From d98d4d219f67aba9124f731744d762f6b7fec28c Mon Sep 17 00:00:00 2001
From: BENKE Charles <charles.fr@benke.fr>
Date: Mon, 19 Jan 2015 22:46:28 +0100
Subject: [PATCH] Update task.php

use GETPOST instead of $_GET and $_POST
---
 htdocs/projet/tasks/task.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/htdocs/projet/tasks/task.php b/htdocs/projet/tasks/task.php
index e2bccd26a5d..b9106c4e2e3 100644
--- a/htdocs/projet/tasks/task.php
+++ b/htdocs/projet/tasks/task.php
@@ -37,7 +37,7 @@ $langs->load("projects");
 $langs->load("companies");
 
 $id=GETPOST('id','int');
-$ref=$_GET["ref"];
+$ref=GETPOST("ref",'alpha',1);
 $action=GETPOST('action','alpha');
 $confirm=GETPOST('confirm','alpha');
 $withproject=GETPOST('withproject','int');
@@ -81,7 +81,7 @@ if ($action == 'update' && ! $_POST["cancel"] && $user->rights->projet->creer)
 		$task_parent=$tmparray[1];
 		if (empty($task_parent)) $task_parent = 0;	// If task_parent is ''
 
-		$object->ref = $_POST["ref"];
+		$object->ref = GETPOST("ref",'alpha',2);
 		$object->label = $_POST["label"];
 		$object->description = $_POST['description'];
 		$object->fk_task_parent = $task_parent;