Wavyzz/dolibarr
2
0
Fork 1
mirror of https://github.com/Dolibarr/dolibarr.git synced 2026-01-06 09:02:59 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fight against $_POST

Browse Source
This commit is contained in:
Laurent Destailleur
2020-11-30 14:47:07 +01:00
parent fa8b960520
commit 00ad6df395
51 changed files with 199 additions and 211 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
htdocs/core/modules/mailings/pomme.modules.php
View File

@@ -172,10 +172,10 @@ class mailing_pomme extends MailingTargets
$sql .= " WHERE u.email <> ''"; // u.email IS NOT NULL est implicite dans ce test
$sql .= " AND u.entity IN (0,".$conf->entity.")";
$sql .= " AND u.email NOT IN (SELECT email FROM ".MAIN_DB_PREFIX."mailing_cibles WHERE fk_mailing=".$mailing_id.")";
if (isset($_POST["filter"]) && $_POST["filter"] == '1') $sql .= " AND u.statut=1";
if (isset($_POST["filter"]) && $_POST["filter"] == '0') $sql .= " AND u.statut=0";
if (isset($_POST["filteremployee"]) && $_POST["filteremployee"] == '1') $sql .= " AND u.employee=1";
if (isset($_POST["filteremployee"]) && $_POST["filteremployee"] == '0') $sql .= " AND u.employee=0";
if (GETPOSTISSET("filter") && GETPOST("filter") == '1') $sql .= " AND u.statut=1";
if (GETPOSTISSET("filter") && GETPOST("filter") == '0') $sql .= " AND u.statut=0";
if (GETPOSTISSET("filteremployee") && GETPOSt("filteremployee") == '1') $sql .= " AND u.employee=1";
if (GETPOSTISSET("filteremployee") && GETPOST("filteremployee") == '0') $sql .= " AND u.employee=0";
$sql .= " ORDER BY u.email";
// Stocke destinataires dans cibles

20
htdocs/core/modules/mailings/thirdparties.modules.php
View File

@@ -81,9 +81,8 @@ class mailing_thirdparties extends MailingTargets
$sql .= " AND s.email NOT IN (SELECT email FROM ".MAIN_DB_PREFIX."mailing_cibles WHERE fk_mailing=".$mailing_id.")";
} else {
$addFilter = "";
if (isset($_POST["filter_client"]) && $_POST["filter_client"] <> '-1')
{
$addFilter .= " AND s.client=".$_POST["filter_client"];
if (GETPOSTISSET("filter_client") && GETPOST("filter_client") <> '-1') {
$addFilter .= " AND s.client=".((int) GETPOST("filter_client", 'int'));
$addDescription = $langs->trans('ProspectCustomer')."=";
if ($_POST["filter_client"] == 0)
{
@@ -98,18 +97,15 @@ class mailing_thirdparties extends MailingTargets
{
$addDescription .= $langs->trans('ProspectCustomer');
} else {
$addDescription .= "Unknown status ".$_POST["filter_client"];
$addDescription .= "Unknown status ".GETPOST("filter_client");
}
}
if (isset($_POST["filter_status"]))
{
if (strlen($addDescription) > 0)
{
if (GETPOSTISSET("filter_status")) {
if (strlen($addDescription) > 0) {
$addDescription .= ";";
}
$addDescription .= $langs->trans("Status")."=";
if ($_POST["filter_status"] == '1')
{
if (GETPOST("filter_status") == '1') {
$addFilter .= " AND s.status=1";
$addDescription .= $langs->trans("Enabled");
} else {
@@ -124,7 +120,7 @@ class mailing_thirdparties extends MailingTargets
$sql .= " AND s.email NOT IN (SELECT email FROM ".MAIN_DB_PREFIX."mailing_cibles WHERE fk_mailing=".$mailing_id.")";
$sql .= " AND cs.fk_soc = s.rowid";
$sql .= " AND c.rowid = cs.fk_categorie";
$sql .= " AND c.rowid='".$this->db->escape($_POST['filter'])."'";
$sql .= " AND c.rowid=".((int) GETPOST('filter', 'int'));
$sql .= $addFilter;
$sql .= " UNION ";
$sql .= "SELECT s.rowid as id, s.email as email, s.nom as name, null as fk_contact, null as firstname, c.label as label";
@@ -134,7 +130,7 @@ class mailing_thirdparties extends MailingTargets
$sql .= " AND s.email NOT IN (SELECT email FROM ".MAIN_DB_PREFIX."mailing_cibles WHERE fk_mailing=".$mailing_id.")";
$sql .= " AND cs.fk_soc = s.rowid";
$sql .= " AND c.rowid = cs.fk_categorie";
$sql .= " AND c.rowid='".$this->db->escape($_POST['filter'])."'";
$sql .= " AND c.rowid=".((int) GETPOST('filter', 'int'));
$sql .= $addFilter;
}
$sql .= " ORDER BY email";