diff --git a/htdocs/accountancy/admin/accountmodel.php b/htdocs/accountancy/admin/accountmodel.php
index 2bd2a84841e..6d621a7e101 100644
--- a/htdocs/accountancy/admin/accountmodel.php
+++ b/htdocs/accountancy/admin/accountmodel.php
@@ -187,7 +187,7 @@ if (GETPOST('actionadd', 'alpha') || GETPOST('actionmodify', 'alpha'))
$msg .= $langs->transnoentities('ErrorFieldFormat', $langs->transnoentities('Code')).''.$langs->trans("Pcgtype").' ';
print '';
- print ' '.$langs->trans("Pcgtype").' ';
print '';
- print ' '.$langs->trans("Password").' '.$langs->trans("Password").' '.($conf->global->ADHERENT_MAIL_REQUIRED ? '' : '').$langs->trans("EMail").($conf->global->ADHERENT_MAIL_REQUIRED ? ' ' : '').' ';
- print ''.img_picto('', 'object_email').' '.img_picto('', 'object_email').' ';
// Address
print ''.$langs->trans("Address").' ';
@@ -1151,14 +1149,14 @@ if (is_object($objcanvas) && $objcanvas->displayCanvasExists($action)) {
// Country
//$object->country_id=$object->country_id?$object->country_id:$mysoc->country_id; // In edit mode we don't force to company country if not defined
print ' '.$langs->trans('Country').' ';
- print $form->select_country(isset($_POST["country_id"]) ? $_POST["country_id"] : $object->country_id, 'country_id');
+ print $form->select_country(GETPOSTISSET("country_id") ? GETPOST("country_id", "alpha") : $object->country_id, 'country_id');
if ($user->admin) print info_admin($langs->trans("YouCanChangeValuesForThisListFromDictionarySetup"), 1);
print ' '.$langs->trans('State').' ';
- print $formcompany->select_state($object->state_id, isset($_POST["country_id"]) ?GETPOST("country_id") : $object->country_id);
+ print $formcompany->select_state($object->state_id, GETPOSTISSET("country_id") ? GETPOST("country_id", "alpha") : $object->country_id);
print ' ';
print ''.$langs->trans("ConnectionTimeout").' ';
print ' ';
print '';
-print ' ';
print ' ';
diff --git a/htdocs/admin/syslog.php b/htdocs/admin/syslog.php
index 6d84b4a0e2d..45500843aed 100644
--- a/htdocs/admin/syslog.php
+++ b/htdocs/admin/syslog.php
@@ -85,7 +85,7 @@ if ($action == 'set')
$db->begin();
$newActiveModules = array();
- $selectedModules = (isset($_POST['SYSLOG_HANDLERS']) ? $_POST['SYSLOG_HANDLERS'] : array());
+ $selectedModules = (GETPOSTISSET('SYSLOG_HANDLERS') ? GETPOST('SYSLOG_HANDLERS') : array());
// Save options of handler
foreach ($syslogModules as $syslogHandler)
@@ -97,11 +97,10 @@ if ($action == 'set')
if (in_array($syslogHandler, $selectedModules)) $newActiveModules[] = $syslogHandler;
foreach ($module->configure() as $option)
{
- if (isset($_POST[$option['constant']]))
+ if (GETPOSTISSET($option['constant']))
{
- $_POST[$option['constant']] = trim($_POST[$option['constant']]);
dolibarr_del_const($db, $option['constant'], -1);
- dolibarr_set_const($db, $option['constant'], $_POST[$option['constant']], 'chaine', 0, '', 0);
+ dolibarr_set_const($db, $option['constant'], trim(GETPOST($option['constant'])), 'chaine', 0, '', 0);
}
}
}
@@ -229,7 +228,7 @@ foreach ($syslogModules as $moduleName)
$tmpoption = $option['constant'];
if (!empty($tmpoption))
{
- if (isset($_POST[$tmpoption])) $value = $_POST[$tmpoption];
+ if (GETPOSTISSET($tmpoption)) $value = GETPOST($tmpoption);
elseif (!empty($conf->global->$tmpoption)) $value = $conf->global->$tmpoption;
} else $value = (isset($option['default']) ? $option['default'] : '');
@@ -240,7 +239,7 @@ foreach ($syslogModules as $moduleName)
{
$filelogparam = ' (';
$filelogparam .= $langs->trans('Download');
- $filelogparam .= $filelog.' )';
+ $filelogparam .= ' '.basename($value).')';
print $filelogparam;
}
}
diff --git a/htdocs/admin/system/phpinfo.php b/htdocs/admin/system/phpinfo.php
index a509cea32d3..03f5c60f607 100644
--- a/htdocs/admin/system/phpinfo.php
+++ b/htdocs/admin/system/phpinfo.php
@@ -93,7 +93,7 @@ if (versioncompare(versionphparray(), $arrayphpminversionerror) < 0)
print '';
print 'GET and POST support ';
-if (!isset($_GET["testget"]) && !isset($_POST["testpost"]) && !isset($_GET["mainmenu"]))
+if (!isset($_GET["testget"]) && !isset($_POST["testpost"]) && !isset($_GET["mainmenu"])) // We must keep $_GET and $_POST here
{
print ''.$langs->trans("Recheck").' )';
diff --git a/htdocs/comm/action/card.php b/htdocs/comm/action/card.php
index 6dfdf41e679..1a61a4a0c82 100644
--- a/htdocs/comm/action/card.php
+++ b/htdocs/comm/action/card.php
@@ -280,7 +280,7 @@ if (empty($reshook) && $action == 'add')
}
}
}
- $object->fk_project = isset($_POST["projectid"]) ? $_POST["projectid"] : 0;
+ $object->fk_project = GETPOSTISSET("projectid") ? GETPOST("projectid", 'int') : 0;
$taskid = GETPOST('taskid', 'int');
if (!empty($taskid)) {
@@ -324,7 +324,7 @@ if (empty($reshook) && $action == 'add')
$object->note_private = trim(GETPOST("note", "restricthtml"));
- if (isset($_POST["contactid"])) $object->contact = $contact;
+ if (GETPOSTISSET("contactid")) $object->contact = $contact;
if (GETPOST('socid', 'int') > 0)
{
@@ -1051,8 +1051,8 @@ if ($action == 'create')
print ' '.$langs->trans("Status").' / '.$langs->trans("Percentage").' ';
print '';
$percent = -1;
- if (isset($_GET['status']) || isset($_POST['status'])) $percent = GETPOST('status');
- elseif (isset($_GET['percentage']) || isset($_POST['percentage'])) $percent = GETPOST('percentage');
+ if (GETPOSTISSET('status')) $percent = GETPOST('status');
+ elseif (GETPOSTISSET('percentage')) $percent = GETPOST('percentage');
else {
if (GETPOST('complete') == '0' || GETPOST("afaire") == 1) $percent = '0';
elseif (GETPOST('complete') == 100 || GETPOST("afaire") == 2) $percent = 100;
diff --git a/htdocs/comm/action/index.php b/htdocs/comm/action/index.php
index 313aaa0e2e4..f540a8d6e4e 100644
--- a/htdocs/comm/action/index.php
+++ b/htdocs/comm/action/index.php
@@ -336,7 +336,7 @@ if ($status == 'todo') $title = $langs->trans("ToDoActions");
*/
$param = '';
-if ($actioncode || isset($_GET['search_actioncode']) || isset($_POST['search_actioncode'])) {
+if ($actioncode || GETPOSTISSET('search_actioncode')) {
if (is_array($actioncode)) {
foreach ($actioncode as $str_action) $param .= "&search_actioncode[]=".urlencode($str_action);
} else $param .= "&search_actioncode=".urlencode($actioncode);
diff --git a/htdocs/comm/action/pertype.php b/htdocs/comm/action/pertype.php
index 4f292047700..c5f81e358cc 100644
--- a/htdocs/comm/action/pertype.php
+++ b/htdocs/comm/action/pertype.php
@@ -122,8 +122,8 @@ $tmparray = explode('-', $tmp);
$begin_d = 1;
$end_d = 53;
-if ($status == '' && !isset($_GET['status']) && !isset($_POST['status'])) $status = (empty($conf->global->AGENDA_DEFAULT_FILTER_STATUS) ? '' : $conf->global->AGENDA_DEFAULT_FILTER_STATUS);
-if (empty($action) && !isset($_GET['action']) && !isset($_POST['action'])) $action = (empty($conf->global->AGENDA_DEFAULT_VIEW) ? 'show_month' : $conf->global->AGENDA_DEFAULT_VIEW);
+if ($status == '' && !GETPOSTISSET('status')) $status = (empty($conf->global->AGENDA_DEFAULT_FILTER_STATUS) ? '' : $conf->global->AGENDA_DEFAULT_FILTER_STATUS);
+if (empty($action) && !GETPOSTISSET('action')) $action = (empty($conf->global->AGENDA_DEFAULT_VIEW) ? 'show_month' : $conf->global->AGENDA_DEFAULT_VIEW);
if (GETPOST('viewcal', 'alpha') && $action != 'show_day' && $action != 'show_week' && $action != 'show_peruser') {
$action = 'show_month'; $day = '';
@@ -227,13 +227,13 @@ if ($status == 'done') $title = $langs->trans("DoneActions");
if ($status == 'todo') $title = $langs->trans("ToDoActions");
$param = '';
-if ($actioncode || isset($_GET['search_actioncode']) || isset($_POST['search_actioncode'])) {
+if ($actioncode || GETPOSTISSET('search_actioncode')) {
if (is_array($actioncode)) {
foreach ($actioncode as $str_action) $param .= "&search_actioncode[]=".urlencode($str_action);
} else $param .= "&search_actioncode=".urlencode($actioncode);
}
if ($resourceid > 0) $param .= "&search_resourceid=".urlencode($resourceid);
-if ($status || isset($_GET['status']) || isset($_POST['status'])) $param .= "&search_status=".urlencode($status);
+if ($status || GETPOSTISSET('status')) $param .= "&search_status=".urlencode($status);
if ($filter) $param .= "&search_filter=".urlencode($filter);
if ($filtert) $param .= "&search_filtert=".urlencode($filtert);
if ($usergroup) $param .= "&search_usergroup=".urlencode($usergroup);
diff --git a/htdocs/comm/action/peruser.php b/htdocs/comm/action/peruser.php
index 8983dbff7f6..6161b6c820b 100644
--- a/htdocs/comm/action/peruser.php
+++ b/htdocs/comm/action/peruser.php
@@ -125,8 +125,8 @@ if ($begin_d < 1 || $begin_d > 7) $begin_d = 1;
if ($end_d < 1 || $end_d > 7) $end_d = 7;
if ($end_d < $begin_d) $end_d = $begin_d + 1;
-if ($status == '' && !isset($_GET['status']) && !isset($_POST['status'])) $status = (empty($conf->global->AGENDA_DEFAULT_FILTER_STATUS) ? '' : $conf->global->AGENDA_DEFAULT_FILTER_STATUS);
-if (empty($action) && !isset($_GET['action']) && !isset($_POST['action'])) $action = (empty($conf->global->AGENDA_DEFAULT_VIEW) ? 'show_month' : $conf->global->AGENDA_DEFAULT_VIEW);
+if ($status == '' && !GETPOSTISSET('status')) $status = (empty($conf->global->AGENDA_DEFAULT_FILTER_STATUS) ? '' : $conf->global->AGENDA_DEFAULT_FILTER_STATUS);
+if (empty($action) && !GETPOSTISSET('action')) $action = (empty($conf->global->AGENDA_DEFAULT_VIEW) ? 'show_month' : $conf->global->AGENDA_DEFAULT_VIEW);
if (GETPOST('viewcal', 'alpha') && $action != 'show_day' && $action != 'show_week' && $action != 'show_peruser') {
$action = 'show_month'; $day = '';
@@ -227,13 +227,13 @@ if ($status == 'done') $title = $langs->trans("DoneActions");
if ($status == 'todo') $title = $langs->trans("ToDoActions");
$param = '';
-if ($actioncode || isset($_GET['search_actioncode']) || isset($_POST['search_actioncode'])) {
+if ($actioncode || GETPOSTISSET('search_actioncode')) {
if (is_array($actioncode)) {
foreach ($actioncode as $str_action) $param .= "&search_actioncode[]=".urlencode($str_action);
} else $param .= "&search_actioncode=".urlencode($actioncode);
}
if ($resourceid > 0) $param .= "&search_resourceid=".urlencode($resourceid);
-if ($status || isset($_GET['status']) || isset($_POST['status'])) $param .= "&search_status=".urlencode($status);
+if ($status || GETPOSTISSET('status')) $param .= "&search_status=".urlencode($status);
if ($filter) $param .= "&search_filter=".urlencode($filter);
if ($filtert) $param .= "&search_filtert=".urlencode($filtert);
if ($usergroup) $param .= "&search_usergroup=".urlencode($usergroup);
diff --git a/htdocs/compta/bank/bankentries_list.php b/htdocs/compta/bank/bankentries_list.php
index 02c89772e94..902a96ec16c 100644
--- a/htdocs/compta/bank/bankentries_list.php
+++ b/htdocs/compta/bank/bankentries_list.php
@@ -225,17 +225,16 @@ if ((GETPOST('confirm_savestatement', 'alpha') || GETPOST('confirm_reconcile', '
if ($num_releve)
{
$bankline = new AccountLine($db);
- if (isset($_POST['rowid']) && is_array($_POST['rowid']))
- {
- foreach ($_POST['rowid'] as $row)
- {
- if ($row > 0)
- {
+
+ $rowids = GETPOST('rowid', 'array');
+
+ if (!empty($rowids) && is_array($rowids)) {
+ foreach ($rowids as $row) {
+ if ($row > 0) {
$result = $bankline->fetch($row);
$bankline->num_releve = $num_releve; //$_POST["num_releve"];
$result = $bankline->update_conciliation($user, GETPOST("cat"), GETPOST('confirm_reconcile', 'alpha') ? 1 : 0); // If we confirm_reconcile, we set flag 'rappro' to 1.
- if ($result < 0)
- {
+ if ($result < 0) {
setEventMessages($bankline->error, $bankline->errors, 'errors');
$error++;
break;
diff --git a/htdocs/compta/bank/card.php b/htdocs/compta/bank/card.php
index a7841a72b22..813e0baa1b7 100644
--- a/htdocs/compta/bank/card.php
+++ b/htdocs/compta/bank/card.php
@@ -346,7 +346,7 @@ if ($action == 'create')
// Type
print ' '.$langs->trans("AccountType").' ';
print '';
- $formbank->selectTypeOfBankAccount(isset($_POST["type"]) ? $_POST["type"] : Account::TYPE_CURRENT, "type");
+ $formbank->selectTypeOfBankAccount(GETPOSTISSET("type") ? GETPOST("type") : Account::TYPE_CURRENT, "type");
print ' ';
$selectedcode = $object->currency_code;
if (!$selectedcode) $selectedcode = $conf->currency;
- print $form->selectCurrency((isset($_POST["account_currency_code"]) ? $_POST["account_currency_code"] : $selectedcode), 'account_currency_code');
+ print $form->selectCurrency((GETPOSTISSET("account_currency_code") ? GETPOST("account_currency_code") : $selectedcode), 'account_currency_code');
//print $langs->trans("Currency".$conf->currency);
//print ' ';
@@ -367,9 +367,8 @@ if ($action == 'create')
// Country
$selectedcode = '';
- if (isset($_POST["account_country_id"]))
- {
- $selectedcode = $_POST["account_country_id"] ? $_POST["account_country_id"] : $object->country_code;
+ if (GETPOSTISSET("account_country_id")) {
+ $selectedcode = GETPOST("account_country_id") ? GETPOST("account_country_id") : $object->country_code;
} elseif (empty($selectedcode)) $selectedcode = $mysoc->country_code;
$object->country_code = getCountry($selectedcode, 2); // Force country code on account to have following field on bank fields matching country rules
@@ -383,7 +382,7 @@ if ($action == 'create')
print ''.$langs->trans('State').' ';
if ($selectedcode)
{
- $formcompany->select_departement(isset($_POST["account_state_id"]) ? $_POST["account_state_id"] : '', $selectedcode, 'account_state_id');
+ $formcompany->select_departement(GETPOSTISSET("account_state_id") ? GETPOST("account_state_id") : '', $selectedcode, 'account_state_id');
} else {
print $countrynotdefined;
}
@@ -818,16 +817,16 @@ if ($action == 'create')
// Ref
print ' '.$langs->trans("Ref").' ';
- print ''.$langs->trans("Label").' ';
- print ''.$langs->trans("AccountType").' ';
print '';
- $formbank->selectTypeOfBankAccount((isset($_POST["type"]) ? $_POST["type"] : $object->type), "type");
+ $formbank->selectTypeOfBankAccount((GETPOSTISSET("type") ? GETPOST("type") : $object->type), "type");
print ' ';
$selectedcode = $object->currency_code;
if (!$selectedcode) $selectedcode = $conf->currency;
- print $form->selectCurrency((isset($_POST["account_currency_code"]) ? $_POST["account_currency_code"] : $selectedcode), 'account_currency_code');
+ print $form->selectCurrency((GETPOSTISSET("account_currency_code") ? GETPOST("account_currency_code") : $selectedcode), 'account_currency_code');
//print $langs->trans("Currency".$conf->currency);
//print ' ';
@@ -845,13 +844,13 @@ if ($action == 'create')
// Status
print ''.$langs->trans("Status").' ';
print '';
- print $form->selectarray("clos", $object->status, (isset($_POST["clos"]) ? $_POST["clos"] : $object->clos));
+ print $form->selectarray("clos", $object->status, (GETPOSTISSET("clos") ? GETPOST("clos") : $object->clos));
print ' '.$langs->trans('State').' ';
if ($selectedcode)
{
- print $formcompany->select_state(isset($_POST["account_state_id"]) ? $_POST["account_state_id"] : $object->state_id, $selectedcode, 'account_state_id');
+ print $formcompany->select_state(GETPOSTISSET("account_state_id") ? GETPOST("account_state_id") : $object->state_id, $selectedcode, 'account_state_id');
} else {
print $countrynotdefined;
}
@@ -882,14 +881,14 @@ if ($action == 'create')
// Balance
print ' '.$langs->trans("BalanceMinimalAllowed").' ';
- print ''.$langs->trans("BalanceMinimalDesired").' ';
- print ''.$langs->trans("Web").' ';
- print '';
- print ' ';
} else {
print ''.yn($objp->rappro).' ';
diff --git a/htdocs/compta/facture/card.php b/htdocs/compta/facture/card.php
index de5b64c28fe..01b5d4ea3a0 100644
--- a/htdocs/compta/facture/card.php
+++ b/htdocs/compta/facture/card.php
@@ -3415,7 +3415,7 @@ if ($action == 'create')
// Payment mode
print ''.$langs->trans('PaymentMode').' ';
- $form->select_types_paiements(isset($_POST['mode_reglement_id']) ? $_POST['mode_reglement_id'] : $mode_reglement_id, 'mode_reglement_id', 'CRDT');
+ $form->select_types_paiements(GETPOSTISSET('mode_reglement_id') ? GETPOST('mode_reglement_id') : $mode_reglement_id, 'mode_reglement_id', 'CRDT');
print ' '.$langs->trans("RemainderToPay").' '.price($total-$sumpaid,0,$outputlangs,1,-1,-1,$conf->currency).' '.$langs->trans("Date").' ';
- $datepaye = dol_mktime(12, 0, 0, $_POST["remonth"], $_POST["reday"], $_POST["reyear"]);
- $datepayment = empty($conf->global->MAIN_AUTOFILL_DATE) ? (empty($_POST["remonth"]) ?-1 : $datepaye) : 0;
+ $datepaye = dol_mktime(12, 0, 0, GETPOST("remonth", 'int'), GETPOST("reday", 'int'), GETPOST("reyear", 'int'));
+ $datepayment = empty($conf->global->MAIN_AUTOFILL_DATE) ? (GETPOSTISSET("remonth") ? $datepaye : -1) : 0;
print $form->selectDate($datepayment, '', '', '', 0, "add_payment", 1, 1, 0, '', '', $charge->date_ech, '', 1, $langs->trans("DateOfSocialContribution"));
print " ";
print ''.$langs->trans("PaymentMode").' ';
- $form->select_types_paiements(isset($_POST["paiementtype"]) ? $_POST["paiementtype"] : $charge->paiementtype, "paiementtype");
+ $form->select_types_paiements(GETPOSTISSET("paiementtype") ? GETPOST("paiementtype") : $charge->paiementtype, "paiementtype");
print " \n";
print '';
print ''.$langs->trans('AccountToDebit').' ';
print '';
- $form->select_comptes(isset($_POST["accountid"]) ? $_POST["accountid"] : $charge->accountid, "accountid", 0, '', 2); // Show opend bank account list
+ $form->select_comptes(GETPOSTISSET("accountid") ? GETPOST("accountid") : $charge->accountid, "accountid", 0, '', 2); // Show opend bank account list
print ' ';
// Number
diff --git a/htdocs/contact/card.php b/htdocs/contact/card.php
index bd97f88ff65..752bdc4d642 100644
--- a/htdocs/contact/card.php
+++ b/htdocs/contact/card.php
@@ -893,7 +893,7 @@ if (is_object($objcanvas) && $objcanvas->displayCanvasExists($action))
*/
// We set country_id, and country_code label of the chosen country
- if (isset($_POST["country_id"]) || $object->country_id)
+ if (GETPOSTISSET("country_id") || $object->country_id)
{
$tmparray = getCountry($object->country_id, 'all');
$object->country_code = $tmparray['code'];
diff --git a/htdocs/core/class/html.formmail.class.php b/htdocs/core/class/html.formmail.class.php
index 999a5866c22..a4f936cfca0 100644
--- a/htdocs/core/class/html.formmail.class.php
+++ b/htdocs/core/class/html.formmail.class.php
@@ -1133,7 +1133,7 @@ class FormMail extends Form
if (!empty($conf->global->MAIL_FORCE_DELIVERY_RECEIPT_SUPPLIER_PROPOSAL) && !empty($this->param['models']) && $this->param['models'] == 'supplier_proposal_send') $defaultvaluefordeliveryreceipt = 1;
if (!empty($conf->global->MAIL_FORCE_DELIVERY_RECEIPT_ORDER) && !empty($this->param['models']) && $this->param['models'] == 'order_send') $defaultvaluefordeliveryreceipt = 1;
if (!empty($conf->global->MAIL_FORCE_DELIVERY_RECEIPT_INVOICE) && !empty($this->param['models']) && $this->param['models'] == 'facture_send') $defaultvaluefordeliveryreceipt = 1;
- $out .= $form->selectyesno('deliveryreceipt', (isset($_POST["deliveryreceipt"]) ? $_POST["deliveryreceipt"] : $defaultvaluefordeliveryreceipt), 1);
+ $out .= $form->selectyesno('deliveryreceipt', (GETPOSTISSET("deliveryreceipt") ? GETPOST("deliveryreceipt") : $defaultvaluefordeliveryreceipt), 1);
}
$out .= "\n";
return $out;
@@ -1170,7 +1170,7 @@ class FormMail extends Form
$out .= $defaulttopic;
$out .= '";
diff --git a/htdocs/core/class/html.formticket.class.php b/htdocs/core/class/html.formticket.class.php
index aa90ee7fa1c..60debed9f2d 100644
--- a/htdocs/core/class/html.formticket.class.php
+++ b/htdocs/core/class/html.formticket.class.php
@@ -999,8 +999,8 @@ class FormTicket
} elseif (!dol_textishtml($defaultmessage) && dol_textishtml($this->substit['__USER_SIGNATURE__'])) {
$defaultmessage = dol_nl2br($defaultmessage);
}
- if (isset($_POST["message"]) && !$_POST['modelselected']) {
- $defaultmessage = GETPOST('message');
+ if (GETPOSTISSET("message") && !$_POST['modelselected']) {
+ $defaultmessage = GETPOST('message', 'restricthtml');
} else {
$defaultmessage = make_substitutions($defaultmessage, $this->substit);
// Clean first \n and br (to avoid empty line when CONTACTCIVNAME is empty)
diff --git a/htdocs/core/lib/functions.lib.php b/htdocs/core/lib/functions.lib.php
index 3be5453c406..61360d66f51 100644
--- a/htdocs/core/lib/functions.lib.php
+++ b/htdocs/core/lib/functions.lib.php
@@ -224,14 +224,14 @@ function dol_shutdown()
}
/**
- * Return true if we are in a context of submitting a parameter
+ * Return true if we are in a context of submitting the parameter $paramname
*
* @param string $paramname Name or parameter to test
* @return boolean True if we have just submit a POST or GET request with the parameter provided (even if param is empty)
*/
function GETPOSTISSET($paramname)
{
- $isset = 0;
+ $isset = false;
$relativepathstring = $_SERVER["PHP_SELF"];
// Clean $relativepathstring
@@ -254,7 +254,7 @@ function GETPOSTISSET($paramname)
{
if ($key == $paramname) // We are on the requested parameter
{
- $isset = 1;
+ $isset = true;
break;
}
}
@@ -263,16 +263,16 @@ function GETPOSTISSET($paramname)
// If there is saved contextpage, page or limit
if ($paramname == 'contextpage' && !empty($_SESSION['lastsearch_contextpage_'.$relativepathstring]))
{
- $isset = 1;
+ $isset = true;
} elseif ($paramname == 'page' && !empty($_SESSION['lastsearch_page_'.$relativepathstring]))
{
- $isset = 1;
+ $isset = true;
} elseif ($paramname == 'limit' && !empty($_SESSION['lastsearch_limit_'.$relativepathstring]))
{
- $isset = 1;
+ $isset = true;
}
} else {
- $isset = (isset($_POST[$paramname]) || isset($_GET[$paramname]));
+ $isset = (isset($_POST[$paramname]) || isset($_GET[$paramname])); // We must keep $_POST and $_GET here
}
return $isset;
@@ -287,13 +287,13 @@ function GETPOSTISSET($paramname)
* @param string $check Type of check
* ''=no check (deprecated)
* 'none'=no check (only for param that should have very rich content)
+ * 'array', 'array:restricthtml' or 'array:aZ09' to check it's an array
* 'int'=check it's numeric (integer or float)
* 'intcomma'=check it's integer+comma ('1,2,3,4...')
* 'alpha'=Same than alphanohtml since v13
* 'alphanohtml'=check there is no html content and no " and no ../
* 'aZ'=check it's a-z only
* 'aZ09'=check it's simple alpha string (recommended for keys)
- * 'array'=check it's array
* 'san_alpha'=Use filter_var with FILTER_SANITIZE_STRING (do not use this for free text string)
* 'nohtml'=check there is no html content and no " and no ../
* 'restricthtml'=check html content is restricted to some tags only
@@ -411,7 +411,6 @@ function GETPOST($paramname, $check = 'alphanohtml', $method = 0, $filter = null
}
}
} // Management of default search_filters and sort order
- //elseif (preg_match('/list.php$/', $_SERVER["PHP_SELF"]) && ! empty($paramname) && ! isset($_GET[$paramname]) && ! isset($_POST[$paramname]))
elseif (!empty($paramname) && !isset($_GET[$paramname]) && !isset($_POST[$paramname]))
{
if (!empty($user->default_values)) // $user->default_values defined from menu 'Setup - Default values'
@@ -476,6 +475,7 @@ function GETPOST($paramname, $check = 'alphanohtml', $method = 0, $filter = null
if ($qualified)
{
+ // We must keep $_POST and $_GET here
if (isset($_POST['sall']) || isset($_POST['search_all']) || isset($_GET['sall']) || isset($_GET['search_all']))
{
// We made a search from quick search menu, do we still use default filter ?
diff --git a/htdocs/core/modules/mailings/pomme.modules.php b/htdocs/core/modules/mailings/pomme.modules.php
index aea4158fb21..3f4431f3eb4 100644
--- a/htdocs/core/modules/mailings/pomme.modules.php
+++ b/htdocs/core/modules/mailings/pomme.modules.php
@@ -172,10 +172,10 @@ class mailing_pomme extends MailingTargets
$sql .= " WHERE u.email <> ''"; // u.email IS NOT NULL est implicite dans ce test
$sql .= " AND u.entity IN (0,".$conf->entity.")";
$sql .= " AND u.email NOT IN (SELECT email FROM ".MAIN_DB_PREFIX."mailing_cibles WHERE fk_mailing=".$mailing_id.")";
- if (isset($_POST["filter"]) && $_POST["filter"] == '1') $sql .= " AND u.statut=1";
- if (isset($_POST["filter"]) && $_POST["filter"] == '0') $sql .= " AND u.statut=0";
- if (isset($_POST["filteremployee"]) && $_POST["filteremployee"] == '1') $sql .= " AND u.employee=1";
- if (isset($_POST["filteremployee"]) && $_POST["filteremployee"] == '0') $sql .= " AND u.employee=0";
+ if (GETPOSTISSET("filter") && GETPOST("filter") == '1') $sql .= " AND u.statut=1";
+ if (GETPOSTISSET("filter") && GETPOST("filter") == '0') $sql .= " AND u.statut=0";
+ if (GETPOSTISSET("filteremployee") && GETPOSt("filteremployee") == '1') $sql .= " AND u.employee=1";
+ if (GETPOSTISSET("filteremployee") && GETPOST("filteremployee") == '0') $sql .= " AND u.employee=0";
$sql .= " ORDER BY u.email";
// Stocke destinataires dans cibles
diff --git a/htdocs/core/modules/mailings/thirdparties.modules.php b/htdocs/core/modules/mailings/thirdparties.modules.php
index b2a082498c6..44b9d51bbf3 100644
--- a/htdocs/core/modules/mailings/thirdparties.modules.php
+++ b/htdocs/core/modules/mailings/thirdparties.modules.php
@@ -81,9 +81,8 @@ class mailing_thirdparties extends MailingTargets
$sql .= " AND s.email NOT IN (SELECT email FROM ".MAIN_DB_PREFIX."mailing_cibles WHERE fk_mailing=".$mailing_id.")";
} else {
$addFilter = "";
- if (isset($_POST["filter_client"]) && $_POST["filter_client"] <> '-1')
- {
- $addFilter .= " AND s.client=".$_POST["filter_client"];
+ if (GETPOSTISSET("filter_client") && GETPOST("filter_client") <> '-1') {
+ $addFilter .= " AND s.client=".((int) GETPOST("filter_client", 'int'));
$addDescription = $langs->trans('ProspectCustomer')."=";
if ($_POST["filter_client"] == 0)
{
@@ -98,18 +97,15 @@ class mailing_thirdparties extends MailingTargets
{
$addDescription .= $langs->trans('ProspectCustomer');
} else {
- $addDescription .= "Unknown status ".$_POST["filter_client"];
+ $addDescription .= "Unknown status ".GETPOST("filter_client");
}
}
- if (isset($_POST["filter_status"]))
- {
- if (strlen($addDescription) > 0)
- {
+ if (GETPOSTISSET("filter_status")) {
+ if (strlen($addDescription) > 0) {
$addDescription .= ";";
}
$addDescription .= $langs->trans("Status")."=";
- if ($_POST["filter_status"] == '1')
- {
+ if (GETPOST("filter_status") == '1') {
$addFilter .= " AND s.status=1";
$addDescription .= $langs->trans("Enabled");
} else {
@@ -124,7 +120,7 @@ class mailing_thirdparties extends MailingTargets
$sql .= " AND s.email NOT IN (SELECT email FROM ".MAIN_DB_PREFIX."mailing_cibles WHERE fk_mailing=".$mailing_id.")";
$sql .= " AND cs.fk_soc = s.rowid";
$sql .= " AND c.rowid = cs.fk_categorie";
- $sql .= " AND c.rowid='".$this->db->escape($_POST['filter'])."'";
+ $sql .= " AND c.rowid=".((int) GETPOST('filter', 'int'));
$sql .= $addFilter;
$sql .= " UNION ";
$sql .= "SELECT s.rowid as id, s.email as email, s.nom as name, null as fk_contact, null as firstname, c.label as label";
@@ -134,7 +130,7 @@ class mailing_thirdparties extends MailingTargets
$sql .= " AND s.email NOT IN (SELECT email FROM ".MAIN_DB_PREFIX."mailing_cibles WHERE fk_mailing=".$mailing_id.")";
$sql .= " AND cs.fk_soc = s.rowid";
$sql .= " AND c.rowid = cs.fk_categorie";
- $sql .= " AND c.rowid='".$this->db->escape($_POST['filter'])."'";
+ $sql .= " AND c.rowid=".((int) GETPOST('filter', 'int'));
$sql .= $addFilter;
}
$sql .= " ORDER BY email";
diff --git a/htdocs/core/tpl/extrafields_view.tpl.php b/htdocs/core/tpl/extrafields_view.tpl.php
index c7035298beb..bc02e490c34 100644
--- a/htdocs/core/tpl/extrafields_view.tpl.php
+++ b/htdocs/core/tpl/extrafields_view.tpl.php
@@ -85,7 +85,7 @@ if (empty($reshook) && is_array($extrafields->attributes[$object->table_element]
if (!empty($extrafields->attributes[$object->table_element]['langfile'][$tmpkeyextra])) $langs->load($extrafields->attributes[$object->table_element]['langfile'][$tmpkeyextra]);
if ($action == 'edit_extras')
{
- $value = (isset($_POST["options_".$tmpkeyextra]) ? $_POST["options_".$tmpkeyextra] : $object->array_options["options_".$tmpkeyextra]);
+ $value = (GETPOSTISSET("options_".$tmpkeyextra) ? GETPOST("options_".$tmpkeyextra) : $object->array_options["options_".$tmpkeyextra]);
} else {
$value = $object->array_options["options_".$tmpkeyextra];
//var_dump($tmpkeyextra.' - '.$value);
@@ -172,7 +172,7 @@ if (empty($reshook) && is_array($extrafields->attributes[$object->table_element]
$datenotinstring = $db->jdate($datenotinstring);
}
//print 'x'.$object->array_options['options_' . $tmpkeyextra].'-'.$datenotinstring.' - '.dol_print_date($datenotinstring, 'dayhour');
- $value = isset($_POST["options_".$tmpkeyextra]) ? dol_mktime($_POST["options_".$tmpkeyextra."hour"], $_POST["options_".$tmpkeyextra."min"], 0, $_POST["options_".$tmpkeyextra."month"], $_POST["options_".$tmpkeyextra."day"], $_POST["options_".$tmpkeyextra."year"]) : $datenotinstring;
+ $value = GETPOSTISSET("options_".$tmpkeyextra) ? dol_mktime(GETPOST("options_".$tmpkeyextra."hour", 'int'), GETPOST("options_".$tmpkeyextra."min", 'int'), 0, GETPOST("options_".$tmpkeyextra."month", 'int'), GETPOST("options_".$tmpkeyextra."day", 'int'), GETPOST("options_".$tmpkeyextra."year", 'int')) : $datenotinstring;
}
//TODO Improve element and rights detection
diff --git a/htdocs/core/tpl/objectline_create.tpl.php b/htdocs/core/tpl/objectline_create.tpl.php
index 52b50475744..bc6f3313168 100644
--- a/htdocs/core/tpl/objectline_create.tpl.php
+++ b/htdocs/core/tpl/objectline_create.tpl.php
@@ -324,17 +324,17 @@ if ($nolinesbefore) {
{
$coldisplay++;
?>
-
-
-
-
- % % % % % % '.$margin_rate.'% ';
@@ -242,7 +242,7 @@ $coldisplay++;
$coldisplay++;
} elseif (!empty($conf->global->DISPLAY_MARK_RATES))
{
- $mark_rate = (isset($_POST["np_markRate"]) ?GETPOST("np_markRate", 'alpha', 2) : price($line->marque_tx));
+ $mark_rate = (GETPOSTISSET("np_markRate") ? GETPOST("np_markRate", 'alpha', 2) : price($line->marque_tx));
// if credit note, dont allow to modify margin
if ($line->subprice < 0)
echo ''.$mark_rate.'% ';
diff --git a/htdocs/core/tpl/resource_add.tpl.php b/htdocs/core/tpl/resource_add.tpl.php
index 05b9d6fd50a..d1db4a819a5 100644
--- a/htdocs/core/tpl/resource_add.tpl.php
+++ b/htdocs/core/tpl/resource_add.tpl.php
@@ -32,8 +32,8 @@ $events = array();
$out .= $formresources->select_resource_list('', 'fk_resource', '', 1, 1, 0, $events, '', 2, null);
$out .= '';
-$out .= ''.$langs->trans('Busy').' '.$form->selectyesno('busy', (isset($_POST['busy']) ? $_POST['busy'] : 1), 1).'
';
-$out .= ''.$langs->trans('Mandatory').' '.$form->selectyesno('mandatory', (isset($_POST['mandatory']) ? $_POST['mandatory'] : 0), 1).'
';
+$out .= ''.$langs->trans('Busy').' '.$form->selectyesno('busy', (GETPOSTISSET('busy') ? GETPOST('busy') : 1), 1).'
';
+$out .= ''.$langs->trans('Mandatory').' '.$form->selectyesno('mandatory', (GETPOSTISSET('mandatory') ? GETPOST('mandatory') : 0), 1).'
';
$out .= '';
$out .= '
';
diff --git a/htdocs/don/card.php b/htdocs/don/card.php
index 0f4b2054619..c55751e913f 100644
--- a/htdocs/don/card.php
+++ b/htdocs/don/card.php
@@ -418,9 +418,9 @@ if ($action == 'create')
// Zip / Town
print '
'.$langs->trans("Zip").' / '.$langs->trans("Town").' ';
- print $formcompany->select_ziptown((isset($_POST["zipcode"]) ? $_POST["zipcode"] : $object->zip), 'zipcode', array('town', 'selectcountry_id', 'state_id'), 6);
+ print $formcompany->select_ziptown((GETPOSTISSET("zipcode") ? GETPOST("zipcode") : $object->zip), 'zipcode', array('town', 'selectcountry_id', 'state_id'), 6);
print ' ';
- print $formcompany->select_ziptown((isset($_POST["town"]) ? $_POST["town"] : $object->town), 'town', array('zipcode', 'selectcountry_id', 'state_id'));
+ print $formcompany->select_ziptown((GETPOSTISSET("town") ? GETPOST("town") : $object->town), 'town', array('zipcode', 'selectcountry_id', 'state_id'));
print ' ';
// Country
@@ -560,9 +560,9 @@ if (!empty($id) && $action == 'edit')
// Zip / Town
print '
'.$langs->trans("Zip").' / '.$langs->trans("Town").' ';
- print $formcompany->select_ziptown((isset($_POST["zipcode"]) ? $_POST["zipcode"] : $object->zip), 'zipcode', array('town', 'selectcountry_id', 'state_id'), 6);
+ print $formcompany->select_ziptown((GETPOSTISSET("zipcode") ? GETPOSTISSET("zipcode") : $object->zip), 'zipcode', array('town', 'selectcountry_id', 'state_id'), 6);
print ' ';
- print $formcompany->select_ziptown((isset($_POST["town"]) ? $_POST["town"] : $object->town), 'town', array('zipcode', 'selectcountry_id', 'state_id'));
+ print $formcompany->select_ziptown((GETPOSTISSET("town") ? GETPOST("town") : $object->town), 'town', array('zipcode', 'selectcountry_id', 'state_id'));
print ' ';
// Country
diff --git a/htdocs/install/check.php b/htdocs/install/check.php
index bd34a0ac30c..93b99680b92 100644
--- a/htdocs/install/check.php
+++ b/htdocs/install/check.php
@@ -93,8 +93,8 @@ if (empty($force_install_nophpinfo)) print ' (
\n";
-// Check PHP support for $_POST
-if (!isset($_GET["testget"]) && !isset($_POST["testpost"]))
+// Check PHP support for $_GET and $_POST
+if (!isset($_GET["testget"]) && !isset($_POST["testpost"])) // We must keep $_GET and $_POST here
{
print ' '.$langs->trans("Recheck").' )';
diff --git a/htdocs/install/inc.php b/htdocs/install/inc.php
index a0890866b51..12bab777edb 100644
--- a/htdocs/install/inc.php
+++ b/htdocs/install/inc.php
@@ -177,7 +177,7 @@ if (preg_match('/install\.lock/i', $_SERVER["SCRIPT_FILENAME"]))
print $langs->trans("YouTryInstallDisabledByDirLock");
if (!empty($dolibarr_main_url_root))
{
- print 'Click on following link,
';
+ print 'Click on following link, ';
print $langs->trans("ClickHereToGoToApp");
print ' ';
}
@@ -202,7 +202,7 @@ if (@file_exists($lockfile))
if (!empty($dolibarr_main_url_root))
{
print $langs->trans("ClickOnLinkOrRemoveManualy").'
';
- print '
';
+ print ' ';
print $langs->trans("ClickHereToGoToApp");
print ' ';
} else {
diff --git a/htdocs/install/repair.php b/htdocs/install/repair.php
index 798eb4472e6..14138dc5664 100644
--- a/htdocs/install/repair.php
+++ b/htdocs/install/repair.php
@@ -1473,7 +1473,7 @@ if (empty($actiondone))
if ($oneoptionset)
{
- print '
';
+ print '';
} else {
diff --git a/htdocs/opensurvey/results.php b/htdocs/opensurvey/results.php
index 3c87b36dd82..ea07900ba67 100644
--- a/htdocs/opensurvey/results.php
+++ b/htdocs/opensurvey/results.php
@@ -204,7 +204,9 @@ if (isset($_POST["ajoutercolonne"]) && $object->format == "D")
}
}
- if ($_POST["nouvelleheuredebut"] == "vide" || (isset($_POST["nouvelleheuredebut"]) && isset($_POST["nouvelleheurefin"]) && (($_POST["nouvelleheuredebut"] < $_POST["nouvelleheurefin"]) || (($_POST["nouvelleheuredebut"] == $_POST["nouvelleheurefin"]) && ($_POST["nouvelleminutedebut"] < $_POST["nouvelleminutefin"]))))) {
+ if (GETPOST("nouvelleheuredebut") == "vide" || (GETPOSTISSET("nouvelleheuredebut") && GETPOSTISSET("nouvelleheurefin")
+ && (GETPOST("nouvelleheuredebut") < GETPOST("nouvelleheurefin") || (GETPOST("nouvelleheuredebut") == GETPOST("nouvelleheurefin")
+ && (GETPOST("nouvelleminutedebut") < GETPOST("nouvelleminutefin")))))) {
$erreur_ajout_date = false;
} else {
$erreur_ajout_date = "yes";
@@ -907,7 +909,7 @@ while ($compteur < $num)
//demande de confirmation pour modification de ligne
for ($i = 0; $i < $nblines; $i++)
{
- if (isset($_POST["modifierligne".$i]))
+ if (GETPOSTISSET("modifierligne".$i))
{
if ($compteur == $i)
{
@@ -938,7 +940,7 @@ if (empty($testligneamodifier))
if (empty($listofanswers[$i]['format']) || !in_array($listofanswers[$i]['format'], array('yesno', 'foragainst')))
{
print ''.$langs->trans('BarcodeType').' ';
- if (isset($_POST['fk_barcode_type']))
- {
+ if (GETPOSTISSET('fk_barcode_type')) {
$fk_barcode_type = GETPOST('fk_barcode_type');
} else {
if (empty($fk_barcode_type) && !empty($conf->global->PRODUIT_DEFAULT_BARCODE_TYPE)) $fk_barcode_type = $conf->global->PRODUIT_DEFAULT_BARCODE_TYPE;
@@ -1046,7 +1045,7 @@ if (is_object($objcanvas) && $objcanvas->displayCanvasExists($action))
print ' ';
if ($conf->browser->layout == 'phone') print '';
print ''.$langs->trans("BarcodeValue").' ';
- $tmpcode = isset($_POST['barcode']) ?GETPOST('barcode') : $object->barcode;
+ $tmpcode = GETPOSTISSET('barcode') ? GETPOST('barcode') : $object->barcode;
if (empty($tmpcode) && !empty($modBarCodeProduct->code_auto)) $tmpcode = $modBarCodeProduct->getNextValue($object, $type);
print ' ';
@@ -1497,8 +1496,7 @@ if (is_object($objcanvas) && $objcanvas->displayCanvasExists($action))
if ($showbarcode)
{
print ''.$langs->trans('BarcodeType').' ';
- if (isset($_POST['fk_barcode_type']))
- {
+ if (GETPOSTISSET('fk_barcode_type')) {
$fk_barcode_type = GETPOST('fk_barcode_type');
} else {
$fk_barcode_type = $object->barcode_type;
@@ -1508,7 +1506,7 @@ if (is_object($objcanvas) && $objcanvas->displayCanvasExists($action))
$formbarcode = new FormBarCode($db);
print $formbarcode->selectBarcodeType($fk_barcode_type, 'fk_barcode_type', 1);
print ' '.$langs->trans("BarcodeValue").' ';
- $tmpcode = isset($_POST['barcode']) ?GETPOST('barcode') : $object->barcode;
+ $tmpcode = GETPOSTISSET('barcode') ? GETPOST('barcode') : $object->barcode;
if (empty($tmpcode) && !empty($modBarCodeProduct->code_auto)) $tmpcode = $modBarCodeProduct->getNextValue($object, $type);
print ' ';
if ($action == 'editbarcode')
{
- $tmpcode = isset($_POST['barcode']) ?GETPOST('barcode') : $object->barcode;
+ $tmpcode = GETPOSTISSET('barcode') ? GETPOST('barcode') : $object->barcode;
if (empty($tmpcode) && !empty($modBarCodeProduct->code_auto)) $tmpcode = $modBarCodeProduct->getNextValue($object, $type);
print ' ';
print '';
diff --git a/htdocs/product/stock/tpl/stocktransfer.tpl.php b/htdocs/product/stock/tpl/stocktransfer.tpl.php
index dab7cd07b78..7e159a35b32 100644
--- a/htdocs/product/stock/tpl/stocktransfer.tpl.php
+++ b/htdocs/product/stock/tpl/stocktransfer.tpl.php
@@ -127,7 +127,7 @@ print ''.$langs->trans("MovementLabel").' ';
print '';
print ' ';
-print ''.$langs->trans("InventoryCode").' '.$langs->trans("InventoryCode").' 
'.$langs->trans("PHPSupportPOSTGETKo");
print ' ('.$langs->trans("Recheck").')';
diff --git a/htdocs/install/inc.php b/htdocs/install/inc.php
index a0890866b51..12bab777edb 100644
--- a/htdocs/install/inc.php
+++ b/htdocs/install/inc.php
@@ -177,7 +177,7 @@ if (preg_match('/install\.lock/i', $_SERVER["SCRIPT_FILENAME"]))
print $langs->trans("YouTryInstallDisabledByDirLock");
if (!empty($dolibarr_main_url_root))
{
- print 'Click on following link, ';
+ print 'Click on following link, ';
print $langs->trans("ClickHereToGoToApp");
print '';
}
@@ -202,7 +202,7 @@ if (@file_exists($lockfile))
if (!empty($dolibarr_main_url_root))
{
print $langs->trans("ClickOnLinkOrRemoveManualy").'