diff --git a/htdocs/admin/boxes.php b/htdocs/admin/boxes.php index b28c81a25b1..5b89eefc4f7 100644 --- a/htdocs/admin/boxes.php +++ b/htdocs/admin/boxes.php @@ -49,8 +49,8 @@ $boxes = array(); */ if ($action == 'addconst') { - dolibarr_set_const($db, "MAIN_BOXES_MAXLINES", $_POST["MAIN_BOXES_MAXLINES"], '', 0, '', $conf->entity); - dolibarr_set_const($db, "MAIN_ACTIVATE_FILECACHE", $_POST["MAIN_ACTIVATE_FILECACHE"], 'chaine', 0, '', $conf->entity); + dolibarr_set_const($db, "MAIN_BOXES_MAXLINES", GETPOST("MAIN_BOXES_MAXLINES", 'int'), '', 0, '', $conf->entity); + dolibarr_set_const($db, "MAIN_ACTIVATE_FILECACHE", GETPOST("MAIN_ACTIVATE_FILECACHE", 'alpha'), 'chaine', 0, '', $conf->entity); } if ($action == 'add') { diff --git a/htdocs/admin/company.php b/htdocs/admin/company.php index d78ba486224..f0bb3ea9067 100644 --- a/htdocs/admin/company.php +++ b/htdocs/admin/company.php @@ -211,7 +211,7 @@ if (($action == 'update' && !GETPOST("cancel", 'alpha')) dolibarr_set_const($db, "FACTURE_LOCAL_TAX1_OPTION", $uselocaltax1, 'chaine', 0, '', $conf->entity); dolibarr_set_const($db, "FACTURE_LOCAL_TAX2_OPTION", $uselocaltax2, 'chaine', 0, '', $conf->entity); - if ($_POST["optionlocaltax1"] == "localtax1on") { + if (GETPOST("optionlocaltax1") == "localtax1on") { if (!GETPOSTISSET('lt1')) { dolibarr_set_const($db, "MAIN_INFO_VALUE_LOCALTAX1", 0, 'chaine', 0, '', $conf->entity); } else { @@ -219,7 +219,7 @@ if (($action == 'update' && !GETPOST("cancel", 'alpha')) } dolibarr_set_const($db, "MAIN_INFO_LOCALTAX_CALC1", GETPOST("clt1", 'aZ09'), 'chaine', 0, '', $conf->entity); } - if ($_POST["optionlocaltax2"] == "localtax2on") { + if (GETPOST("optionlocaltax2") == "localtax2on") { if (!GETPOSTISSET('lt2')) { dolibarr_set_const($db, "MAIN_INFO_VALUE_LOCALTAX2", 0, 'chaine', 0, '', $conf->entity); } else { diff --git a/htdocs/admin/delais.php b/htdocs/admin/delais.php index 6c0cd230cc9..4fe21a8460b 100644 --- a/htdocs/admin/delais.php +++ b/htdocs/admin/delais.php @@ -181,7 +181,7 @@ if ($action == 'update') { } } - dolibarr_set_const($db, "MAIN_DISABLE_METEO", $_POST["MAIN_DISABLE_METEO"], 'chaine', 0, '', $conf->entity); + dolibarr_set_const($db, "MAIN_DISABLE_METEO", GETPOST("MAIN_DISABLE_METEO"), 'chaine', 0, '', $conf->entity); dolibarr_set_const($db, "MAIN_USE_METEO_WITH_PERCENTAGE", GETPOST("MAIN_USE_METEO_WITH_PERCENTAGE"), 'chaine', 0, '', $conf->entity); // For update value with percentage diff --git a/htdocs/admin/dict.php b/htdocs/admin/dict.php index be9cc16f59e..9d05ad00377 100644 --- a/htdocs/admin/dict.php +++ b/htdocs/admin/dict.php @@ -788,7 +788,7 @@ if (GETPOST('actionadd') || GETPOST('actionmodify')) { $msg .= $langs->transnoentities('ErrorFieldFormat', $langs->transnoentities('Code')).'
'; }*/ } - if (GETPOSTISSET("country") && ($_POST["country"] == '0') && ($id != 2)) { + if (GETPOSTISSET("country") && (GETPOST("country") == '0') && ($id != 2)) { if (in_array($tablib[$id], array('DictionaryCompanyType', 'DictionaryHolidayTypes'))) { // Field country is no mandatory for such dictionaries $_POST["country"] = ''; } else { @@ -796,25 +796,25 @@ if (GETPOST('actionadd') || GETPOST('actionmodify')) { setEventMessages($langs->transnoentities("ErrorFieldRequired", $langs->transnoentities("Country")), null, 'errors'); } } - if (($id == 3 || $id == 42) && !is_numeric($_POST["code"])) { + if (($id == 3 || $id == 42) && !is_numeric(GETPOST("code"))) { $ok = 0; setEventMessages($langs->transnoentities("ErrorFieldMustBeANumeric", $langs->transnoentities("Code")), null, 'errors'); } // Clean some parameters - if ((!empty($_POST["localtax1_type"]) || ($_POST['localtax1_type'] == '0')) && empty($_POST["localtax1"])) { + if ((GETPOST("localtax1_type") || (GETPOST('localtax1_type') == '0')) && !GETPOST("localtax1")) { $_POST["localtax1"] = '0'; // If empty, we force to 0 } - if ((!empty($_POST["localtax2_type"]) || ($_POST['localtax2_type'] == '0')) && empty($_POST["localtax2"])) { + if ((GETPOST("localtax2_type") || (GETPOST('localtax2_type') == '0')) && !GETPOST("localtax2")) { $_POST["localtax2"] = '0'; // If empty, we force to 0 } - if ($_POST["accountancy_code"] <= 0) { + if (GETPOST("accountancy_code") <= 0) { $_POST["accountancy_code"] = ''; // If empty, we force to null } - if ($_POST["accountancy_code_sell"] <= 0) { + if (GETPOST("accountancy_code_sell") <= 0) { $_POST["accountancy_code_sell"] = ''; // If empty, we force to null } - if ($_POST["accountancy_code_buy"] <= 0) { + if (GETPOST("accountancy_code_buy") <= 0) { $_POST["accountancy_code_buy"] = ''; // If empty, we force to null } if ($id == 10 && GETPOSTISSET("code")) { // Spaces are not allowed into code for tax dictionary diff --git a/htdocs/admin/external_rss.php b/htdocs/admin/external_rss.php index bbb0f212707..090adc08590 100644 --- a/htdocs/admin/external_rss.php +++ b/htdocs/admin/external_rss.php @@ -72,15 +72,15 @@ if ($action == 'add' || GETPOST("modify")) { if (!empty($_POST[$external_rss_urlrss])) { $boxlabel = '(ExternalRSSInformations)'; - //$external_rss_url = "external_rss_url_" . $_POST["norss"]; + //$external_rss_url = "external_rss_url_" . GETPOST("norss"); $db->begin(); - if ($_POST["modify"]) { + if (GETPOST("modify")) { // Supprime boite box_external_rss de definition des boites /* $sql = "UPDATE ".MAIN_DB_PREFIX."boxes_def"; $sql.= " SET name = '".$db->escape($boxlabel)."'"; - $sql.= " WHERE file ='box_external_rss.php' AND note like '".$db->escape($_POST["norss"])." %'"; + $sql.= " WHERE file ='box_external_rss.php' AND note like '".$db->escape(GETPOST("norss"))." %'"; $resql=$db->query($sql); if (! $resql) @@ -115,7 +115,7 @@ if ($action == 'add' || GETPOST("modify")) { } } -if ($_POST["delete"]) { +if (GETPOST("delete")) { if (GETPOST("norss", 'int')) { $db->begin(); diff --git a/htdocs/admin/ihm.php b/htdocs/admin/ihm.php index 81263cba82e..8b799c9c7de 100644 --- a/htdocs/admin/ihm.php +++ b/htdocs/admin/ihm.php @@ -96,7 +96,7 @@ if ($action == 'removebackgroundlogin' && !empty($conf->global->MAIN_LOGIN_BACKG if ($action == 'update') { dolibarr_set_const($db, "MAIN_LANG_DEFAULT", GETPOST("MAIN_LANG_DEFAULT", 'aZ09'), 'chaine', 0, '', $conf->entity); dolibarr_set_const($db, "MAIN_IHM_PARAMS_REV", (int) $conf->global->MAIN_IHM_PARAMS_REV + 1, 'chaine', 0, '', $conf->entity); - //dolibarr_set_const($db, "MAIN_MULTILANGS", $_POST["MAIN_MULTILANGS"], 'chaine', 0, '', $conf->entity); + //dolibarr_set_const($db, "MAIN_MULTILANGS", GETPOST("MAIN_MULTILANGS"), 'chaine', 0, '', $conf->entity); dolibarr_set_const($db, "MAIN_THEME", GETPOST("main_theme", 'aZ09'), 'chaine', 0, '', $conf->entity); diff --git a/htdocs/admin/mailman.php b/htdocs/admin/mailman.php index b3644036cff..15dcccdb000 100644 --- a/htdocs/admin/mailman.php +++ b/htdocs/admin/mailman.php @@ -46,21 +46,27 @@ $action = GETPOST('action', 'aZ09'); $testsubscribeemail = GETPOST("testsubscribeemail"); $testunsubscribeemail = GETPOST("testunsubscribeemail"); +$error = 0; + + /* * Actions */ // Action updated or added a constant if ($action == 'update' || $action == 'add') { - foreach ($_POST['constname'] as $key => $val) { - $constname = $_POST["constname"][$key]; - $constvalue = $_POST["constvalue"][$key]; - $consttype = $_POST["consttype"][$key]; - $constnote = $_POST["constnote"][$key]; - $res = dolibarr_set_const($db, $constname, $constvalue, $type[$consttype], 0, $constnote, $conf->entity); + $tmparray = GETPOST('constname', 'array'); + if (is_array($tmparray)) { + foreach ($tmparray as $key => $val) { + $constname = $tmparray[$key]; + $constvalue = $tmparray[$key]; + $consttype = $tmparray[$key]; + $constnote = $tmparray[$key]; + $res = dolibarr_set_const($db, $constname, $constvalue, $type[$consttype], 0, $constnote, $conf->entity); - if (!($res > 0)) { - $error++; + if (!($res > 0)) { + $error++; + } } } diff --git a/htdocs/admin/mails_emailing.php b/htdocs/admin/mails_emailing.php index cb5df373645..511f5dde698 100644 --- a/htdocs/admin/mails_emailing.php +++ b/htdocs/admin/mails_emailing.php @@ -31,6 +31,7 @@ require_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php'; $langs->loadLangs(array('companies', 'products', 'admin', 'mails', 'other', 'errors')); $action = GETPOST('action', 'aZ09'); +$cancel = GETPOST('cancel', 'alpha'); if (!$user->admin) { accessforbidden(); @@ -59,7 +60,7 @@ complete_substitutions_array($substitutionarrayfortest, $langs); * Actions */ -if ($action == 'update' && empty($_POST["cancel"])) { +if ($action == 'update' && !$cancel) { // Send mode parameters dolibarr_set_const($db, "MAIN_MAIL_SENDMODE_EMAILING", GETPOST("MAIN_MAIL_SENDMODE_EMAILING"), 'chaine', 0, '', $conf->entity); dolibarr_set_const($db, "MAIN_MAIL_SMTP_PORT_EMAILING", GETPOST("MAIN_MAIL_SMTP_PORT_EMAILING"), 'chaine', 0, '', $conf->entity); diff --git a/htdocs/admin/mails_ticket.php b/htdocs/admin/mails_ticket.php index 14960db11d7..939273c1da2 100644 --- a/htdocs/admin/mails_ticket.php +++ b/htdocs/admin/mails_ticket.php @@ -31,6 +31,7 @@ require_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php'; $langs->loadLangs(array('companies', 'products', 'admin', 'mails', 'other', 'errors')); $action = GETPOST('action', 'aZ09'); +$cancel = GETPOST('cancel', 'alpha'); $usersignature = $user->signature; // For action = test or send, we ensure that content is not html, even for signature, because this we want a test with NO html. @@ -59,7 +60,7 @@ if (!$user->admin) { * Actions */ -if ($action == 'update' && empty($_POST["cancel"])) { +if ($action == 'update' && !$cancel) { // Send mode parameters dolibarr_set_const($db, "MAIN_MAIL_SENDMODE_TICKET", GETPOST("MAIN_MAIL_SENDMODE_TICKET"), 'chaine', 0, '', $conf->entity); dolibarr_set_const($db, "MAIN_MAIL_SMTP_PORT_TICKET", GETPOST("MAIN_MAIL_SMTP_PORT_TICKET"), 'chaine', 0, '', $conf->entity); diff --git a/htdocs/admin/menus/edit.php b/htdocs/admin/menus/edit.php index 8945daa23f8..2e84efbfb06 100644 --- a/htdocs/admin/menus/edit.php +++ b/htdocs/admin/menus/edit.php @@ -333,8 +333,8 @@ if ($action == 'create') { } else { print ''; } print ''.$langs->trans('DetailType').''; diff --git a/htdocs/admin/sms.php b/htdocs/admin/sms.php index d2cf26a0c9a..9ddbc3361c8 100644 --- a/htdocs/admin/sms.php +++ b/htdocs/admin/sms.php @@ -66,7 +66,7 @@ if ($action == 'send' && !$_POST['cancel']) { $error = 0; $smsfrom = ''; - if (!empty($_POST["fromsms"])) { + if (GETPOST("fromsms", 'alphanohtml')) { $smsfrom = GETPOST("fromsms", 'alphanohtml'); } if (empty($smsfrom)) { diff --git a/htdocs/categories/photos.php b/htdocs/categories/photos.php index e30067e8815..5fb1c85dd40 100644 --- a/htdocs/categories/photos.php +++ b/htdocs/categories/photos.php @@ -66,7 +66,7 @@ $upload_dir = $conf->categorie->multidir_output[$object->entity]; * Actions */ -if (isset($_FILES['userfile']) && $_FILES['userfile']['size'] > 0 && $_POST["sendit"] && !empty($conf->global->MAIN_UPLOAD_DOC)) { +if (isset($_FILES['userfile']) && $_FILES['userfile']['size'] > 0 && GETPOST("sendit") && !empty($conf->global->MAIN_UPLOAD_DOC)) { if ($object->id) { $file = $_FILES['userfile']; if (is_array($file['name']) && count($file['name']) > 0) { diff --git a/htdocs/comm/card.php b/htdocs/comm/card.php index c70bfb7fe91..8039241a899 100644 --- a/htdocs/comm/card.php +++ b/htdocs/comm/card.php @@ -162,7 +162,7 @@ if (empty($reshook)) { // set accountancy code if ($action == 'setcustomeraccountancycode') { $result = $object->fetch($id); - $object->code_compta = $_POST["customeraccountancycode"]; + $object->code_compta = GETPOST("customeraccountancycode"); $result = $object->update($object->id, $user, 1, 1, 0); if ($result < 0) { setEventMessages($object->error, $object->errors, 'errors'); diff --git a/htdocs/comm/mailing/advtargetemailing.php b/htdocs/comm/mailing/advtargetemailing.php index 8d57a9ee6a0..4b60fdd3464 100644 --- a/htdocs/comm/mailing/advtargetemailing.php +++ b/htdocs/comm/mailing/advtargetemailing.php @@ -397,7 +397,7 @@ if ($action == 'delete') { } } -if ($_POST["button_removefilter"]) { +if (GETPOST("button_removefilter")) { $search_nom = ''; $search_prenom = ''; $search_email = ''; diff --git a/htdocs/comm/mailing/card.php b/htdocs/comm/mailing/card.php index e0a9138244d..3fc50d03eaf 100644 --- a/htdocs/comm/mailing/card.php +++ b/htdocs/comm/mailing/card.php @@ -46,6 +46,7 @@ if (!$user->rights->mailing->lire || (empty($conf->global->EXTERNAL_USERS_ARE_AU $id = (GETPOST('mailid', 'int') ? GETPOST('mailid', 'int') : GETPOST('id', 'int')); $action = GETPOST('action', 'aZ09'); +$cancel = GETPOST('cancel'); $confirm = GETPOST('confirm', 'alpha'); $urlfrom = GETPOST('urlfrom'); @@ -393,12 +394,12 @@ if (empty($reshook)) { } // Action send test emailing - if ($action == 'send' && empty($_POST["cancel"])) { + if ($action == 'send' && ! $cancel) { $error = 0; $upload_dir = $conf->mailing->dir_output."/".get_exdir($object->id, 2, 0, 1, $object, 'mailing'); - $object->sendto = $_POST["sendto"]; + $object->sendto = GETPOST("sendto", 'alphawithlgt'); if (!$object->sendto) { setEventMessages($langs->trans("ErrorFieldRequired", $langs->transnoentitiesnoconv("MailTo")), null, 'errors'); $error++; @@ -537,7 +538,7 @@ if (empty($reshook)) { } // Action of file remove - if (!empty($_POST["removedfile"])) { + if (GETPOST("removedfile")) { $upload_dir = $conf->mailing->dir_output."/".get_exdir($object->id, 2, 0, 1, $object, 'mailing'); require_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php'; @@ -548,7 +549,7 @@ if (empty($reshook)) { } // Action of emailing update - if ($action == 'update' && empty($_POST["removedfile"]) && empty($_POST["cancel"])) { + if ($action == 'update' && !GETPOST("removedfile") && !$cancel) { require_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php'; $isupload = 0; @@ -643,7 +644,7 @@ if (empty($reshook)) { } } - if (!empty($_POST["cancel"])) { + if ($cancel) { $action = ''; } } diff --git a/htdocs/comm/multiprix.php b/htdocs/comm/multiprix.php index 2f5e146843b..f1638e9dc37 100644 --- a/htdocs/comm/multiprix.php +++ b/htdocs/comm/multiprix.php @@ -30,6 +30,9 @@ require_once DOL_DOCUMENT_ROOT.'/contact/class/contact.class.php'; // Load translation files required by the page $langs->loadLangs(array('orders', 'companies')); +$action = GETPOST('action', 'alpha'); +$cancel = GETPOST('cancel', 'alpha'); + $id = GETPOST('id', 'int'); $_socid = GETPOST("id", 'int'); // Security check @@ -42,10 +45,10 @@ if ($user->socid > 0) { * Actions */ -if ($_POST["action"] == 'setpricelevel') { +if ($action == 'setpricelevel') { $soc = new Societe($db); $soc->fetch($id); - $soc->set_price_level($_POST["price_level"], $user); + $soc->set_price_level(GETPOST("price_level"), $user); header("Location: multiprix.php?id=".$id); exit; diff --git a/htdocs/comm/propal/card.php b/htdocs/comm/propal/card.php index c8c94e7e95a..cecb4fff28a 100644 --- a/htdocs/comm/propal/card.php +++ b/htdocs/comm/propal/card.php @@ -775,9 +775,9 @@ if (empty($reshook)) { $object->generateDocument($object->model_pdf, $outputlangs, $hidedetails, $hidedesc, $hideref); } } elseif ($action == "setabsolutediscount" && $usercancreate) { - if ($_POST["remise_id"]) { + if (GETPOST("remise_id", "int")) { if ($object->id > 0) { - $result = $object->insert_discount($_POST["remise_id"]); + $result = $object->insert_discount(GETPOST("remise_id", "int")); if ($result < 0) { setEventMessages($object->error, $object->errors, 'errors'); } diff --git a/htdocs/compta/bank/bankentries_list.php b/htdocs/compta/bank/bankentries_list.php index f07b38045f2..22121fa7664 100644 --- a/htdocs/compta/bank/bankentries_list.php +++ b/htdocs/compta/bank/bankentries_list.php @@ -245,7 +245,7 @@ if ((GETPOST('confirm_savestatement', 'alpha') || GETPOST('confirm_reconcile', ' foreach ($rowids as $row) { if ($row > 0) { $result = $bankline->fetch($row); - $bankline->num_releve = $num_releve; //$_POST["num_releve"]; + $bankline->num_releve = $num_releve; // GETPOST("num_releve"); $result = $bankline->update_conciliation($user, GETPOST("cat"), GETPOST('confirm_reconcile', 'alpha') ? 1 : 0); // If we confirm_reconcile, we set flag 'rappro' to 1. if ($result < 0) { setEventMessages($bankline->error, $bankline->errors, 'errors'); diff --git a/htdocs/compta/bank/card.php b/htdocs/compta/bank/card.php index bf74035d553..33d4bc37aed 100644 --- a/htdocs/compta/bank/card.php +++ b/htdocs/compta/bank/card.php @@ -87,18 +87,18 @@ if ($action == 'add') { $object->ref = dol_string_nospecial(trim(GETPOST('ref', 'alpha'))); $object->label = trim(GETPOST("label", 'alphanohtml')); - $object->courant = $_POST["type"]; - $object->clos = $_POST["clos"]; + $object->courant = GETPOST("type"); + $object->clos = GETPOST("clos"); $object->rappro = (GETPOST("norappro", 'alpha') ? 0 : 1); $object->url = trim(GETPOST("url", 'alpha')); - $object->bank = trim($_POST["bank"]); - $object->code_banque = trim($_POST["code_banque"]); - $object->code_guichet = trim($_POST["code_guichet"]); - $object->number = trim($_POST["number"]); - $object->cle_rib = trim($_POST["cle_rib"]); - $object->bic = trim($_POST["bic"]); - $object->iban = trim($_POST["iban"]); + $object->bank = trim(GETPOST("bank")); + $object->code_banque = trim(GETPOST("code_banque")); + $object->code_guichet = trim(GETPOST("code_guichet")); + $object->number = trim(GETPOST("number")); + $object->cle_rib = trim(GETPOST("cle_rib")); + $object->bic = trim(GETPOST("bic")); + $object->iban = trim(GETPOST("iban")); $object->domiciliation = trim(GETPOST("domiciliation", "nohtml")); $object->proprio = trim(GETPOST("proprio", 'alphanohtml')); @@ -120,10 +120,10 @@ if ($action == 'add') { $object->fk_accountancy_journal = $fk_accountancy_journal; } - $object->solde = $_POST["solde"]; + $object->solde = price2num(GETPOST("solde")); $object->date_solde = dol_mktime(12, 0, 0, GETPOST("remonth", 'int'), GETPOST('reday', 'int'), GETPOST("reyear", 'int')); - $object->currency_code = trim($_POST["account_currency_code"]); + $object->currency_code = trim(GETPOST("account_currency_code")); $object->state_id = GETPOST("account_state_id", 'int'); $object->country_id = GETPOST("account_country_id", 'int'); @@ -187,18 +187,18 @@ if ($action == 'update') { $object->ref = dol_string_nospecial(trim(GETPOST('ref', 'alpha'))); $object->label = trim(GETPOST("label", 'alphanohtml')); - $object->courant = $_POST["type"]; - $object->clos = $_POST["clos"]; + $object->courant = GETPOST("type"); + $object->clos = GETPOST("clos"); $object->rappro = (GETPOST("norappro", 'alpha') ? 0 : 1); $object->url = trim(GETPOST("url", 'alpha')); - $object->bank = trim($_POST["bank"]); - $object->code_banque = trim($_POST["code_banque"]); - $object->code_guichet = trim($_POST["code_guichet"]); - $object->number = trim($_POST["number"]); - $object->cle_rib = trim($_POST["cle_rib"]); - $object->bic = trim($_POST["bic"]); - $object->iban = trim($_POST["iban"]); + $object->bank = trim(GETPOST("bank")); + $object->code_banque = trim(GETPOST("code_banque")); + $object->code_guichet = trim(GETPOST("code_guichet")); + $object->number = trim(GETPOST("number")); + $object->cle_rib = trim(GETPOST("cle_rib")); + $object->bic = trim(GETPOST("bic")); + $object->iban = trim(GETPOST("iban")); $object->domiciliation = trim(GETPOST("domiciliation", "nohtml")); $object->proprio = trim(GETPOST("proprio", 'alphanohtml')); @@ -220,7 +220,7 @@ if ($action == 'update') { $object->fk_accountancy_journal = $fk_accountancy_journal; } - $object->currency_code = trim($_POST["account_currency_code"]); + $object->currency_code = trim(GETPOST("account_currency_code")); $object->state_id = GETPOST("account_state_id", 'int'); $object->country_id = GETPOST("account_country_id", 'int'); @@ -274,7 +274,7 @@ if ($action == 'update') { } } -if ($action == 'confirm_delete' && $_POST["confirm"] == "yes" && $user->rights->banque->configurer) { +if ($action == 'confirm_delete' && GETPOST("confirm") == "yes" && $user->rights->banque->configurer) { // Delete $object = new Account($db); $object->fetch(GETPOST("id", "int")); @@ -462,7 +462,8 @@ if ($action == 'create') { print ''; print '
'; - if ($_POST["type"] == Account::TYPE_SAVINGS || $_POST["type"] == Account::TYPE_CURRENT) { + $type = GETPOST('type'); + if ($type == Account::TYPE_SAVINGS || $type == Account::TYPE_CURRENT) { print ''; // If bank account @@ -988,7 +989,7 @@ if ($action == 'create') { print '
'; - if ($_POST["type"] == Account::TYPE_SAVINGS || $_POST["type"] == Account::TYPE_CURRENT) { + if (GETPOST("type") == Account::TYPE_SAVINGS || GETPOST("type") == Account::TYPE_CURRENT) { print '
'; //print '
'; diff --git a/htdocs/compta/bank/line.php b/htdocs/compta/bank/line.php index 410e3a82bea..292a61e8bc6 100644 --- a/htdocs/compta/bank/line.php +++ b/htdocs/compta/bank/line.php @@ -140,9 +140,9 @@ if ($user->rights->banque->modifier && $action == "update") { if (!$error) { $db->begin(); - $amount = price2num($_POST['amount']); - $dateop = dol_mktime(12, 0, 0, $_POST["dateomonth"], $_POST["dateoday"], $_POST["dateoyear"]); - $dateval = dol_mktime(12, 0, 0, $_POST["datevmonth"], $_POST["datevday"], $_POST["datevyear"]); + $amount = price2num(GETPOST('amount')); + $dateop = dol_mktime(12, 0, 0, GETPOST("dateomonth"), GETPOST("dateoday"), GETPOST("dateoyear")); + $dateval = dol_mktime(12, 0, 0, GETPOST("datevmonth"), GETPOST("datevday"), GETPOST("datevyear")); $sql = "UPDATE ".MAIN_DB_PREFIX."bank"; $sql .= " SET "; // Always opened @@ -212,8 +212,8 @@ if ($user->rights->banque->modifier && $action == "update") { // Reconcile if ($user->rights->banque->consolidate && ($action == 'num_releve' || $action == 'setreconcile')) { - $num_rel = trim($_POST["num_rel"]); - $rappro = $_POST['reconciled'] ? 1 : 0; + $num_rel = trim(GETPOST("num_rel")); + $rappro = GETPOST('reconciled') ? 1 : 0; // Check parameters if ($rappro && empty($num_rel)) { diff --git a/htdocs/compta/localtax/card.php b/htdocs/compta/localtax/card.php index d4091a6df90..451007932d7 100644 --- a/htdocs/compta/localtax/card.php +++ b/htdocs/compta/localtax/card.php @@ -33,6 +33,8 @@ $langs->loadLangs(array('compta', 'banks', 'bills')); $id = GETPOST("id", 'int'); $action = GETPOST("action", "alpha"); +$cancel = GETPOST('cancel'); + $refund = GETPOST("refund", "int"); if (empty($refund)) { $refund = 0; @@ -57,18 +59,18 @@ $hookmanager->initHooks(array('localtaxvatcard', 'globalcard')); * Actions */ -if ($_POST["cancel"] == $langs->trans("Cancel") && !$id) { +if ($cancel && !$id) { header("Location: list.php?localTaxType=".$lttype); exit; } -if ($action == 'add' && $_POST["cancel"] <> $langs->trans("Cancel")) { +if ($action == 'add' && $cancel) { $db->begin(); - $datev = dol_mktime(12, 0, 0, $_POST["datevmonth"], $_POST["datevday"], $_POST["datevyear"]); - $datep = dol_mktime(12, 0, 0, $_POST["datepmonth"], $_POST["datepday"], $_POST["datepyear"]); + $datev = dol_mktime(12, 0, 0, GETPOST("datevmonth"), GETPOST("datevday"), GETPOST("datevyear")); + $datep = dol_mktime(12, 0, 0, GETPOST("datepmonth"), GETPOST("datepday"), GETPOST("datepyear")); - $object->accountid = GETPOST("accountid"); + $object->accountid = GETPOST("accountid", 'int'); $object->paymenttype = GETPOST("paiementtype"); $object->datev = $datev; $object->datep = $datep; @@ -165,14 +167,14 @@ if ($action == 'create') { print ''; // Label - print ''.$langs->trans("Label").'transcountry(($lttype == 2 ? "LT2Payment" : "LT1Payment"), $mysoc->country_code)).'">'; + print ''.$langs->trans("Label").'transcountry(($lttype == 2 ? "LT2Payment" : "LT1Payment"), $mysoc->country_code)).'">'; // Amount print ''.$langs->trans("Amount").''; if (!empty($conf->banque->enabled)) { print ''.$langs->trans("Account").''; - $form->select_comptes($_POST["accountid"], "accountid", 0, "courant=1", 2); // Affiche liste des comptes courant + $form->select_comptes(GETPOST("accountid", "int"), "accountid", 0, "courant=1", 2); // Affiche liste des comptes courant print ''; print ''.$langs->trans("PaymentMode").''; diff --git a/htdocs/compta/paiement/cheque/card.php b/htdocs/compta/paiement/cheque/card.php index 847dae1bc29..86153e4b38d 100644 --- a/htdocs/compta/paiement/cheque/card.php +++ b/htdocs/compta/paiement/cheque/card.php @@ -117,9 +117,9 @@ if ($action == 'setref' && $user->rights->banque->cheque) { } } -if ($action == 'create' && $_POST["accountid"] > 0 && $user->rights->banque->cheque) { +if ($action == 'create' && GETPOST("accountid", "int") > 0 && $user->rights->banque->cheque) { if (is_array($_POST['toRemise'])) { - $result = $object->create($user, $_POST["accountid"], 0, $_POST['toRemise']); + $result = $object->create($user, GETPOST("accountid", "int"), 0, GETPOST('toRemise')); if ($result > 0) { if ($object->statut == 1) { // If statut is validated, we build doc $object->fetch($object->id); // To force to reload all properties in correct property name @@ -134,7 +134,7 @@ if ($action == 'create' && $_POST["accountid"] > 0 && $user->rights->banque->che $outputlangs = new Translate("", $conf); $outputlangs->setDefaultLang($newlang); } - $result = $object->generatePdf($_POST["model"], $outputlangs); + $result = $object->generatePdf(GETPOST("model"), $outputlangs); } header("Location: ".$_SERVER["PHP_SELF"]."?id=".$object->id); @@ -227,7 +227,7 @@ if ($action == 'builddoc' && $user->rights->banque->cheque) { $outputlangs = new Translate("", $conf); $outputlangs->setDefaultLang($newlang); } - $result = $object->generatePdf($_POST["model"], $outputlangs); + $result = $object->generatePdf(GETPOST("model"), $outputlangs); if ($result <= 0) { dol_print_error($db, $object->error); exit; diff --git a/htdocs/compta/paiement/rapport.php b/htdocs/compta/paiement/rapport.php index 139188c7c1b..ba8c9b2a82f 100644 --- a/htdocs/compta/paiement/rapport.php +++ b/htdocs/compta/paiement/rapport.php @@ -70,14 +70,14 @@ if ($action == 'builddoc') { // We save charset_output to restore it because write_file can change it if needed for // output format that does not support UTF8. $sav_charset_output = $outputlangs->charset_output; - if ($rap->write_file($dir, $_POST["remonth"], $_POST["reyear"], $outputlangs) > 0) { + if ($rap->write_file($dir, GETPOST("remonth", "int"), GETPOST("reyear", "int"), $outputlangs) > 0) { $outputlangs->charset_output = $sav_charset_output; } else { $outputlangs->charset_output = $sav_charset_output; dol_print_error($db, $obj->error); } - $year = $_POST["reyear"]; + $year = GETPOST("reyear", "int"); } diff --git a/htdocs/compta/paiement_charge.php b/htdocs/compta/paiement_charge.php index bc79ff07d47..e796f039f80 100644 --- a/htdocs/compta/paiement_charge.php +++ b/htdocs/compta/paiement_charge.php @@ -32,6 +32,8 @@ $langs->load("bills"); $chid = GETPOST("id", 'int'); $action = GETPOST('action', 'aZ09'); +$cancel = GETPOST('cancel'); + $amounts = array(); // Security check @@ -50,15 +52,15 @@ $charge = new ChargeSociales($db); if ($action == 'add_payment' || ($action == 'confirm_paiement' && $confirm == 'yes')) { $error = 0; - if ($_POST["cancel"]) { + if ($cancel) { $loc = DOL_URL_ROOT.'/compta/sociales/card.php?id='.$chid; header("Location: ".$loc); exit; } - $datepaye = dol_mktime(12, 0, 0, $_POST["remonth"], $_POST["reday"], $_POST["reyear"]); + $datepaye = dol_mktime(12, 0, 0, GETPOST("remonth", "int"), GETPOST("reday", "int"), GETPOST("reyear", "int")); - if (!$_POST["paiementtype"] > 0) { + if (!(GETPOST("paiementtype") > 0)) { setEventMessages($langs->trans("ErrorFieldRequired", $langs->transnoentities("PaymentMode")), null, 'errors'); $error++; $action = 'create'; @@ -68,7 +70,7 @@ if ($action == 'add_payment' || ($action == 'confirm_paiement' && $confirm == 'y $error++; $action = 'create'; } - if (!empty($conf->banque->enabled) && !($_POST["accountid"] > 0)) { + if (!empty($conf->banque->enabled) && !(GETPOST("accountid") > 0)) { setEventMessages($langs->trans("ErrorFieldRequired", $langs->transnoentities("AccountToCredit")), null, 'errors'); $error++; $action = 'create'; diff --git a/htdocs/compta/paiement_vat.php b/htdocs/compta/paiement_vat.php index 4a90f398fa3..7fc81e5ac27 100644 --- a/htdocs/compta/paiement_vat.php +++ b/htdocs/compta/paiement_vat.php @@ -33,6 +33,8 @@ $langs->loadLangs(array("banks", "bills")); $chid = GETPOST("id", 'int'); $action = GETPOST('action', 'alpha'); +$cancel = GETPOST('cancel'); + $amounts = array(); // Security check @@ -49,7 +51,7 @@ if ($user->socid > 0) { if ($action == 'add_payment' || ($action == 'confirm_paiement' && $confirm == 'yes')) { $error = 0; - if ($_POST["cancel"]) { + if ($cancel) { $loc = DOL_URL_ROOT.'/compta/tva/card.php?id='.$chid; header("Location: ".$loc); exit; diff --git a/htdocs/compta/tva/card.php b/htdocs/compta/tva/card.php index 5470685e8e0..fdb1e3336df 100755 --- a/htdocs/compta/tva/card.php +++ b/htdocs/compta/tva/card.php @@ -41,6 +41,7 @@ $langs->loadLangs(array('compta', 'banks', 'bills')); $id = GETPOST("id", 'int'); $action = GETPOST("action", "alpha"); +$cancel = GETPOST('cancel'); $confirm = GETPOST('confirm'); $refund = GETPOST("refund", "int"); if (GETPOSTISSET('auto_create_paiement') || $action === 'add') { @@ -74,7 +75,7 @@ $hookmanager->initHooks(array('taxvatcard', 'globalcard')); * Actions */ -if ($_POST["cancel"] == $langs->trans("Cancel") && !$id) { +if ($cancel && !$id) { header("Location: list.php"); exit; } @@ -135,7 +136,7 @@ if ($action == 'reopen' && $user->rights->tax->charges->creer) { } } -if ($action == 'add' && $_POST["cancel"] <> $langs->trans("Cancel")) { +if ($action == 'add' && $cancel) { $error = 0; $object->fk_account = GETPOST("accountid", 'int'); diff --git a/htdocs/contact/canvas/actions_contactcard_common.class.php b/htdocs/contact/canvas/actions_contactcard_common.class.php index a32263cd65e..332b7dd36c6 100644 --- a/htdocs/contact/canvas/actions_contactcard_common.class.php +++ b/htdocs/contact/canvas/actions_contactcard_common.class.php @@ -283,28 +283,28 @@ abstract class ActionsContactCardCommon // phpcs:enable global $langs, $mysoc; - $this->object->old_name = $_POST["old_name"]; - $this->object->old_firstname = $_POST["old_firstname"]; + $this->object->old_name = GETPOST("old_name"); + $this->object->old_firstname = GETPOST("old_firstname"); - $this->object->socid = $_POST["socid"]; - $this->object->lastname = $_POST["name"]; - $this->object->firstname = $_POST["firstname"]; - $this->object->civility_id = $_POST["civility_id"]; - $this->object->poste = $_POST["poste"]; - $this->object->address = $_POST["address"]; - $this->object->zip = $_POST["zipcode"]; - $this->object->town = $_POST["town"]; - $this->object->country_id = $_POST["country_id"] ? $_POST["country_id"] : $mysoc->country_id; - $this->object->state_id = $_POST["state_id"]; - $this->object->phone_pro = $_POST["phone_pro"]; - $this->object->phone_perso = $_POST["phone_perso"]; - $this->object->phone_mobile = $_POST["phone_mobile"]; - $this->object->fax = $_POST["fax"]; - $this->object->email = $_POST["email"]; - $this->object->jabberid = $_POST["jabberid"]; - $this->object->priv = $_POST["priv"]; - $this->object->note = $_POST["note"]; - $this->object->canvas = $_POST["canvas"]; + $this->object->socid = GETPOST("socid"); + $this->object->lastname = GETPOST("name"); + $this->object->firstname = GETPOST("firstname"); + $this->object->civility_id = GETPOST("civility_id"); + $this->object->poste = GETPOST("poste"); + $this->object->address = GETPOST("address"); + $this->object->zip = GETPOST("zipcode"); + $this->object->town = GETPOST("town"); + $this->object->country_id = GETPOST("country_id") ? GETPOST("country_id") : $mysoc->country_id; + $this->object->state_id = GETPOST("state_id"); + $this->object->phone_pro = GETPOST("phone_pro"); + $this->object->phone_perso = GETPOST("phone_perso"); + $this->object->phone_mobile = GETPOST("phone_mobile"); + $this->object->fax = GETPOST("fax"); + $this->object->email = GETPOST("email"); + $this->object->jabberid = GETPOST("jabberid"); + $this->object->priv = GETPOST("priv"); + $this->object->note = GETPOST("note", "restricthtml"); + $this->object->canvas = GETPOST("canvas"); // We set country_id, and country_code label of the chosen country if ($this->object->country_id) { diff --git a/htdocs/contact/card.php b/htdocs/contact/card.php index 421b88ea6b8..b337f0980e6 100644 --- a/htdocs/contact/card.php +++ b/htdocs/contact/card.php @@ -561,7 +561,7 @@ if (is_object($objcanvas) && $objcanvas->displayCanvasExists($action)) { $object->state_id = GETPOST("state_id"); // We set country_id, country_code and label for the selected country - $object->country_id = $_POST["country_id"] ?GETPOST("country_id") : (empty($objsoc->country_id) ? $mysoc->country_id : $objsoc->country_id); + $object->country_id = GETPOST("country_id") ? GETPOST("country_id", "int") : (empty($objsoc->country_id) ? $mysoc->country_id : $objsoc->country_id); if ($object->country_id) { $tmparray = getCountry($object->country_id, 'all'); $object->country_code = $tmparray['code']; diff --git a/htdocs/contact/perso.php b/htdocs/contact/perso.php index 807d54c4651..628c73b0afc 100644 --- a/htdocs/contact/perso.php +++ b/htdocs/contact/perso.php @@ -49,8 +49,8 @@ if ($action == 'update' && !GETPOST("cancel") && $user->rights->societe->contact $ret = $object->fetch($id); // Note: Correct date should be completed with location to have exact GM time of birth. - $object->birthday = dol_mktime(0, 0, 0, $_POST["birthdaymonth"], $_POST["birthdayday"], $_POST["birthdayyear"]); - $object->birthday_alert = $_POST["birthday_alert"]; + $object->birthday = dol_mktime(0, 0, 0, GETPOST("birthdaymonth"), GETPOST("birthdayday"), GETPOST("birthdayyear")); + $object->birthday_alert = GETPOST("birthday_alert"); if (GETPOST('deletephoto')) { $object->photo = ''; diff --git a/htdocs/core/class/html.formmail.class.php b/htdocs/core/class/html.formmail.class.php index 8f8f8e665f7..f56b9f6070e 100644 --- a/htdocs/core/class/html.formmail.class.php +++ b/htdocs/core/class/html.formmail.class.php @@ -912,8 +912,8 @@ class FormMail extends Form } } - if (GETPOSTISSET("message") && !$_POST['modelselected']) { - $defaultmessage = $_POST["message"]; + if (GETPOSTISSET("message") && !GETPOST('modelselected')) { + $defaultmessage = GETPOST("message", "restricthtml"); } else { $defaultmessage = make_substitutions($defaultmessage, $this->substit); // Clean first \n and br (to avoid empty line when CONTACTCIVNAME is empty) diff --git a/htdocs/core/lib/admin.lib.php b/htdocs/core/lib/admin.lib.php index 72de6036e8f..7157b1a7c62 100644 --- a/htdocs/core/lib/admin.lib.php +++ b/htdocs/core/lib/admin.lib.php @@ -568,7 +568,7 @@ function dolibarr_get_const($db, $name, $entity = 1) * @param DoliDB $db Database handler * @param string $name Name of constant * @param string $value Value of constant - * @param string $type Type of constante (chaine par defaut) + * @param string $type Type of constant ('chaine by default) * @param int $visible Is constant visible in Setup->Other page (0 by default) * @param string $note Note on parameter * @param int $entity Multi company id (0 means all entities) diff --git a/htdocs/fourn/facture/card.php b/htdocs/fourn/facture/card.php index d22006a52d0..0312c851de3 100644 --- a/htdocs/fourn/facture/card.php +++ b/htdocs/fourn/facture/card.php @@ -417,13 +417,11 @@ if (empty($reshook)) { dol_print_error($db, $object->error); } } elseif ($action == "setabsolutediscount" && $usercancreate) { - // POST[remise_id] or POST[remise_id_for_payment] - // We use the credit to reduce amount of invoice - if (!empty($_POST["remise_id"])) { + if (GETPOST("remise_id", "int")) { $ret = $object->fetch($id); if ($ret > 0) { - $result = $object->insert_discount($_POST["remise_id"]); + $result = $object->insert_discount(GETPOST("remise_id", "int")); if ($result < 0) { setEventMessages($object->error, $object->errors, 'errors'); } @@ -432,10 +430,10 @@ if (empty($reshook)) { } } // We use the credit to reduce remain to pay - if (!empty($_POST["remise_id_for_payment"])) { + if (GETPOST("remise_id_for_payment", "int")) { require_once DOL_DOCUMENT_ROOT.'/core/class/discount.class.php'; $discount = new DiscountAbsolute($db); - $discount->fetch($_POST["remise_id_for_payment"]); + $discount->fetch(GETPOST("remise_id_for_payment", "int")); //var_dump($object->getRemainToPay(0)); //var_dump($discount->amount_ttc);exit; @@ -1082,14 +1080,14 @@ if (empty($reshook)) { $prod = new Product($db); $prod->fetch(GETPOST('productid')); $label = $prod->description; - if (trim($_POST['product_desc']) != trim($label)) { - $label = $_POST['product_desc']; + if (trim(GETPOST('product_desc', 'restricthtml')) != trim($label)) { + $label = GETPOST('product_desc', 'restricthtml'); } $type = $prod->type; } else { - $label = $_POST['product_desc']; - $type = $_POST["type"] ? $_POST["type"] : 0; + $label = GETPOST('product_desc', 'restricthtml'); + $type = GETPOST("type") ? GETPOST("type") : 0; } $date_start = dol_mktime(GETPOST('date_starthour'), GETPOST('date_startmin'), GETPOST('date_startsec'), GETPOST('date_startmonth'), GETPOST('date_startday'), GETPOST('date_startyear')); diff --git a/htdocs/opensurvey/results.php b/htdocs/opensurvey/results.php index ede66c3e022..25bd65a77fe 100644 --- a/htdocs/opensurvey/results.php +++ b/htdocs/opensurvey/results.php @@ -66,9 +66,9 @@ if (GETPOST("boutonp") || GETPOST("boutonp.x") || GETPOST("boutonp_x")) { // bo $nouveauchoix = ''; for ($i = 0; $i < $nbcolonnes; $i++) { - if (isset($_POST["choix$i"]) && $_POST["choix$i"] == '1') { + if (GETPOSTISSET("choix$i") && GETPOST("choix$i") == '1') { $nouveauchoix .= "1"; - } elseif (isset($_POST["choix$i"]) && $_POST["choix$i"] == '2') { + } elseif (GETPOSTISSET("choix$i") && GETPOST("choix$i") == '2') { $nouveauchoix .= "2"; } else { // sinon c'est 0 $nouveauchoix .= "0"; @@ -122,17 +122,16 @@ if ($testmodifier) { $nouveauchoix = ''; for ($i = 0; $i < $nbcolonnes; $i++) { - //var_dump($_POST["choix$i"]); - if (isset($_POST["choix$i"]) && $_POST["choix$i"] == '1') { + if (GETPOSTISSET("choix$i") && GETPOST("choix$i") == '1') { $nouveauchoix .= "1"; - } elseif (isset($_POST["choix$i"]) && $_POST["choix$i"] == '2') { + } elseif (GETPOSTISSET("choix$i") && GETPOST("choix$i") == '2') { $nouveauchoix .= "2"; } else { // sinon c'est 0 $nouveauchoix .= "0"; } } - $idtomodify = $_POST["idtomodify".$modifier]; + $idtomodify = GETPOST("idtomodify".$modifier); $sql = 'UPDATE '.MAIN_DB_PREFIX."opensurvey_user_studs"; $sql .= " SET reponses = '".$db->escape($nouveauchoix)."'"; $sql .= " WHERE id_users = '".$db->escape($idtomodify)."'"; @@ -169,7 +168,7 @@ if (GETPOST("ajoutercolonne") && GETPOST('nouvellecolonne') && $object->format = } // Add column (with format date) -if (isset($_POST["ajoutercolonne"]) && $object->format == "D") { +if (GETPOSTISSET("ajoutercolonne") && $object->format == "D") { // Security check if (!$user->rights->opensurvey->write) { accessforbidden(); @@ -177,27 +176,27 @@ if (isset($_POST["ajoutercolonne"]) && $object->format == "D") { $nouveauxsujets = $object->sujet; - if (isset($_POST["nouveaujour"]) && $_POST["nouveaujour"] != "vide" && - isset($_POST["nouveaumois"]) && $_POST["nouveaumois"] != "vide" && - isset($_POST["nouvelleannee"]) && $_POST["nouvelleannee"] != "vide") { - $nouvelledate = dol_mktime(0, 0, 0, $_POST["nouveaumois"], $_POST["nouveaujour"], $_POST["nouvelleannee"]); + if (GETPOSTISSET("nouveaujour") && GETPOST("nouveaujour") != "vide" && + GETPOSTISSET("nouveaumois") && GETPOST("nouveaumois") != "vide" && + GETPOSTISSET("nouvelleannee") && GETPOST("nouvelleannee") != "vide") { + $nouvelledate = dol_mktime(0, 0, 0, GETPOST("nouveaumois"), GETPOST("nouveaujour"), GETPOST("nouvelleannee")); - if (isset($_POST["nouvelleheuredebut"]) && $_POST["nouvelleheuredebut"] != "vide") { + if (GETPOSTISSET("nouvelleheuredebut") && GETPOST("nouvelleheuredebut") != "vide") { $nouvelledate .= "@"; $nouvelledate .= GETPOST("nouvelleheuredebut"); $nouvelledate .= "h"; - if ($_POST["nouvelleminutedebut"] != "vide") { + if (GETPOST("nouvelleminutedebut") != "vide") { $nouvelledate .= GETPOST("nouvelleminutedebut"); } } - if (isset($_POST["nouvelleheurefin"]) && $_POST["nouvelleheurefin"] != "vide") { + if (GETPOSTISSET("nouvelleheurefin") && GETPOST("nouvelleheurefin") != "vide") { $nouvelledate .= "-"; $nouvelledate .= GETPOST("nouvelleheurefin"); $nouvelledate .= "h"; - if ($_POST["nouvelleminutefin"] != "vide") { + if (GETPOST("nouvelleminutefin") != "vide") { $nouvelledate .= GETPOST("nouvelleminutefin"); } } diff --git a/htdocs/product/card.php b/htdocs/product/card.php index 58a177dddc4..2c0531acaea 100644 --- a/htdocs/product/card.php +++ b/htdocs/product/card.php @@ -405,8 +405,8 @@ if (empty($reshook)) { if (!empty($conf->global->PRODUIT_MULTIPRICES)) { for ($i = 2; $i <= $conf->global->PRODUIT_MULTIPRICES_LIMIT; $i++) { if (GETPOSTISSET("price_".$i)) { - $object->multiprices["$i"] = price2num($_POST["price_".$i], 'MU'); - $object->multiprices_base_type["$i"] = $_POST["multiprices_base_type_".$i]; + $object->multiprices["$i"] = price2num(GETPOST("price_".$i), 'MU'); + $object->multiprices_base_type["$i"] = GETPOST("multiprices_base_type_".$i); } else { $object->multiprices["$i"] = ""; } diff --git a/htdocs/product/fournisseurs.php b/htdocs/product/fournisseurs.php index 371713f0250..77659142744 100644 --- a/htdocs/product/fournisseurs.php +++ b/htdocs/product/fournisseurs.php @@ -217,7 +217,7 @@ if (empty($reshook)) { $langs->load("errors"); setEventMessages($langs->trans("ErrorFieldRequired", $langs->transnoentities("Supplier")), null, 'errors'); } - if (price2num($_POST["price"]) < 0 || $_POST["price"] == '') { + if (price2num(GETPOST("price")) < 0 || GETPOST("price") == '') { if ($price_expression === '') { // Return error of missing price only if price_expression not set $error++; $langs->load("errors"); diff --git a/htdocs/product/stock/movement_card.php b/htdocs/product/stock/movement_card.php index 31c71d9e2bd..3221c23aa8d 100644 --- a/htdocs/product/stock/movement_card.php +++ b/htdocs/product/stock/movement_card.php @@ -179,7 +179,7 @@ if ($action == "correct_stock") { setEventMessages($langs->trans("ErrorFieldRequired", $langs->transnoentitiesnoconv("Product")), null, 'errors'); $action = 'correction'; } - if (!is_numeric($_POST["nbpiece"])) { + if (!is_numeric(GETPOST("nbpiece"))) { $error++; setEventMessages($langs->trans("ErrorFieldMustBeANumeric", $langs->transnoentitiesnoconv("NumberOfUnit")), null, 'errors'); $action = 'correction'; diff --git a/htdocs/product/stock/movement_list.php b/htdocs/product/stock/movement_list.php index aed4278bb0e..50982e0e084 100644 --- a/htdocs/product/stock/movement_list.php +++ b/htdocs/product/stock/movement_list.php @@ -247,7 +247,7 @@ if ($action == "correct_stock") { setEventMessages($langs->trans("ErrorFieldRequired", $langs->transnoentitiesnoconv("Product")), null, 'errors'); $action = 'correction'; } - if (!is_numeric($_POST["nbpiece"])) { + if (!is_numeric(GETPOST("nbpiece"))) { $error++; setEventMessages($langs->trans("ErrorFieldMustBeANumeric", $langs->transnoentitiesnoconv("NumberOfUnit")), null, 'errors'); $action = 'correction';