b/htdocs/admin/expedition.php index 13a6314c25a..92372c076cb 100644 --- a/htdocs/admin/expedition.php +++ b/htdocs/admin/expedition.php @@ -73,7 +73,7 @@ if ($action == 'updateMask') } } elseif ($action == 'set_param') { - $freetext = GETPOST('SHIPPING_FREE_TEXT', 'none'); // No alpha here, we want exact string + $freetext = GETPOST('SHIPPING_FREE_TEXT', 'restricthtml'); // No alpha here, we want exact string $res = dolibarr_set_const($db, "SHIPPING_FREE_TEXT", $freetext, 'chaine', 0, '', $conf->entity); if ($res <= 0) { diff --git a/htdocs/admin/expensereport.php b/htdocs/admin/expensereport.php index b237ca4aaab..f082c89286f 100644 --- a/htdocs/admin/expensereport.php +++ b/htdocs/admin/expensereport.php @@ -152,7 +152,7 @@ elseif ($action == 'setdoc') { $db->begin(); - $freetext = GETPOST('EXPENSEREPORT_FREE_TEXT', 'none'); // No alpha here, we want exact string + $freetext = GETPOST('EXPENSEREPORT_FREE_TEXT', 'restricthtml'); // No alpha here, we want exact string $res1 = dolibarr_set_const($db, "EXPENSEREPORT_FREE_TEXT", $freetext, 'chaine', 0, '', $conf->entity); $draft = GETPOST('EXPENSEREPORT_DRAFT_WATERMARK', 'alpha'); diff --git a/htdocs/admin/facture.php b/htdocs/admin/facture.php index 9ddac6e984a..7042f291828 100644 --- a/htdocs/admin/facture.php +++ b/htdocs/admin/facture.php @@ -180,7 +180,7 @@ elseif ($action == 'setdoc') } } elseif ($action == 'set_INVOICE_FREE_TEXT') { - $freetext = GETPOST('INVOICE_FREE_TEXT', 'none'); // No alpha here, we want exact string + $freetext = GETPOST('INVOICE_FREE_TEXT', 'restricthtml'); // No alpha here, we want exact string $res = dolibarr_set_const($db, "INVOICE_FREE_TEXT", $freetext, 'chaine', 0, '', $conf->entity); diff --git a/htdocs/admin/fichinter.php b/htdocs/admin/fichinter.php index 7e5a2464707..a30a9d767a9 100644 --- a/htdocs/admin/fichinter.php +++ b/htdocs/admin/fichinter.php @@ -144,7 +144,7 @@ elseif ($action == 'setdoc') dolibarr_set_const($db, "FICHEINTER_ADDON", $value, 'chaine', 0, '', $conf->entity); } elseif ($action == 'set_FICHINTER_FREE_TEXT') { - $freetext = GETPOST('FICHINTER_FREE_TEXT', 'none'); // No alpha here, we want exact string + $freetext = GETPOST('FICHINTER_FREE_TEXT', 'restricthtml'); // No alpha here, we want exact string $res = dolibarr_set_const($db, "FICHINTER_FREE_TEXT", $freetext, 'chaine', 0, '', $conf->entity); if (!$res > 0) $error++; diff --git a/htdocs/admin/holiday.php b/htdocs/admin/holiday.php index 47df1efbe19..067c0698a99 100644 --- a/htdocs/admin/holiday.php +++ b/htdocs/admin/holiday.php @@ -145,7 +145,7 @@ elseif ($action == 'setdoc') dolibarr_set_const($db, "HOLIDAY_ADDON", $value, 'chaine', 0, '', $conf->entity); } elseif ($action == 'set_other') { - $freetext = GETPOST('HOLIDAY_FREE_TEXT', 'none'); // No alpha here, we want exact string + $freetext = GETPOST('HOLIDAY_FREE_TEXT', 'restricthtml'); // No alpha here, we want exact string $res1 = dolibarr_set_const($db, "HOLIDAY_FREE_TEXT", $freetext, 'chaine', 0, '', $conf->entity); $draft = GETPOST('HOLIDAY_DRAFT_WATERMARK', 'alpha'); diff --git a/htdocs/admin/ihm.php b/htdocs/admin/ihm.php index 85e36dbecb1..f220d83ebcd 100644 --- a/htdocs/admin/ihm.php +++ b/htdocs/admin/ihm.php @@ -164,8 +164,8 @@ if ($action == 'update') dolibarr_set_const($db, "MAIN_FIRSTNAME_NAME_POSITION", GETPOST("MAIN_FIRSTNAME_NAME_POSITION", 'aZ09'), 'chaine', 0, '', $conf->entity); - dolibarr_set_const($db, "MAIN_MOTD", dol_htmlcleanlastbr(GETPOST("main_motd", 'none')), 'chaine', 0, '', $conf->entity); - dolibarr_set_const($db, "MAIN_HOME", dol_htmlcleanlastbr(GETPOST("main_home", 'none')), 'chaine', 0, '', $conf->entity); + dolibarr_set_const($db, "MAIN_MOTD", dol_htmlcleanlastbr(GETPOST("main_motd", 'restricthtml')), 'chaine', 0, '', $conf->entity); + dolibarr_set_const($db, "MAIN_HOME", dol_htmlcleanlastbr(GETPOST("main_home", 'restricthtml')), 'chaine', 0, '', $conf->entity); //dolibarr_set_const($db, "MAIN_BUGTRACK_ENABLELINK", GETPOST('MAIN_BUGTRACK_ENABLELINK', 'aZ09'), 'chaine', 0, '', $conf->entity); //dolibarr_set_const($db, "MAIN_HELP_DISABLELINK", GETPOST("MAIN_HELP_DISABLELINK", 'aZ09'), 'chaine', 0, '', 0); // Param for all entities diff --git a/htdocs/admin/livraison.php b/htdocs/admin/livraison.php index 5e0c0ce4784..ddd2b3f83c6 100644 --- a/htdocs/admin/livraison.php +++ b/htdocs/admin/livraison.php @@ -70,7 +70,7 @@ if ($action == 'updateMask') if ($action == 'set_DELIVERY_FREE_TEXT') { - $free = GETPOST('DELIVERY_FREE_TEXT', 'none'); // No alpha here, we want exact string + $free = GETPOST('DELIVERY_FREE_TEXT', 'restricthtml'); // No alpha here, we want exact string $res = dolibarr_set_const($db, "DELIVERY_FREE_TEXT", $free, 'chaine', 0, '', $conf->entity); if (!$res > 0) $error++; diff --git a/htdocs/admin/mrp.php b/htdocs/admin/mrp.php index c1e0d2e848e..ffa4d8e7c6b 100644 --- a/htdocs/admin/mrp.php +++ b/htdocs/admin/mrp.php @@ -152,7 +152,7 @@ elseif ($action == 'setdoc') } } elseif ($action == 'set_MRP_MO_FREE_TEXT') { - $freetext = GETPOST("MRP_MO_FREE_TEXT", 'none'); // No alpha here, we want exact string + $freetext = GETPOST("MRP_MO_FREE_TEXT", 'restricthtml'); // No alpha here, we want exact string $res = dolibarr_set_const($db, "MRP_MO_FREE_TEXT", $freetext, 'chaine', 0, '', $conf->entity); diff --git a/htdocs/admin/notification.php b/htdocs/admin/notification.php index a32cd0fa1f5..b484e7acea9 100644 --- a/htdocs/admin/notification.php +++ b/htdocs/admin/notification.php @@ -95,7 +95,7 @@ if ($action == 'setvalue' && $user->admin) { $db->begin(); - $result = dolibarr_set_const($db, "NOTIFICATION_EMAIL_FROM", GETPOST("email_from", "none"), 'chaine', 0, '', $conf->entity); + $result = dolibarr_set_const($db, "NOTIFICATION_EMAIL_FROM", GETPOST("email_from", "restricthtml"), 'chaine', 0, '', $conf->entity); if ($result < 0) $error++; diff --git a/htdocs/admin/payment.php b/htdocs/admin/payment.php index db83d3bc71c..926c102c25a 100644 --- a/htdocs/admin/payment.php +++ b/htdocs/admin/payment.php @@ -68,7 +68,7 @@ if ($action == 'setmod') if ($action == 'setparams') { - $freetext = GETPOST('FACTURE_PAYMENTS_ON_DIFFERENT_THIRDPARTIES_BILLS', 'none'); // No alpha here, we want exact string + $freetext = GETPOST('FACTURE_PAYMENTS_ON_DIFFERENT_THIRDPARTIES_BILLS', 'restricthtml'); // No alpha here, we want exact string $res = dolibarr_set_const($db, "FACTURE_PAYMENTS_ON_DIFFERENT_THIRDPARTIES_BILLS", $freetext, 'chaine', 0, '', $conf->entity); if (!$res > 0) $error++; diff --git a/htdocs/admin/propal.php b/htdocs/admin/propal.php index 3eb7223df4e..a0f9adb86d9 100644 --- a/htdocs/admin/propal.php +++ b/htdocs/admin/propal.php @@ -130,7 +130,7 @@ if ($action == 'updateMask') { setEventMessages($langs->trans("Error"), null, 'errors'); } } elseif ($action == 'set_PROPOSAL_FREE_TEXT') { - $freetext = GETPOST('PROPOSAL_FREE_TEXT', 'none'); // No alpha here, we want exact string + $freetext = GETPOST('PROPOSAL_FREE_TEXT', 'restricthtml'); // No alpha here, we want exact string $res = dolibarr_set_const($db, "PROPOSAL_FREE_TEXT", $freetext, 'chaine', 0, '', $conf->entity); diff --git a/htdocs/admin/reception_setup.php b/htdocs/admin/reception_setup.php index dc51a7580c0..4c33ee78ef7 100644 --- a/htdocs/admin/reception_setup.php +++ b/htdocs/admin/reception_setup.php @@ -76,7 +76,7 @@ if ($action == 'updateMask') } } elseif ($action == 'set_param') { - $freetext = GETPOST('RECEPTION_FREE_TEXT', 'none'); // No alpha here, we want exact string + $freetext = GETPOST('RECEPTION_FREE_TEXT', 'restricthtml'); // No alpha here, we want exact string $res = dolibarr_set_const($db, "RECEPTION_FREE_TEXT", $freetext, 'chaine', 0, '', $conf->entity); if ($res <= 0) { diff --git a/htdocs/admin/security_file.php b/htdocs/admin/security_file.php index 64a4e9ae235..4b665123e4f 100644 --- a/htdocs/admin/security_file.php +++ b/htdocs/admin/security_file.php @@ -52,8 +52,8 @@ if (GETPOST('sendit') && !empty($conf->global->MAIN_UPLOAD_DOC)) if ($action == 'updateform') { - $antivircommand = GETPOST('MAIN_ANTIVIRUS_COMMAND', 'none'); // Use GETPOST none because we must accept ". Example c:\Progra~1\ClamWin\bin\clamscan.exe - $antivirparam = GETPOST('MAIN_ANTIVIRUS_PARAM', 'none'); // Use GETPOST none because we must accept ". Example --database="C:\Program Files (x86)\ClamWin\lib" + $antivircommand = GETPOST('MAIN_ANTIVIRUS_COMMAND', 'restricthtml'); // Use GETPOST restricthtml because we must accept ". Example c:\Progra~1\ClamWin\bin\clamscan.exe + $antivirparam = GETPOST('MAIN_ANTIVIRUS_PARAM', 'restricthtml'); // Use GETPOST restricthtml because we must accept ". Example --database="C:\Program Files (x86)\ClamWin\lib" $antivircommand = dol_string_nospecial($antivircommand, '', array("|", ";", "<", ">", "&")); // Sanitize command $antivirparam = dol_string_nospecial($antivirparam, '', array("|", ";", "<", ">", "&")); // Sanitize params diff --git a/htdocs/admin/supplier_invoice.php b/htdocs/admin/supplier_invoice.php index 0092347af37..9b618fa3d31 100644 --- a/htdocs/admin/supplier_invoice.php +++ b/htdocs/admin/supplier_invoice.php @@ -167,7 +167,7 @@ if ($action == 'addcat') if ($action == 'set_SUPPLIER_INVOICE_FREE_TEXT') { - $freetext = GETPOST('SUPPLIER_INVOICE_FREE_TEXT', 'none'); // No alpha here, we want exact string + $freetext = GETPOST('SUPPLIER_INVOICE_FREE_TEXT', 'restricthtml'); // No alpha here, we want exact string $res = dolibarr_set_const($db, "SUPPLIER_INVOICE_FREE_TEXT", $freetext, 'chaine', 0, '', $conf->entity); diff --git a/htdocs/admin/supplier_order.php b/htdocs/admin/supplier_order.php index 162cbdddbc9..c7026ca7327 100644 --- a/htdocs/admin/supplier_order.php +++ b/htdocs/admin/supplier_order.php @@ -154,7 +154,7 @@ elseif ($action == 'setdoc') $fourn->CreateCategory($user, GETPOST('cat', 'alphanohtml')); } elseif ($action == 'set_SUPPLIER_ORDER_OTHER') { - $freetext = GETPOST('SUPPLIER_ORDER_FREE_TEXT', 'none'); // No alpha here, we want exact string + $freetext = GETPOST('SUPPLIER_ORDER_FREE_TEXT', 'restricthtml'); // No alpha here, we want exact string $doubleapproval = GETPOST('SUPPLIER_ORDER_3_STEPS_TO_BE_APPROVED', 'alpha'); $doubleapproval = price2num($doubleapproval); diff --git a/htdocs/admin/supplier_proposal.php b/htdocs/admin/supplier_proposal.php index afcefef7920..b0c5c4bff10 100644 --- a/htdocs/admin/supplier_proposal.php +++ b/htdocs/admin/supplier_proposal.php @@ -123,7 +123,7 @@ if ($action == 'set_SUPPLIER_PROPOSAL_DRAFT_WATERMARK') if ($action == 'set_SUPPLIER_PROPOSAL_FREE_TEXT') { - $freetext = GETPOST('SUPPLIER_PROPOSAL_FREE_TEXT', 'none'); // No alpha here, we want exact string + $freetext = GETPOST('SUPPLIER_PROPOSAL_FREE_TEXT', 'restricthtml'); // No alpha here, we want exact string $res = dolibarr_set_const($db, "SUPPLIER_PROPOSAL_FREE_TEXT", $freetext, 'chaine', 0, '', $conf->entity); diff --git a/htdocs/admin/tools/listevents.php b/htdocs/admin/tools/listevents.php index c6af92ffbb8..af55fcd1f16 100644 --- a/htdocs/admin/tools/listevents.php +++ b/htdocs/admin/tools/listevents.php @@ -60,8 +60,8 @@ $search_code = GETPOST("search_code", "alpha"); $search_ip = GETPOST("search_ip", "alpha"); $search_user = GETPOST("search_user", "alpha"); $search_desc = GETPOST("search_desc", "alpha"); -$search_ua = GETPOST("search_ua", "none"); -$search_prefix_session = GETPOST("search_prefix_session", "none"); +$search_ua = GETPOST("search_ua", "restricthtml"); +$search_prefix_session = GETPOST("search_prefix_session", "restricthtml"); if (GETPOST("date_startmonth") == '' || GETPOST("date_startmonth") > 0) $date_start = dol_mktime(0, 0, 0, GETPOST("date_startmonth"), GETPOST("date_startday"), GETPOST("date_startyear")); else $date_start = -1; diff --git a/htdocs/admin/translation.php b/htdocs/admin/translation.php index d6b7a613a56..9259ac420b7 100644 --- a/htdocs/admin/translation.php +++ b/htdocs/admin/translation.php @@ -37,7 +37,7 @@ $action = GETPOST('action', 'aZ09'); $langcode = GETPOST('langcode', 'alphanohtml'); $transkey = GETPOST('transkey', 'alphanohtml'); -$transvalue = GETPOST('transvalue', 'none'); +$transvalue = GETPOST('transvalue', 'restricthtml'); $mode = GETPOST('mode', 'aZ09') ?GETPOST('mode', 'aZ09') : 'searchkey'; diff --git a/htdocs/categories/traduction.php b/htdocs/categories/traduction.php index cf688df70c3..cf3db3444c7 100644 --- a/htdocs/categories/traduction.php +++ b/htdocs/categories/traduction.php @@ -85,7 +85,7 @@ $cancel != $langs->trans("Cancel") && // check parameters $forcelangprod = GETPOST('forcelangprod', 'alpha'); $libelle = GETPOST('libelle', 'alpha'); - $desc = GETPOST('desc', 'none'); + $desc = GETPOST('desc', 'restricthtml'); if (empty($forcelangprod)) { $error++; @@ -338,7 +338,7 @@ if ($action == 'add' && ($user->rights->produit->creer || $user->rights->service print ''.$langs->trans('Label').''; print ''; print ''.$langs->trans('Description').''; - $doleditor = new DolEditor('desc', GETPOST('desc', 'none'), '', 160, 'dolibarr_notes', '', false, true, $conf->global->FCKEDITOR_ENABLE_PRODUCTDESC, ROWS_3, '90%'); + $doleditor = new DolEditor('desc', GETPOST('desc', 'restricthtml'), '', 160, 'dolibarr_notes', '', false, true, $conf->global->FCKEDITOR_ENABLE_PRODUCTDESC, ROWS_3, '90%'); $doleditor->Create(); print ''; diff --git a/htdocs/comm/action/card.php b/htdocs/comm/action/card.php index bd7377b3465..0fe69fa10ea 100644 --- a/htdocs/comm/action/card.php +++ b/htdocs/comm/action/card.php @@ -326,7 +326,7 @@ if (empty($reshook) && $action == 'add') if (GETPOST("doneby") > 0) $object->userdoneid = GETPOST("doneby", "int"); } - $object->note_private = trim(GETPOST("note", "none")); + $object->note_private = trim(GETPOST("note", "restricthtml")); if (isset($_POST["contactid"])) $object->contact = $contact; @@ -499,7 +499,7 @@ if (empty($reshook) && $action == 'update') $object->contact_id = key($object->socpeopleassigned); } $object->fk_project = GETPOST("projectid", 'int'); - $object->note_private = trim(GETPOST("note", "none")); + $object->note_private = trim(GETPOST("note", "restricthtml")); $object->fk_element = GETPOST("fk_element", "int"); $object->elementtype = GETPOST("elementtype", "alphanohtml"); @@ -1172,7 +1172,7 @@ if ($action == 'create') // Description print ''.$langs->trans("Description").''; require_once DOL_DOCUMENT_ROOT.'/core/class/doleditor.class.php'; - $doleditor = new DolEditor('note', (GETPOSTISSET('note') ? GETPOST('note', 'none') : $object->note_private), '', 120, 'dolibarr_notes', 'In', true, true, $conf->fckeditor->enabled, ROWS_4, '90%'); + $doleditor = new DolEditor('note', (GETPOSTISSET('note') ? GETPOST('note', 'restricthtml') : $object->note_private), '', 120, 'dolibarr_notes', 'In', true, true, $conf->fckeditor->enabled, ROWS_4, '90%'); $doleditor->Create(); print ''; @@ -1303,7 +1303,7 @@ if ($id > 0) $object->contact_id = GETPOST("contactid", 'int'); $object->fk_project = GETPOST("projectid", 'int'); - $object_private = GETPOST("note", 'none'); + $object_private = GETPOST("note", 'restricthtml'); } if ($result2 < 0 || $result3 < 0 || $result4 < 0 || $result5 < 0) diff --git a/htdocs/comm/action/index.php b/htdocs/comm/action/index.php index 6895f713742..f4e8487b054 100644 --- a/htdocs/comm/action/index.php +++ b/htdocs/comm/action/index.php @@ -118,13 +118,13 @@ if ($action == 'default') // When action is default, we want a calendar view and { $action = (($defaultview != 'show_list') ? $defaultview : 'show_month'); } -if (GETPOST('viewcal', 'none') && GETPOST('action', 'alpha') != 'show_day' && GETPOST('action', 'alpha') != 'show_week') { +if (GETPOST('viewcal', 'restricthtml') && GETPOST('action', 'alpha') != 'show_day' && GETPOST('action', 'alpha') != 'show_week') { $action = 'show_month'; $day = ''; } // View by month -if (GETPOST('viewweek', 'none') || GETPOST('action', 'alpha') == 'show_week') { +if (GETPOST('viewweek', 'restricthtml') || GETPOST('action', 'alpha') == 'show_week') { $action = 'show_week'; $week = ($week ? $week : date("W")); $day = ($day ? $day : date("d")); } // View by week -if (GETPOST('viewday', 'none') || GETPOST('action', 'alpha') == 'show_day') { +if (GETPOST('viewday', 'restricthtml') || GETPOST('action', 'alpha') == 'show_day') { $action = 'show_day'; $day = ($day ? $day : date("d")); } // View by day diff --git a/htdocs/comm/card.php b/htdocs/comm/card.php index 2c20df32c90..d3e180b7a88 100644 --- a/htdocs/comm/card.php +++ b/htdocs/comm/card.php @@ -203,7 +203,7 @@ if (empty($reshook)) $object->oldcopy = dol_clone($object); // Fill array 'array_options' with data from update form - $ret = $extrafields->setOptionalsFromPost(null, $object, GETPOST('attribute', 'none')); + $ret = $extrafields->setOptionalsFromPost(null, $object, GETPOST('attribute', 'restricthtml')); if ($ret < 0) $error++; if (!$error) { diff --git a/htdocs/comm/mailing/card.php b/htdocs/comm/mailing/card.php index c054489b0e9..26216c1ac01 100644 --- a/htdocs/comm/mailing/card.php +++ b/htdocs/comm/mailing/card.php @@ -738,7 +738,7 @@ if ($action == 'create') print '
'; // Editeur wysiwyg require_once DOL_DOCUMENT_ROOT.'/core/class/doleditor.class.php'; - $doleditor = new DolEditor('bodyemail', GETPOST('bodyemail', 'none'), '', 600, 'dolibarr_mailings', '', true, true, $conf->global->FCKEDITOR_ENABLE_MAILING, 20, '90%'); + $doleditor = new DolEditor('bodyemail', GETPOST('bodyemail', 'restricthtml'), '', 600, 'dolibarr_mailings', '', true, true, $conf->global->FCKEDITOR_ENABLE_MAILING, 20, '90%'); $doleditor->Create(); print '
'; diff --git a/htdocs/comm/propal/card.php b/htdocs/comm/propal/card.php index 9931477ab60..f42b82718e6 100644 --- a/htdocs/comm/propal/card.php +++ b/htdocs/comm/propal/card.php @@ -355,8 +355,8 @@ if (empty($reshook)) $object->fk_project = GETPOST('projectid', 'int'); $object->model_pdf = GETPOST('model'); $object->author = $user->id; // deprecated - $object->note_private = GETPOST('note_private', 'none'); - $object->note_public = GETPOST('note_public', 'none'); + $object->note_private = GETPOST('note_private', 'restricthtml'); + $object->note_public = GETPOST('note_public', 'restricthtml'); $object->statut = Propal::STATUS_DRAFT; $object->fk_incoterms = GETPOST('incoterm_id', 'int'); $object->location_incoterms = GETPOST('location_incoterms', 'alpha'); @@ -383,8 +383,8 @@ if (empty($reshook)) $object->fk_project = GETPOST('projectid', 'int'); $object->model_pdf = GETPOST('model'); $object->author = $user->id; // deprecated - $object->note_private = GETPOST('note_private', 'none'); - $object->note_public = GETPOST('note_public', 'none'); + $object->note_private = GETPOST('note_private', 'restricthtml'); + $object->note_public = GETPOST('note_public', 'restricthtml'); $object->fk_incoterms = GETPOST('incoterm_id', 'int'); $object->location_incoterms = GETPOST('location_incoterms', 'alpha'); @@ -627,7 +627,7 @@ if (empty($reshook)) { $db->begin(); - $result = $object->cloture($user, GETPOST('statut', 'int'), GETPOST('note_private', 'none')); + $result = $object->cloture($user, GETPOST('statut', 'int'), GETPOST('note_private', 'restricthtml')); if ($result < 0) { setEventMessages($object->error, $object->errors, 'errors'); @@ -792,9 +792,9 @@ if (empty($reshook)) } elseif ($action == 'addline' && $usercancreate) { // Add line // Set if we used free entry or predefined product $predef = ''; - $product_desc = (GETPOST('dp_desc', 'none') ?GETPOST('dp_desc', 'none') : ''); - $price_ht = GETPOST('price_ht'); - $price_ht_devise = GETPOST('multicurrency_price_ht'); + $product_desc = (GETPOSTISSET('dp_desc') ?GETPOST('dp_desc', 'restricthtml') : ''); + $price_ht = price2num(GETPOST('price_ht')); + $price_ht_devise = price2num(GETPOST('multicurrency_price_ht')); $prod_entry_mode = GETPOST('prod_entry_mode'); if ($prod_entry_mode == 'free') { @@ -1152,7 +1152,7 @@ if (empty($reshook)) $info_bits |= 0x01; // Clean parameters - $description = dol_htmlcleanlastbr(GETPOST('product_desc', 'none')); + $description = dol_htmlcleanlastbr(GETPOST('product_desc', 'restricthtml')); // Define vat_rate $vat_rate = (GETPOST('tva_tx') ? GETPOST('tva_tx') : 0); @@ -1316,7 +1316,7 @@ if (empty($reshook)) $object->oldcopy = dol_clone($object); // Fill array 'array_options' with data from update form - $ret = $extrafields->setOptionalsFromPost(null, $object, GETPOST('attribute', 'none')); + $ret = $extrafields->setOptionalsFromPost(null, $object, GETPOST('attribute', 'restricthtml')); if ($ret < 0) $error++; if (!$error) { diff --git a/htdocs/commande/card.php b/htdocs/commande/card.php index 85896b40629..d48e990e7e8 100644 --- a/htdocs/commande/card.php +++ b/htdocs/commande/card.php @@ -263,8 +263,8 @@ if (empty($reshook)) $db->begin(); $object->date_commande = $datecommande; - $object->note_private = GETPOST('note_private', 'none'); - $object->note_public = GETPOST('note_public', 'none'); + $object->note_private = GETPOST('note_private', 'restricthtml'); + $object->note_public = GETPOST('note_public', 'restricthtml'); $object->source = GETPOST('source_id'); $object->fk_project = GETPOST('projectid', 'int'); $object->ref_client = GETPOST('ref_client', 'alpha'); @@ -992,7 +992,7 @@ if (empty($reshook)) $date_end = ''; $date_start = dol_mktime(GETPOST('date_starthour'), GETPOST('date_startmin'), GETPOST('date_startsec'), GETPOST('date_startmonth'), GETPOST('date_startday'), GETPOST('date_startyear')); $date_end = dol_mktime(GETPOST('date_endhour'), GETPOST('date_endmin'), GETPOST('date_endsec'), GETPOST('date_endmonth'), GETPOST('date_endday'), GETPOST('date_endyear')); - $description = dol_htmlcleanlastbr(GETPOST('product_desc', 'none')); + $description = dol_htmlcleanlastbr(GETPOST('product_desc', 'restricthtml')); $pu_ht = GETPOST('price_ht'); $vat_rate = (GETPOST('tva_tx') ?GETPOST('tva_tx') : 0); $pu_ht_devise = GETPOST('multicurrency_subprice'); @@ -1256,7 +1256,7 @@ if (empty($reshook)) $object->oldcopy = dol_clone($object); // Fill array 'array_options' with data from update form - $ret = $extrafields->setOptionalsFromPost(null, $object, GETPOST('attribute', 'none')); + $ret = $extrafields->setOptionalsFromPost(null, $object, GETPOST('attribute', 'restricthtml')); if ($ret < 0) $error++; if (!$error) diff --git a/htdocs/compta/bank/card.php b/htdocs/compta/bank/card.php index c99f303210b..7d9e825ce08 100644 --- a/htdocs/compta/bank/card.php +++ b/htdocs/compta/bank/card.php @@ -115,7 +115,7 @@ if ($action == 'add') $object->min_allowed = GETPOST("account_min_allowed", 'int'); $object->min_desired = GETPOST("account_min_desired", 'int'); - $object->comment = trim(GETPOST("account_comment", 'none')); + $object->comment = trim(GETPOST("account_comment", 'restricthtml')); $object->fk_user_author = $user->id; @@ -213,7 +213,7 @@ if ($action == 'update') $object->min_allowed = GETPOST("account_min_allowed", 'int'); $object->min_desired = GETPOST("account_min_desired", 'int'); - $object->comment = trim(GETPOST("account_comment", 'none')); + $object->comment = trim(GETPOST("account_comment", 'restricthtml')); if ($conf->global->MAIN_BANK_ACCOUNTANCY_CODE_ALWAYS_REQUIRED && empty($object->account_number)) { diff --git a/htdocs/compta/bank/various_payment/card.php b/htdocs/compta/bank/various_payment/card.php index 071a5abf0a9..20eab8b349e 100644 --- a/htdocs/compta/bank/various_payment/card.php +++ b/htdocs/compta/bank/various_payment/card.php @@ -107,8 +107,8 @@ if (empty($reshook)) $object->datev = $datev; $object->datep = $datep; $object->amount = price2num(GETPOST("amount", 'alpha')); - $object->label = GETPOST("label", 'none'); - $object->note = GETPOST("note", 'none'); + $object->label = GETPOST("label", 'restricthtml'); + $object->note = GETPOST("note", 'restricthtml'); $object->type_payment = GETPOST("paymenttype", 'int') > 0 ? GETPOST("paymenttype", "int") : 0; $object->num_payment = GETPOST("num_payment", 'alpha'); $object->fk_user_author = $user->id; diff --git a/htdocs/compta/facture/card-rec.php b/htdocs/compta/facture/card-rec.php index 0074fcc8ba9..284ec8111d5 100644 --- a/htdocs/compta/facture/card-rec.php +++ b/htdocs/compta/facture/card-rec.php @@ -190,8 +190,8 @@ if (empty($reshook)) { $object->titre = GETPOST('titre', 'nohtml'); // deprecated $object->title = GETPOST('titre', 'nohtml'); - $object->note_private = GETPOST('note_private', 'none'); - $object->note_public = GETPOST('note_public', 'none'); + $object->note_private = GETPOST('note_private', 'restricthtml'); + $object->note_public = GETPOST('note_public', 'restricthtml'); $object->model_pdf = GETPOST('modelpdf', 'alpha'); $object->usenewprice = GETPOST('usenewprice', 'alpha'); @@ -405,7 +405,7 @@ if (empty($reshook)) $object->oldcopy = dol_clone($object); // Fill array 'array_options' with data from update form - $ret = $extrafields->setOptionalsFromPost(null, $object, GETPOST('attribute', 'none')); + $ret = $extrafields->setOptionalsFromPost(null, $object, GETPOST('attribute', 'restricthtml')); if ($ret < 0) $error++; if (!$error) @@ -713,7 +713,7 @@ if (empty($reshook)) $date_end = ''; //$date_start = dol_mktime(GETPOST('date_starthour'), GETPOST('date_startmin'), GETPOST('date_startsec'), GETPOST('date_startmonth'), GETPOST('date_startday'), GETPOST('date_startyear')); //$date_end = dol_mktime(GETPOST('date_endhour'), GETPOST('date_endmin'), GETPOST('date_endsec'), GETPOST('date_endmonth'), GETPOST('date_endday'), GETPOST('date_endyear')); - $description = dol_htmlcleanlastbr(GETPOST('product_desc', 'none') ? GETPOST('product_desc', 'none') : GETPOST('desc', 'none')); + $description = dol_htmlcleanlastbr(GETPOST('product_desc', 'restricthtml') ? GETPOST('product_desc', 'restricthtml') : GETPOST('desc', 'restricthtml')); $pu_ht = GETPOST('price_ht'); $vat_rate = (GETPOST('tva_tx') ? GETPOST('tva_tx') : 0); $qty = GETPOST('qty'); @@ -964,8 +964,8 @@ if ($action == 'create') print ''.$langs->trans("Customer").''.$object->thirdparty->getNomUrl(1, 'customer').''; print ''; - $note_public = GETPOST('note_public', 'none') ?GETPOST('note_public', 'none') : $object->note_public; - $note_private = GETPOST('note_private', 'none') ?GETPOST('note_private', 'none') : $object->note_private; + $note_public = GETPOSTISSET('note_public') ? GETPOST('note_public', 'restricthtml') : $object->note_public; + $note_private = GETPOSTISSET('note_private') ? GETPOST('note_private', 'restricthtml') : $object->note_private; // Help of substitution key $substitutionarray = getCommonSubstitutionArray($langs, 2, null, $object); diff --git a/htdocs/compta/facture/card.php b/htdocs/compta/facture/card.php index b1acad4b1aa..51e45085bf2 100644 --- a/htdocs/compta/facture/card.php +++ b/htdocs/compta/facture/card.php @@ -746,8 +746,8 @@ if (empty($reshook)) elseif ($action == 'confirm_paid_partially' && $confirm == 'yes' && $usercanissuepayment) { $object->fetch($id); - $close_code = GETPOST("close_code", 'none'); - $close_note = GETPOST("close_note", 'none'); + $close_code = GETPOST("close_code", 'restricthtml'); + $close_note = GETPOST("close_note", 'restricthtml'); if ($close_code) { $result = $object->set_paid($user, $close_code, $close_note); if ($result < 0) setEventMessages($object->error, $object->errors, 'errors'); @@ -757,8 +757,8 @@ if (empty($reshook)) } // Classify "abandoned" elseif ($action == 'confirm_canceled' && $confirm == 'yes') { $object->fetch($id); - $close_code = GETPOST("close_code", 'none'); - $close_note = GETPOST("close_note", 'none'); + $close_code = GETPOST("close_code", 'restricthtml'); + $close_note = GETPOST("close_note", 'restricthtml'); if ($close_code) { $result = $object->set_canceled($user, $close_code, $close_note); if ($result < 0) setEventMessages($object->error, $object->errors, 'errors'); @@ -987,7 +987,7 @@ if (empty($reshook)) $object->date = $dateinvoice; $object->date_pointoftax = $date_pointoftax; - $object->note_public = trim(GETPOST('note_public', 'none')); + $object->note_public = trim(GETPOST('note_public', 'restricthtml')); // We do not copy the private note $object->ref_client = $_POST['ref_client']; $object->ref_int = $_POST['ref_int']; @@ -1041,20 +1041,19 @@ if (empty($reshook)) $object->entity = $originentity; } $object->socid = GETPOST('socid', 'int'); - $object->ref = $_POST['ref']; + $object->ref = GETPOST('ref'); $object->date = $dateinvoice; $object->date_pointoftax = $date_pointoftax; - $object->note_public = trim(GETPOST('note_public', 'none')); + $object->note_public = trim(GETPOST('note_public', 'restricthtml')); // We do not copy the private note - $object->ref_client = $_POST['ref_client']; - $object->ref_int = $_POST['ref_int']; - $object->model_pdf = $_POST['model']; - $object->fk_project = $_POST['projectid']; + $object->ref_client = GETPOST('ref_client'); + $object->model_pdf = GETPOST('model'); + $object->fk_project = GETPOST('projectid', 'int'); $object->cond_reglement_id = 0; - $object->mode_reglement_id = $_POST['mode_reglement_id']; + $object->mode_reglement_id = GETPOST('mode_reglement_id'); $object->fk_account = GETPOST('fk_account', 'int'); - $object->remise_absolue = $_POST['remise_absolue']; - $object->remise_percent = $_POST['remise_percent']; + $object->remise_absolue = GETPOST('remise_absolue'); + $object->remise_percent = GETPOST('remise_percent'); $object->fk_incoterms = GETPOST('incoterm_id', 'int'); $object->location_incoterms = GETPOST('location_incoterms', 'alpha'); $object->multicurrency_code = GETPOST('multicurrency_code', 'alpha'); @@ -1256,22 +1255,21 @@ if (empty($reshook)) if (!$error) { $object->socid = GETPOST('socid', 'int'); - $object->type = $_POST['type']; - $object->ref = $_POST['ref']; + $object->type = GETPOST('type'); + $object->ref = GETPOST('ref'); $object->date = $dateinvoice; $object->date_pointoftax = $date_pointoftax; - $object->note_public = trim(GETPOST('note_public', 'none')); - $object->note_private = trim(GETPOST('note_private', 'none')); - $object->ref_client = $_POST['ref_client']; - $object->ref_int = $_POST['ref_int']; - $object->model_pdf = $_POST['model']; - $object->fk_project = $_POST['projectid']; - $object->cond_reglement_id = ($_POST['type'] == 3 ? 1 : $_POST['cond_reglement_id']); - $object->mode_reglement_id = $_POST['mode_reglement_id']; + $object->note_public = trim(GETPOST('note_public', 'restricthtml')); + $object->note_private = trim(GETPOST('note_private', 'restricthtml')); + $object->ref_client = GETPOST('ref_client'); + $object->model_pdf = GETPOST('model'); + $object->fk_project = GETPOST('projectid', 'int'); + $object->cond_reglement_id = (GETPOST('type') == 3 ? 1 : GETPOST('cond_reglement_id')); + $object->mode_reglement_id = GETPOST('mode_reglement_id', 'int'); $object->fk_account = GETPOST('fk_account', 'int'); - $object->amount = $_POST['amount']; - $object->remise_absolue = $_POST['remise_absolue']; - $object->remise_percent = $_POST['remise_percent']; + $object->amount = price2num(GETPOST('amount')); + $object->remise_absolue = GETPOST('remise_absolue'); + $object->remise_percent = GETPOST('remise_percent'); $object->fk_incoterms = GETPOST('incoterm_id', 'int'); $object->location_incoterms = GETPOST('location_incoterms', 'alpha'); $object->multicurrency_code = GETPOST('multicurrency_code', 'alpha'); @@ -1309,21 +1307,20 @@ if (empty($reshook)) // Si facture standard $object->socid = GETPOST('socid', 'int'); $object->type = GETPOST('type'); - $object->ref = $_POST['ref']; + $object->ref = GETPOST('ref'); $object->date = $dateinvoice; $object->date_pointoftax = $date_pointoftax; - $object->note_public = trim(GETPOST('note_public', 'none')); - $object->note_private = trim(GETPOST('note_private', 'none')); - $object->ref_client = $_POST['ref_client']; - $object->ref_int = $_POST['ref_int']; - $object->model_pdf = $_POST['model']; - $object->fk_project = $_POST['projectid']; - $object->cond_reglement_id = ($_POST['type'] == 3 ? 1 : $_POST['cond_reglement_id']); - $object->mode_reglement_id = $_POST['mode_reglement_id']; + $object->note_public = trim(GETPOST('note_public', 'restricthtml')); + $object->note_private = trim(GETPOST('note_private', 'restricthtml')); + $object->ref_client = GETPOST('ref_client'); + $object->model_pdf = GETPOST('model'); + $object->fk_project = GETPOST('projectid'); + $object->cond_reglement_id = (GETPOST('type') == 3 ? 1 : GETPOST('cond_reglement_id'); + $object->mode_reglement_id = GETPOST('mode_reglement_id'); $object->fk_account = GETPOST('fk_account', 'int'); - $object->amount = $_POST['amount']; - $object->remise_absolue = $_POST['remise_absolue']; - $object->remise_percent = $_POST['remise_percent']; + $object->amount = price2num(GETPOST('amount')); + $object->remise_absolue = GETPOST('remise_absolue'); + $object->remise_percent = GETPOST('remise_percent'); $object->fk_incoterms = GETPOST('incoterm_id', 'int'); $object->location_incoterms = GETPOST('location_incoterms', 'alpha'); $object->multicurrency_code = GETPOST('multicurrency_code', 'alpha'); @@ -1801,11 +1798,10 @@ if (empty($reshook)) $object->fetch_thirdparty(); $object->date = $datefacture; $object->date_pointoftax = $date_pointoftax; - $object->note_public = trim(GETPOST('note_public', 'none')); - $object->note = trim(GETPOST('note', 'none')); - $object->note_private = trim(GETPOST('note', 'none')); + $object->note_public = trim(GETPOST('note_public', 'restricthtml')); + $object->note = trim(GETPOST('note', 'restricthtml')); + $object->note_private = trim(GETPOST('note', 'restricthtml')); $object->ref_client = GETPOST('ref_client', 'alpha'); - $object->ref_int = GETPOST('ref_int', 'alpha'); $object->model_pdf = GETPOST('model', 'alpha'); $object->fk_project = GETPOST('projectid', 'int'); $object->cond_reglement_id = GETPOST('cond_reglement_id', 'int'); @@ -1883,9 +1879,9 @@ if (empty($reshook)) // Set if we used free entry or predefined product $predef = ''; - $product_desc = (GETPOST('dp_desc', 'none') ?GETPOST('dp_desc', 'none') : ''); - $price_ht = GETPOST('price_ht'); - $price_ht_devise = GETPOST('multicurrency_price_ht'); + $product_desc = (GETPOST('dp_desc', 'none') ?GETPOST('dp_desc', 'restricthtml') : ''); + $price_ht = price2num(GETPOST('price_ht')); + $price_ht_devise = price2num(GETPOST('multicurrency_price_ht')); $prod_entry_mode = GETPOST('prod_entry_mode', 'alpha'); if ($prod_entry_mode == 'free') { @@ -2204,7 +2200,7 @@ if (empty($reshook)) $date_end = ''; $date_start = dol_mktime(GETPOST('date_starthour'), GETPOST('date_startmin'), GETPOST('date_startsec'), GETPOST('date_startmonth'), GETPOST('date_startday'), GETPOST('date_startyear')); $date_end = dol_mktime(GETPOST('date_endhour'), GETPOST('date_endmin'), GETPOST('date_endsec'), GETPOST('date_endmonth'), GETPOST('date_endday'), GETPOST('date_endyear')); - $description = dol_htmlcleanlastbr(GETPOST('product_desc', 'none') ? GETPOST('product_desc', 'none') : GETPOST('desc', 'none')); + $description = dol_htmlcleanlastbr(GETPOST('product_desc', 'restricthtml') ? GETPOST('product_desc', 'restricthtml') : GETPOST('desc', 'restricthtml')); $pu_ht = GETPOST('price_ht'); $vat_rate = (GETPOST('tva_tx') ? GETPOST('tva_tx') : 0); $qty = GETPOST('qty'); @@ -2629,7 +2625,7 @@ if (empty($reshook)) $object->oldcopy = dol_clone($object); // Fill array 'array_options' with data from add form - $ret = $extrafields->setOptionalsFromPost(null, $object, GETPOST('attribute', 'none')); + $ret = $extrafields->setOptionalsFromPost(null, $object, GETPOST('attribute', 'restricthtml')); if ($ret < 0) $error++; if (!$error) diff --git a/htdocs/compta/facture/class/facture.class.php b/htdocs/compta/facture/class/facture.class.php index 268aaf2ad87..be0888e4c79 100644 --- a/htdocs/compta/facture/class/facture.class.php +++ b/htdocs/compta/facture/class/facture.class.php @@ -481,8 +481,8 @@ class Facture extends CommonInvoice // Fields coming from GUI (priority on template). TODO Value of template should be used as default value on GUI so we can use here always value from GUI $this->fk_project = GETPOST('projectid', 'int') > 0 ? ((int) GETPOST('projectid', 'int')) : $_facrec->fk_project; - $this->note_public = GETPOST('note_public', 'none') ? GETPOST('note_public', 'none') : $_facrec->note_public; - $this->note_private = GETPOST('note_private', 'none') ? GETPOST('note_private', 'none') : $_facrec->note_private; + $this->note_public = GETPOST('note_public', 'none') ? GETPOST('note_public', 'restricthtml') : $_facrec->note_public; + $this->note_private = GETPOST('note_private', 'none') ? GETPOST('note_private', 'restricthtml') : $_facrec->note_private; $this->modelpdf = GETPOST('model', 'alpha') ? GETPOST('model', 'alpha') : $_facrec->modelpdf; $this->cond_reglement_id = GETPOST('cond_reglement_id', 'int') > 0 ? ((int) GETPOST('cond_reglement_id', 'int')) : $_facrec->cond_reglement_id; $this->mode_reglement_id = GETPOST('mode_reglement_id', 'int') > 0 ? ((int) GETPOST('mode_reglement_id', 'int')) : $_facrec->mode_reglement_id; diff --git a/htdocs/compta/paiement.php b/htdocs/compta/paiement.php index 865ef40a258..2dea1b245f4 100644 --- a/htdocs/compta/paiement.php +++ b/htdocs/compta/paiement.php @@ -524,7 +524,7 @@ if ($action == 'create' || $action == 'confirm_paiement' || $action == 'add_paie // Comments print ''.$langs->trans('Comments').''; print ''; - print ''; + print ''; print ''; diff --git a/htdocs/compta/paiement/card.php b/htdocs/compta/paiement/card.php index 4ba533075b1..85f56d298df 100644 --- a/htdocs/compta/paiement/card.php +++ b/htdocs/compta/paiement/card.php @@ -60,7 +60,7 @@ if ($action == 'setnote' && $user->rights->facture->paiement) $db->begin(); $object->fetch($id); - $result = $object->update_note(GETPOST('note', 'none')); + $result = $object->update_note(GETPOST('note', 'restricthtml')); if ($result > 0) { $db->commit(); diff --git a/htdocs/compta/paiement_charge.php b/htdocs/compta/paiement_charge.php index c7c6bf72492..5f442ab0b18 100644 --- a/htdocs/compta/paiement_charge.php +++ b/htdocs/compta/paiement_charge.php @@ -112,8 +112,8 @@ if ($action == 'add_payment' || ($action == 'confirm_paiement' && $confirm == 'y $paiement->amounts = $amounts; // Tableau de montant $paiement->paiementtype = GETPOST("paiementtype", 'alphanohtml'); $paiement->num_payment = GETPOST("num_payment", 'alphanohtml'); - $paiement->note = GETPOST("note", 'none'); - $paiement->note_private = GETPOST("note", 'none'); + $paiement->note = GETPOST("note", 'restricthtml'); + $paiement->note_private = GETPOST("note", 'restricthtml'); if (!$error) { diff --git a/htdocs/compta/tva/card.php b/htdocs/compta/tva/card.php index 78105cf9585..717b584fe44 100644 --- a/htdocs/compta/tva/card.php +++ b/htdocs/compta/tva/card.php @@ -98,7 +98,7 @@ if ($action == 'add' && $_POST["cancel"] <> $langs->trans("Cancel")) } $object->amount = $amount; $object->label = GETPOST("label", 'alpha'); - $object->note = GETPOST("note", 'none'); + $object->note = GETPOST("note", 'restricthtml'); if (empty($object->datep)) { diff --git a/htdocs/contact/card.php b/htdocs/contact/card.php index 6afef016d47..71657966e4e 100644 --- a/htdocs/contact/card.php +++ b/htdocs/contact/card.php @@ -207,8 +207,8 @@ if (empty($reshook)) $object->phone_mobile = GETPOST("phone_mobile", 'alpha'); $object->fax = GETPOST("fax", 'alpha'); $object->priv = GETPOST("priv", 'int'); - $object->note_public = GETPOST("note_public", 'none'); - $object->note_private = GETPOST("note_private", 'none'); + $object->note_public = GETPOST("note_public", 'restricthtml'); + $object->note_private = GETPOST("note_private", 'restricthtml'); $object->roles = GETPOST("roles", 'array'); $object->statut = 1; //Defult status to Actif @@ -395,8 +395,8 @@ if (empty($reshook)) $object->phone_mobile = GETPOST("phone_mobile", 'alpha'); $object->fax = GETPOST("fax", 'alpha'); $object->priv = GETPOST("priv", 'int'); - $object->note_public = GETPOST("note_public", 'none'); - $object->note_private = GETPOST("note_private", 'none'); + $object->note_public = GETPOST("note_public", 'restricthtml'); + $object->note_private = GETPOST("note_private", 'restricthtml'); $object->roles = GETPOST("roles", 'array'); // Fill array 'array_options' with data from add form diff --git a/htdocs/contrat/card.php b/htdocs/contrat/card.php index 0d1ce07a449..fadf0831ada 100644 --- a/htdocs/contrat/card.php +++ b/htdocs/contrat/card.php @@ -665,7 +665,7 @@ if (empty($reshook)) $fk_unit = GETPOST('unit', 'alpha'); - $objectline->description = GETPOST('product_desc', 'none'); + $objectline->description = GETPOST('product_desc', 'restricthtml'); $objectline->price_ht = GETPOST('elprice'); $objectline->subprice = GETPOST('elprice'); $objectline->qty = GETPOST('elqty'); @@ -811,7 +811,7 @@ if (empty($reshook)) $object->oldcopy = dol_clone($object); // Fill array 'array_options' with data from update form - $ret = $extrafields->setOptionalsFromPost(null, $object, GETPOST('attribute', 'none')); + $ret = $extrafields->setOptionalsFromPost(null, $object, GETPOST('attribute', 'restricthtml')); if ($ret < 0) $error++; if (!$error) { diff --git a/htdocs/core/actions_addupdatedelete.inc.php b/htdocs/core/actions_addupdatedelete.inc.php index 09f1c7cf314..4d4c12ce473 100644 --- a/htdocs/core/actions_addupdatedelete.inc.php +++ b/htdocs/core/actions_addupdatedelete.inc.php @@ -64,7 +64,7 @@ if ($action == 'add' && !empty($permissiontoadd)) // Set value to insert if (in_array($object->fields[$key]['type'], array('text', 'html'))) { - $value = GETPOST($key, 'none'); + $value = GETPOST($key, 'restricthtml'); } elseif ($object->fields[$key]['type'] == 'date') { $value = dol_mktime(12, 0, 0, GETPOST($key.'month', 'int'), GETPOST($key.'day', 'int'), GETPOST($key.'year', 'int')); } elseif ($object->fields[$key]['type'] == 'datetime') { @@ -72,7 +72,7 @@ if ($action == 'add' && !empty($permissiontoadd)) } elseif ($object->fields[$key]['type'] == 'duration') { $value = 60 * 60 * GETPOST($key.'hour', 'int') + 60 * GETPOST($key.'min', 'int'); } elseif (preg_match('/^(integer|price|real|double)/', $object->fields[$key]['type'])) { - $value = price2num(GETPOST($key, 'none')); // To fix decimal separator according to lang setup + $value = price2num(GETPOST($key, 'alphanohtml')); // To fix decimal separator according to lang setup } elseif ($object->fields[$key]['type'] == 'boolean') { $value = (GETPOST($key) == 'on' ? 1 : 0); } else { @@ -142,7 +142,7 @@ if ($action == 'update' && !empty($permissiontoadd)) // Set value to update if (in_array($object->fields[$key]['type'], array('text', 'html'))) { - $value = GETPOST($key, 'none'); + $value = GETPOST($key, 'restricthtml'); } elseif ($object->fields[$key]['type'] == 'date') { $value = dol_mktime(12, 0, 0, GETPOST($key.'month'), GETPOST($key.'day'), GETPOST($key.'year')); } elseif ($object->fields[$key]['type'] == 'datetime') { @@ -154,7 +154,7 @@ if ($action == 'update' && !empty($permissiontoadd)) $value = ''; } } elseif (preg_match('/^(integer|price|real|double)/', $object->fields[$key]['type'])) { - $value = price2num(GETPOST($key, 'none')); // To fix decimal separator according to lang setup + $value = price2num(GETPOST($key, 'alphanohtml')); // To fix decimal separator according to lang setup } elseif ($object->fields[$key]['type'] == 'boolean') { $value = ((GETPOST($key, 'aZ09') == 'on' || GETPOST($key, 'aZ09') == '1') ? 1 : 0); } else { diff --git a/htdocs/core/actions_changeselectedfields.inc.php b/htdocs/core/actions_changeselectedfields.inc.php index 9a03ba0d29e..f4e7f01d234 100644 --- a/htdocs/core/actions_changeselectedfields.inc.php +++ b/htdocs/core/actions_changeselectedfields.inc.php @@ -28,7 +28,7 @@ // $object must be defined (object is loaded in this file with fetch) // Save selection -if (GETPOST('formfilteraction', 'none') == 'listafterchangingselectedfields') +if (GETPOST('formfilteraction', 'alphanohtml') == 'listafterchangingselectedfields') { $tabparam = array(); diff --git a/htdocs/core/actions_comments.inc.php b/htdocs/core/actions_comments.inc.php index c352f07f9f7..079f207b4a4 100644 --- a/htdocs/core/actions_comments.inc.php +++ b/htdocs/core/actions_comments.inc.php @@ -35,7 +35,7 @@ $comment = new Comment($db); if ($action == 'addcomment') { - $description = GETPOST('comment_description', 'none'); + $description = GETPOST('comment_description', 'restricthtml'); if (!empty($description)) { $comment->description = $description; @@ -59,7 +59,7 @@ if ($action === 'updatecomment') { if ($comment->fetch($idcomment) >= 0) { - $comment->description = GETPOST('comment_description', 'none'); + $comment->description = GETPOST('comment_description', 'restricthtml'); if ($comment->update($user) > 0) { setEventMessages($langs->trans("CommentAdded"), null, 'mesgs'); diff --git a/htdocs/core/actions_linkedfiles.inc.php b/htdocs/core/actions_linkedfiles.inc.php index 7884fc09e67..3caeeed6678 100644 --- a/htdocs/core/actions_linkedfiles.inc.php +++ b/htdocs/core/actions_linkedfiles.inc.php @@ -63,7 +63,7 @@ if (GETPOST('sendit', 'alpha') && !empty($conf->global->MAIN_UPLOAD_DOC)) } } } -} elseif (GETPOST('linkit', 'none') && !empty($conf->global->MAIN_UPLOAD_DOC)) +} elseif (GETPOST('linkit', 'restricthtml') && !empty($conf->global->MAIN_UPLOAD_DOC)) { $link = GETPOST('link', 'alpha'); if ($link) diff --git a/htdocs/core/actions_massactions.inc.php b/htdocs/core/actions_massactions.inc.php index 612f988305f..4db4c94f007 100644 --- a/htdocs/core/actions_massactions.inc.php +++ b/htdocs/core/actions_massactions.inc.php @@ -141,7 +141,7 @@ if (!$error && $massaction == 'confirm_presend') $massaction = 'presend'; } - if (!GETPOST('subject', 'none')) + if (!GETPOST('subject', 'restricthtml')) { $error++; setEventMessages($langs->trans("ErrorFieldRequired", $langs->transnoentitiesnoconv("MailTopic")), null, 'warnings'); @@ -376,8 +376,8 @@ if (!$error && $massaction == 'confirm_presend') } $replyto = $from; - $subject = GETPOST('subject', 'none'); - $message = GETPOST('message', 'none'); + $subject = GETPOST('subject', 'restricthtml'); + $message = GETPOST('message', 'restricthtml'); $sendtobcc = GETPOST('sendtoccc'); if ($objectclass == 'Propal') $sendtobcc .= (empty($conf->global->MAIN_MAIL_AUTOCOPY_PROPOSAL_TO) ? '' : (($sendtobcc ? ", " : "").$conf->global->MAIN_MAIL_AUTOCOPY_PROPOSAL_TO)); diff --git a/htdocs/core/actions_sendmails.inc.php b/htdocs/core/actions_sendmails.inc.php index da010380276..5be25002079 100644 --- a/htdocs/core/actions_sendmails.inc.php +++ b/htdocs/core/actions_sendmails.inc.php @@ -300,8 +300,8 @@ if (($action == 'send' || $action == 'relance') && !$_POST['addfile'] && !$_POST } $replyto = dol_string_nospecial($_POST['replytoname'], ' ', array(",")).' <'.$_POST['replytomail'].'>'; - $message = GETPOST('message', 'none'); - $subject = GETPOST('subject', 'none'); + $message = GETPOST('message', 'restricthtml'); + $subject = GETPOST('subject', 'restricthtml'); // Make a change into HTML code to allow to include images from medias directory with an external reabable URL. // diff --git a/htdocs/core/actions_setnotes.inc.php b/htdocs/core/actions_setnotes.inc.php index 7ea3dd5016f..61db9b9fc55 100644 --- a/htdocs/core/actions_setnotes.inc.php +++ b/htdocs/core/actions_setnotes.inc.php @@ -33,7 +33,7 @@ if ($action == 'setnote_public' && !empty($permissionnote) && !GETPOST('cancel', if (empty($action) || !is_object($object) || empty($id)) dol_print_error('', 'Include of actions_setnotes.inc.php was done but required variable was not set before'); if (empty($object->id)) $object->fetch($id); // Fetch may not be already done - $result_update = $object->update_note(dol_html_entity_decode(GETPOST('note_public', 'none'), ENT_QUOTES, 'UTF-8', 1), '_public'); + $result_update = $object->update_note(dol_html_entity_decode(GETPOST('note_public', 'restricthtml'), ENT_QUOTES, 'UTF-8', 1), '_public'); if ($result_update < 0) setEventMessages($object->error, $object->errors, 'errors'); elseif (in_array($object->table_element, array('supplier_proposal', 'propal', 'commande_fournisseur', 'commande', 'facture_fourn', 'facture'))) @@ -63,6 +63,6 @@ if ($action == 'setnote_public' && !empty($permissionnote) && !GETPOST('cancel', // Set public note if (empty($action) || !is_object($object) || empty($id)) dol_print_error('', 'Include of actions_setnotes.inc.php was done but required variable was not set before'); if (empty($object->id)) $object->fetch($id); // Fetch may not be already done - $result = $object->update_note(dol_html_entity_decode(GETPOST('note_private', 'none'), ENT_QUOTES), '_private'); + $result = $object->update_note(dol_html_entity_decode(GETPOST('note_private', 'restricthtml'), ENT_QUOTES), '_private'); if ($result < 0) setEventMessages($object->error, $object->errors, 'errors'); } diff --git a/htdocs/core/ajax/selectsearchbox.php b/htdocs/core/ajax/selectsearchbox.php index 00b66ced374..29aeb9cc7eb 100644 --- a/htdocs/core/ajax/selectsearchbox.php +++ b/htdocs/core/ajax/selectsearchbox.php @@ -48,7 +48,7 @@ include_once DOL_DOCUMENT_ROOT.'/core/lib/json.lib.php'; //global $hookmanager; $hookmanager->initHooks(array('searchform')); -$search_boxvalue = GETPOST('q', 'none'); +$search_boxvalue = GETPOST('q', 'restricthtml'); $arrayresult = array(); diff --git a/htdocs/core/class/commonobject.class.php b/htdocs/core/class/commonobject.class.php index a381014983b..ef519f388a7 100644 --- a/htdocs/core/class/commonobject.class.php +++ b/htdocs/core/class/commonobject.class.php @@ -6690,7 +6690,9 @@ abstract class CommonObject break; case "create": case "edit": - $getposttemp = GETPOST($keyprefix.'options_'.$key.$keysuffix, 'none'); // GETPOST can get value from GET, POST or setup of default values. + $check = 'restricthtml'; + // TODO Use check = 'alphahtml' or 'int' for some types + $getposttemp = GETPOST($keyprefix.'options_'.$key.$keysuffix, $check); // GETPOST can get value from GET, POST or setup of default values. // GETPOST("options_" . $key) can be 'abc' or array(0=>'abc') if (is_array($getposttemp) || $getposttemp != '' || GETPOSTISSET($keyprefix.'options_'.$key.$keysuffix)) { @@ -6765,7 +6767,7 @@ abstract class CommonObject // HTML, select, integer and text add default value if (in_array($extrafields->attributes[$this->table_element]['type'][$key], array('html', 'text', 'select', 'int'))) { - if ($action == 'create') $value = GETPOSTISSET($keyprefix.'options_'.$key.$keysuffix) ? GETPOST($keyprefix.'options_'.$key.$keysuffix, 'none', 3) : $extrafields->attributes[$this->table_element]['default'][$key]; + if ($action == 'create') $value = GETPOSTISSET($keyprefix.'options_'.$key.$keysuffix) ? GETPOST($keyprefix.'options_'.$key.$keysuffix, 'restricthtml', 3) : $extrafields->attributes[$this->table_element]['default'][$key]; else $value = $this->array_options['options_'.$key]; } @@ -6775,7 +6777,7 @@ abstract class CommonObject $out .= ''; $out .= 'withbody)) { - $defaultmessage = GETPOST('message', 'none'); + $defaultmessage = GETPOST('message', 'restricthtml'); if (!GETPOST('modelselected', 'alpha') || GETPOST('modelmailselected') != '-1') { if ($arraydefaultmessage && $arraydefaultmessage->content) { @@ -1144,7 +1144,7 @@ class FormMail extends Form { global $conf, $langs, $form; - $defaulttopic = GETPOST('subject', 'none'); + $defaulttopic = GETPOST('subject', 'restricthtml'); if (!GETPOST('modelselected', 'alpha') || GETPOST('modelmailselected') != '-1') { if ($arraydefaultmessage && $arraydefaultmessage->topic) { $defaulttopic = $arraydefaultmessage->topic; diff --git a/htdocs/core/class/html.formticket.class.php b/htdocs/core/class/html.formticket.class.php index f6973314101..35ad4b83a7f 100644 --- a/htdocs/core/class/html.formticket.class.php +++ b/htdocs/core/class/html.formticket.class.php @@ -231,7 +231,7 @@ class FormTicket } // MESSAGE - $msg = GETPOSTISSET('message') ? GETPOST('message', 'none') : ''; + $msg = GETPOSTISSET('message') ? GETPOST('message', 'restricthtml') : ''; print ''; // If public form, display more information diff --git a/htdocs/core/tpl/admin_extrafields_add.tpl.php b/htdocs/core/tpl/admin_extrafields_add.tpl.php index 616ecb74f40..b8a37ee5969 100644 --- a/htdocs/core/tpl/admin_extrafields_add.tpl.php +++ b/htdocs/core/tpl/admin_extrafields_add.tpl.php @@ -181,7 +181,7 @@ $langs->load("modulebuilder"); trans("LanguageFile"); ?> global->MAIN_STORE_COMPUTED_EXTRAFIELDS)) { ?> - textwithpicto($langs->trans("ComputedFormula"), $langs->trans("ComputedFormulaDesc"), 1, 'help', '', 0, 2, 'tooltipcompute'); ?> + textwithpicto($langs->trans("ComputedFormula"), $langs->trans("ComputedFormulaDesc"), 1, 'help', '', 0, 2, 'tooltipcompute'); ?> textwithpicto($langs->trans("ComputedFormula"), $langs->trans("ComputedFormulaDesc")).$form->textwithpicto($langs->trans("Computedpersistent"), $langs->trans("ComputedpersistentDesc"), 1, 'warning'); ?> diff --git a/htdocs/core/tpl/commonfields_add.tpl.php b/htdocs/core/tpl/commonfields_add.tpl.php index 0bf2a60d0fe..d36f0c2a87a 100644 --- a/htdocs/core/tpl/commonfields_add.tpl.php +++ b/htdocs/core/tpl/commonfields_add.tpl.php @@ -54,7 +54,7 @@ foreach ($object->fields as $key => $val) print ''; print ''; if (in_array($val['type'], array('int', 'integer'))) $value = GETPOST($key, 'int'); - elseif ($val['type'] == 'text' || $val['type'] == 'html') $value = GETPOST($key, 'none'); + elseif ($val['type'] == 'text' || $val['type'] == 'html') $value = GETPOST($key, 'restricthtml'); else $value = GETPOST($key, 'alpha'); if ($val['noteditable']) print $object->showOutputField($val, $key, $value, '', '', '', 0); else print $object->showInputField($val, $key, $value, '', '', '', 0); diff --git a/htdocs/core/tpl/commonfields_edit.tpl.php b/htdocs/core/tpl/commonfields_edit.tpl.php index 8484d06ddb6..ace640d9b79 100644 --- a/htdocs/core/tpl/commonfields_edit.tpl.php +++ b/htdocs/core/tpl/commonfields_edit.tpl.php @@ -52,7 +52,7 @@ foreach ($object->fields as $key => $val) print ''; print ''; if (in_array($val['type'], array('int', 'integer'))) $value = GETPOSTISSET($key) ?GETPOST($key, 'int') : $object->$key; - elseif ($val['type'] == 'text' || $val['type'] == 'html') $value = GETPOSTISSET($key) ?GETPOST($key, 'none') : $object->$key; + elseif ($val['type'] == 'text' || $val['type'] == 'html') $value = GETPOSTISSET($key) ?GETPOST($key, 'restricthtml') : $object->$key; else $value = GETPOSTISSET($key) ?GETPOST($key, 'alpha') : $object->$key; //var_dump($val.' '.$key.' '.$value); if ($val['noteditable']) print $object->showOutputField($val, $key, $value, '', '', '', 0); diff --git a/htdocs/core/tpl/extrafields_view.tpl.php b/htdocs/core/tpl/extrafields_view.tpl.php index 4e9ce5d6997..8f02f40fe3c 100644 --- a/htdocs/core/tpl/extrafields_view.tpl.php +++ b/htdocs/core/tpl/extrafields_view.tpl.php @@ -176,7 +176,7 @@ if (empty($reshook) && is_array($extrafields->attributes[$object->table_element] } //TODO Improve element and rights detection - if ($action == 'edit_extras' && $permok && GETPOST('attribute', 'none') == $tmpkeyextra) + if ($action == 'edit_extras' && $permok && GETPOST('attribute', 'restricthtml') == $tmpkeyextra) { $fieldid = 'id'; if ($object->table_element == 'societe') $fieldid = 'socid'; diff --git a/htdocs/core/tpl/objectline_create.tpl.php b/htdocs/core/tpl/objectline_create.tpl.php index ed38c5ea783..eed6c9d201e 100644 --- a/htdocs/core/tpl/objectline_create.tpl.php +++ b/htdocs/core/tpl/objectline_create.tpl.php @@ -306,7 +306,7 @@ if ($nolinesbefore) { if (!empty($conf->global->MAIN_INPUT_DESC_HEIGHT)) $nbrows = $conf->global->MAIN_INPUT_DESC_HEIGHT; $toolbarname = 'dolibarr_details'; if (!empty($conf->global->FCKEDITOR_ENABLE_DETAILS_FULL)) $toolbarname = 'dolibarr_notes'; - $doleditor = new DolEditor('dp_desc', GETPOST('dp_desc', 'none'), '', (empty($conf->global->MAIN_DOLEDITOR_HEIGHT) ? 100 : $conf->global->MAIN_DOLEDITOR_HEIGHT), $toolbarname, '', false, true, $enabled, $nbrows, '98%'); + $doleditor = new DolEditor('dp_desc', GETPOST('dp_desc', 'restricthtml'), '', (empty($conf->global->MAIN_DOLEDITOR_HEIGHT) ? 100 : $conf->global->MAIN_DOLEDITOR_HEIGHT), $toolbarname, '', false, true, $enabled, $nbrows, '98%'); $doleditor->Create(); // Show autofill date for recurring invoices if (!empty($conf->service->enabled) && $object->element == 'facturerec') diff --git a/htdocs/don/admin/donation.php b/htdocs/don/admin/donation.php index 800d391dfbd..bf78a051d83 100644 --- a/htdocs/don/admin/donation.php +++ b/htdocs/don/admin/donation.php @@ -130,7 +130,7 @@ if ($action == 'set_DONATION_ACCOUNTINGACCOUNT') if ($action == 'set_DONATION_MESSAGE') { - $freemessage = GETPOST('DONATION_MESSAGE', 'none'); // No alpha here, we want exact string + $freemessage = GETPOST('DONATION_MESSAGE', 'restricthtml'); // No alpha here, we want exact string $res = dolibarr_set_const($db, "DONATION_MESSAGE", $freemessage, 'chaine', 0, '', $conf->entity); diff --git a/htdocs/don/card.php b/htdocs/don/card.php index 95502885929..70935e12472 100644 --- a/htdocs/don/card.php +++ b/htdocs/don/card.php @@ -113,8 +113,8 @@ if ($action == 'update') $object->date = $donation_date; $object->public = GETPOST("public", 'alpha'); $object->fk_project = GETPOST("fk_project", 'alpha'); - $object->note_private = GETPOST("note_private", 'none'); - $object->note_public = GETPOST("note_public", 'none'); + $object->note_private = GETPOST("note_private", 'restricthtml'); + $object->note_public = GETPOST("note_public", 'restricthtml'); $object->modepaymentid = GETPOST('modepayment', 'int'); // Fill array 'array_options' with data from add form @@ -166,8 +166,8 @@ if ($action == 'add') $object->country_id = GETPOST('country_id', 'int'); $object->email = GETPOST('email', 'alpha'); $object->date = $donation_date; - $object->note_private = GETPOST("note_private", 'none'); - $object->note_public = GETPOST("note_public", 'none'); + $object->note_private = GETPOST("note_private", 'restricthtml'); + $object->note_public = GETPOST("note_public", 'restricthtml'); $object->public = GETPOST("public", 'alpha'); $object->fk_project = GETPOST("fk_project", 'alpha'); $object->modepaymentid = GETPOST('modepayment', 'int'); @@ -389,7 +389,7 @@ if ($action == 'create') print "".''.$langs->trans("Lastname").''; print "".''.$langs->trans("Firstname").''; print "".''.$langs->trans("Address").''; - print ''; + print ''; // Zip / Town print ''.$langs->trans("Zip").' / '.$langs->trans("Town").''; diff --git a/htdocs/don/payment/payment.php b/htdocs/don/payment/payment.php index 50c469a5f1a..3983765d904 100644 --- a/htdocs/don/payment/payment.php +++ b/htdocs/don/payment/payment.php @@ -107,7 +107,7 @@ if ($action == 'add_payment') $payment->amounts = $amounts; // Tableau de montant $payment->paymenttype = GETPOST("paymenttype", 'int'); $payment->num_payment = GETPOST("num_payment", 'alphanohtml'); - $payment->note_public = GETPOST("note_public", 'none'); + $payment->note_public = GETPOST("note_public", 'restricthtml'); if (!$error) { diff --git a/htdocs/ecm/index.php b/htdocs/ecm/index.php index e009dfc6891..d3ddb99fbdf 100644 --- a/htdocs/ecm/index.php +++ b/htdocs/ecm/index.php @@ -83,7 +83,7 @@ $error = 0; //include DOL_DOCUMENT_ROOT.'/core/actions_linkedfiles.inc.php'; // Upload file (code similar but different than actions_linkedfiles.inc.php) -if (GETPOST("sendit", 'none') && !empty($conf->global->MAIN_UPLOAD_DOC)) +if (GETPOST("sendit", 'alphanohtml') && !empty($conf->global->MAIN_UPLOAD_DOC)) { // Define relativepath and upload_dir $relativepath = ''; diff --git a/htdocs/expedition/card.php b/htdocs/expedition/card.php index dce279a32e5..7d4a455d58b 100644 --- a/htdocs/expedition/card.php +++ b/htdocs/expedition/card.php @@ -164,7 +164,7 @@ if (empty($reshook)) $object->oldcopy = dol_clone($object); // Fill array 'array_options' with data from update form - $ret = $extrafields->setOptionalsFromPost(null, $object, GETPOST('attribute', 'none')); + $ret = $extrafields->setOptionalsFromPost(null, $object, GETPOST('attribute', 'restricthtml')); if ($ret < 0) $error++; if (!$error) @@ -216,8 +216,8 @@ if (empty($reshook)) $object->shipping_method_id = GETPOST('shipping_method_id', 'int'); $object->tracking_number = GETPOST('tracking_number', 'alpha'); $object->ref_int = GETPOST('ref_int', 'alpha'); - $object->note_private = GETPOST('note_private', 'none'); - $object->note_public = GETPOST('note_public', 'none'); + $object->note_private = GETPOST('note_private', 'restricthtml'); + $object->note_public = GETPOST('note_public', 'restricthtml'); $object->fk_incoterms = GETPOST('incoterm_id', 'int'); $object->location_incoterms = GETPOST('location_incoterms', 'alpha'); diff --git a/htdocs/expedition/shipment.php b/htdocs/expedition/shipment.php index 742de498aee..152dee7cd36 100644 --- a/htdocs/expedition/shipment.php +++ b/htdocs/expedition/shipment.php @@ -190,7 +190,7 @@ if (empty($reshook)) $object->oldcopy = dol_clone($object); // Fill array 'array_options' with data from update form - $ret = $extrafields->setOptionalsFromPost(null, $object, GETPOST('attribute', 'none')); + $ret = $extrafields->setOptionalsFromPost(null, $object, GETPOST('attribute', 'restricthtml')); if ($ret < 0) $error++; if (!$error) diff --git a/htdocs/expensereport/card.php b/htdocs/expensereport/card.php index 023b114835a..77960bf2ed8 100644 --- a/htdocs/expensereport/card.php +++ b/htdocs/expensereport/card.php @@ -60,7 +60,7 @@ $date = dol_mktime(0, 0, 0, GETPOST('datemonth', 'int'), GETPOST('dateday', 'int $fk_project = GETPOST('fk_project', 'int'); $vatrate = GETPOST('vatrate', 'alpha'); $ref = GETPOST("ref", 'alpha'); -$comments = GETPOST('comments', 'none'); +$comments = GETPOST('comments', 'restricthtml'); $fk_c_type_fees = GETPOST('fk_c_type_fees', 'int'); $socid = GETPOST('socid', 'int') ?GETPOST('socid', 'int') : GETPOST('socid_id', 'int'); @@ -227,8 +227,8 @@ if (empty($reshook)) $object->fk_statut = 1; $object->fk_c_paiement = GETPOST('fk_c_paiement', 'int'); $object->fk_user_validator = GETPOST('fk_user_validator', 'int'); - $object->note_public = GETPOST('note_public', 'none'); - $object->note_private = GETPOST('note_private', 'none'); + $object->note_public = GETPOST('note_public', 'restricthtml'); + $object->note_private = GETPOST('note_private', 'restricthtml'); // Fill array 'array_options' with data from add form if (!$error) { @@ -280,8 +280,8 @@ if (empty($reshook)) } $object->fk_c_paiement = GETPOST('fk_c_paiement', 'int'); - $object->note_public = GETPOST('note_public', 'none'); - $object->note_private = GETPOST('note_private', 'none'); + $object->note_public = GETPOST('note_public', 'restricthtml'); + $object->note_private = GETPOST('note_private', 'restricthtml'); $object->fk_user_modif = $user->id; $result = $object->update($user); @@ -299,7 +299,7 @@ if (empty($reshook)) $object->oldcopy = dol_clone($object); // Fill array 'array_options' with data from update form - $ret = $extrafields->setOptionalsFromPost(null, $object, GETPOST('attribute', 'none')); + $ret = $extrafields->setOptionalsFromPost(null, $object, GETPOST('attribute', 'restricthtml')); if ($ret < 0) $error++; if (!$error) @@ -1261,7 +1261,7 @@ if (empty($reshook)) $type_fees_id = GETPOST('fk_c_type_fees', 'int'); $fk_c_exp_tax_cat = GETPOST('fk_c_exp_tax_cat', 'int'); $projet_id = $fk_project; - $comments = GETPOST('comments', 'none'); + $comments = GETPOST('comments', 'restricthtml'); $qty = GETPOST('qty', 'int'); $vatrate = GETPOST('vatrate', 'alpha'); diff --git a/htdocs/expensereport/payment/payment.php b/htdocs/expensereport/payment/payment.php index 00d690f20d5..c17f3ec10ee 100644 --- a/htdocs/expensereport/payment/payment.php +++ b/htdocs/expensereport/payment/payment.php @@ -119,7 +119,7 @@ if ($action == 'add_payment') $payment->total = $total; $payment->fk_typepayment = GETPOST("fk_typepayment", 'int'); $payment->num_payment = GETPOST("num_payment", 'alphanothtml'); - $payment->note_public = GETPOST("note_public", 'none'); + $payment->note_public = GETPOST("note_public", 'restricthtml'); if (!$error) { diff --git a/htdocs/externalsite/admin/externalsite.php b/htdocs/externalsite/admin/externalsite.php index 2c882b0b329..cb73403356b 100644 --- a/htdocs/externalsite/admin/externalsite.php +++ b/htdocs/externalsite/admin/externalsite.php @@ -50,7 +50,7 @@ if ($action == 'update') $db->begin(); $label = GETPOST('EXTERNALSITE_LABEL', 'alpha'); - $exturl = GETPOST('EXTERNALSITE_URL', 'none'); + $exturl = GETPOST('EXTERNALSITE_URL', 'restricthtml'); $i += dolibarr_set_const($db, 'EXTERNALSITE_LABEL', trim($label), 'chaine', 0, '', $conf->entity); $i += dolibarr_set_const($db, 'EXTERNALSITE_URL', trim($exturl), 'chaine', 0, '', $conf->entity); @@ -101,7 +101,7 @@ print ""; print ''; print ''.$langs->trans("ExternalSiteURL").""; print ''; print "http://localhost/myurl/"; print "
https://wikipedia.org/"; diff --git a/htdocs/fichinter/card.php b/htdocs/fichinter/card.php index 0bd23036351..7a6f0563dec 100644 --- a/htdocs/fichinter/card.php +++ b/htdocs/fichinter/card.php @@ -65,7 +65,7 @@ $confirm = GETPOST('confirm', 'alpha'); $mesg = GETPOST('msg', 'alpha'); $origin = GETPOST('origin', 'alpha'); $originid = (GETPOST('originid', 'int') ?GETPOST('originid', 'int') : GETPOST('origin_id', 'int')); // For backward compatibility -$note_public = GETPOST('note_public', 'none'); +$note_public = GETPOST('note_public', 'restricthtml'); $lineid = GETPOST('line_id', 'int'); //PDF @@ -210,8 +210,8 @@ if (empty($reshook)) $object->description = GETPOST('description', 'restricthtml'); $object->ref = $ref; $object->model_pdf = GETPOST('model', 'alpha'); - $object->note_private = GETPOST('note_private', 'none'); - $object->note_public = GETPOST('note_public', 'none'); + $object->note_private = GETPOST('note_private', 'restricthtml'); + $object->note_public = GETPOST('note_public', 'restricthtml'); if ($object->socid > 0) { @@ -454,7 +454,7 @@ if (empty($reshook)) // Add line elseif ($action == "addline" && $user->rights->ficheinter->creer) { - if (!GETPOST('np_desc', 'none') && empty($conf->global->FICHINTER_EMPTY_LINE_DESC)) + if (!GETPOST('np_desc', 'restricthtml') && empty($conf->global->FICHINTER_EMPTY_LINE_DESC)) { $mesg = '
'.$langs->trans("ErrorFieldRequired", $langs->transnoentitiesnoconv("Description")).'
'; $error++; @@ -473,7 +473,7 @@ if (empty($reshook)) { $db->begin(); - $desc = GETPOST('np_desc', 'none'); + $desc = GETPOST('np_desc', 'restricthtml'); $date_intervention = dol_mktime(GETPOST('dihour', 'int'), GETPOST('dimin', 'int'), 0, GETPOST('dimonth', 'int'), GETPOST('diday', 'int'), GETPOST('diyear', 'int')); $duration = empty($conf->global->FICHINTER_WITHOUT_DURATION) ?convertTime2Seconds(GETPOST('durationhour', 'int'), GETPOST('durationmin', 'int')) : 0; @@ -701,7 +701,7 @@ if (empty($reshook)) $object->oldcopy = dol_clone($object); // Fill array 'array_options' with data from update form - $ret = $extrafields->setOptionalsFromPost(null, $object, GETPOST('attribute', 'none')); + $ret = $extrafields->setOptionalsFromPost(null, $object, GETPOST('attribute', 'restricthtml')); if ($ret < 0) $error++; if (!$error) @@ -830,8 +830,8 @@ if ($action == 'create') $soc = $objectsrc->thirdparty; - $note_private = (!empty($objectsrc->note) ? $objectsrc->note : (!empty($objectsrc->note_private) ? $objectsrc->note_private : GETPOST('note_private', 'none'))); - $note_public = (!empty($objectsrc->note_public) ? $objectsrc->note_public : GETPOST('note_public', 'none')); + $note_private = (!empty($objectsrc->note) ? $objectsrc->note : (!empty($objectsrc->note_private) ? $objectsrc->note_private : GETPOST('note_private', 'restricthtml'))); + $note_public = (!empty($objectsrc->note_public) ? $objectsrc->note_public : GETPOST('note_public', 'restricthtml')); // Object source contacts list $srccontactslist = $objectsrc->liste_contact(-1, 'external', 1); diff --git a/htdocs/fourn/card.php b/htdocs/fourn/card.php index d404f52ea48..7b521918fc8 100644 --- a/htdocs/fourn/card.php +++ b/htdocs/fourn/card.php @@ -118,7 +118,7 @@ if (empty($reshook)) $object->oldcopy = dol_clone($object); // Fill array 'array_options' with data from update form - $ret = $extrafields->setOptionalsFromPost(null, $object, GETPOST('attribute', 'none')); + $ret = $extrafields->setOptionalsFromPost(null, $object, GETPOST('attribute', 'restricthtml')); if ($ret < 0) $error++; diff --git a/htdocs/fourn/commande/card.php b/htdocs/fourn/commande/card.php index 137ddafc79d..4dfcc554501 100644 --- a/htdocs/fourn/commande/card.php +++ b/htdocs/fourn/commande/card.php @@ -1098,7 +1098,7 @@ if (empty($reshook)) $object->oldcopy = dol_clone($object); // Fill array 'array_options' with data from add form - $ret = $extrafields->setOptionalsFromPost(null, $object, GETPOST('attribute', 'none')); + $ret = $extrafields->setOptionalsFromPost(null, $object, GETPOST('attribute', 'restricthtml')); if ($ret < 0) $error++; if (!$error) @@ -1143,8 +1143,8 @@ if (empty($reshook)) $object->cond_reglement_id = GETPOST('cond_reglement_id'); $object->mode_reglement_id = GETPOST('mode_reglement_id'); $object->fk_account = GETPOST('fk_account', 'int'); - $object->note_private = GETPOST('note_private', 'none'); - $object->note_public = GETPOST('note_public', 'none'); + $object->note_private = GETPOST('note_private', 'restricthtml'); + $object->note_public = GETPOST('note_public', 'restricthtml'); $object->date_livraison = $datelivraison; $object->fk_incoterms = GETPOST('incoterm_id', 'int'); $object->location_incoterms = GETPOST('location_incoterms', 'alpha'); @@ -1703,7 +1703,7 @@ if ($action == 'create') print ''.$langs->trans('NotePublic').''; print ''; - $doleditor = new DolEditor('note_public', isset($note_public) ? $note_public : GETPOST('note_public', 'none'), '', 80, 'dolibarr_notes', 'In', 0, false, true, ROWS_3, '90%'); + $doleditor = new DolEditor('note_public', isset($note_public) ? $note_public : GETPOST('note_public', 'restricthtml'), '', 80, 'dolibarr_notes', 'In', 0, false, true, ROWS_3, '90%'); print $doleditor->Create(1); print ''; //print ''; @@ -1711,7 +1711,7 @@ if ($action == 'create') print ''.$langs->trans('NotePrivate').''; print ''; - $doleditor = new DolEditor('note_private', isset($note_private) ? $note_private : GETPOST('note_private', 'none'), '', 80, 'dolibarr_notes', 'In', 0, false, true, ROWS_3, '90%'); + $doleditor = new DolEditor('note_private', isset($note_private) ? $note_private : GETPOST('note_private', 'restricthtml'), '', 80, 'dolibarr_notes', 'In', 0, false, true, ROWS_3, '90%'); print $doleditor->Create(1); print ''; //print ''; diff --git a/htdocs/fourn/commande/orderstoinvoice.php b/htdocs/fourn/commande/orderstoinvoice.php index 4b498d468d9..3c8e5708972 100644 --- a/htdocs/fourn/commande/orderstoinvoice.php +++ b/htdocs/fourn/commande/orderstoinvoice.php @@ -163,8 +163,8 @@ if (($action == 'create' || $action == 'add') && !$error) { $object->label = (GETPOSTISSET('libelle') ? GETPOST('libelle', 'nohtml') : GETPOST('label', 'nohtml')); $object->date = $datefacture; $object->date_echeance = $datedue; - $object->note_public = GETPOST('note_public', 'none'); - $object->note_private = GETPOST('note_private', 'none'); + $object->note_public = GETPOST('note_public', 'restricthtml'); + $object->note_private = GETPOST('note_private', 'restricthtml'); $object->cond_reglement_id = GETPOST('cond_reglement_id'); $object->mode_reglement_id = GETPOST('mode_reglement_id'); $projectid = GETPOST('projectid', 'int'); diff --git a/htdocs/fourn/facture/card.php b/htdocs/fourn/facture/card.php index 278896aae9b..9470e408b70 100644 --- a/htdocs/fourn/facture/card.php +++ b/htdocs/fourn/facture/card.php @@ -651,8 +651,8 @@ if (empty($reshook)) $object->libelle = GETPOST('label', 'nohtml'); $object->date = $datefacture; $object->date_echeance = $datedue; - $object->note_public = GETPOST('note_public', 'none'); - $object->note_private = GETPOST('note_private', 'none'); + $object->note_public = GETPOST('note_public', 'restricthtml'); + $object->note_private = GETPOST('note_private', 'restricthtml'); $object->cond_reglement_id = GETPOST('cond_reglement_id'); $object->mode_reglement_id = GETPOST('mode_reglement_id'); $object->fk_account = GETPOST('fk_account', 'int'); @@ -716,8 +716,8 @@ if (empty($reshook)) $object->label = GETPOST('label', 'nohtml'); $object->date = $datefacture; $object->date_echeance = $datedue; - $object->note_public = GETPOST('note_public', 'none'); - $object->note_private = GETPOST('note_private', 'none'); + $object->note_public = GETPOST('note_public', 'restricthtml'); + $object->note_private = GETPOST('note_private', 'restricthtml'); $object->cond_reglement_id = GETPOST('cond_reglement_id'); $object->mode_reglement_id = GETPOST('mode_reglement_id'); $object->fk_account = GETPOST('fk_account', 'int'); @@ -828,8 +828,8 @@ if (empty($reshook)) $object->libelle = $_POST['label']; $object->date = $datefacture; $object->date_echeance = $datedue; - $object->note_public = GETPOST('note_public', 'none'); - $object->note_private = GETPOST('note_private', 'none'); + $object->note_public = GETPOST('note_public', 'restricthtml'); + $object->note_private = GETPOST('note_private', 'restricthtml'); $object->cond_reglement_id = GETPOST('cond_reglement_id'); $object->mode_reglement_id = GETPOST('mode_reglement_id'); $object->fk_account = GETPOST('fk_account', 'int'); @@ -1057,7 +1057,7 @@ if (empty($reshook)) $productsupplier = new ProductFournisseur($db); if (!empty($conf->global->SUPPLIER_INVOICE_WITH_PREDEFINED_PRICES_ONLY)) { - if (GETPOST('productid') > 0 && $productsupplier->get_buyprice(0, price2num($_POST['qty']), GETPOST('productid'), 'none', GETPOST('socid', 'int')) < 0) + if (GETPOST('productid') > 0 && $productsupplier->get_buyprice(0, price2num(GETPOST('qty')), GETPOST('productid', 'int'), 'restricthtml', GETPOST('socid', 'int')) < 0) { setEventMessages($langs->trans("ErrorQtyTooLowForThisSupplier"), null, 'warnings'); } @@ -1534,7 +1534,7 @@ if (empty($reshook)) $object->oldcopy = dol_clone($object); // Fill array 'array_options' with data from add form - $ret = $extrafields->setOptionalsFromPost(null, $object, GETPOST('attribute', 'none')); + $ret = $extrafields->setOptionalsFromPost(null, $object, GETPOST('attribute', 'restricthtml')); if ($ret < 0) $error++; if (!$error) @@ -2056,7 +2056,7 @@ if ($action == 'create') // Public note print ''.$langs->trans('NotePublic').''; print ''; - $doleditor = new DolEditor('note_public', (GETPOSTISSET('note_public') ?GETPOST('note_public', 'none') : $note_public), '', 80, 'dolibarr_notes', 'In', 0, false, true, ROWS_3, '90%'); + $doleditor = new DolEditor('note_public', (GETPOSTISSET('note_public') ?GETPOST('note_public', 'restricthtml') : $note_public), '', 80, 'dolibarr_notes', 'In', 0, false, true, ROWS_3, '90%'); print $doleditor->Create(1); print ''; // print ''; @@ -2065,7 +2065,7 @@ if ($action == 'create') // Private note print ''.$langs->trans('NotePrivate').''; print ''; - $doleditor = new DolEditor('note_private', (GETPOSTISSET('note_private') ?GETPOST('note_private', 'none') : $note_private), '', 80, 'dolibarr_notes', 'In', 0, false, true, ROWS_3, '90%'); + $doleditor = new DolEditor('note_private', (GETPOSTISSET('note_private') ?GETPOST('note_private', 'restricthtml') : $note_private), '', 80, 'dolibarr_notes', 'In', 0, false, true, ROWS_3, '90%'); print $doleditor->Create(1); print ''; // print ''; diff --git a/htdocs/fourn/paiement/card.php b/htdocs/fourn/paiement/card.php index 56a007ccbeb..9a7af329f50 100644 --- a/htdocs/fourn/paiement/card.php +++ b/htdocs/fourn/paiement/card.php @@ -54,7 +54,7 @@ if ($action == 'setnote' && $user->rights->fournisseur->facture->creer) $db->begin(); $object->fetch($id); - $result = $object->update_note(GETPOST('note', 'none')); + $result = $object->update_note(GETPOST('note', 'restricthtml')); if ($result > 0) { $db->commit(); diff --git a/htdocs/holiday/card.php b/htdocs/holiday/card.php index a705af0ea1a..a1956d72ecb 100644 --- a/htdocs/holiday/card.php +++ b/htdocs/holiday/card.php @@ -486,7 +486,7 @@ if (empty($reshook)) $object->oldcopy = dol_clone($object); // Fill array 'array_options' with data from update form - $ret = $extrafields->setOptionalsFromPost(null, $object, GETPOST('attribute', 'none')); + $ret = $extrafields->setOptionalsFromPost(null, $object, GETPOST('attribute', 'restricthtml')); if ($ret < 0) $error++; if (!$error) diff --git a/htdocs/install/step1.php b/htdocs/install/step1.php index 87a4d53c03b..9d0d0a99038 100644 --- a/htdocs/install/step1.php +++ b/htdocs/install/step1.php @@ -55,8 +55,8 @@ $db_user = GETPOST('db_user', 'alpha') ?GETPOST('db_user', 'alpha') : (empty($ar $db_pass = GETPOST('db_pass', 'none') ?GETPOST('db_pass', 'none') : (empty($argv[12]) ? '' : $argv[12]); $db_port = GETPOST('db_port', 'int') ?GETPOST('db_port', 'int') : (empty($argv[13]) ? '' : $argv[13]); $db_prefix = GETPOST('db_prefix', 'aZ09') ?GETPOST('db_prefix', 'aZ09') : (empty($argv[14]) ? '' : $argv[14]); -$db_create_database = GETPOST('db_create_database', 'none') ?GETPOST('db_create_database', 'none') : (empty($argv[15]) ? '' : $argv[15]); -$db_create_user = GETPOST('db_create_user', 'none') ?GETPOST('db_create_user', 'none') : (empty($argv[16]) ? '' : $argv[16]); +$db_create_database = GETPOST('db_create_database', 'alpha') ?GETPOST('db_create_database', 'alpha') : (empty($argv[15]) ? '' : $argv[15]); +$db_create_user = GETPOST('db_create_user', 'alpha') ?GETPOST('db_create_user', 'alpha') : (empty($argv[16]) ? '' : $argv[16]); // Force https $main_force_https = ((GETPOST("main_force_https", 'alpha') && (GETPOST("main_force_https", 'alpha') == "on" || GETPOST("main_force_https", 'alpha') == 1)) ? '1' : '0'); // Use alternative directory diff --git a/htdocs/livraison/card.php b/htdocs/livraison/card.php index 7addb72e328..80594338ba1 100644 --- a/htdocs/livraison/card.php +++ b/htdocs/livraison/card.php @@ -189,7 +189,7 @@ if ($action == 'update_extras') $object->oldcopy = dol_clone($object); // Fill array 'array_options' with data from update form - $ret = $extrafields->setOptionalsFromPost(null, $object, GETPOST('attribute', 'none')); + $ret = $extrafields->setOptionalsFromPost(null, $object, GETPOST('attribute', 'restricthtml')); if ($ret < 0) $error++; if (!$error) diff --git a/htdocs/loan/card.php b/htdocs/loan/card.php index fa3ca6afe52..157bdbd53b8 100644 --- a/htdocs/loan/card.php +++ b/htdocs/loan/card.php @@ -129,8 +129,8 @@ if (empty($reshook)) $object->dateend = $dateend; $object->nbterm = GETPOST('nbterm'); $object->rate = $rate; - $object->note_private = GETPOST('note_private', 'none'); - $object->note_public = GETPOST('note_public', 'none'); + $object->note_private = GETPOST('note_private', 'restricthtml'); + $object->note_public = GETPOST('note_public', 'restricthtml'); $object->fk_project = GETPOST('projectid', 'int'); $object->insurance_amount = GETPOST('insurance_amount', 'int'); diff --git a/htdocs/loan/payment/payment.php b/htdocs/loan/payment/payment.php index 4b305dedabf..9aaa75b9845 100644 --- a/htdocs/loan/payment/payment.php +++ b/htdocs/loan/payment/payment.php @@ -160,8 +160,8 @@ if ($action == 'add_payment') $payment->amount_interest = $pay_amount_insurance; $payment->paymenttype = GETPOST('paymenttype', 'int'); $payment->num_payment = GETPOST('num_payment'); - $payment->note_private = GETPOST('note_private', 'none'); - $payment->note_public = GETPOST('note_public', 'none'); + $payment->note_private = GETPOST('note_private', 'restricthtml'); + $payment->note_public = GETPOST('note_public', 'restricthtml'); if (!$error) { diff --git a/htdocs/modulebuilder/admin/setup.php b/htdocs/modulebuilder/admin/setup.php index 9f0f8ae46ad..c100c4a1ab0 100644 --- a/htdocs/modulebuilder/admin/setup.php +++ b/htdocs/modulebuilder/admin/setup.php @@ -37,7 +37,7 @@ $backtopage = GETPOST('backtopage', 'alpha'); */ if ($action == "update") { - $res1 = dolibarr_set_const($db, 'MODULEBUILDER_SPECIFIC_README', GETPOST('MODULEBUILDER_SPECIFIC_README', 'none'), 'chaine', 0, '', $conf->entity); + $res1 = dolibarr_set_const($db, 'MODULEBUILDER_SPECIFIC_README', GETPOST('MODULEBUILDER_SPECIFIC_README', 'restricthtml'), 'chaine', 0, '', $conf->entity); $res2 = dolibarr_set_const($db, 'MODULEBUILDER_ASCIIDOCTOR', GETPOST('MODULEBUILDER_ASCIIDOCTOR', 'nohtml'), 'chaine', 0, '', $conf->entity); $res3 = dolibarr_set_const($db, 'MODULEBUILDER_ASCIIDOCTORPDF', GETPOST('MODULEBUILDER_ASCIIDOCTORPDF', 'nohtml'), 'chaine', 0, '', $conf->entity); $res4 = dolibarr_set_const($db, 'MODULEBUILDER_SPECIFIC_EDITOR_NAME', GETPOST('MODULEBUILDER_SPECIFIC_EDITOR_NAME', 'nohtml'), 'chaine', 0, '', $conf->entity); diff --git a/htdocs/modulebuilder/index.php b/htdocs/modulebuilder/index.php index 87226e0fe10..35201e78952 100644 --- a/htdocs/modulebuilder/index.php +++ b/htdocs/modulebuilder/index.php @@ -1187,7 +1187,7 @@ if ($dirins && $action == 'addproperty' && !empty($module) && !empty($tabobj)) { $addfieldentry = array( 'name'=>GETPOST('propname', 'aZ09'), 'label'=>GETPOST('proplabel', 'alpha'), 'type'=>GETPOST('proptype', 'alpha'), - 'arrayofkeyval'=>GETPOST('proparrayofkeyval', 'none'), // Example json string '{"0":"Draft","1":"Active","-1":"Cancel"}' + 'arrayofkeyval'=>GETPOST('proparrayofkeyval', 'restricthtml'), // Example json string '{"0":"Draft","1":"Active","-1":"Cancel"}' 'visible'=>GETPOST('propvisible', 'int'), 'enabled'=>GETPOST('propenabled', 'int'), 'position'=>GETPOST('propposition', 'int'), 'notnull'=>GETPOST('propnotnull', 'int'), 'index'=>GETPOST('propindex', 'int'), 'searchall'=>GETPOST('propsearchall', 'int'), 'isameasure'=>GETPOST('propisameasure', 'int'), 'comment'=>GETPOST('propcomment', 'alpha'), 'help'=>GETPOST('prophelp', 'alpha') @@ -2577,7 +2577,7 @@ if ($module == 'initmodule') print ''; print ''; print ''; - print ''; + print ''; print ''; print ''; print ''; diff --git a/htdocs/product/card.php b/htdocs/product/card.php index 70b169dc326..c4b46113d7f 100644 --- a/htdocs/product/card.php +++ b/htdocs/product/card.php @@ -286,9 +286,9 @@ if (empty($reshook)) $object->barcode_type_coder = $stdobject->barcode_type_coder; $object->barcode_type_label = $stdobject->barcode_type_label; - $object->description = dol_htmlcleanlastbr(GETPOST('desc', 'none')); + $object->description = dol_htmlcleanlastbr(GETPOST('desc', 'restricthtml')); $object->url = GETPOST('url'); - $object->note_private = dol_htmlcleanlastbr(GETPOST('note_private', 'none')); + $object->note_private = dol_htmlcleanlastbr(GETPOST('note_private', 'restricthtml')); $object->note = $object->note_private; // deprecated $object->customcode = GETPOST('customcode', 'alphanohtml'); $object->country_id = GETPOST('country_id', 'int'); @@ -389,11 +389,11 @@ if (empty($reshook)) $object->ref = $ref; $object->label = GETPOST('label', 'alphanohtml'); - $object->description = dol_htmlcleanlastbr(GETPOST('desc', 'none')); + $object->description = dol_htmlcleanlastbr(GETPOST('desc', 'restricthtml')); $object->url = GETPOST('url'); if (!empty($conf->global->MAIN_DISABLE_NOTES_TAB)) { - $object->note_private = dol_htmlcleanlastbr(GETPOST('note_private', 'none')); + $object->note_private = dol_htmlcleanlastbr(GETPOST('note_private', 'restricthtml')); $object->note = $object->note_private; } $object->customcode = GETPOST('customcode', 'alpha'); @@ -1029,7 +1029,7 @@ if (is_object($objcanvas) && $objcanvas->displayCanvasExists($action)) // Description (used in invoice, propal...) print ''.$langs->trans("Description").''; - $doleditor = new DolEditor('desc', GETPOST('desc', 'none'), '', 160, 'dolibarr_details', '', false, true, $conf->global->FCKEDITOR_ENABLE_PRODUCTDESC, ROWS_4, '90%'); + $doleditor = new DolEditor('desc', GETPOST('desc', 'restricthtml'), '', 160, 'dolibarr_details', '', false, true, $conf->global->FCKEDITOR_ENABLE_PRODUCTDESC, ROWS_4, '90%'); $doleditor->Create(); print ""; @@ -1178,7 +1178,7 @@ if (is_object($objcanvas) && $objcanvas->displayCanvasExists($action)) print ''.$langs->trans("NoteNotVisibleOnBill").''; // We use dolibarr_details as type of DolEditor here, because we must not accept images as description is included into PDF and not accepted by TCPDF. - $doleditor = new DolEditor('note_private', GETPOST('note_private', 'none'), '', 140, 'dolibarr_details', '', false, true, $conf->global->FCKEDITOR_ENABLE_PRODUCTDESC, ROWS_8, '90%'); + $doleditor = new DolEditor('note_private', GETPOST('note_private', 'restricthtml'), '', 140, 'dolibarr_details', '', false, true, $conf->global->FCKEDITOR_ENABLE_PRODUCTDESC, ROWS_8, '90%'); $doleditor->Create(); print ""; diff --git a/htdocs/product/stock/card.php b/htdocs/product/stock/card.php index 82ec490bb74..21be487993f 100644 --- a/htdocs/product/stock/card.php +++ b/htdocs/product/stock/card.php @@ -197,7 +197,7 @@ if (empty($reshook)) $object->oldcopy = dol_clone($object); // Fill array 'array_options' with data from update form - $ret = $extrafields->setOptionalsFromPost(null, $object, GETPOST('attribute', 'none')); + $ret = $extrafields->setOptionalsFromPost(null, $object, GETPOST('attribute', 'restricthtml')); if ($ret < 0) $error++; if (!$error) { $result = $object->insertExtraFields(); diff --git a/htdocs/product/stock/movement_list.php b/htdocs/product/stock/movement_list.php index fd4c57ca4cc..e47c0664142 100644 --- a/htdocs/product/stock/movement_list.php +++ b/htdocs/product/stock/movement_list.php @@ -193,7 +193,7 @@ if ($action == 'update_extras') { $tmpwarehouse->oldcopy = dol_clone($tmpwarehouse); // Fill array 'array_options' with data from update form - $ret = $extrafields->setOptionalsFromPost(null, $tmpwarehouse, GETPOST('attribute', 'none')); + $ret = $extrafields->setOptionalsFromPost(null, $tmpwarehouse, GETPOST('attribute', 'restricthtml')); if ($ret < 0) $error++; if (!$error) { $result = $tmpwarehouse->insertExtraFields(); diff --git a/htdocs/product/stock/productlot_card.php b/htdocs/product/stock/productlot_card.php index 0f706c3ccae..bdc68f5c3e5 100644 --- a/htdocs/product/stock/productlot_card.php +++ b/htdocs/product/stock/productlot_card.php @@ -122,7 +122,7 @@ if (empty($reshook)) $object->oldcopy = dol_clone($object); // Fill array 'array_options' with data from update form - $ret = $extrafields->setOptionalsFromPost(null, $object, GETPOST('attribute', 'none')); + $ret = $extrafields->setOptionalsFromPost(null, $object, GETPOST('attribute', 'restricthtml')); if ($ret < 0) $error++; if (!$error) diff --git a/htdocs/projet/card.php b/htdocs/projet/card.php index b748b3ce9a9..025974c4939 100644 --- a/htdocs/projet/card.php +++ b/htdocs/projet/card.php @@ -248,7 +248,7 @@ if (empty($reshook)) $old_start_date = $object->date_start; $object->ref = GETPOST('ref', 'alpha'); - $object->title = GETPOST('title', 'none'); // Do not use 'alpha' here, we want field as it is + $object->title = GETPOST('title', 'alphanohtml'); // Do not use 'alpha' here, we want field as it is $object->statut = GETPOST('status', 'int'); $object->socid = GETPOST('socid', 'int'); $object->description = GETPOST('description', 'restricthtml'); // Do not use 'alpha' here, we want field as it is @@ -529,7 +529,7 @@ if ($action == 'create' && $user->rights->projet->creer) print ''; // Label - print ''.$langs->trans("Label").''; + print ''.$langs->trans("Label").''; // Usage (opp, task, bill time, ...) print ''; @@ -653,7 +653,7 @@ if ($action == 'create' && $user->rights->projet->creer) // Description print ''.$langs->trans("Description").''; print ''; - $doleditor = new DolEditor('description', GETPOST("description", 'none'), '', 90, 'dolibarr_notes', '', false, true, $conf->global->FCKEDITOR_ENABLE_SOCIETE, ROWS_3, '90%'); + $doleditor = new DolEditor('description', GETPOST("description", 'restricthtml'), '', 90, 'dolibarr_notes', '', false, true, $conf->global->FCKEDITOR_ENABLE_SOCIETE, ROWS_3, '90%'); $doleditor->Create(); print ''; diff --git a/htdocs/public/members/new.php b/htdocs/public/members/new.php index 313b2202a34..eea293504d2 100644 --- a/htdocs/public/members/new.php +++ b/htdocs/public/members/new.php @@ -580,7 +580,7 @@ print ''; print ''.$langs->trans("Company").''."\n"; // Address print ''.$langs->trans("Address").''."\n"; -print ''."\n"; +print ''."\n"; // Zip / Town print ''.$langs->trans('Zip').' / '.$langs->trans('Town').''; print $formcompany->select_ziptown(GETPOST('zipcode'), 'zipcode', array('town', 'selectcountry_id', 'state_id'), 6, 1); @@ -636,7 +636,7 @@ include DOL_DOCUMENT_ROOT.'/core/tpl/extrafields_add.tpl.php'; // Comments print ''; print ''.$langs->trans("Comments").''; -print ''; +print ''; print ''."\n"; // Add specific fields used by Dolibarr foundation for example diff --git a/htdocs/public/opensurvey/studs.php b/htdocs/public/opensurvey/studs.php index 292f91f873f..358bf2aa1c6 100644 --- a/htdocs/public/opensurvey/studs.php +++ b/htdocs/public/opensurvey/studs.php @@ -66,7 +66,7 @@ if (GETPOST('ajoutcomment', 'alpha')) $error = 0; - $comment = GETPOST("comment", 'none'); + $comment = GETPOST("comment", 'restricthtml'); $comment_user = GETPOST('commentuser', 'nohtml'); if (!$comment) @@ -733,7 +733,7 @@ if ($comments) if ($object->allow_comments) { print '
'.$langs->trans("AddACommentForPoll")."
\n"; - print '
'."\n"; + print '
'."\n"; print $langs->trans("Name").': '; print '   '."\n"; print '
'."\n"; diff --git a/htdocs/public/payment/paymentko.php b/htdocs/public/payment/paymentko.php index 6fdae36803a..b3833bd14b5 100644 --- a/htdocs/public/payment/paymentko.php +++ b/htdocs/public/payment/paymentko.php @@ -251,7 +251,7 @@ $key = 'ONLINE_PAYMENT_MESSAGE_KO'; if (!empty($conf->global->$key)) print $conf->global->$key; $type = GETPOST('s', 'alpha'); -$ref = GETPOST('ref', 'none'); +$ref = GETPOST('ref', 'alphanohtml'); $tag = GETPOST('tag', 'alpha'); require_once DOL_DOCUMENT_ROOT.'/core/lib/payments.lib.php'; if ($type || $tag) diff --git a/htdocs/public/ticket/create_ticket.php b/htdocs/public/ticket/create_ticket.php index eac026230d9..ed26c881fd7 100644 --- a/htdocs/public/ticket/create_ticket.php +++ b/htdocs/public/ticket/create_ticket.php @@ -114,11 +114,11 @@ if ($action == 'create_ticket' && GETPOST('add', 'alpha')) { } } - if (!GETPOST("subject", "none")) { + if (!GETPOST("subject", "restricthtml")) { $error++; array_push($object->errors, $langs->trans("ErrorFieldRequired", $langs->transnoentities("Subject"))); $action = ''; - } elseif (!GETPOST("message", "none")) { + } elseif (!GETPOST("message", "restricthtml")) { $error++; array_push($object->errors, $langs->trans("ErrorFieldRequired", $langs->transnoentities("message"))); $action = ''; @@ -136,8 +136,8 @@ if ($action == 'create_ticket' && GETPOST('add', 'alpha')) { $object->track_id = generate_random_id(16); - $object->subject = GETPOST("subject", "none"); - $object->message = GETPOST("message", "none"); + $object->subject = GETPOST("subject", "restricthtml"); + $object->message = GETPOST("message", "restricthtml"); $object->origin_email = $origin_email; $object->type_code = GETPOST("type_code", 'aZ09'); diff --git a/htdocs/reception/card.php b/htdocs/reception/card.php index 98d35d1e14e..0758e1456ce 100644 --- a/htdocs/reception/card.php +++ b/htdocs/reception/card.php @@ -189,7 +189,7 @@ if (empty($reshook)) $object->oldcopy = dol_clone($object); // Fill array 'array_options' with data from update form - $ret = $extrafields->setOptionalsFromPost(null, $object, GETPOST('attribute', 'none')); + $ret = $extrafields->setOptionalsFromPost(null, $object, GETPOST('attribute', 'restricthtml')); if ($ret < 0) $error++; if (!$error) @@ -246,9 +246,8 @@ if (empty($reshook)) $object->fk_delivery_address = $objectsrc->fk_delivery_address; $object->shipping_method_id = GETPOST('shipping_method_id', 'int'); $object->tracking_number = GETPOST('tracking_number', 'alpha'); - $object->ref_int = GETPOST('ref_int', 'alpha'); - $object->note_private = GETPOST('note_private', 'none'); - $object->note_public = GETPOST('note_public', 'none'); + $object->note_private = GETPOST('note_private', 'restricthtml'); + $object->note_public = GETPOST('note_public', 'restricthtml'); $object->fk_incoterms = GETPOST('incoterm_id', 'int'); $object->location_incoterms = GETPOST('location_incoterms', 'alpha'); diff --git a/htdocs/recruitment/recruitmentjobposition_card.php b/htdocs/recruitment/recruitmentjobposition_card.php index 638bc9e4cef..ee09413905d 100644 --- a/htdocs/recruitment/recruitmentjobposition_card.php +++ b/htdocs/recruitment/recruitmentjobposition_card.php @@ -175,7 +175,7 @@ if (empty($reshook)) { $db->begin(); - $result = $object->cloture($user, GETPOST('status', 'int'), GETPOST('note_private', 'none')); + $result = $object->cloture($user, GETPOST('status', 'int'), GETPOST('note_private', 'restricthtml')); if ($result < 0) { setEventMessages($object->error, $object->errors, 'errors'); diff --git a/htdocs/salaries/card.php b/htdocs/salaries/card.php index 94add08291c..6a696aa4132 100644 --- a/htdocs/salaries/card.php +++ b/htdocs/salaries/card.php @@ -100,7 +100,7 @@ if ($action == 'add' && empty($cancel)) $object->label = GETPOST("label", 'alphanohtml'); $object->datesp = $datesp; $object->dateep = $dateep; - $object->note = GETPOST("note", 'none'); + $object->note = GETPOST("note", 'restricthtml'); $object->type_payment = ($type_payment > 0 ? $type_payment : 0); $object->num_payment = GETPOST("num_payment", 'alphanohtml'); $object->fk_user_author = $user->id; diff --git a/htdocs/salaries/list.php b/htdocs/salaries/list.php index 6c4ee37a979..4c1c58edf6f 100644 --- a/htdocs/salaries/list.php +++ b/htdocs/salaries/list.php @@ -56,7 +56,7 @@ if (!$sortfield) $sortfield = "s.datep,s.rowid"; if (!$sortorder) $sortorder = "DESC,DESC"; $optioncss = GETPOST('optioncss', 'alpha'); -$filtre = GETPOST("filtre", 'none'); +$filtre = GETPOST("filtre", 'restricthtml'); if (!GETPOST('typeid', 'int')) { diff --git a/htdocs/societe/card.php b/htdocs/societe/card.php index 4218dcd7872..f8500d49068 100644 --- a/htdocs/societe/card.php +++ b/htdocs/societe/card.php @@ -343,7 +343,7 @@ if (empty($reshook)) // Fill array 'array_options' with data from update form $extrafields->fetch_name_optionals_label($object->table_element); - $ret = $extrafields->setOptionalsFromPost(null, $object, GETPOST('attribute', 'none')); + $ret = $extrafields->setOptionalsFromPost(null, $object, GETPOST('attribute', 'restricthtml')); if ($ret < 0) $error++; if (!$error) diff --git a/htdocs/societe/list.php b/htdocs/societe/list.php index 6bf8513ecf8..4cb6941dc74 100644 --- a/htdocs/societe/list.php +++ b/htdocs/societe/list.php @@ -64,9 +64,9 @@ $search_all = trim(GETPOST('search_all', 'alphanohtml') ?GETPOST('search_all', ' $search_cti = preg_replace('/^0+/', '', preg_replace('/[^0-9]/', '', GETPOST('search_cti', 'alphanohtml'))); // Phone number without any special chars $search_id = trim(GETPOST("search_id", "int")); -$search_nom = trim(GETPOST("search_nom", 'none')); -$search_alias = trim(GETPOST("search_alias", 'none')); -$search_nom_only = trim(GETPOST("search_nom_only", 'none')); +$search_nom = trim(GETPOST("search_nom", 'restricthtml')); +$search_alias = trim(GETPOST("search_alias", 'restricthtml')); +$search_nom_only = trim(GETPOST("search_nom_only", 'restricthtml')); $search_barcode = trim(GETPOST("search_barcode", 'alpha')); $search_customer_code = trim(GETPOST('search_customer_code', 'alpha')); $search_supplier_code = trim(GETPOST('search_supplier_code', 'alpha')); diff --git a/htdocs/supplier_proposal/card.php b/htdocs/supplier_proposal/card.php index 5081e6224c4..1e884629791 100644 --- a/htdocs/supplier_proposal/card.php +++ b/htdocs/supplier_proposal/card.php @@ -268,7 +268,8 @@ if (empty($reshook)) $object->fk_project = GETPOST('projectid', 'int'); $object->model_pdf = GETPOST('model'); $object->author = $user->id; // deprecated - $object->note = GETPOST('note', 'none'); + $object->note = GETPOST('note', 'restricthtml'); + $object->note_private = GETPOST('note', 'restricthtml'); $object->statut = SupplierProposal::STATUS_DRAFT; $id = $object->create_from($user); @@ -286,7 +287,8 @@ if (empty($reshook)) $object->fk_project = GETPOST('projectid', 'int'); $object->model_pdf = GETPOST('model'); $object->author = $user->id; // deprecated - $object->note = GETPOST('note', 'none'); + $object->note = GETPOST('note', 'restricthtml'); + $object->note_private = GETPOST('note', 'restricthtml'); $object->origin = GETPOST('origin'); $object->origin_id = GETPOST('originid'); @@ -482,7 +484,7 @@ if (empty($reshook)) } else { // prevent browser refresh from closing proposal several times if ($object->statut == SupplierProposal::STATUS_VALIDATED) { - $object->cloture($user, GETPOST('statut'), GETPOST('note', 'none')); + $object->cloture($user, GETPOST('statut'), GETPOST('note', 'restricthtml')); } } } @@ -841,7 +843,7 @@ if (empty($reshook)) $info_bits |= 0x01; // Clean parameters - $description = dol_htmlcleanlastbr(GETPOST('product_desc', 'none')); + $description = dol_htmlcleanlastbr(GETPOST('product_desc', 'restricthtml')); // Define vat_rate $vat_rate = str_replace('*', '', $vat_rate); @@ -1039,7 +1041,7 @@ if (empty($reshook)) $object->oldcopy = dol_clone($object); // Fill array 'array_options' with data from update form - $ret = $extrafields->setOptionalsFromPost(null, $object, GETPOST('attribute', 'none')); + $ret = $extrafields->setOptionalsFromPost(null, $object, GETPOST('attribute', 'restricthtml')); if ($ret < 0) $error++; if (!$error) diff --git a/htdocs/ticket/card.php b/htdocs/ticket/card.php index 9d91b2ab2d3..20d10ef72cc 100644 --- a/htdocs/ticket/card.php +++ b/htdocs/ticket/card.php @@ -564,7 +564,7 @@ if (empty($reshook)) { if ($action == "update_extras" && !empty($permissiontoadd)) { $object->fetch(GETPOST('id', 'int'), '', GETPOST('track_id', 'alpha')); - $ret = $extrafields->setOptionalsFromPost(null, $object, GETPOST('attribute', 'none')); + $ret = $extrafields->setOptionalsFromPost(null, $object, GETPOST('attribute', 'restricthtml')); if ($ret < 0) $error++; if (!$error) { diff --git a/htdocs/ticket/class/ticket.class.php b/htdocs/ticket/class/ticket.class.php index 6096e1d2d59..d0f2581fa73 100644 --- a/htdocs/ticket/class/ticket.class.php +++ b/htdocs/ticket/class/ticket.class.php @@ -2473,7 +2473,7 @@ class Ticket extends CommonObject if (!$error) { $object->subject = GETPOST('subject', 'alphanohtml'); - $object->message = GETPOST("message", "none"); + $object->message = GETPOST("message", "restricthtml"); $object->private = GETPOST("private_message", "alpha"); $send_email = GETPOST('send_email', 'int'); diff --git a/htdocs/user/card.php b/htdocs/user/card.php index 209d70d5213..6ca1e7c9bdc 100644 --- a/htdocs/user/card.php +++ b/htdocs/user/card.php @@ -227,9 +227,10 @@ if (empty($reshook)) { $object->email = preg_replace('/\s+/', '', GETPOST("email", 'alphanohtml')); $object->job = GETPOST("job", 'nohtml'); - $object->signature = GETPOST("signature", 'none'); + $object->signature = GETPOST("signature", 'restricthtml'); $object->accountancy_code = GETPOST("accountancy_code", 'alphanohtml'); - $object->note = GETPOST("note", 'none'); + $object->note = GETPOST("note", 'restricthtml'); + $object->note_private = GETPOST("note", 'restricthtml'); $object->ldap_sid = GETPOST("ldap_sid", 'alphanohtml'); $object->fk_user = GETPOST("fk_user", 'int') > 0 ? GETPOST("fk_user", 'int') : 0; $object->fk_user_expense_validator = GETPOST("fk_user_expense_validator", 'int') > 0 ? GETPOST("fk_user_expense_validator", 'int') : 0; @@ -388,7 +389,7 @@ if (empty($reshook)) { } $object->email = preg_replace('/\s+/', '', GETPOST("email", 'alphanohtml')); $object->job = GETPOST("job", 'nohtml'); - $object->signature = GETPOST("signature", 'none'); + $object->signature = GETPOST("signature", 'restricthtml'); $object->accountancy_code = GETPOST("accountancy_code", 'alphanohtml'); $object->openid = GETPOST("openid", 'alphanohtml'); $object->fk_user = GETPOST("fk_user", 'int') > 0 ? GETPOST("fk_user", 'int') : 0; diff --git a/htdocs/user/group/card.php b/htdocs/user/group/card.php index de604f127bb..febdf3373fe 100644 --- a/htdocs/user/group/card.php +++ b/htdocs/user/group/card.php @@ -130,7 +130,7 @@ if (empty($reshook)) { $action = "create"; // Go back to create page } else { $object->name = GETPOST("nom", 'nohtml'); - $object->note = dol_htmlcleanlastbr(trim(GETPOST("note", 'none'))); + $object->note = dol_htmlcleanlastbr(trim(GETPOST("note", 'restricthtml'))); // Fill array 'array_options' with data from add form $ret = $extrafields->setOptionalsFromPost(null, $object); @@ -204,7 +204,7 @@ if (empty($reshook)) { $object->oldcopy = clone $object; $object->name = GETPOST("nom", 'nohtml'); - $object->note = dol_htmlcleanlastbr(trim(GETPOST("note", 'none'))); + $object->note = dol_htmlcleanlastbr(trim(GETPOST("note", 'restricthtml'))); // Fill array 'array_options' with data from add form $ret = $extrafields->setOptionalsFromPost(null, $object); diff --git a/htdocs/user/note.php b/htdocs/user/note.php index beece592a3b..955c1f14599 100644 --- a/htdocs/user/note.php +++ b/htdocs/user/note.php @@ -64,7 +64,7 @@ if (empty($reshook)) { if ($action == 'update' && $user->rights->user->user->creer && !$_POST["cancel"]) { $db->begin(); - $res = $object->update_note(dol_html_entity_decode(GETPOST('note_private', 'none'), ENT_QUOTES)); + $res = $object->update_note(dol_html_entity_decode(GETPOST('note_private', 'restricthtml'), ENT_QUOTES)); if ($res < 0) { $mesg = '
'.$adh->error.'
'; $db->rollback(); diff --git a/htdocs/website/index.php b/htdocs/website/index.php index e0afd583ea2..c0b5ba207f1 100644 --- a/htdocs/website/index.php +++ b/htdocs/website/index.php @@ -278,7 +278,7 @@ if (empty($sortfield)) { } } -$searchkey = GETPOST('searchstring', 'none'); +$searchkey = GETPOST('searchstring', 'restricthtml'); if ($action == 'replacesiteconfirm') { $containertype = GETPOST('optioncontainertype', 'aZ09') != '-1' ? GETPOST('optioncontainertype', 'aZ09') : ''; @@ -395,7 +395,7 @@ if ($massaction == 'setcategory' && GETPOST('confirmmassaction', 'alpha') && $us $db->begin(); - $categoryid = GETPOST('setcategory', 'none'); + $categoryid = GETPOST('setcategory', 'restricthtml'); if ($categoryid > 0) { $tmpwebsitepage = new WebsitePage($db); $category = new Categorie($db); @@ -1420,7 +1420,7 @@ if ($action == 'updatecss') $robotcontent.= "header('Content-type: text/css');\n"; $robotcontent.= "// END PHP ?>\n";*/ - $robotcontent .= trim(GETPOST('WEBSITE_ROBOT', 'none'))."\n"; + $robotcontent .= trim(GETPOST('WEBSITE_ROBOT', 'restricthtml'))."\n"; /*$robotcontent.= "\n".'\n";*/ - $readmecontent .= trim(GETPOST('WEBSITE_README', 'none'))."\n"; + $readmecontent .= trim(GETPOST('WEBSITE_README', 'restricthtml'))."\n"; /*$readmecontent.= '\n*/ims', '', $manifestjsoncontent); } else { - $manifestjsoncontent = GETPOST('WEBSITE_MANIFEST_JSON', 'none'); + $manifestjsoncontent = GETPOST('WEBSITE_MANIFEST_JSON', 'restricthtml'); } if (!trim($manifestjsoncontent)) { diff --git a/htdocs/website/samples/wrapper.php b/htdocs/website/samples/wrapper.php index a04ff14882c..24b804058ea 100644 --- a/htdocs/website/samples/wrapper.php +++ b/htdocs/website/samples/wrapper.php @@ -61,7 +61,7 @@ if (!empty($hashp)) // Define attachment (attachment=true to force choice popup 'open'/'save as') $attachment = true; if (preg_match('/\.(html|htm)$/i', $original_file)) $attachment = false; -if (isset($_GET["attachment"])) $attachment = GETPOST("attachment", 'none') ?true:false; +if (isset($_GET["attachment"])) $attachment = (GETPOST("attachment", 'alphanohtml') ? true : false); if (!empty($conf->global->MAIN_DISABLE_FORCE_SAVEAS_WEBSITE)) $attachment = false; // Define mime type @@ -73,7 +73,7 @@ else $type = dol_mimetype($original_file); $original_file = str_replace("../", "/", $original_file); // Cache or not -if (GETPOST("cache", 'none') || image_format_supported($original_file) >= 0) +if (GETPOST("cache", 'aZ09') || image_format_supported($original_file) >= 0) { // Important: Following code is to avoid page request by browser and PHP CPU at // each Dolibarr page access.