Wavyzz/dolibarr
2
0
Fork 1
mirror of https://github.com/Dolibarr/dolibarr.git synced 2025-12-10 03:28:18 +01:00
Code Issues Packages Projects Releases Wiki Activity

Sec: Removed security holes

Browse Source
This commit is contained in:
Laurent Destailleur
2010-11-20 13:08:44 +00:00
parent 1627b204b5
commit adfb9ea341
70 changed files with 492 additions and 460 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
htdocs/adherents/cotisations.php
View File

@@ -32,18 +32,18 @@ require_once(DOL_DOCUMENT_ROOT."/compta/bank/class/account.class.php");
$langs->load("members"); $langs->load("members");
$sortorder=$_GET["sortorder"];
$sortfield=$_GET["sortfield"];
$page=$_GET["page"];
$filter=$_GET["filter"]; $filter=$_GET["filter"];
$statut=isset($_GET["statut"])?$_GET["statut"]:1; $statut=isset($_GET["statut"])?$_GET["statut"]:1;
if (! $sortorder) { $sortorder="DESC"; } $sortfield = GETPOST("sortfield",'alpha');
if (! $sortfield) { $sortfield="c.dateadh"; } $sortorder = GETPOST("sortorder",'alpha');
$page = GETPOST("page",'int');
if ($page == -1) { $page = 0 ; } if ($page == -1) { $page = 0 ; }
$offset = $conf->liste_limit * $page ; $offset = $conf->liste_limit * $page ;
$pageprev = $page - 1; $pageprev = $page - 1;
$pagenext = $page + 1; $pagenext = $page + 1;
if (! $sortorder) { $sortorder="DESC"; }
if (! $sortfield) { $sortfield="c.dateadh"; }
$msg=''; $msg='';
$date_select=isset($_GET["date_select"])?$_GET["date_select"]:$_POST["date_select"]; $date_select=isset($_GET["date_select"])?$_GET["date_select"]:$_POST["date_select"];

13
htdocs/adherents/document.php
View File

@@ -47,22 +47,17 @@ if ($user->societe_id > 0)
//$result = restrictedArea($user, 'societe', $id); //$result = restrictedArea($user, 'societe', $id);
// Get parameters // Get parameters
$page=$_GET["page"]; $sortfield = GETPOST("sortfield",'alpha');
$sortorder=$_GET["sortorder"]; $sortorder = GETPOST("sortorder",'alpha');
$sortfield=$_GET["sortfield"]; $page = GETPOST("page",'int');
if (! $sortorder) $sortorder="ASC";
if (! $sortfield) $sortfield="name";
if ($page == -1) { $page = 0 ; } if ($page == -1) { $page = 0 ; }
$offset = $conf->liste_limit * $page ; $offset = $conf->liste_limit * $page ;
$pageprev = $page - 1; $pageprev = $page - 1;
$pagenext = $page + 1; $pagenext = $page + 1;
$sortorder=$_GET["sortorder"];
$sortfield=$_GET["sortfield"];
if (! $sortorder) $sortorder="ASC"; if (! $sortorder) $sortorder="ASC";
if (! $sortfield) $sortfield="name"; if (! $sortfield) $sortfield="name";
$upload_dir = $conf->adherent->dir_output . "/" . get_exdir($id,2,0,1) . '/' . $id; $upload_dir = $conf->adherent->dir_output . "/" . get_exdir($id,2,0,1) . '/' . $id;

17
htdocs/adherents/liste.php
View File

@@ -35,18 +35,19 @@ $langs->load("companies");
$sall=isset($_GET["sall"])?$_GET["sall"]:$_POST["sall"]; $sall=isset($_GET["sall"])?$_GET["sall"]:$_POST["sall"];
$sortorder=$_GET["sortorder"]; $sortfield = GETPOST("sortfield",'alpha');
$sortfield=$_GET["sortfield"]; $sortorder = GETPOST("sortorder",'alpha');
$page=$_GET["page"]; $page = GETPOST("page",'int');
$filter=$_GET["filter"];
$statut=isset($_GET["statut"])?$_GET["statut"]:'';
if (! $sortorder) { $sortorder="ASC"; }
if (! $sortfield) { $sortfield="d.nom"; }
if ($page == -1) { $page = 0 ; } if ($page == -1) { $page = 0 ; }
$offset = $conf->liste_limit * $page ; $offset = $conf->liste_limit * $page ;
$pageprev = $page - 1; $pageprev = $page - 1;
$pagenext = $page + 1; $pagenext = $page + 1;
if (! $sortorder) { $sortorder="ASC"; }
if (! $sortfield) { $sortfield="d.nom"; }
$filter=$_GET["filter"];
$statut=isset($_GET["statut"])?$_GET["statut"]:'';
if ($_REQUEST["button_removefilter"]) if ($_REQUEST["button_removefilter"])
{ {

9
htdocs/admin/dict.php
View File

@@ -244,9 +244,14 @@ $tabcond[19]= $conf->societe->enabled;
$msg=''; $msg='';
$sortfield = GETPOST("sortfield",'alpha');
$sortorder = GETPOST("sortorder",'alpha');
$page = GETPOST("page",'int');
if ($page == -1) { $page = 0 ; }
$offset = $conf->liste_limit * $page ;
$pageprev = $page - 1;
$pagenext = $page + 1;
$sortfield=$_GET["sortfield"];
$sortorder=$_GET["sortorder"];
/* /*
* Actions ajout ou modification d'une entree dans un dictionnaire de donnee * Actions ajout ou modification d'une entree dans un dictionnaire de donnee

11
htdocs/admin/tools/listevents.php
View File

@@ -41,16 +41,15 @@ $langs->load("companies");
$langs->load("users"); $langs->load("users");
$langs->load("other"); $langs->load("other");
$page=$_GET["page"]; $sortfield = GETPOST("sortfield",'alpha');
$sortorder=$_GET["sortorder"]; $sortorder = GETPOST("sortorder",'alpha');
$sortfield=$_GET["sortfield"]; $page = GETPOST("page",'int');
if (! $sortorder) $sortorder="DESC";
if (! $sortfield) $sortfield="dateevent";
if ($page == -1) { $page = 0 ; } if ($page == -1) { $page = 0 ; }
$offset = $conf->liste_limit * $page ; $offset = $conf->liste_limit * $page ;
$pageprev = $page - 1; $pageprev = $page - 1;
$pagenext = $page + 1; $pagenext = $page + 1;
if (! $sortorder) $sortorder="DESC";
if (! $sortfield) $sortfield="dateevent";
/* /*

11
htdocs/admin/tools/listsessions.php
View File

@@ -41,16 +41,15 @@ $langs->load("companies");
$langs->load("users"); $langs->load("users");
$langs->load("other"); $langs->load("other");
$page=$_GET["page"]; $sortfield = GETPOST("sortfield",'alpha');
$sortorder=$_GET["sortorder"]; $sortorder = GETPOST("sortorder",'alpha');
$sortfield=$_GET["sortfield"]; $page = GETPOST("page",'int');
if (! $sortorder) $sortorder="DESC";
if (! $sortfield) $sortfield="dateevent";
if ($page == -1) { $page = 0 ; } if ($page == -1) { $page = 0 ; }
$offset = $conf->liste_limit * $page ; $offset = $conf->liste_limit * $page ;
$pageprev = $page - 1; $pageprev = $page - 1;
$pagenext = $page + 1; $pagenext = $page + 1;
if (! $sortorder) $sortorder="DESC";
if (! $sortfield) $sortfield="dateevent";
/* /*

15
htdocs/bookmarks/liste.php
View File

@@ -27,17 +27,16 @@ require("../main.inc.php");
require_once(DOL_DOCUMENT_ROOT."/bookmarks/class/bookmark.class.php"); require_once(DOL_DOCUMENT_ROOT."/bookmarks/class/bookmark.class.php");
$page=$_GET["page"]; $sortfield = GETPOST("sortfield",'alpha');
$sortorder=$_GET["sortorder"]; $sortorder = GETPOST("sortorder",'alpha');
$sortfield=$_GET["sortfield"]; $page = GETPOST("page",'int');
if (! $sortorder) $sortorder="ASC";
if (! $sortfield) $sortfield="position";
if ($page == -1) { $page = 0 ; } if ($page == -1) { $page = 0 ; }
$limit = 26; $offset = $conf->liste_limit * $page ;
$offset = $limit * $page ;
$pageprev = $page - 1; $pageprev = $page - 1;
$pagenext = $page + 1; $pagenext = $page + 1;
if (! $sortorder) $sortorder="ASC";
if (! $sortfield) $sortfield="position";
$limit=$conf->liste_limit;
/* /*

4
htdocs/cashdesk/index.php
View File

@@ -38,6 +38,8 @@ if ( $_SESSION['uid'] > 0 )
exit; exit;
} }
$usertxt=GETPOST('user','',1);
/* /*
* View * View
@@ -71,7 +73,7 @@ top_htmlhead('','',0,0,'',$arrayofcss);
<tr> <tr>
<td class="label1"><?php echo $langs->trans("Login"); ?></td> <td class="label1"><?php echo $langs->trans("Login"); ?></td>
<td><input name="txtUsername" class="texte_login" type="text" value="<?php echo $_GET['user']; ?>" /></td> <td><input name="txtUsername" class="texte_login" type="text" value="<?php echo $usertxt; ?>" /></td>
</tr> </tr>
<tr> <tr>
<td class="label1"><?php echo $langs->trans("Password"); ?></td> <td class="label1"><?php echo $langs->trans("Password"); ?></td>

15
htdocs/comm/action/document.php
View File

@@ -52,16 +52,15 @@ if ($user->societe_id > 0)
} }
// Get parameters // Get parameters
$page=$_GET["page"]; $sortfield = GETPOST("sortfield",'alpha');
$sortorder=$_GET["sortorder"]; $sortorder = GETPOST("sortorder",'alpha');
$sortfield=$_GET["sortfield"]; $page = GETPOST("page",'int');
if ($page == -1) { $page = 0; }
if (! $sortorder) $sortorder="ASC"; $offset = $conf->liste_limit * $page;
if (! $sortfield) $sortfield="name";
if ($page == -1) { $page = 0 ; }
$offset = $conf->liste_limit * $page ;
$pageprev = $page - 1; $pageprev = $page - 1;
$pagenext = $page + 1; $pagenext = $page + 1;
if (! $sortorder) $sortorder="ASC";
if (! $sortfield) $sortfield="name";
/* /*

3
htdocs/comm/action/index.php
View File

@@ -64,7 +64,8 @@ if (! $user->rights->agenda->allactions->read || $filter =='mine') // If no perm
$filterd=$user->id; $filterd=$user->id;
} }
$action=GETPOST('action'); $action=GETPOST('action','alpha');
//$year=GETPOST("year");
$year=GETPOST("year","int")?GETPOST("year","int"):date("Y"); $year=GETPOST("year","int")?GETPOST("year","int"):date("Y");
$month=GETPOST("month","int")?GETPOST("month","int"):date("m"); $month=GETPOST("month","int")?GETPOST("month","int"):date("m");
$day=GETPOST("day","int")?GETPOST("day","int"):0; $day=GETPOST("day","int")?GETPOST("day","int"):0;

28
htdocs/comm/action/listactions.php
View File

@@ -36,22 +36,20 @@ if ($conf->projet->enabled) require_once(DOL_DOCUMENT_ROOT."/lib/project.lib.php
$langs->load("companies"); $langs->load("companies");
$langs->load("agenda"); $langs->load("agenda");
$action=isset($_REQUEST['action'])?$_REQUEST['action']:''; $action=GETPOST('action','alpha');
$year=isset($_REQUEST["year"])?$_REQUEST["year"]:''; $year=GETPOST("year",'int');
$month=isset($_REQUEST["month"])?$_REQUEST["month"]:''; $month=GETPOST("month",'int');
$day=isset($_REQUEST["day"])?$_REQUEST["day"]:0; $day=GETPOST("day",'int');
$pid=isset($_REQUEST["projectid"])?$_REQUEST["projectid"]:0; $pid=GETPOST("projectid",'int');
$status=isset($_GET["status"])?$_GET["status"]:$_POST["status"]; $status=GETPOST("status",'alpha');
$filtera = isset($_REQUEST["userasked"])?$_REQUEST["userasked"]:(isset($_REQUEST["filtera"])?$_REQUEST["filtera"]:''); $filtera = GETPOST("userasked","int")?GETPOST("userasked","int"):GETPOST("filtera","int");
$filtert = isset($_REQUEST["usertodo"])?$_REQUEST["usertodo"]:(isset($_REQUEST["filtert"])?$_REQUEST["filtert"]:''); $filtert = GETPOST("usertodo","int")?GETPOST("usertodo","int"):GETPOST("filtert","int");
$filterd = isset($_REQUEST["userdone"])?$_REQUEST["userdone"]:(isset($_REQUEST["filterd"])?$_REQUEST["filterd"]:''); $filterd = GETPOST("userdone","int")?GETPOST("userdone","int"):GETPOST("filterd","int");
$socid = isset($_GET["socid"])?$_GET["socid"]:$_POST["socid"]; $sortfield = GETPOST("sortfield",'alpha');
$sortorder = GETPOST("sortorder",'alpha');
$sortfield = isset($_GET["sortfield"])?$_GET["sortfield"]:$_POST["sortfield"]; $page = GETPOST("page",'int');
$sortorder = isset($_GET["sortorder"])?$_GET["sortorder"]:$_POST["sortorder"];
$page = isset($_GET["page"])?$_GET["page"]:$_POST["page"];
if ($page == -1) { $page = 0 ; } if ($page == -1) { $page = 0 ; }
$limit = $conf->liste_limit; $limit = $conf->liste_limit;
$offset = $limit * $page ; $offset = $limit * $page ;
@@ -69,7 +67,7 @@ if (! $sortfield)
} }
// Security check // Security check
$socid = isset($_GET["socid"])?$_GET["socid"]:''; $socid = GETPOST("socid",'int');
if ($user->societe_id) $socid=$user->societe_id; if ($user->societe_id) $socid=$user->societe_id;
$result = restrictedArea($user, 'agenda', 0, '', 'myactions'); $result = restrictedArea($user, 'agenda', 0, '', 'myactions');

10
htdocs/comm/action/rapport/index.php
View File

@@ -22,7 +22,7 @@
/** /**
* \file htdocs/comm/action/rapport/index.php * \file htdocs/comm/action/rapport/index.php
* \ingroup commercial * \ingroup commercial
* \brief Page accueil des rapports des actions * \brief Page with reports of actions
* \version $Id$ * \version $Id$
*/ */
@@ -32,9 +32,9 @@ require_once(DOL_DOCUMENT_ROOT."/contact/class/contact.class.php");
require_once(DOL_DOCUMENT_ROOT."/comm/action/class/actioncomm.class.php"); require_once(DOL_DOCUMENT_ROOT."/comm/action/class/actioncomm.class.php");
require_once(DOL_DOCUMENT_ROOT."/includes/modules/action/rapport.pdf.php"); require_once(DOL_DOCUMENT_ROOT."/includes/modules/action/rapport.pdf.php");
$page = $_GET["page"]; $sortfield = GETPOST("sortfield",'alpha');
$sortfield=$_GET["sortfield"]; $sortorder = GETPOST("sortorder",'alpha');
$sortorder=$_GET["sortorder"]; $page = GETPOST("page",'int');
if ($page == -1) { $page = 0 ; } if ($page == -1) { $page = 0 ; }
$limit = $conf->liste_limit; $limit = $conf->liste_limit;
$offset = $limit * $page ; $offset = $limit * $page ;
@@ -42,7 +42,7 @@ if (! $sortorder) $sortorder="DESC";
if (! $sortfield) $sortfield="a.datep"; if (! $sortfield) $sortfield="a.datep";
// Security check // Security check
$socid = isset($_GET["socid"])?$_GET["socid"]:''; $socid = GETPOST("socid");
if ($user->societe_id) $socid=$user->societe_id; if ($user->societe_id) $socid=$user->societe_id;
$result = restrictedArea($user, 'agenda', $socid, '', 'myactions'); $result = restrictedArea($user, 'agenda', $socid, '', 'myactions');

24
htdocs/comm/bookmark.php
View File

@@ -26,20 +26,20 @@
require("../main.inc.php"); require("../main.inc.php");
$sortfield = GETPOST("sortfield",'alpha');
$sortorder = GETPOST("sortorder",'alpha');
$page = GETPOST("page",'int');
if ($page == -1) { $page = 0; }
$offset = $conf->liste_limit * $page;
$pageprev = $page - 1;
$pagenext = $page + 1;
if (! $sortorder) $sortorder="DESC";
if (! $sortfield) $sortfield="bid";
$limit = $conf->liste_limit;
llxHeader(); llxHeader();
$page=$_GET["page"];
$sortorder=$_GET["sortorder"];
$sortfield=$_GET["sortfield"];
if (! $sortorder) $sortorder="DESC";
if (! $sortfield) $sortfield="bid";
if ($page == -1) { $page = 0 ; }
$limit = 26;
$offset = $limit * $page ;
$pageprev = $page - 1;
$pagenext = $page + 1;
/* /*
* Actions * Actions
@@ -94,7 +94,7 @@ $sql.= " FROM ".MAIN_DB_PREFIX."bookmark as b, ".MAIN_DB_PREFIX."societe as s, "
$sql.= " WHERE b.fk_soc = s.rowid AND b.fk_user=u.rowid"; $sql.= " WHERE b.fk_soc = s.rowid AND b.fk_user=u.rowid";
if (! $user->admin) $sql.= " AND b.fk_user = ".$user->id; if (! $user->admin) $sql.= " AND b.fk_user = ".$user->id;
$sql.= $db->order($sortfield,$sortorder); $sql.= $db->order($sortfield,$sortorder);
$sql.= $db->plimit( $limit, $offset); $sql.= $db->plimit($limit, $offset);
$resql=$db->query($sql); $resql=$db->query($sql);
if ($resql) if ($resql)

9
htdocs/comm/fiche.php
View File

@@ -52,8 +52,13 @@ $socid = isset($_GET["socid"])?$_GET["socid"]:'';
if ($user->societe_id > 0) $socid=$user->societe_id; if ($user->societe_id > 0) $socid=$user->societe_id;
$result = restrictedArea($user,'societe',$socid,''); $result = restrictedArea($user,'societe',$socid,'');
$sortorder=$_GET["sortorder"]; $sortfield = GETPOST("sortfield",'alpha');
$sortfield=$_GET["sortfield"]; $sortorder = GETPOST("sortorder",'alpha');
$page = GETPOST("page",'int');
if ($page == -1) { $page = 0; }
$offset = $conf->liste_limit * $page;
$pageprev = $page - 1;
$pagenext = $page + 1;
if (! $sortorder) $sortorder="ASC"; if (! $sortorder) $sortorder="ASC";
if (! $sortfield) $sortfield="nom"; if (! $sortfield) $sortfield="nom";

14
htdocs/comm/mailing/cibles.php
View File

@@ -44,13 +44,13 @@ $dirmod=DOL_DOCUMENT_ROOT."/includes/modules/mailings";
$mesg = ''; $mesg = '';
$page=$_GET["page"]; $sortfield = GETPOST("sortfield",'alpha');
$sortorder=$_GET["sortorder"]; $sortorder = GETPOST("sortorder",'alpha');
$sortfield=$_GET["sortfield"]; $page = GETPOST("page",'int');
if ($page == -1) { $page = 0 ; } if ($page == -1) { $page = 0; }
$offset = $conf->liste_limit * $_GET["page"] ; $offset = $conf->liste_limit * $page;
$pageprev = $_GET["page"] - 1; $pageprev = $page - 1;
$pagenext = $_GET["page"] + 1; $pagenext = $page + 1;
if (! $sortorder) $sortorder="ASC"; if (! $sortorder) $sortorder="ASC";
if (! $sortfield) $sortfield="email"; if (! $sortfield) $sortfield="email";

15
htdocs/comm/mailing/liste.php
View File

@@ -36,14 +36,13 @@ if ($user->societe_id > 0)
$socid = $user->societe_id; $socid = $user->societe_id;
} }
$page=$_GET["page"]; $sortfield = GETPOST("sortfield",'alpha');
$sortorder=$_GET["sortorder"]; $sortorder = GETPOST("sortorder",'alpha');
$sortfield=$_GET["sortfield"]; $page = GETPOST("page",'int');
if ($page == -1) { $page = 0; }
if ($page == -1) { $page = 0 ; } $offset = $conf->liste_limit * $page;
$offset = $conf->liste_limit * $_GET["page"] ; $pageprev = $page - 1;
$pageprev = $_GET["page"] - 1; $pagenext = $page + 1;
$pagenext = $_GET["page"] + 1;
if (! $sortorder) $sortorder="DESC"; if (! $sortorder) $sortorder="DESC";
if (! $sortfield) $sortfield="m.date_creat"; if (! $sortfield) $sortfield="m.date_creat";

14
htdocs/comm/propal.php
View File

@@ -1631,9 +1631,14 @@ else
$now=dol_now(); $now=dol_now();
$sortorder=$_GET['sortorder']; $sortfield = GETPOST("sortfield",'alpha');
$sortfield=$_GET['sortfield']; $sortorder = GETPOST("sortorder",'alpha');
$page=$_GET['page']; $page = GETPOST("page",'int');
if ($page == -1) { $page = 0; }
$offset = $conf->liste_limit * $page;
$pageprev = $page - 1;
$pagenext = $page + 1;
$viewstatut=addslashes($_GET['viewstatut']); $viewstatut=addslashes($_GET['viewstatut']);
$object_statut = addslashes($_GET['propal_statut']); $object_statut = addslashes($_GET['propal_statut']);
if($object_statut != '') if($object_statut != '')
@@ -1642,9 +1647,6 @@ else
if (! $sortfield) $sortfield='p.datep'; if (! $sortfield) $sortfield='p.datep';
if (! $sortorder) $sortorder='DESC'; if (! $sortorder) $sortorder='DESC';
$limit = $conf->liste_limit; $limit = $conf->liste_limit;
$offset = $limit * $page ;
$pageprev = $page - 1;
$pagenext = $page + 1;
$sql = 'SELECT s.nom, s.rowid, s.client, '; $sql = 'SELECT s.nom, s.rowid, s.client, ';
$sql.= 'p.rowid as propalid, p.total_ht, p.ref, p.fk_statut, p.fk_user_author, p.datep as dp, p.fin_validite as dfv,'; $sql.= 'p.rowid as propalid, p.total_ht, p.ref, p.fk_statut, p.fk_user_author, p.datep as dp, p.fin_validite as dfv,';

15
htdocs/comm/propal/document.php
View File

@@ -49,16 +49,15 @@ if ($user->societe_id)
$result = restrictedArea($user, 'propale', $id, 'propal'); $result = restrictedArea($user, 'propale', $id, 'propal');
// Get parameters // Get parameters
$page=$_GET["page"]; $sortfield = GETPOST("sortfield",'alpha');
$sortorder=$_GET["sortorder"]; $sortorder = GETPOST("sortorder",'alpha');
$sortfield=$_GET["sortfield"]; $page = GETPOST("page",'int');
if ($page == -1) { $page = 0; }
if (! $sortorder) $sortorder="ASC"; $offset = $conf->liste_limit * $page;
if (! $sortfield) $sortfield="name";
if ($page == -1) { $page = 0 ; }
$offset = $conf->liste_limit * $page ;
$pageprev = $page - 1; $pageprev = $page - 1;
$pagenext = $page + 1; $pagenext = $page + 1;
if (! $sortorder) $sortorder="ASC";
if (! $sortfield) $sortfield="name";
/* /*

18
htdocs/comm/prospect/prospects.php
View File

@@ -33,16 +33,16 @@ $langs->load("propal");
$langs->load("companies"); $langs->load("companies");
// Security check // Security check
$socid = isset($_GET["socid"])?$_GET["socid"]:''; $socid = GETPOST("socid",'int');
if ($user->societe_id) $socid=$user->societe_id; if ($user->societe_id) $socid=$user->societe_id;
$result = restrictedArea($user, 'societe',$socid,''); $result = restrictedArea($user, 'societe',$socid,'');
$socname=isset($_GET["socname"])?$_GET["socname"]:$_POST["socname"]; $socname=GETPOST("socname",'alpha');
$stcomm=isset($_GET["stcomm"])?$_GET["stcomm"]:$_POST["stcomm"]; $stcomm=GETPOST("stcomm",'int');
$sortfield = isset($_GET["sortfield"])?$_GET["sortfield"]:$_POST["sortfield"]; $sortfield = GETPOST("sortfield",'alpha');
$sortorder = isset($_GET["sortorder"])?$_GET["sortorder"]:$_POST["sortorder"]; $sortorder = GETPOST("sortorder",'alpha');
$page=isset($_GET["page"])?$_GET["page"]:$_POST["page"]; $page = GETPOST("page",'int');
if ($page == -1) { $page = 0; } if ($page == -1) { $page = 0; }
$offset = $conf->liste_limit * $page; $offset = $conf->liste_limit * $page;
$pageprev = $page - 1; $pageprev = $page - 1;
@@ -50,10 +50,8 @@ $pagenext = $page + 1;
if (! $sortorder) $sortorder="ASC"; if (! $sortorder) $sortorder="ASC";
if (! $sortfield) $sortfield="s.nom"; if (! $sortfield) $sortfield="s.nom";
// Added by Matelli (see http://matelli.fr/showcases/patchs-dolibarr/enhance-prospect-searching.html) $search_level_from = GETPOST("search_level_from","alpha");
// Load potentiels filters $search_level_to = GETPOST("search_level_to","alpha");
$search_level_from = isset($_GET["search_level_from"])?$_GET["search_level_from"]:(isSet($_POST["search_level_from"])?$_POST["search_level_from"]:'');
$search_level_to = isset($_GET["search_level_to"])?$_GET["search_level_to"]:(isSet($_POST["search_level_to"])?$_POST["search_level_to"]:'');
// If both parameters are set, search for everything BETWEEN them // If both parameters are set, search for everything BETWEEN them
if ($search_level_from != '' && $search_level_to != '') if ($search_level_from != '' && $search_level_to != '')

17
htdocs/commande/document.php
View File

@@ -48,19 +48,18 @@ if ($user->societe_id) $socid=$user->societe_id;
$result=restrictedArea($user,'commande',$comid,''); $result=restrictedArea($user,'commande',$comid,'');
// Get parameters // Get parameters
$page=$_GET["page"]; $sortfield = GETPOST("sortfield",'alpha');
$sortorder=$_GET["sortorder"]; $sortorder = GETPOST("sortorder",'alpha');
$sortfield=$_GET["sortfield"]; $page = GETPOST("page",'int');
if ($page == -1) { $page = 0; }
if (! $sortorder) $sortorder="ASC"; $offset = $conf->liste_limit * $page;
if (! $sortfield) $sortfield="name";
if ($page == -1) { $page = 0 ; }
$offset = $conf->liste_limit * $page ;
$pageprev = $page - 1; $pageprev = $page - 1;
$pagenext = $page + 1; $pagenext = $page + 1;
if (! $sortorder) $sortorder="ASC";
if (! $sortfield) $sortfield="name";
$id = $_GET['id']; $id = GETPOST('id','int');
$ref= $_GET['ref']; $ref= $_GET['ref'];
$commande = new Commande($db); $commande = new Commande($db);
if (! $commande->fetch($_GET['id'],$_GET['ref']) > 0) if (! $commande->fetch($_GET['id'],$_GET['ref']) > 0)

21
htdocs/commande/liste.php
View File

@@ -50,12 +50,23 @@ $orderid = isset($_GET["orderid"])?$_GET["orderid"]:'';
if ($user->societe_id) $socid=$user->societe_id; if ($user->societe_id) $socid=$user->societe_id;
$result = restrictedArea($user, 'commande', $orderid,''); $result = restrictedArea($user, 'commande', $orderid,'');
$sortfield = GETPOST("sortfield",'alpha');
$sortorder = GETPOST("sortorder",'alpha');
$page = GETPOST("page",'int');
if ($page == -1) { $page = 0; }
$offset = $conf->liste_limit * $page;
$pageprev = $page - 1;
$pagenext = $page + 1;
if (! $sortfield) $sortfield='c.rowid';
if (! $sortorder) $sortorder='DESC';
$limit = $conf->liste_limit;
/* /*
* View * View
*/ */
$now=gmmktime(); $now=dol_now();
$html = new Form($db); $html = new Form($db);
$formfile = new FormFile($db); $formfile = new FormFile($db);
@@ -63,16 +74,8 @@ $companystatic = new Societe($db);
llxHeader(); llxHeader();
$begin=$_GET['begin'];
$sortorder=$_GET['sortorder'];
$sortfield=$_GET['sortfield'];
$viewstatut=$_GET['viewstatut']; $viewstatut=$_GET['viewstatut'];
if (! $sortfield) $sortfield='c.rowid';
if (! $sortorder) $sortorder='DESC';
$limit = $conf->liste_limit;
$offset = $limit * $_GET['page'] ;
$sql = 'SELECT s.nom, s.rowid as socid, s.client, c.rowid, c.ref, c.total_ht, c.ref_client,'; $sql = 'SELECT s.nom, s.rowid as socid, s.client, c.rowid, c.ref, c.total_ht, c.ref_client,';
$sql.= ' c.date_commande, c.date_livraison, c.fk_statut, c.facture as facturee'; $sql.= ' c.date_commande, c.date_livraison, c.fk_statut, c.facture as facturee';

11
htdocs/compta/bank/search.php
View File

@@ -49,11 +49,14 @@ if (! empty($_REQUEST["credit"])) $param.='&credit='.$_REQUEST["credit"];
if (! empty($_REQUEST["account"])) $param.='&account='.$_REQUEST["account"]; if (! empty($_REQUEST["account"])) $param.='&account='.$_REQUEST["account"];
if (! empty($_REQUEST["bid"])) $param.='&bid='.$_REQUEST["bid"]; if (! empty($_REQUEST["bid"])) $param.='&bid='.$_REQUEST["bid"];
$page =$_GET['page']; $sortfield = GETPOST("sortfield",'alpha');
$sortorder=$_GET['sortorder']; $sortorder = GETPOST("sortorder",'alpha');
$sortfield=$_GET['sortfield']; $page = GETPOST("page",'int');
if ($page == -1) { $page = 0; }
$offset = $conf->liste_limit * $page;
$pageprev = $page - 1;
$pagenext = $page + 1;
$limit = $conf->liste_limit; $limit = $conf->liste_limit;
$offset = $limit * $page ;
if (! $sortorder) $sortorder='DESC'; if (! $sortorder) $sortorder='DESC';
if (! $sortfield) $sortfield='b.dateo'; if (! $sortfield) $sortfield='b.dateo';

15
htdocs/compta/clients.php
View File

@@ -42,16 +42,15 @@ accessforbidden();
$langs->load("companies"); $langs->load("companies");
$page=$_GET["page"]; $sortfield = GETPOST("sortfield",'alpha');
$sortorder=$_GET["sortorder"]; $sortorder = GETPOST("sortorder",'alpha');
$sortfield=$_GET["sortfield"]; $page = GETPOST("page",'int');
if ($page == -1) { $page = 0; }
if (! $sortorder) $sortorder="ASC"; $offset = $conf->liste_limit * $page;
if (! $sortfield) $sortfield="nom";
if ($page == -1) { $page = 0 ; }
$offset = $conf->liste_limit * $page ;
$pageprev = $page - 1; $pageprev = $page - 1;
$pagenext = $page + 1; $pagenext = $page + 1;
if (! $sortorder) $sortorder="ASC";
if (! $sortfield) $sortfield="nom";
/* /*

23
htdocs/compta/commande/liste.php
View File

@@ -34,26 +34,29 @@ require_once(DOL_DOCUMENT_ROOT."/commande/class/commande.class.php");
$langs->load('companies'); $langs->load('companies');
// Security check // Security check
$orderid = isset($_GET["orderid"])?$_GET["orderid"]:''; $orderid = GETPOST("orderid",'int');
if ($user->societe_id) $socid=$user->societe_id; if ($user->societe_id) $socid=$user->societe_id;
$result = restrictedArea($user, 'commande',$orderid,''); $result = restrictedArea($user, 'commande',$orderid,'');
// Assign and check variable // Assign and check variable
$year=GETPOST('year','int',1); $year=GETPOST('year','int');
$month=GETPOST('month','int',1); $month=GETPOST('month','int');
$status=GETPOST('status','int',1); $status=GETPOST('status','int');
$onbill=GETPOST('afacturer','int',1); $onbill=GETPOST('afacturer','int');
$page=GETPOST('page','int',1); $page=GETPOST('page','int');
$sf_ref=GETPOST('sf_ref','',2); $sf_ref=GETPOST('sf_ref','',2);
$begin=GETPOST('begin','',1); // TODO used ? $sortorder=GETPOST('sortorder','alpha');
$sortorder=GETPOST('sortorder','',1); $sortfield=GETPOST('sortfield','alpha');
$sortfield=GETPOST('sortfield','',1); $page = GETPOST("page",'int');
if ($page == -1) { $page = 0; }
$offset = $conf->liste_limit * $page;
$pageprev = $page - 1;
$pagenext = $page + 1;
if (! $sortfield) $sortfield="c.rowid"; if (! $sortfield) $sortfield="c.rowid";
if (! $sortorder) $sortorder="DESC"; if (! $sortorder) $sortorder="DESC";
$limit = $conf->liste_limit; $limit = $conf->liste_limit;
$offset = $limit * $page ;
$html = new Form($db); $html = new Form($db);
$formfile = new FormFile($db); $formfile = new FormFile($db);

20
htdocs/compta/deplacement/index.php
View File

@@ -40,20 +40,16 @@ $result = restrictedArea($user, 'deplacement','','');
llxHeader(); llxHeader();
$sortorder=$_GET["sortorder"]; $sortfield = GETPOST("sortfield",'alpha');
$sortfield=$_GET["sortfield"]; $sortorder = GETPOST("sortorder",'alpha');
$page=$_GET["page"]; $page = GETPOST("page",'int');
if ($page == -1) { $page = 0; }
if (! $sortorder) $sortorder="DESC"; $offset = $conf->liste_limit * $page;
if (! $sortfield) $sortfield="d.dated";
if ($page == -1) { $page = 0 ; }
$limit = $conf->liste_limit;
$offset = $limit * $page ;
$pageprev = $page - 1; $pageprev = $page - 1;
$pagenext = $page + 1; $pagenext = $page + 1;
if (! $sortorder) $sortorder="DESC";
if (! $sortfield) $sortfield="d.dated";
$limit = $conf->liste_limit;
$sql = "SELECT s.nom, s.rowid as socid,"; // Ou $sql = "SELECT s.nom, s.rowid as socid,"; // Ou

16
htdocs/compta/dons/liste.php
View File

@@ -31,18 +31,18 @@ if ($conf->projet->enabled) require_once(DOL_DOCUMENT_ROOT."/projet/class/projec
$langs->load("companies"); $langs->load("companies");
$langs->load("donations"); $langs->load("donations");
$sortorder=$_GET["sortorder"]; $sortfield = GETPOST("sortfield",'alpha');
$sortfield=$_GET["sortfield"]; $sortorder = GETPOST("sortorder",'alpha');
$page = GETPOST("page",'int');
if ($page == -1) { $page = 0; }
$offset = $conf->liste_limit * $page;
$pageprev = $page - 1;
$pagenext = $page + 1;
$statut=isset($_GET["statut"])?$_GET["statut"]:"-1"; $statut=isset($_GET["statut"])?$_GET["statut"]:"-1";
$page=$_GET["page"];
if (! $sortorder) { $sortorder="DESC"; } if (! $sortorder) { $sortorder="DESC"; }
if (! $sortfield) { $sortfield="d.datedon"; } if (! $sortfield) { $sortfield="d.datedon"; }
if ($page == -1) { $page = 0 ; }
$offset = $conf->liste_limit * $page ;
$pageprev = $page - 1;
$pagenext = $page + 1;
/* /*

18
htdocs/compta/facture.php
View File

@@ -3031,14 +3031,18 @@ else
***************************************************************************/ ***************************************************************************/
$now=dol_now(); $now=dol_now();
$page =$_GET['page']; $sortfield = GETPOST("sortfield",'alpha');
$sortorder=$_GET['sortorder']; $sortorder = GETPOST("sortorder",'alpha');
$sortfield=$_GET['sortfield']; $page = GETPOST("page",'int');
$month =$_GET['month']; if ($page == -1) { $page = 0; }
$year =$_GET['year']; $offset = $conf->liste_limit * $page;
$limit = $conf->liste_limit; $pageprev = $page - 1;
$offset = $limit * $page ; $pagenext = $page + 1;
$month =GETPOST('month','int');
$year =GETPOST('year','int');
$limit = $conf->liste_limit;
if (! $sortorder) $sortorder='DESC'; if (! $sortorder) $sortorder='DESC';
if (! $sortfield) $sortfield='f.datef'; if (! $sortfield) $sortfield='f.datef';

15
htdocs/compta/facture/document.php
View File

@@ -53,16 +53,15 @@ if ($user->societe_id > 0)
} }
// Get parameters // Get parameters
$page=$_GET["page"]; $sortfield = GETPOST("sortfield",'alpha');
$sortorder=$_GET["sortorder"]; $sortorder = GETPOST("sortorder",'alpha');
$sortfield=$_GET["sortfield"]; $page = GETPOST("page",'int');
if ($page == -1) { $page = 0; }
if (! $sortorder) $sortorder="ASC"; $offset = $conf->liste_limit * $page;
if (! $sortfield) $sortfield="name";
if ($page == -1) { $page = 0 ; }
$offset = $conf->liste_limit * $page ;
$pageprev = $page - 1; $pageprev = $page - 1;
$pagenext = $page + 1; $pagenext = $page + 1;
if (! $sortorder) $sortorder="ASC";
if (! $sortfield) $sortfield="name";
/* /*

11
htdocs/compta/facture/impayees.php
View File

@@ -159,14 +159,17 @@ jQuery(document).ready(function() {
$now=dol_now(); $now=dol_now();
$page = $_GET["page"]; $sortfield = GETPOST("sortfield",'alpha');
$sortfield=$_GET["sortfield"]; $sortorder = GETPOST("sortorder",'alpha');
$sortorder=$_GET["sortorder"]; $page = GETPOST("page",'int');
if ($page == -1) { $page = 0; }
$offset = $conf->liste_limit * $page;
$pageprev = $page - 1;
$pagenext = $page + 1;
if (! $sortfield) $sortfield="f.date_lim_reglement"; if (! $sortfield) $sortfield="f.date_lim_reglement";
if (! $sortorder) $sortorder="ASC"; if (! $sortorder) $sortorder="ASC";
$limit = $conf->liste_limit; $limit = $conf->liste_limit;
$offset = $limit * $page ;
$sql = "SELECT s.nom, s.rowid as socid"; $sql = "SELECT s.nom, s.rowid as socid";
$sql.= ", f.facnumber,f.increment,f.total as total_ht,f.total_ttc"; $sql.= ", f.facnumber,f.increment,f.total as total_ht,f.total_ttc";

12
htdocs/compta/paiement/avalider.php
View File

@@ -46,14 +46,16 @@ if ($user->societe_id > 0)
llxHeader(); llxHeader();
$page=$_GET["page"]; $sortfield = GETPOST("sortfield",'alpha');
$sortorder=$_GET["sortorder"]; $sortorder = GETPOST("sortorder",'alpha');
$sortfield=$_GET["sortfield"]; $page = GETPOST("page",'int');
if ($page == -1) { $page = 0; }
$offset = $conf->liste_limit * $page;
$pageprev = $page - 1;
$pagenext = $page + 1;
if (! $sortorder) $sortorder="DESC"; if (! $sortorder) $sortorder="DESC";
if (! $sortfield) $sortfield="p.rowid"; if (! $sortfield) $sortfield="p.rowid";
if ($page == -1) $page = 0 ;
$limit = $conf->liste_limit; $limit = $conf->liste_limit;
$offset = $limit * $page ;
$sql = "SELECT p.rowid, p.datep as dp, p.amount, p.statut"; $sql = "SELECT p.rowid, p.datep as dp, p.amount, p.statut";
$sql .=", c.libelle as paiement_type, p.num_paiement"; $sql .=", c.libelle as paiement_type, p.num_paiement";

12
htdocs/compta/paiement/cheque/liste.php
View File

@@ -35,12 +35,14 @@ $langs->load("bills");
if ($user->societe_id) $socid=$user->societe_id; if ($user->societe_id) $socid=$user->societe_id;
$result = restrictedArea($user, 'banque', '',''); $result = restrictedArea($user, 'banque', '','');
$page=$_GET["page"]; $sortfield = GETPOST("sortfield",'alpha');
$sortorder=$_GET["sortorder"]; $sortorder = GETPOST("sortorder",'alpha');
$sortfield=$_GET["sortfield"]; $page = GETPOST("page",'int');
if ($page == -1) { $page = 0; }
$offset = $conf->liste_limit * $page;
$pageprev = $page - 1;
$pagenext = $page + 1;
$limit = $conf->liste_limit; $limit = $conf->liste_limit;
$offset = $limit * $page ;
if (! $sortorder) $sortorder="DESC"; if (! $sortorder) $sortorder="DESC";
if (! $sortfield) $sortfield="bc.number"; if (! $sortfield) $sortfield="bc.number";

12
htdocs/compta/paiement/liste.php
View File

@@ -40,12 +40,14 @@ $paymentstatic=new Paiement($db);
$accountstatic=new Account($db); $accountstatic=new Account($db);
$companystatic=new Societe($db); $companystatic=new Societe($db);
$page=$_GET["page"]; $sortfield = GETPOST("sortfield",'alpha');
$sortorder=$_GET["sortorder"]; $sortorder = GETPOST("sortorder",'alpha');
$sortfield=$_GET["sortfield"]; $page = GETPOST("page",'int');
if ($page == -1) { $page = 0; }
$offset = $conf->liste_limit * $page;
$pageprev = $page - 1;
$pagenext = $page + 1;
$limit = $conf->liste_limit; $limit = $conf->liste_limit;
$offset = $limit * $page ;
if (! $sortorder) $sortorder="DESC"; if (! $sortorder) $sortorder="DESC";
if (! $sortfield) $sortfield="p.rowid"; if (! $sortfield) $sortfield="p.rowid";

12
htdocs/compta/propal.php
View File

@@ -40,9 +40,14 @@ $langs->load('compta');
$langs->load('orders'); $langs->load('orders');
$langs->load('bills'); $langs->load('bills');
$page=$_GET["page"]; $sortfield = GETPOST("sortfield",'alpha');
$sortorder=$_GET["sortorder"]; $sortorder = GETPOST("sortorder",'alpha');
$sortfield=$_GET["sortfield"]; $page = GETPOST("page",'int');
if ($page == -1) { $page = 0; }
$offset = $conf->liste_limit * $page;
$pageprev = $page - 1;
$pagenext = $page + 1;
$viewstatut=$_GET['viewstatut']; $viewstatut=$_GET['viewstatut'];
$propal_statut = $_GET['propal_statut']; $propal_statut = $_GET['propal_statut'];
if($propal_statut != '') if($propal_statut != '')
@@ -50,7 +55,6 @@ $viewstatut=$propal_statut;
if (! $sortorder) $sortorder="DESC"; if (! $sortorder) $sortorder="DESC";
if (! $sortfield) $sortfield="p.datep"; if (! $sortfield) $sortfield="p.datep";
if ($page == -1) { $page = 0 ; }
$module='propale'; $module='propale';
if (! empty($_GET["socid"])) if (! empty($_GET["socid"]))

17
htdocs/compta/sociales/index.php
View File

@@ -34,22 +34,19 @@ if ($user->societe_id) $socid=$user->societe_id;
$result = restrictedArea($user, 'tax', '', '', 'charges'); $result = restrictedArea($user, 'tax', '', '', 'charges');
$sortfield = isset($_GET["sortfield"])?$_GET["sortfield"]:$_POST["sortfield"]; $sortfield = GETPOST("sortfield",'alpha');
$sortorder = isset($_GET["sortorder"])?$_GET["sortorder"]:$_POST["sortorder"]; $sortorder = GETPOST("sortorder",'alpha');
$page = $_GET["page"]; $page = GETPOST("page",'int');
if ($page < 0) $page = 0; if ($page == -1) { $page = 0; }
$offset = $conf->liste_limit * $page;
$pageprev = $page - 1;
$pagenext = $page + 1;
$limit = $conf->liste_limit; $limit = $conf->liste_limit;
$offset = $limit * $page ;
if (! $sortfield) $sortfield="s.date_ech"; if (! $sortfield) $sortfield="s.date_ech";
if (! $sortorder) $sortorder="DESC"; if (! $sortorder) $sortorder="DESC";
$year=$_GET["year"]; $year=$_GET["year"];
$filtre=$_GET["filtre"]; $filtre=$_GET["filtre"];
$limit = $conf->liste_limit;
$offset = $limit * $page ;
//if (! $year) { $year=date("Y", time()); }
if (empty($_REQUEST['typeid'])) if (empty($_REQUEST['typeid']))
{ {

12
htdocs/compta/ventilation/liste.php
View File

@@ -46,12 +46,16 @@ llxHeader('','Ventilation');
/* /*
* Lignes de factures * Lignes de factures
*
*/ */
$page = $_GET["page"];
if ($page < 0) $page = 0; $sortfield = GETPOST("sortfield",'alpha');
$sortorder = GETPOST("sortorder",'alpha');
$page = GETPOST("page",'int');
if ($page == -1) { $page = 0; }
$offset = $conf->liste_limit * $page;
$pageprev = $page - 1;
$pagenext = $page + 1;
$limit = $conf->liste_limit; $limit = $conf->liste_limit;
$offset = $limit * $page ;
$sql = "SELECT f.facnumber, f.rowid as facid, l.fk_product, l.description, l.price, l.rowid, l.fk_code_ventilation,"; $sql = "SELECT f.facnumber, f.rowid as facid, l.fk_product, l.description, l.price, l.rowid, l.fk_code_ventilation,";
$sql.= " p.rowid as product_id, p.ref as product_ref, p.label as product_label, p.fk_product_type as type"; $sql.= " p.rowid as product_id, p.ref as product_ref, p.label as product_label, p.fk_product_type as type";

15
htdocs/contrat/document.php
View File

@@ -48,16 +48,15 @@ if ($user->societe_id > 0)
} }
// Get parameters // Get parameters
$page=$_GET["page"]; $sortfield = GETPOST("sortfield",'alpha');
$sortorder=$_GET["sortorder"]; $sortorder = GETPOST("sortorder",'alpha');
$sortfield=$_GET["sortfield"]; $page = GETPOST("page",'int');
if ($page == -1) { $page = 0; }
if (! $sortorder) $sortorder="ASC"; $offset = $conf->liste_limit * $page;
if (! $sortfield) $sortfield="name";
if ($page == -1) { $page = 0 ; }
$offset = $conf->liste_limit * $page ;
$pageprev = $page - 1; $pageprev = $page - 1;
$pagenext = $page + 1; $pagenext = $page + 1;
if (! $sortorder) $sortorder="ASC";
if (! $sortfield) $sortfield="name";
$contrat = new Contrat($db); $contrat = new Contrat($db);

13
htdocs/ecm/docdir.php
View File

@@ -53,12 +53,13 @@ $section=$_GET["section"];
if (! $section) $section='misc'; if (! $section) $section='misc';
$upload_dir = $conf->ecm->dir_output.'/'.$section; $upload_dir = $conf->ecm->dir_output.'/'.$section;
$page=$_GET["page"]; $sortfield = GETPOST("sortfield",'alpha');
$sortorder=$_GET["sortorder"]; $sortorder = GETPOST("sortorder",'alpha');
$sortfield=$_GET["sortfield"]; $page = GETPOST("page",'int');
if ($page == -1) { $page = 0; }
$limit = $conf->liste_limit; $offset = $conf->liste_limit * $page;
$offset = $limit * $page ; $pageprev = $page - 1;
$pagenext = $page + 1;
if (! $sortorder) $sortorder="ASC"; if (! $sortorder) $sortorder="ASC";
if (! $sortfield) $sortfield="label"; if (! $sortfield) $sortfield="label";

13
htdocs/ecm/docfile.php
View File

@@ -50,12 +50,13 @@ if (!$user->rights->ecm->setup) accessforbidden();
$socid = isset($_GET["socid"])?$_GET["socid"]:''; $socid = isset($_GET["socid"])?$_GET["socid"]:'';
$page=$_GET["page"]; $sortfield = GETPOST("sortfield",'alpha');
$sortorder=$_GET["sortorder"]; $sortorder = GETPOST("sortorder",'alpha');
$sortfield=$_GET["sortfield"]; $page = GETPOST("page",'int');
if ($page == -1) { $page = 0; }
$limit = $conf->liste_limit; $offset = $conf->liste_limit * $page;
$offset = $limit * $page ; $pageprev = $page - 1;
$pagenext = $page + 1;
if (! $sortorder) $sortorder="ASC"; if (! $sortorder) $sortorder="ASC";
if (! $sortfield) $sortfield="label"; if (! $sortfield) $sortfield="label";

15
htdocs/ecm/docmine.php
View File

@@ -45,16 +45,15 @@ $user->getrights('ecm');
if ($user->societe_id > 0) $socid = $user->societe_id; if ($user->societe_id > 0) $socid = $user->societe_id;
// Get parameters // Get parameters
$page=$_GET["page"]; $sortfield = GETPOST("sortfield",'alpha');
$sortorder=$_GET["sortorder"]; $sortorder = GETPOST("sortorder",'alpha');
$sortfield=$_GET["sortfield"]; $page = GETPOST("page",'int');
if ($page == -1) { $page = 0; }
if (! $sortorder) $sortorder="ASC"; $offset = $conf->liste_limit * $page;
if (! $sortfield) $sortfield="name";
if ($page == -1) { $page = 0 ; }
$offset = $conf->liste_limit * $page ;
$pageprev = $page - 1; $pageprev = $page - 1;
$pagenext = $page + 1; $pagenext = $page + 1;
if (! $sortorder) $sortorder="ASC";
if (! $sortfield) $sortfield="name";
$section=GETPOST("section"); $section=GETPOST("section");
if (! $section) if (! $section)

13
htdocs/ecm/index.php
View File

@@ -59,12 +59,13 @@ if (! $section) $section=0;
$upload_dir = $conf->ecm->dir_output.'/'.$section; $upload_dir = $conf->ecm->dir_output.'/'.$section;
$page=$_GET["page"]; $sortfield = GETPOST("sortfield",'alpha');
$sortorder=$_GET["sortorder"]; $sortorder = GETPOST("sortorder",'alpha');
$sortfield=$_GET["sortfield"]; $page = GETPOST("page",'int');
if ($page == -1) { $page = 0; }
$limit = $conf->liste_limit; $offset = $conf->liste_limit * $page;
$offset = $limit * $page ; $pageprev = $page - 1;
$pagenext = $page + 1;
if (! $sortorder) $sortorder="ASC"; if (! $sortorder) $sortorder="ASC";
if (! $sortfield) $sortfield="label"; if (! $sortfield) $sortfield="label";

13
htdocs/ecm/search.php
View File

@@ -57,12 +57,13 @@ if (! $section) $section=0;
$upload_dir = $conf->ecm->dir_output.'/'.$section; $upload_dir = $conf->ecm->dir_output.'/'.$section;
$page=$_GET["page"]; $sortfield = GETPOST("sortfield",'alpha');
$sortorder=$_GET["sortorder"]; $sortorder = GETPOST("sortorder",'alpha');
$sortfield=$_GET["sortfield"]; $page = GETPOST("page",'int');
if ($page == -1) { $page = 0; }
$limit = $conf->liste_limit; $offset = $conf->liste_limit * $page;
$offset = $limit * $page ; $pageprev = $page - 1;
$pagenext = $page + 1;
if (! $sortorder) $sortorder="ASC"; if (! $sortorder) $sortorder="ASC";
if (! $sortfield) $sortfield="label"; if (! $sortfield) $sortfield="label";

12
htdocs/expedition/liste.php
View File

@@ -37,13 +37,17 @@ if ($user->societe_id) $socid=$user->societe_id;
$result = restrictedArea($user, 'expedition',$expeditionid,''); $result = restrictedArea($user, 'expedition',$expeditionid,'');
$sortfield=isset($_GET["sortfield"])?$_GET["sortfield"]:""; $sortfield = GETPOST("sortfield",'alpha');
$sortorder=isset($_GET["sortorder"])?$_GET["sortorder"]:""; $sortorder = GETPOST("sortorder",'alpha');
$page = GETPOST("page",'int');
if ($page == -1) { $page = 0; }
$offset = $conf->liste_limit * $page;
$pageprev = $page - 1;
$pagenext = $page + 1;
$limit = $conf->liste_limit;
if (! $sortfield) $sortfield="e.ref"; if (! $sortfield) $sortfield="e.ref";
if (! $sortorder) $sortorder="DESC"; if (! $sortorder) $sortorder="DESC";
$limit = $conf->liste_limit; $limit = $conf->liste_limit;
$offset = $limit * $_GET["page"] ;
/* /*

15
htdocs/fichinter/document.php
View File

@@ -45,16 +45,15 @@ $result = restrictedArea($user, 'ficheinter', $fichinterid, 'fichinter');
// Get parameters // Get parameters
$page=$_GET["page"]; $sortfield = GETPOST("sortfield",'alpha');
$sortorder=$_GET["sortorder"]; $sortorder = GETPOST("sortorder",'alpha');
$sortfield=$_GET["sortfield"]; $page = GETPOST("page",'int');
if ($page == -1) { $page = 0; }
if (! $sortorder) $sortorder="ASC"; $offset = $conf->liste_limit * $page;
if (! $sortfield) $sortfield="name";
if ($page == -1) { $page = 0 ; }
$offset = $conf->liste_limit * $page ;
$pageprev = $page - 1; $pageprev = $page - 1;
$pagenext = $page + 1; $pagenext = $page + 1;
if (! $sortorder) $sortorder="ASC";
if (! $sortfield) $sortfield="name";
$object = new Fichinter($db); $object = new Fichinter($db);

10
htdocs/fichinter/index.php
View File

@@ -33,8 +33,14 @@ require_once(DOL_DOCUMENT_ROOT."/lib/date.lib.php");
$langs->load("companies"); $langs->load("companies");
$langs->load("interventions"); $langs->load("interventions");
$sortorder=$_GET["sortorder"]?$_GET["sortorder"]:$_POST["sortorder"]; $sortfield = GETPOST("sortfield",'alpha');
$sortfield=$_GET["sortfield"]?$_GET["sortfield"]:$_POST["sortfield"]; $sortorder = GETPOST("sortorder",'alpha');
$page = GETPOST("page",'int');
if ($page == -1) { $page = 0; }
$offset = $conf->liste_limit * $page;
$pageprev = $page - 1;
$pagenext = $page + 1;
$socid=$_GET["socid"]?$_GET["socid"]:$_POST["socid"]; $socid=$_GET["socid"]?$_GET["socid"]:$_POST["socid"];
$page=$_GET["page"]?$_GET["page"]:$_POST["page"]; $page=$_GET["page"]?$_GET["page"]:$_POST["page"];

15
htdocs/fourn/commande/document.php
View File

@@ -49,16 +49,15 @@ if ($user->societe_id) $socid=$user->societe_id;
$result = restrictedArea($user, 'commande_fournisseur', $id,''); $result = restrictedArea($user, 'commande_fournisseur', $id,'');
// Get parameters // Get parameters
$page=$_GET["page"]; $sortfield = GETPOST("sortfield",'alpha');
$sortorder=$_GET["sortorder"]; $sortorder = GETPOST("sortorder",'alpha');
$sortfield=$_GET["sortfield"]; $page = GETPOST("page",'int');
if ($page == -1) { $page = 0; }
if (! $sortorder) $sortorder="ASC"; $offset = $conf->liste_limit * $page;
if (! $sortfield) $sortfield="name";
if ($page == -1) { $page = 0 ; }
$offset = $conf->liste_limit * $page ;
$pageprev = $page - 1; $pageprev = $page - 1;
$pagenext = $page + 1; $pagenext = $page + 1;
if (! $sortorder) $sortorder="ASC";
if (! $sortfield) $sortfield="name";
$commande = new CommandeFournisseur($db); $commande = new CommandeFournisseur($db);

13
htdocs/fourn/contact.php
View File

@@ -45,15 +45,16 @@ if ($user->societe_id > 0)
$socid = $user->societe_id; $socid = $user->societe_id;
} }
$page=$_GET["page"]; $sortfield = GETPOST("sortfield",'alpha');
$sortorder=$_GET["sortorder"]; $sortorder = GETPOST("sortorder",'alpha');
$sortfield=$_GET["sortfield"]; $page = GETPOST("page",'int');
if ($page == -1) { $page = 0; }
$offset = $conf->liste_limit * $page;
$pageprev = $page - 1;
$pagenext = $page + 1;
if (! $sortorder) $sortorder="ASC"; if (! $sortorder) $sortorder="ASC";
if (! $sortfield) $sortfield="p.name"; if (! $sortfield) $sortfield="p.name";
if ($page == -1) { $page = 0 ; }
$limit = $conf->liste_limit; $limit = $conf->liste_limit;
$offset = $limit * $page ;
/* /*

15
htdocs/fourn/facture/document.php
View File

@@ -45,16 +45,15 @@ if ($user->societe_id) $socid=$user->societe_id;
$result = restrictedArea($user, 'fournisseur', $facid, 'facture_fourn', 'facture'); $result = restrictedArea($user, 'fournisseur', $facid, 'facture_fourn', 'facture');
// Get parameters // Get parameters
$page=$_GET["page"]; $sortfield = GETPOST("sortfield",'alpha');
$sortorder=$_GET["sortorder"]; $sortorder = GETPOST("sortorder",'alpha');
$sortfield=$_GET["sortfield"]; $page = GETPOST("page",'int');
if ($page == -1) { $page = 0; }
if (! $sortorder) $sortorder="ASC"; $offset = $conf->liste_limit * $page;
if (! $sortfield) $sortfield="name";
if ($page == -1) { $page = 0 ; }
$offset = $conf->liste_limit * $page ;
$pageprev = $page - 1; $pageprev = $page - 1;
$pagenext = $page + 1; $pagenext = $page + 1;
if (! $sortorder) $sortorder="ASC";
if (! $sortfield) $sortfield="name";

16
htdocs/fourn/facture/impayees.php
View File

@@ -65,17 +65,19 @@ $companystatic=new Societe($db);
* Mode Liste * * Mode Liste *
* * * *
***************************************************************************/ ***************************************************************************/
$page = $_GET["page"];
$sortfield=$_GET["sortfield"]; $sortfield = GETPOST("sortfield",'alpha');
$sortorder=$_GET["sortorder"]; $sortorder = GETPOST("sortorder",'alpha');
$page = GETPOST("page",'int');
if ($page == -1) { $page = 0; }
$offset = $conf->liste_limit * $page;
$pageprev = $page - 1;
$pagenext = $page + 1;
if (! $sortfield) $sortfield="f.date_lim_reglement"; if (! $sortfield) $sortfield="f.date_lim_reglement";
if (! $sortorder) $sortorder="ASC"; if (! $sortorder) $sortorder="ASC";
if ($user->rights->fournisseur->facture->lire) if ($user->rights->fournisseur->facture->lire)
{ {
$limit = $conf->liste_limit;
$offset = $limit * $page ;
$sql = "SELECT s.nom, s.rowid as socid,"; $sql = "SELECT s.nom, s.rowid as socid,";
$sql.= " f.rowid as ref, f.facnumber, f.total_ht, f.total_ttc,"; $sql.= " f.rowid as ref, f.facnumber, f.total_ht, f.total_ttc,";
$sql.= " f.datef as df, f.date_lim_reglement as datelimite, "; $sql.= " f.datef as df, f.date_lim_reglement as datelimite, ";
@@ -136,8 +138,6 @@ if ($user->rights->fournisseur->facture->lire)
foreach ($listfield as $key => $value) $sql.=$listfield[$key]." ".$sortorder.","; foreach ($listfield as $key => $value) $sql.=$listfield[$key]." ".$sortorder.",";
$sql.= " f.facnumber DESC"; $sql.= " f.facnumber DESC";
//$sql .= $db->plimit($limit+1,$offset);
$result = $db->query($sql); $result = $db->query($sql);
if ($result) if ($result)

12
htdocs/fourn/facture/paiement.php
View File

@@ -39,12 +39,14 @@ $langs->load('banks');
$facid=isset($_GET['facid'])?$_GET['facid']:$_POST['facid']; $facid=isset($_GET['facid'])?$_GET['facid']:$_POST['facid'];
$action=isset($_GET['action'])?$_GET['action']:$_POST['action']; $action=isset($_GET['action'])?$_GET['action']:$_POST['action'];
$sortfield = isset($_GET['sortfield'])?$_GET['sortfield']:$_POST['sortfield']; $sortfield = GETPOST("sortfield",'alpha');
$sortorder = isset($_GET['sortorder'])?$_GET['sortorder']:$_POST['sortorder']; $sortorder = GETPOST("sortorder",'alpha');
$page=isset($_GET['page'])?$_GET['page']:$_POST['page']; $page = GETPOST("page",'int');
if ($page == -1) { $page = 0; }
$offset = $conf->liste_limit * $page;
$pageprev = $page - 1;
$pagenext = $page + 1;
$limit = $conf->liste_limit; $limit = $conf->liste_limit;
$offset = $limit * $page ;
if (! $sortorder) $sortorder="DESC"; if (! $sortorder) $sortorder="DESC";
if (! $sortfield) $sortfield="p.rowid"; if (! $sortfield) $sortfield="p.rowid";

13
htdocs/ftp/index.php
View File

@@ -53,12 +53,13 @@ $file=isset($_GET["file"])?$_GET["file"]:$_POST['file'];
$upload_dir = $conf->ftp->dir_temp; $upload_dir = $conf->ftp->dir_temp;
$download_dir = $conf->ftp->dir_temp; $download_dir = $conf->ftp->dir_temp;
$page=$_GET["page"]; $sortfield = GETPOST("sortfield",'alpha');
$sortorder=$_GET["sortorder"]; $sortorder = GETPOST("sortorder",'alpha');
$sortfield=$_GET["sortfield"]; $page = GETPOST("page",'int');
if ($page == -1) { $page = 0; }
$limit = $conf->liste_limit; $offset = $conf->liste_limit * $page;
$offset = $limit * $page ; $pageprev = $page - 1;
$pagenext = $page + 1;
if (! $sortorder) $sortorder="ASC"; if (! $sortorder) $sortorder="ASC";
if (! $sortfield) $sortfield="label"; if (! $sortfield) $sortfield="label";

13
htdocs/lib/functions.lib.php
View File

@@ -38,11 +38,11 @@ if (! defined('ADODB_DATE_VERSION')) include_once(DOL_DOCUMENT_ROOT."/includes/a
/** /**
* Return value of a param into get or post variable * Return value of a param into GET or POST supervariable
* @param paramname Name of parameter to found * @param paramname Name of parameter to found
* @param check Type of check ('' or 'int') * @param check Type of check (''=no check, 'int'=check it's numeric, 'alpha'=check it's alpha only)
* @param method Type of method (0 = get or post, 1 = only get, 2 = only post) * @param method Type of method (0 = get or post, 1 = only get, 2 = only post)
* @return string Value found * @return string Value found or '' if check fails
*/ */
function GETPOST($paramname,$check='',$method=0) function GETPOST($paramname,$check='',$method=0)
{ {
@@ -50,13 +50,12 @@ function GETPOST($paramname,$check='',$method=0)
else if ($method==2) isset($_POST[$paramname])?$_POST[$paramname]:''; else if ($method==2) isset($_POST[$paramname])?$_POST[$paramname]:'';
else $out = isset($_GET[$paramname])?$_GET[$paramname]:(isset($_POST[$paramname])?$_POST[$paramname]:''); else $out = isset($_GET[$paramname])?$_GET[$paramname]:(isset($_POST[$paramname])?$_POST[$paramname]:'');
// Clean value
$out = trim($out);
if (!empty($check)) if (!empty($check))
{ {
// Check if integer // Check if integer
if ($check == 'int' && ! is_numeric($out)) $out=''; if ($check == 'int' && ! is_numeric(trim($out))) $out='';
// Check if alpha
if ($check == 'alpha' && ! preg_match('/^[#\(\)\-\._a-z0-9]+$/i',trim($out))) $out='';
} }
return $out; return $out;

20
htdocs/main.inc.php
View File

@@ -59,39 +59,43 @@ if (function_exists('get_magic_quotes_gpc')) // magic_quotes_* removed in PHP6
$_POST = array_map('stripslashes_deep', $_POST); $_POST = array_map('stripslashes_deep', $_POST);
// $_REQUEST = array_map('stripslashes_deep', $_REQUEST); // $_REQUEST = array_map('stripslashes_deep', $_REQUEST);
$_COOKIE = array_map('stripslashes_deep', $_COOKIE); $_COOKIE = array_map('stripslashes_deep', $_COOKIE);
}
@set_magic_quotes_runtime(0); @set_magic_quotes_runtime(0);
}
} }
// Security: SQL Injection and XSS Injection (scripts) protection (Filters on GET, POST) // Security: SQL Injection and XSS Injection (scripts) protection (Filters on GET, POST)
function test_sql_and_script_inject($val) function test_sql_and_script_inject($val,$get)
{ {
$sql_inj = 0; $sql_inj = 0;
// For SQL Injection
$sql_inj += preg_match('/delete[\s]+from/i', $val); $sql_inj += preg_match('/delete[\s]+from/i', $val);
$sql_inj += preg_match('/create[\s]+table/i', $val); $sql_inj += preg_match('/create[\s]+table/i', $val);
$sql_inj += preg_match('/update.+set.+=/i', $val); $sql_inj += preg_match('/update.+set.+=/i', $val);
$sql_inj += preg_match('/insert[\s]+into/i', $val); $sql_inj += preg_match('/insert[\s]+into/i', $val);
$sql_inj += preg_match('/select.+from/i', $val); $sql_inj += preg_match('/select.+from/i', $val);
$sql_inj += preg_match('/union.+select/i', $val); $sql_inj += preg_match('/union.+select/i', $val);
// For XSS Injection done by adding javascript with script
$sql_inj += preg_match('/<script/i', $val); $sql_inj += preg_match('/<script/i', $val);
// For XSS Injection done by adding javascript with onmousemove, etc... (closing a src or href tag with not cleaned param)
if ($get) $sql_inj += preg_match('/"/i', $val); // We refused " in GET parameters value
return $sql_inj; return $sql_inj;
} }
function analyse_sql_and_script(&$var) function analyse_sql_and_script(&$var,$get)
{ {
if (is_array($var)) if (is_array($var))
{ {
$result = array(); $result = array();
foreach ($var as $key => $value) foreach ($var as $key => $value)
{ {
if (test_sql_and_script_inject($key) > 0) if (test_sql_and_script_inject($key,$get) > 0)
{ {
print 'Access refused by SQL/Script injection protection in main.inc.php'; print 'Access refused by SQL/Script injection protection in main.inc.php';
exit; exit;
} }
else else
{ {
if (analyse_sql_and_script($value)) if (analyse_sql_and_script($value,$get))
{ {
$var[$key] = $value; $var[$key] = $value;
} }
@@ -106,11 +110,11 @@ function analyse_sql_and_script(&$var)
} }
else else
{ {
return (test_sql_and_script_inject($var) <= 0); return (test_sql_and_script_inject($var,$get) <= 0);
} }
} }
analyse_sql_and_script($_GET); analyse_sql_and_script($_GET,1);
analyse_sql_and_script($_POST); analyse_sql_and_script($_POST,0);
// This is to make Dolibarr working with Plesk // This is to make Dolibarr working with Plesk
set_include_path($_SERVER['DOCUMENT_ROOT'].'/htdocs'); set_include_path($_SERVER['DOCUMENT_ROOT'].'/htdocs');

1
htdocs/product/composition/fiche.php
View File

@@ -124,7 +124,6 @@ if($action == 'search' )
$sql.= " AND cp.fk_categorie ='".addslashes($catMere)."'"; $sql.= " AND cp.fk_categorie ='".addslashes($catMere)."'";
} }
$sql.= " ORDER BY p.ref ASC"; $sql.= " ORDER BY p.ref ASC";
// $sql.= $db->plimit($limit + 1 ,$offset);
$resql = $db->query($sql) ; $resql = $db->query($sql) ;
} }

15
htdocs/product/document.php
View File

@@ -48,16 +48,15 @@ if ($user->societe_id) $socid=$user->societe_id;
$result=restrictedArea($user,'produit|service',$id,'product','','',$fieldid); $result=restrictedArea($user,'produit|service',$id,'product','','',$fieldid);
// Get parameters // Get parameters
$page=$_GET["page"]; $sortfield = GETPOST("sortfield",'alpha');
$sortorder=$_GET["sortorder"]; $sortorder = GETPOST("sortorder",'alpha');
$sortfield=$_GET["sortfield"]; $page = GETPOST("page",'int');
if ($page == -1) { $page = 0; }
if (! $sortorder) $sortorder="ASC"; $offset = $conf->liste_limit * $page;
if (! $sortfield) $sortfield="name";
if ($page == -1) { $page = 0 ; }
$offset = $conf->liste_limit * $page ;
$pageprev = $page - 1; $pageprev = $page - 1;
$pagenext = $page + 1; $pagenext = $page + 1;
if (! $sortorder) $sortorder="ASC";
if (! $sortfield) $sortfield="name";
$product = new Product($db); $product = new Product($db);

14
htdocs/product/liste.php
View File

@@ -33,7 +33,7 @@ if ($conf->categorie->enabled) require_once(DOL_DOCUMENT_ROOT."/categories/class
$langs->load("products"); $langs->load("products");
$langs->load("stocks"); $langs->load("stocks");
$canvas=GETPOST('canvas','',1); $canvas=GETPOST('canvas','alpha');
$sref=GETPOST("sref"); $sref=GETPOST("sref");
$sbarcode=GETPOST("sbarcode"); $sbarcode=GETPOST("sbarcode");
@@ -41,13 +41,17 @@ $snom=GETPOST("snom");
$sall=GETPOST("sall"); $sall=GETPOST("sall");
$type=GETPOST("type","int"); $type=GETPOST("type","int");
$sortfield = GETPOST("sortfield"); $sortfield = GETPOST("sortfield",'alpha');
$sortorder = GETPOST("sortorder"); $sortorder = GETPOST("sortorder",'alpha');
$page = GETPOST("page",'int');
if ($page == -1) { $page = 0; }
$offset = $conf->liste_limit * $page;
$pageprev = $page - 1;
$pagenext = $page + 1;
if (! $sortfield) $sortfield="p.ref"; if (! $sortfield) $sortfield="p.ref";
if (! $sortorder) $sortorder="ASC"; if (! $sortorder) $sortorder="ASC";
$page = $_GET["page"];
$limit = $conf->liste_limit; $limit = $conf->liste_limit;
$offset = $limit * $page ;
// Security check // Security check
if ($type=='0') $result=restrictedArea($user,'produit',$id,'product','','',$fieldid); if ($type=='0') $result=restrictedArea($user,'produit',$id,'product','','',$fieldid);

14
htdocs/product/stats/commande.php
View File

@@ -45,13 +45,13 @@ $result=restrictedArea($user,'produit|service',$id,'product','','',$fieldid);
$mesg = ''; $mesg = '';
$page = $_GET["page"]; $sortfield = GETPOST("sortfield",'alpha');
$sortfield=$_GET["sortfield"]; $sortorder = GETPOST("sortorder",'alpha');
$sortorder=$_GET["sortorder"]; $page = GETPOST("page",'int');
if ($page == -1) { $page = 0 ; } if ($page == -1) { $page = 0; }
$offset = $conf->liste_limit * $_GET["page"] ; $offset = $conf->liste_limit * $page;
$pageprev = $_GET["page"] - 1; $pageprev = $page - 1;
$pagenext = $_GET["page"] + 1; $pagenext = $page + 1;
if (! $sortorder) $sortorder="DESC"; if (! $sortorder) $sortorder="DESC";
if (! $sortfield) $sortfield="c.date_commande"; if (! $sortfield) $sortfield="c.date_commande";

14
htdocs/product/stats/commande_fournisseur.php
View File

@@ -45,13 +45,13 @@ $result=restrictedArea($user,'produit|service',$id,'product','','',$fieldid);
$mesg = ''; $mesg = '';
$page = $_GET["page"]; $sortfield = GETPOST("sortfield",'alpha');
$sortfield=$_GET["sortfield"]; $sortorder = GETPOST("sortorder",'alpha');
$sortorder=$_GET["sortorder"]; $page = GETPOST("page",'int');
if ($page == -1) { $page = 0 ; } if ($page == -1) { $page = 0; }
$offset = $conf->liste_limit * $_GET["page"] ; $offset = $conf->liste_limit * $page;
$pageprev = $_GET["page"] - 1; $pageprev = $page - 1;
$pagenext = $_GET["page"] + 1; $pagenext = $page + 1;
if (! $sortorder) $sortorder="DESC"; if (! $sortorder) $sortorder="DESC";
if (! $sortfield) $sortfield="c.date_commande"; if (! $sortfield) $sortfield="c.date_commande";

14
htdocs/product/stats/contrat.php
View File

@@ -45,13 +45,13 @@ $result=restrictedArea($user,'produit|service',$id,'product','','',$fieldid);
$mesg = ''; $mesg = '';
$page = $_GET["page"]; $sortfield = GETPOST("sortfield",'alpha');
$sortfield=$_GET["sortfield"]; $sortorder = GETPOST("sortorder",'alpha');
$sortorder=$_GET["sortorder"]; $page = GETPOST("page",'int');
if ($page == -1) { $page = 0 ; } if ($page == -1) { $page = 0; }
$offset = $conf->liste_limit * $_GET["page"] ; $offset = $conf->liste_limit * $page;
$pageprev = $_GET["page"] - 1; $pageprev = $page - 1;
$pagenext = $_GET["page"] + 1; $pagenext = $page + 1;
if (! $sortorder) $sortorder="DESC"; if (! $sortorder) $sortorder="DESC";
if (! $sortfield) $sortfield="c.date_contrat"; if (! $sortfield) $sortfield="c.date_contrat";

14
htdocs/product/stats/facture.php
View File

@@ -45,13 +45,13 @@ $result=restrictedArea($user,'produit|service',$id,'product','','',$fieldid);
$mesg = ''; $mesg = '';
$page = $_GET["page"]; $sortfield = GETPOST("sortfield",'alpha');
$sortfield=$_GET["sortfield"]; $sortorder = GETPOST("sortorder",'alpha');
$sortorder=$_GET["sortorder"]; $page = GETPOST("page",'int');
if ($page == -1) { $page = 0 ; } if ($page == -1) { $page = 0; }
$offset = $conf->liste_limit * $_GET["page"] ; $offset = $conf->liste_limit * $page;
$pageprev = $_GET["page"] - 1; $pageprev = $page - 1;
$pagenext = $_GET["page"] + 1; $pagenext = $page + 1;
if (! $sortorder) $sortorder="DESC"; if (! $sortorder) $sortorder="DESC";
if (! $sortfield) $sortfield="f.datef"; if (! $sortfield) $sortfield="f.datef";

14
htdocs/product/stats/facture_fournisseur.php
View File

@@ -46,13 +46,13 @@ $result=restrictedArea($user,'produit|service',$id,'product','','',$fieldid);
$mesg = ''; $mesg = '';
$page = $_GET["page"]; $sortfield = GETPOST("sortfield",'alpha');
$sortfield=$_GET["sortfield"]; $sortorder = GETPOST("sortorder",'alpha');
$sortorder=$_GET["sortorder"]; $page = GETPOST("page",'int');
if ($page == -1) { $page = 0 ; } if ($page == -1) { $page = 0; }
$offset = $conf->liste_limit * $_GET["page"] ; $offset = $conf->liste_limit * $page;
$pageprev = $_GET["page"] - 1; $pageprev = $page - 1;
$pagenext = $_GET["page"] + 1; $pagenext = $page + 1;
if (! $sortorder) $sortorder="DESC"; if (! $sortorder) $sortorder="DESC";
if (! $sortfield) $sortfield="f.datef"; if (! $sortfield) $sortfield="f.datef";

14
htdocs/product/stats/propal.php
View File

@@ -45,13 +45,13 @@ $result=restrictedArea($user,'produit|service',$id,'product','','',$fieldid);
$mesg = ''; $mesg = '';
$page = $_GET["page"]; $sortfield = GETPOST("sortfield",'alpha');
$sortfield=$_GET["sortfield"]; $sortorder = GETPOST("sortorder",'alpha');
$sortorder=$_GET["sortorder"]; $page = GETPOST("page",'int');
if ($page == -1) { $page = 0 ; } if ($page == -1) { $page = 0; }
$offset = $conf->liste_limit * $_GET["page"] ; $offset = $conf->liste_limit * $page;
$pageprev = $_GET["page"] - 1; $pageprev = $page - 1;
$pagenext = $_GET["page"] + 1; $pagenext = $page + 1;
if (! $sortorder) $sortorder="DESC"; if (! $sortorder) $sortorder="DESC";
if (! $sortfield) $sortfield="p.datep"; if (! $sortfield) $sortfield="p.datep";

1
htdocs/product/stock/fiche.php
View File

@@ -364,7 +364,6 @@ else
if (!$user->rights->service->hidden) $sql.=' AND (p.hidden=0 OR p.fk_product_type != 1)'; if (!$user->rights->service->hidden) $sql.=' AND (p.hidden=0 OR p.fk_product_type != 1)';
} }
$sql.= $db->order($sortfield,$sortorder); $sql.= $db->order($sortfield,$sortorder);
//$sql .= $db->plimit($limit + 1 ,$offset);
dol_syslog('List products sql='.$sql); dol_syslog('List products sql='.$sql);
$resql = $db->query($sql) ; $resql = $db->query($sql) ;

3
htdocs/product/stock/user.php
View File

@@ -143,9 +143,6 @@ if ($_GET["id"])
$sql .= " WHERE ue.fk_user = u.rowid "; $sql .= " WHERE ue.fk_user = u.rowid ";
$sql .= " AND ue.fk_entrepot = ".$entrepot->id; $sql .= " AND ue.fk_entrepot = ".$entrepot->id;
//$sql .= $db->order($sortfield,$sortorder);
//$sql .= $db->plimit($limit + 1 ,$offset);
$resql = $db->query($sql) ; $resql = $db->query($sql) ;
if ($resql) if ($resql)
{ {

15
htdocs/projet/document.php
View File

@@ -43,16 +43,15 @@ if ($user->societe_id > 0) $socid=$user->societe_id;
$result=restrictedArea($user,'projet',$id,''); $result=restrictedArea($user,'projet',$id,'');
// Get parameters // Get parameters
$page=$_GET["page"]; $sortfield = GETPOST("sortfield",'alpha');
$sortorder=$_GET["sortorder"]; $sortorder = GETPOST("sortorder",'alpha');
$sortfield=$_GET["sortfield"]; $page = GETPOST("page",'int');
if ($page == -1) { $page = 0; }
if (! $sortorder) $sortorder="ASC"; $offset = $conf->liste_limit * $page;
if (! $sortfield) $sortfield="name";
if ($page == -1) { $page = 0 ; }
$offset = $conf->liste_limit * $page ;
$pageprev = $page - 1; $pageprev = $page - 1;
$pagenext = $page + 1; $pagenext = $page + 1;
if (! $sortorder) $sortorder="ASC";
if (! $sortfield) $sortfield="name";
$id = $_GET['id']; $id = $_GET['id'];

15
htdocs/projet/tasks/document.php
View File

@@ -48,16 +48,15 @@ if ($user->societe_id > 0) $socid = $user->societe_id;
if (!$user->rights->projet->lire) accessforbidden(); if (!$user->rights->projet->lire) accessforbidden();
// Get parameters // Get parameters
$page=$_GET["page"]; $sortfield = GETPOST("sortfield",'alpha');
$sortorder=$_GET["sortorder"]; $sortorder = GETPOST("sortorder",'alpha');
$sortfield=$_GET["sortfield"]; $page = GETPOST("page",'int');
if ($page == -1) { $page = 0; }
if (! $sortorder) $sortorder="ASC"; $offset = $conf->liste_limit * $page;
if (! $sortfield) $sortfield="name";
if ($page == -1) { $page = 0 ; }
$offset = $conf->liste_limit * $page ;
$pageprev = $page - 1; $pageprev = $page - 1;
$pagenext = $page + 1; $pagenext = $page + 1;
if (! $sortorder) $sortorder="ASC";
if (! $sortfield) $sortfield="name";
$id = $_GET['id']; $id = $_GET['id'];

14
htdocs/public/members/public_list.php
View File

@@ -59,19 +59,19 @@ function llxFooterVierge()
} }
$sortfield = GETPOST("sortfield",'alpha');
$sortorder = GETPOST("sortorder",'alpha');
$page = GETPOST("page",'int');
if ($page == -1) { $page = 0; }
$offset = $conf->liste_limit * $page;
$pageprev = $page - 1;
$pagenext = $page + 1;
$sortorder=$_GET["sortorder"];
$sortfield=$_GET["sortfield"];
$page=$_GET["page"];
$filter=$_GET["filter"]; $filter=$_GET["filter"];
$statut=isset($_GET["statut"])?$_GET["statut"]:''; $statut=isset($_GET["statut"])?$_GET["statut"]:'';
if (! $sortorder) { $sortorder="ASC"; } if (! $sortorder) { $sortorder="ASC"; }
if (! $sortfield) { $sortfield="nom"; } if (! $sortfield) { $sortfield="nom"; }
if ($page == -1) { $page = 0 ; }
$offset = $conf->liste_limit * $page ;
$pageprev = $page - 1;
$pagenext = $page + 1;
/* /*

16
htdocs/societe/document.php
View File

@@ -47,19 +47,13 @@ if ($user->societe_id > 0)
$result = restrictedArea($user, 'societe', $socid); $result = restrictedArea($user, 'societe', $socid);
// Get parameters // Get parameters
$page=$_GET["page"]; $sortfield = GETPOST("sortfield",'alpha');
$sortorder=$_GET["sortorder"]; $sortorder = GETPOST("sortorder",'alpha');
$sortfield=$_GET["sortfield"]; $page = GETPOST("page",'int');
if ($page == -1) { $page = 0; }
if (! $sortorder) $sortorder="ASC"; $offset = $conf->liste_limit * $page;
if (! $sortfield) $sortfield="name";
if ($page == -1) { $page = 0 ; }
$offset = $conf->liste_limit * $page ;
$pageprev = $page - 1; $pageprev = $page - 1;
$pagenext = $page + 1; $pagenext = $page + 1;
$sortorder=$_GET["sortorder"];
$sortfield=$_GET["sortfield"];
if (! $sortorder) $sortorder="ASC"; if (! $sortorder) $sortorder="ASC";
if (! $sortfield) $sortfield="name"; if (! $sortfield) $sortfield="name";

9
htdocs/societe/notify/fiche.php
View File

@@ -38,8 +38,13 @@ $socid = isset($_GET["socid"])?$_GET["socid"]:'';
if ($user->societe_id) $socid=$user->societe_id; if ($user->societe_id) $socid=$user->societe_id;
$result = restrictedArea($user, 'societe','',''); $result = restrictedArea($user, 'societe','','');
$sortorder=$_GET["sortorder"]; $sortfield = GETPOST("sortfield",'alpha');
$sortfield=$_GET["sortfield"]; $sortorder = GETPOST("sortorder",'alpha');
$page = GETPOST("page",'int');
if ($page == -1) { $page = 0; }
$offset = $conf->liste_limit * $page;
$pageprev = $page - 1;
$pagenext = $page + 1;
if (! $sortorder) $sortorder="ASC"; if (! $sortorder) $sortorder="ASC";
if (! $sortfield) $sortfield="c.name"; if (! $sortfield) $sortfield="c.name";

14
htdocs/user/group/index.php
View File

@@ -36,13 +36,13 @@ $langs->load("users");
$sall=isset($_GET["sall"])?$_GET["sall"]:$_POST["sall"]; $sall=isset($_GET["sall"])?$_GET["sall"]:$_POST["sall"];
$sortfield = isset($_GET["sortfield"])?$_GET["sortfield"]:$_POST["sortfield"]; $sortfield = GETPOST("sortfield",'alpha');
$sortorder = isset($_GET["sortorder"])?$_GET["sortorder"]:$_POST["sortorder"]; $sortorder = GETPOST("sortorder",'alpha');
$page=isset($_GET["page"])?$_GET["page"]:$_POST["page"]; $page = GETPOST("page",'int');
if ($page < 0) $page = 0; if ($page == -1) { $page = 0; }
$offset = $conf->liste_limit * $page;
$limit = $conf->liste_limit; $pageprev = $page - 1;
$offset = $limit * $page ; $pagenext = $page + 1;
if (! $sortfield) $sortfield="g.nom"; if (! $sortfield) $sortfield="g.nom";
if (! $sortorder) $sortorder="ASC"; if (! $sortorder) $sortorder="ASC";

14
htdocs/user/index.php
View File

@@ -38,14 +38,14 @@ if ($user->societe_id > 0) $socid = $user->societe_id;
$sall=isset($_GET["sall"])?$_GET["sall"]:$_POST["sall"]; $sall=isset($_GET["sall"])?$_GET["sall"]:$_POST["sall"];
$sortfield = isset($_GET["sortfield"])?$_GET["sortfield"]:$_POST["sortfield"]; $sortfield = GETPOST("sortfield",'alpha');
$sortorder = isset($_GET["sortorder"])?$_GET["sortorder"]:$_POST["sortorder"]; $sortorder = GETPOST("sortorder",'alpha');
$page=isset($_GET["page"])?$_GET["page"]:$_POST["page"]; $page = GETPOST("page",'int');
if ($page < 0) $page = 0; if ($page == -1) { $page = 0; }
$offset = $conf->liste_limit * $page;
$pageprev = $page - 1;
$pagenext = $page + 1;
$limit = $conf->liste_limit; $limit = $conf->liste_limit;
$offset = $limit * $page ;
if (! $sortfield) $sortfield="u.login"; if (! $sortfield) $sortfield="u.login";
if (! $sortorder) $sortorder="ASC"; if (! $sortorder) $sortorder="ASC";