diff --git a/htdocs/accountancy/admin/accountmodel.php b/htdocs/accountancy/admin/accountmodel.php index b5b5318a1cc..fd0ff2e72da 100644 --- a/htdocs/accountancy/admin/accountmodel.php +++ b/htdocs/accountancy/admin/accountmodel.php @@ -230,7 +230,7 @@ if (GETPOST('actionadd', 'alpha') || GETPOST('actionmodify', 'alpha')) { if ($i) { $sql .= ","; } - if ($_POST[$listfieldvalue[$i]] == '') { + if (GETPOST($listfieldvalue[$i]) == '') { $sql .= "null"; } else { $sql .= "'".$db->escape(GETPOST($listfieldvalue[$i]))."'"; @@ -279,7 +279,7 @@ if (GETPOST('actionadd', 'alpha') || GETPOST('actionmodify', 'alpha')) { $sql .= ","; } $sql .= $field."="; - if ($_POST[$listfieldvalue[$i]] == '') { + if (GETPOST($listfieldvalue[$i]) == '') { $sql .= "null"; } else { $sql .= "'".$db->escape(GETPOST($listfieldvalue[$i]))."'"; diff --git a/htdocs/accountancy/admin/categories_list.php b/htdocs/accountancy/admin/categories_list.php index cab20e31010..c0439445261 100644 --- a/htdocs/accountancy/admin/categories_list.php +++ b/htdocs/accountancy/admin/categories_list.php @@ -195,17 +195,6 @@ if (GETPOST('actionadd', 'alpha') || GETPOST('actionmodify', 'alpha')) { setEventMessages($langs->transnoentities('ErrorFieldMustBeANumeric', $langs->transnoentities("Position")), null, 'errors'); } - // Clean some parameters - if ($_POST["accountancy_code"] <= 0) { - $_POST["accountancy_code"] = ''; // If empty, we force to null - } - if ($_POST["accountancy_code_sell"] <= 0) { - $_POST["accountancy_code_sell"] = ''; // If empty, we force to null - } - if ($_POST["accountancy_code_buy"] <= 0) { - $_POST["accountancy_code_buy"] = ''; // If empty, we force to null - } - // Si verif ok et action add, on ajoute la ligne if ($ok && GETPOST('actionadd', 'alpha')) { if ($tabrowid[$id]) { @@ -243,7 +232,7 @@ if (GETPOST('actionadd', 'alpha') || GETPOST('actionmodify', 'alpha')) { if ($i) { $sql .= ","; } - if ($_POST[$listfieldvalue[$i]] == '' && !$listfieldvalue[$i] == 'formula') { + if (GETPOST($listfieldvalue[$i]) == '' && !$listfieldvalue[$i] == 'formula') { $sql .= "null"; // For vat, we want/accept code = '' } else { $sql .= "'".$db->escape(GETPOST($listfieldvalue[$i]))."'"; diff --git a/htdocs/adherents/subscription/card.php b/htdocs/adherents/subscription/card.php index 5967d670856..a18259fefe4 100644 --- a/htdocs/adherents/subscription/card.php +++ b/htdocs/adherents/subscription/card.php @@ -93,8 +93,8 @@ if ($user->rights->adherent->cotisation->creer && $action == 'update' && !$cance if ($accountline->rappro) { $errmsg = $langs->trans("SubscriptionLinkedToConciliatedTransaction"); } else { - $accountline->datev = dol_mktime($_POST['datesubhour'], $_POST['datesubmin'], 0, $_POST['datesubmonth'], $_POST['datesubday'], $_POST['datesubyear']); - $accountline->dateo = dol_mktime($_POST['datesubhour'], $_POST['datesubmin'], 0, $_POST['datesubmonth'], $_POST['datesubday'], $_POST['datesubyear']); + $accountline->datev = dol_mktime(GETPOST('datesubhour', 'int'), GETPOST('datesubmin', 'int'), 0, GETPOST('datesubmonth', 'int'), GETPOST('datesubday', 'int'), GETPOST('datesubyear', 'int')); + $accountline->dateo = dol_mktime(GETPOST('datesubhour', 'int'), GETPOST('datesubmin', 'int'), 0, GETPOST('datesubmonth', 'int'), GETPOST('datesubday', 'int'), GETPOST('datesubyear', 'int')); $accountline->amount = $amount; $result = $accountline->update($user); if ($result < 0) { @@ -105,12 +105,12 @@ if ($user->rights->adherent->cotisation->creer && $action == 'update' && !$cance if (!$errmsg) { // Modify values - $object->dateh = dol_mktime($_POST['datesubhour'], $_POST['datesubmin'], 0, $_POST['datesubmonth'], $_POST['datesubday'], $_POST['datesubyear']); - $object->datef = dol_mktime($_POST['datesubendhour'], $_POST['datesubendmin'], 0, $_POST['datesubendmonth'], $_POST['datesubendday'], $_POST['datesubendyear']); + $object->dateh = dol_mktime(GETPOST('datesubhour', 'int'), GETPOST('datesubmin', 'int'), 0, GETPOST('datesubmonth', 'int'), GETPOST('datesubday', 'int'), GETPOST('datesubyear', 'int')); + $object->datef = dol_mktime(GETPOST('datesubendhour', 'int'), GETPOST('datesubendmin', 'int'), 0, GETPOST('datesubendmonth', 'int'), GETPOST('datesubendday', 'int'), GETPOST('datesubendyear', 'int')); $object->fk_type = $typeid; $object->note = $note; + $object->note_private = $note; $object->amount = $amount; - //print 'datef='.$object->datef.' '.$_POST['datesubendday']; $result = $object->update($user); if ($result >= 0 && !count($object->errors)) { diff --git a/htdocs/admin/agenda.php b/htdocs/admin/agenda.php index a730f199213..af09d32bc73 100644 --- a/htdocs/admin/agenda.php +++ b/htdocs/admin/agenda.php @@ -88,7 +88,6 @@ if ($action == "save" && empty($cancel)) { foreach ($triggers as $trigger) { $keyparam = 'MAIN_AGENDA_ACTIONAUTO_'.$trigger['code']; - //print "param=".$param." - ".$_POST[$param]; if ($search_event === '' || preg_match('/'.preg_quote($search_event, '/').'/i', $keyparam)) { $res = dolibarr_set_const($db, $keyparam, (GETPOST($keyparam, 'alpha') ?GETPOST($keyparam, 'alpha') : ''), 'chaine', 0, '', $conf->entity); if (!($res > 0)) { diff --git a/htdocs/admin/mails.php b/htdocs/admin/mails.php index 41a436b70a8..fc8e24b9322 100644 --- a/htdocs/admin/mails.php +++ b/htdocs/admin/mails.php @@ -903,8 +903,8 @@ if ($action == 'edit') { include_once DOL_DOCUMENT_ROOT.'/core/class/html.formmail.class.php'; $formmail = new FormMail($db); $formmail->trackid = (($action == 'testhtml') ? "testhtml" : "test"); - $formmail->fromname = (GETPOSTISSET('fromname') ? $_POST['fromname'] : $conf->global->MAIN_MAIL_EMAIL_FROM); - $formmail->frommail = (GETPOSTISSET('frommail') ? $_POST['frommail'] : $conf->global->MAIN_MAIL_EMAIL_FROM); + $formmail->fromname = (GETPOSTISSET('fromname') ? GETPOST('fromname') : $conf->global->MAIN_MAIL_EMAIL_FROM); + $formmail->frommail = (GETPOSTISSET('frommail') ? GETPOST('frommail') : $conf->global->MAIN_MAIL_EMAIL_FROM); $formmail->fromid = $user->id; $formmail->fromalsorobot = 1; $formmail->fromtype = (GETPOSTISSET('fromtype') ?GETPOST('fromtype', 'aZ09') : (!empty($conf->global->MAIN_MAIL_DEFAULT_FROMTYPE) ? $conf->global->MAIN_MAIL_DEFAULT_FROMTYPE : 'user')); @@ -912,9 +912,9 @@ if ($action == 'edit') { $formmail->withsubstit = 1; $formmail->withfrom = 1; $formmail->witherrorsto = 1; - $formmail->withto = (!empty($_POST['sendto']) ? GETPOST('sendto', 'restricthtml') : ($user->email ? $user->email : 1)); - $formmail->withtocc = (!empty($_POST['sendtocc']) ? GETPOST('sendtocc', 'restricthtml') : 1); // ! empty to keep field if empty - $formmail->withtoccc = (!empty($_POST['sendtoccc']) ? GETPOST('sendtoccc', 'restricthtml') : 1); // ! empty to keep field if empty + $formmail->withto = (GETPOSTISSET('sendto') ? GETPOST('sendto', 'restricthtml') : ($user->email ? $user->email : 1)); + $formmail->withtocc = (GETPOSTISSET('sendtocc') ? GETPOST('sendtocc', 'restricthtml') : 1); // ! empty to keep field if empty + $formmail->withtoccc = (GETPOSTISSET('sendtoccc') ? GETPOST('sendtoccc', 'restricthtml') : 1); // ! empty to keep field if empty $formmail->withtopic = (GETPOSTISSET('subject') ? GETPOST('subject') : $langs->trans("Test")); $formmail->withtopicreadonly = 0; $formmail->withfile = 2; diff --git a/htdocs/admin/mails_templates.php b/htdocs/admin/mails_templates.php index fb3a1ccf702..476f15459cb 100644 --- a/htdocs/admin/mails_templates.php +++ b/htdocs/admin/mails_templates.php @@ -308,7 +308,7 @@ if (empty($reshook)) { // Rename some POST variables into a generic name if (GETPOST('actionmodify', 'alpha') && $value == 'topic') { - $_POST['topic'] = $_POST['topic-'.$rowid]; + $_POST['topic'] = GETPOST('topic-'.$rowid); } if ((!GETPOSTISSET($value) || GETPOST($value) == '' || GETPOST($value) == '-1') && $value != 'lang' && $value != 'fk_user' && $value != 'position') { diff --git a/htdocs/admin/mails_ticket.php b/htdocs/admin/mails_ticket.php index 79c549c0609..481fcad212c 100644 --- a/htdocs/admin/mails_ticket.php +++ b/htdocs/admin/mails_ticket.php @@ -537,16 +537,16 @@ if ($action == 'edit') { // Cree l'objet formulaire mail include_once DOL_DOCUMENT_ROOT.'/core/class/html.formmail.class.php'; $formmail = new FormMail($db); - $formmail->fromname = (GETPOSTISSET('fromname') ? $_POST['fromname'] : $conf->global->MAIN_MAIL_EMAIL_FROM); - $formmail->frommail = (GETPOSTISSET('frommail') ? $_POST['frommail'] : $conf->global->MAIN_MAIL_EMAIL_FROM); + $formmail->fromname = (GETPOSTISSET('fromname') ? GETPOST('fromname') : $conf->global->MAIN_MAIL_EMAIL_FROM); + $formmail->frommail = (GETPOSTISSET('frommail') ? GETPOST('frommail') : $conf->global->MAIN_MAIL_EMAIL_FROM); $formmail->trackid = (($action == 'testhtml') ? "testhtml" : "test"); $formmail->withfromreadonly = 0; $formmail->withsubstit = 0; $formmail->withfrom = 1; $formmail->witherrorsto = 1; - $formmail->withto = (!empty($_POST['sendto']) ? GETPOST('sendto', 'restricthtml') : ($user->email ? $user->email : 1)); - $formmail->withtocc = (!empty($_POST['sendtocc']) ? GETPOST('sendtocc', 'restricthtml') : 1); // ! empty to keep field if empty - $formmail->withtoccc = (!empty($_POST['sendtoccc']) ? GETPOST('sendtoccc', 'restricthtml') : 1); // ! empty to keep field if empty + $formmail->withto = (GETPOSTISSET('sendto') ? GETPOST('sendto', 'restricthtml') : ($user->email ? $user->email : 1)); + $formmail->withtocc = (GETPOSTISSET('sendtocc') ? GETPOST('sendtocc', 'restricthtml') : 1); + $formmail->withtoccc = (GETPOSTISSET('sendtoccc') ? GETPOST('sendtoccc', 'restricthtml') : 1); $formmail->withtopic = (GETPOSTISSET('subject') ? GETPOST('subject') : $langs->trans("Test")); $formmail->withtopicreadonly = 0; $formmail->withfile = 2; diff --git a/htdocs/admin/menus/edit.php b/htdocs/admin/menus/edit.php index 02c46d8ca35..b3c3e5066c2 100644 --- a/htdocs/admin/menus/edit.php +++ b/htdocs/admin/menus/edit.php @@ -152,32 +152,32 @@ if ($action == 'add') { $langs->load("errors"); $error = 0; - if (!$error && !$_POST['menu_handler']) { + if (!$error && !GETPOST('menu_handler')) { setEventMessages($langs->trans("ErrorFieldRequired", $langs->transnoentities("MenuHandler")), null, 'errors'); $action = 'create'; $error++; } - if (!$error && !$_POST['type']) { + if (!$error && !GETPOST('type')) { setEventMessages($langs->trans("ErrorFieldRequired", $langs->transnoentities("Type")), null, 'errors'); $action = 'create'; $error++; } - if (!$error && !$_POST['url']) { + if (!$error && !GETPOST('url')) { setEventMessages($langs->trans("ErrorFieldRequired", $langs->transnoentitiesnoconv("URL")), null, 'errors'); $action = 'create'; $error++; } - if (!$error && !$_POST['titre']) { + if (!$error && !GETPOST('titre')) { setEventMessages($langs->trans("ErrorFieldRequired", $langs->transnoentitiesnoconv("Title")), null, 'errors'); $action = 'create'; $error++; } - if (!$error && $_POST['menuId'] && $_POST['type'] == 'top') { + if (!$error && GETPOST('menuId') && GETPOST('type') == 'top') { setEventMessages($langs->trans("ErrorTopMenuMustHaveAParentWithId0"), null, 'errors'); $action = 'create'; $error++; } - if (!$error && !$_POST['menuId'] && $_POST['type'] == 'left') { + if (!$error && !GETPOST('menuId') && GETPOST('type') == 'left') { setEventMessages($langs->trans("ErrorLeftMenuMustHaveAParentId"), null, 'errors'); $action = 'create'; $error++; diff --git a/htdocs/admin/modules.php b/htdocs/admin/modules.php index 29d2335a0f9..4ad384233d8 100644 --- a/htdocs/admin/modules.php +++ b/htdocs/admin/modules.php @@ -48,7 +48,6 @@ if (empty($mode)) { $mode = 'common'; } $action = GETPOST('action', 'aZ09'); -//var_dump($_POST);exit; $value = GETPOST('value', 'alpha'); $page_y = GETPOST('page_y', 'int'); $search_keyword = GETPOST('search_keyword', 'alpha'); diff --git a/htdocs/admin/sms.php b/htdocs/admin/sms.php index 05abf8c3995..19a94d05dd8 100644 --- a/htdocs/admin/sms.php +++ b/htdocs/admin/sms.php @@ -62,7 +62,7 @@ if ($action == 'update' && !$cancel) { // Send sms -if ($action == 'send' && !$_POST['cancel']) { +if ($action == 'send' && !$cancel) { $error = 0; $smsfrom = ''; diff --git a/htdocs/admin/website.php b/htdocs/admin/website.php index d1a24ff072c..b5098bfd3ce 100644 --- a/htdocs/admin/website.php +++ b/htdocs/admin/website.php @@ -198,15 +198,15 @@ if (GETPOST('actionadd', 'alpha') || GETPOST('actionmodify', 'alpha')) { $_POST[$listfieldvalue[$i]] = $conf->entity; } if ($value == 'ref') { - $_POST[$listfieldvalue[$i]] = strtolower($_POST[$listfieldvalue[$i]]); + $_POST[$listfieldvalue[$i]] = strtolower(GETPOST($listfieldvalue[$i])); } if ($i) { $sql .= ","; } - if ($_POST[$listfieldvalue[$i]] == '') { + if (GETPOST($listfieldvalue[$i]) == '') { $sql .= "null"; } else { - $sql .= "'".$db->escape($_POST[$listfieldvalue[$i]])."'"; + $sql .= "'".$db->escape(GETPOST($listfieldvalue[$i]))."'"; } $i++; } @@ -259,7 +259,7 @@ if (GETPOST('actionadd', 'alpha') || GETPOST('actionmodify', 'alpha')) { if ($_POST[$listfieldvalue[$i]] == '') { $sql .= "null"; } else { - $sql .= "'".$db->escape($_POST[$listfieldvalue[$i]])."'"; + $sql .= "'".$db->escape(GETPOST($listfieldvalue[$i]))."'"; } $i++; } diff --git a/htdocs/barcode/printsheet.php b/htdocs/barcode/printsheet.php index 8663d50e66a..763463d6fb8 100644 --- a/htdocs/barcode/printsheet.php +++ b/htdocs/barcode/printsheet.php @@ -23,7 +23,7 @@ * \brief Page to print sheets with barcodes using the document templates into core/modules/printsheets */ -if (!empty($_POST['mode']) && $_POST['mode'] === 'label') { // Page is called to build a PDF and output, we must ne renew the token. +if (!empty($_POST['mode']) && $_POST['mode'] === 'label') { // Page is called to build a PDF and output, we must not renew the token. if (!defined('NOTOKENRENEWAL')) { define('NOTOKENRENEWAL', '1'); // Do not roll the Anti CSRF token (used if MAIN_SECURITY_CSRF_WITH_TOKEN is on) } diff --git a/htdocs/comm/card.php b/htdocs/comm/card.php index 90d3ed128f7..eabcb1a55bf 100644 --- a/htdocs/comm/card.php +++ b/htdocs/comm/card.php @@ -214,7 +214,7 @@ if (empty($reshook)) { // assujetissement a la TVA if ($action == 'setassujtva' && $user->rights->societe->creer) { $object->fetch($id); - $object->tva_assuj = $_POST['assujtva_value']; + $object->tva_assuj = GETPOST('assujtva_value'); $result = $object->update($object->id); if ($result < 0) { setEventMessages($object->error, $object->errors, 'errors'); diff --git a/htdocs/comm/mailing/card.php b/htdocs/comm/mailing/card.php index 79faf4b2cd2..f82df06313b 100644 --- a/htdocs/comm/mailing/card.php +++ b/htdocs/comm/mailing/card.php @@ -745,7 +745,7 @@ if ($action == 'create') { print ''; print ''; print ''; print '
'.$langs->trans("MailTopic").'
'.$langs->trans("BackgroundColorByDefault").''; - print $htmlother->selectColor($_POST['bgcolor'], 'bgcolor', '', 0); + print $htmlother->selectColor(GETPOST('bgcolor'), 'bgcolor', '', 0); print '
'; diff --git a/htdocs/comm/propal/card.php b/htdocs/comm/propal/card.php index 45a4d2fdb57..61a406a2378 100644 --- a/htdocs/comm/propal/card.php +++ b/htdocs/comm/propal/card.php @@ -302,7 +302,7 @@ if (empty($reshook)) { } } } elseif ($action == 'setdate' && $usercancreate) { - $datep = dol_mktime(12, 0, 0, $_POST['remonth'], $_POST['reday'], $_POST['reyear']); + $datep = dol_mktime(12, 0, 0, GETPOST('remonth', 'int'), GETPOST('reday', 'int'), GETPOST('reyear', 'int')); if (empty($datep)) { $error++; @@ -316,7 +316,7 @@ if (empty($reshook)) { } } } elseif ($action == 'setecheance' && $usercancreate) { - $result = $object->set_echeance($user, dol_mktime(12, 0, 0, $_POST['echmonth'], $_POST['echday'], $_POST['echyear'])); + $result = $object->set_echeance($user, dol_mktime(12, 0, 0, GETPOST('echmonth', 'int'), GETPOST('echday', 'int'), GETPOST('echyear', 'int'))); if ($result >= 0) { if (empty($conf->global->MAIN_DISABLE_PDF_AUTOUPDATE)) { $outputlangs = $langs; @@ -339,7 +339,7 @@ if (empty($reshook)) { setEventMessages($object->error, $object->errors, 'errors'); } } elseif ($action == 'setdate_livraison' && $usercancreate) { - $result = $object->setDeliveryDate($user, dol_mktime(12, 0, 0, $_POST['date_livraisonmonth'], $_POST['date_livraisonday'], $_POST['date_livraisonyear'])); + $result = $object->setDeliveryDate($user, dol_mktime(12, 0, 0, GETPOST('date_livraisonmonth', 'int'), GETPOST('date_livraisonday', 'int'), GETPOST('date_livraisonyear', 'int'))); if ($result < 0) { dol_print_error($db, $object->error); } diff --git a/htdocs/comm/propal/contact.php b/htdocs/comm/propal/contact.php index fedf6a6233d..989dcfe7098 100644 --- a/htdocs/comm/propal/contact.php +++ b/htdocs/comm/propal/contact.php @@ -107,12 +107,6 @@ if ($action == 'addcontact' && $user->rights->propale->creer) { dol_print_error($db); } } -/* -elseif ($action == 'setaddress' && $user->rights->propale->creer) -{ - $result=$object->setDeliveryAddress($_POST['fk_address']); - if ($result < 0) dol_print_error($db,$object->error); -}*/ /* diff --git a/htdocs/comm/remx.php b/htdocs/comm/remx.php index 4404f9758a6..d44093dbab5 100644 --- a/htdocs/comm/remx.php +++ b/htdocs/comm/remx.php @@ -160,7 +160,7 @@ if ($action == 'setremise' && $user->rights->societe->creer) { $amount_ht = price2num(GETPOST('amount_ht', 'alpha')); $desc = GETPOST('desc', 'alpha'); $tva_tx = GETPOST('tva_tx', 'alpha'); - $discount_type = !empty($_POST['discount_type']) ?GETPOST('discount_type', 'alpha') : 0; + $discount_type = GETPOSTISSET('discount_type') ? GETPOST('discount_type', 'alpha') : 0; if ($amount_ht > 0) { $error = 0; diff --git a/htdocs/commande/card.php b/htdocs/commande/card.php index 72851c3943a..9b11a477d52 100644 --- a/htdocs/commande/card.php +++ b/htdocs/commande/card.php @@ -533,7 +533,6 @@ if (empty($reshook)) { } } } elseif ($action == 'setdate' && $usercancreate) { - // print "x ".$_POST['liv_month'].", ".$_POST['liv_day'].", ".$_POST['liv_year']; $date = dol_mktime(0, 0, 0, GETPOST('order_month', 'int'), GETPOST('order_day', 'int'), GETPOST('order_year', 'int')); $result = $object->set_date($user, $date); @@ -541,7 +540,6 @@ if (empty($reshook)) { setEventMessages($object->error, $object->errors, 'errors'); } } elseif ($action == 'setdate_livraison' && $usercancreate) { - // print "x ".$_POST['liv_month'].", ".$_POST['liv_day'].", ".$_POST['liv_year']; $date_delivery = dol_mktime(GETPOST('liv_hour', 'int'), GETPOST('liv_min', 'int'), 0, GETPOST('liv_month', 'int'), GETPOST('liv_day', 'int'), GETPOST('liv_year', 'int')); $object->fetch($id); diff --git a/htdocs/commande/contact.php b/htdocs/commande/contact.php index a4d857a47fd..b89623fc3a0 100644 --- a/htdocs/commande/contact.php +++ b/htdocs/commande/contact.php @@ -91,13 +91,6 @@ if ($action == 'addcontact' && $user->rights->commande->creer) { setEventMessages($object->error, $object->errors, 'errors'); } } -/* -elseif ($action == 'setaddress' && $user->rights->commande->creer) -{ - $object->fetch($id); - $result=$object->setDeliveryAddress($_POST['fk_address']); - if ($result < 0) dol_print_error($db,$object->error); -}*/ /* diff --git a/htdocs/compta/ajaxpayment.php b/htdocs/compta/ajaxpayment.php index bdeeb072e97..0332a925f9d 100644 --- a/htdocs/compta/ajaxpayment.php +++ b/htdocs/compta/ajaxpayment.php @@ -47,10 +47,10 @@ $langs->load('compta'); //init var $invoice_type = GETPOST('invoice_type', 'int'); -$amountPayment = $_POST['amountPayment']; -$amounts = $_POST['amounts']; // from text inputs : invoice amount payment (check required) -$remains = $_POST['remains']; // from dolibarr's object (no need to check) -$currentInvId = $_POST['imgClicked']; // from DOM elements : imgId (equals invoice id) +$amountPayment = GETPOST('amountPayment'); +$amounts = GETPOST('amounts'); // from text inputs : invoice amount payment (check required) +$remains = GETPOST('remains'); // from dolibarr's object (no need to check) +$currentInvId = GETPOST('imgClicked'); // from DOM elements : imgId (equals invoice id) // Getting the posted keys=>values, sanitize the ones who are from text inputs $amountPayment = $amountPayment != '' ? (is_numeric(price2num($amountPayment)) ? price2num($amountPayment) : '') : ''; // keep void if not a valid entry diff --git a/htdocs/compta/bank/card.php b/htdocs/compta/bank/card.php index 8430d9e7440..4e37268756d 100644 --- a/htdocs/compta/bank/card.php +++ b/htdocs/compta/bank/card.php @@ -283,7 +283,7 @@ if (empty($reshook)) { $categories = GETPOST('categories', 'array'); $object->setCategories($categories); - $_GET["id"] = $_POST["id"]; // Force chargement page en mode visu + $_GET["id"] = GETPOST("id", 'int'); // Force chargement page en mode visu } else { $error++; setEventMessages($object->error, $object->errors, 'errors'); diff --git a/htdocs/compta/facture/card-rec.php b/htdocs/compta/facture/card-rec.php index 3909d9437b4..a30abcc9ca1 100644 --- a/htdocs/compta/facture/card-rec.php +++ b/htdocs/compta/facture/card-rec.php @@ -488,7 +488,7 @@ if (empty($reshook)) { // Define special_code for special lines $special_code = 0; - // if (empty($_POST['qty'])) $special_code=3; // Options should not exists on invoices + // if (!GETPOST('qty')) $special_code=3; // Options should not exists on invoices // Ecrase $pu par celui du produit // Ecrase $desc par celui du produit diff --git a/htdocs/compta/facture/card.php b/htdocs/compta/facture/card.php index 1e2f521e3d9..278a7837374 100644 --- a/htdocs/compta/facture/card.php +++ b/htdocs/compta/facture/card.php @@ -367,7 +367,7 @@ if (empty($reshook)) { } } elseif ($action == 'classin' && $usercancreate) { $object->fetch($id); - $object->setProject($_POST['projectid']); + $object->setProject(GETPOST('projectid', 'int')); } elseif ($action == 'setmode' && $usercancreate) { $object->fetch($id); $result = $object->setPaymentMethods(GETPOST('mode_reglement_id', 'int')); @@ -489,7 +489,7 @@ if (empty($reshook)) { } } elseif ($action == 'setpaymentterm' && $usercancreate) { $object->fetch($id); - $object->date_lim_reglement = dol_mktime(12, 0, 0, $_POST['paymenttermmonth'], $_POST['paymenttermday'], $_POST['paymenttermyear']); + $object->date_lim_reglement = dol_mktime(12, 0, 0, GETPOST('paymenttermmonth', 'int'), GETPOST('paymenttermday', 'int'), GETPOST('paymenttermyear', 'int')); if ($object->date_lim_reglement < $object->date) { $object->date_lim_reglement = $object->calculate_date_lim_reglement(); setEventMessages($langs->trans("DatePaymentTermCantBeLowerThanObjectDate"), null, 'warnings'); @@ -2110,7 +2110,7 @@ if (empty($reshook)) { // Define special_code for special lines $special_code = 0; - // if (empty($_POST['qty'])) $special_code=3; // Options should not exists on invoices + // if (!GETPOST(qty)) $special_code=3; // Options should not exists on invoices // Ecrase $pu par celui du produit // Ecrase $desc par celui du produit @@ -2284,7 +2284,7 @@ if (empty($reshook)) { } // Insert line - $result = $object->addline($desc, $pu_ht, $qty, $tva_tx, $localtax1_tx, $localtax2_tx, $idprod, $remise_percent, $date_start, $date_end, 0, $info_bits, '', $price_base_type, $pu_ttc, $type, - 1, $special_code, '', 0, GETPOST('fk_parent_line'), $fournprice, $buyingprice, $label, $array_options, $_POST['progress'], '', $fk_unit, $pu_ht_devise); + $result = $object->addline($desc, $pu_ht, $qty, $tva_tx, $localtax1_tx, $localtax2_tx, $idprod, $remise_percent, $date_start, $date_end, 0, $info_bits, '', $price_base_type, $pu_ttc, $type, - 1, $special_code, '', 0, GETPOST('fk_parent_line'), $fournprice, $buyingprice, $label, $array_options, GETPOST('progress'), '', $fk_unit, $pu_ht_devise); if ($result > 0) { // Define output language and generate document @@ -2579,7 +2579,7 @@ if (empty($reshook)) { setEventMessages($object->error, $object->errors, 'errors'); } } - } elseif ($action == 'updatealllines' && $usercancreate && $_POST['all_percent'] == $langs->trans('Modifier')) { // Update all lines of situation invoice + } elseif ($action == 'updatealllines' && $usercancreate && GETPOST('all_percent') == $langs->trans('Modifier')) { // Update all lines of situation invoice if (!$object->fetch($id) > 0) { dol_print_error($db); } @@ -2592,11 +2592,11 @@ if (empty($reshook)) { setEventMessages($mesg, null, 'warnings'); $result = -1; } else { - $object->update_percent($line, $_POST['all_progress']); + $object->update_percent($line, GETPOST('all_progress')); } } } - } elseif ($action == 'updateline' && $usercancreate && $_POST['cancel'] == $langs->trans("Cancel")) { + } elseif ($action == 'updateline' && $usercancreate && !$cancel) { header('Location: '.$_SERVER["PHP_SELF"].'?facid='.$id); // To show again edited page exit(); } elseif ($action == 'confirm_situationout' && $confirm == 'yes' && $usercancreate) { diff --git a/htdocs/compta/paiement.php b/htdocs/compta/paiement.php index 635727233d3..5039507e3f5 100644 --- a/htdocs/compta/paiement.php +++ b/htdocs/compta/paiement.php @@ -127,7 +127,7 @@ if (empty($reshook)) { } } - $formquestion[$i++] = array('type' => 'hidden', 'name' => $key, 'value' => $_POST[$key]); + $formquestion[$i++] = array('type' => 'hidden', 'name' => $key, 'value' => GETPOST($key)); } elseif (substr($key, 0, 21) == 'multicurrency_amount_') { $cursorfacid = substr($key, 21); $multicurrency_amounts[$cursorfacid] = price2num(GETPOST($key)); @@ -702,11 +702,11 @@ if ($action == 'create' || $action == 'confirm_paiement' || $action == 'add_paie if (!empty($conf->use_javascript_ajax)) { print img_picto("Auto fill", 'rightarrow', "class='AutoFillAmout' data-rowname='".$namef."' data-value='".($sign * $multicurrency_remaintopay)."'"); } - print ''; + print ''; print ''; } else { - print ''; - print ''; + print ''; + print ''; } } print ""; diff --git a/htdocs/compta/paiement/card.php b/htdocs/compta/paiement/card.php index 93fdd415513..33558ddf38a 100644 --- a/htdocs/compta/paiement/card.php +++ b/htdocs/compta/paiement/card.php @@ -173,8 +173,8 @@ if ($action == 'confirm_validate' && $confirm == 'yes' && $user->rights->facture } } -if ($action == 'setnum_paiement' && !empty($_POST['num_paiement'])) { - $res = $object->update_num($_POST['num_paiement']); +if ($action == 'setnum_paiement' && GETPOST('num_paiement')) { + $res = $object->update_num(GETPOST('num_paiement')); if ($res === 0) { setEventMessages($langs->trans('PaymentNumberUpdateSucceeded'), null, 'mesgs'); } else { @@ -182,7 +182,7 @@ if ($action == 'setnum_paiement' && !empty($_POST['num_paiement'])) { } } -if ($action == 'setdatep' && !empty($_POST['datepday'])) { +if ($action == 'setdatep' && GETPOST('datepday')) { $datepaye = dol_mktime(GETPOST('datephour', 'int'), GETPOST('datepmin', 'int'), GETPOST('datepsec', 'int'), GETPOST('datepmonth', 'int'), GETPOST('datepday', 'int'), GETPOST('datepyear', 'int')); $res = $object->update_date($datepaye); if ($res === 0) { diff --git a/htdocs/compta/paiement/cheque/card.php b/htdocs/compta/paiement/cheque/card.php index 0dd6c57313e..610974e5528 100644 --- a/htdocs/compta/paiement/cheque/card.php +++ b/htdocs/compta/paiement/cheque/card.php @@ -77,8 +77,7 @@ $object = new RemiseCheque($db); if ($action == 'setdate' && $user->rights->banque->cheque) { $result = $object->fetch(GETPOST('id', 'int')); if ($result > 0) { - //print "x ".$_POST['liv_month'].", ".$_POST['liv_day'].", ".$_POST['liv_year']; - $date = dol_mktime(0, 0, 0, $_POST['datecreate_month'], $_POST['datecreate_day'], $_POST['datecreate_year']); + $date = dol_mktime(0, 0, 0, GETPOST('datecreate_month', 'int'), GETPOST('datecreate_day', 'int'), GETPOST('datecreate_year', 'int')); $result = $object->set_date($user, $date); if ($result < 0) { @@ -118,7 +117,7 @@ if ($action == 'setref' && $user->rights->banque->cheque) { } if ($action == 'create' && GETPOST("accountid", "int") > 0 && $user->rights->banque->cheque) { - if (is_array($_POST['toRemise'])) { + if (is_array(GETPOST('toRemise'))) { $result = $object->create($user, GETPOST("accountid", "int"), 0, GETPOST('toRemise')); if ($result > 0) { if ($object->statut == 1) { // If statut is validated, we build doc diff --git a/htdocs/compta/paiement_charge.php b/htdocs/compta/paiement_charge.php index 6ed84de293c..7cd49a9427c 100644 --- a/htdocs/compta/paiement_charge.php +++ b/htdocs/compta/paiement_charge.php @@ -83,7 +83,7 @@ if ($action == 'add_payment' || ($action == 'confirm_paiement' && $confirm == 'y foreach ($_POST as $key => $value) { if (substr($key, 0, 7) == 'amount_') { $other_chid = substr($key, 7); - $amounts[$other_chid] = price2num($_POST[$key]); + $amounts[$other_chid] = price2num(GETPOST($key)); } } diff --git a/htdocs/compta/tva/card.php b/htdocs/compta/tva/card.php index 317838009c7..538b561e7fe 100644 --- a/htdocs/compta/tva/card.php +++ b/htdocs/compta/tva/card.php @@ -468,7 +468,7 @@ if ($action == 'create') { } else { $label = $langs->trans("VATPayment"); } - print ''.$langs->trans("Label").''; + print ''.$langs->trans("Label").''; print ''.$form->textwithpicto($langs->trans("PeriodEndDate"), $langs->trans("LastDayTaxIsRelatedTo")).''; print $form->selectDate((GETPOST("datevmonth", 'int') ? $datev : -1), "datev", '', '', '', 'add', 1, 1); diff --git a/htdocs/contrat/card.php b/htdocs/contrat/card.php index abc89ecc1eb..87d6b98475b 100644 --- a/htdocs/contrat/card.php +++ b/htdocs/contrat/card.php @@ -534,9 +534,9 @@ if (empty($reshook)) { $localtax2_tx = get_localtax($tva_tx, 2, $object->thirdparty, $mysoc, $tva_npr); // ajout prix achat - $fk_fournprice = $_POST['fournprice']; - if (!empty($_POST['buying_price'])) { - $pa_ht = $_POST['buying_price']; + $fk_fournprice = GETPOST('fournprice'); + if (GETPOST('buying_price')) { + $pa_ht = GETPOST('buying_price'); } else { $pa_ht = null; } diff --git a/htdocs/core/actions_massactions.inc.php b/htdocs/core/actions_massactions.inc.php index 602897d34f9..af92138c5d5 100644 --- a/htdocs/core/actions_massactions.inc.php +++ b/htdocs/core/actions_massactions.inc.php @@ -143,7 +143,7 @@ if (!$error && $massaction == 'confirm_presend') { $massaction = 'presend'; } - $receiver = $_POST['receiver']; + $receiver = GETPOST('receiver', 'alphawithlgt'); if (!is_array($receiver)) { if (empty($receiver) || $receiver == '-1') { $receiver = array(); @@ -181,7 +181,7 @@ if (!$error && $massaction == 'confirm_presend') { $tmparray = array(); if (trim($_POST['sendto'])) { // Recipients are provided into free text - $tmparray[] = trim($_POST['sendto']); + $tmparray[] = trim(GETPOST('sendto', 'alphawithlgt')); } if (count($receiver) > 0) { foreach ($receiver as $key => $val) { @@ -197,7 +197,7 @@ if (!$error && $massaction == 'confirm_presend') { $sendto = implode(',', $tmparray); // Define $sendtocc - $receivercc = $_POST['receivercc']; + $receivercc = GETPOST('receivercc', 'alphawithlgt'); if (!is_array($receivercc)) { if ($receivercc == '-1') { $receivercc = array(); @@ -207,7 +207,7 @@ if (!$error && $massaction == 'confirm_presend') { } $tmparray = array(); if (trim($_POST['sendtocc'])) { - $tmparray[] = trim($_POST['sendtocc']); + $tmparray[] = trim(GETPOST('sendtocc', 'alphawithlgt')); } if (count($receivercc) > 0) { foreach ($receivercc as $key => $val) { @@ -298,7 +298,7 @@ if (!$error && $massaction == 'confirm_presend') { continue; } - if ($_POST['addmaindocfile']) { + if (GETPOST('addmaindocfile')) { // TODO Use future field $objectobj->fullpathdoc to know where is stored default file // TODO If not defined, use $objectobj->model_pdf (or defaut invoice config) to know what is template to use to regenerate doc. $filename = dol_sanitizeFileName($objectobj->ref).'.pdf'; @@ -347,7 +347,7 @@ if (!$error && $massaction == 'confirm_presend') { $reg = array(); $fromtype = GETPOST('fromtype'); if ($fromtype === 'user') { - $from = $user->getFullName($langs).' <'.$user->email.'>'; + $from = dol_string_nospecial($user->getFullName($langs), ' ', array(",")).' <'.$user->email.'>'; } elseif ($fromtype === 'company') { $from = $conf->global->MAIN_INFO_SOCIETE_NOM.' <'.$conf->global->MAIN_INFO_SOCIETE_MAIL.'>'; } elseif (preg_match('/user_aliases_(\d+)/', $fromtype, $reg)) { @@ -361,10 +361,10 @@ if (!$error && $massaction == 'confirm_presend') { $resql = $db->query($sql); $obj = $db->fetch_object($resql); if ($obj) { - $from = $obj->label.' <'.$obj->email.'>'; + $from = dol_string_nospecial($obj->label, ' ', array(",")).' <'.$obj->email.'>'; } } else { - $from = $_POST['fromname'].' <'.$_POST['frommail'].'>'; + $from = GETPOST('fromname').' <'.GETPOST('frommail').'>'; } $replyto = $from; diff --git a/htdocs/core/actions_sendmails.inc.php b/htdocs/core/actions_sendmails.inc.php index 55416354441..d31f8d60dfc 100644 --- a/htdocs/core/actions_sendmails.inc.php +++ b/htdocs/core/actions_sendmails.inc.php @@ -49,7 +49,7 @@ if (GETPOST('addfile', 'alpha')) { /* * Remove file in email form */ -if (!empty($_POST['removedfile']) && empty($_POST['removAll'])) { +if (GETPOST('removedfile') && !GETPOST('removAll')) { $trackid = GETPOST('trackid', 'aZ09'); require_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php'; @@ -103,7 +103,7 @@ if (GETPOST('removAll', 'alpha')) { /* * Send mail */ -if (($action == 'send' || $action == 'relance') && !$_POST['addfile'] && !$_POST['removAll'] && !$_POST['removedfile'] && !$_POST['cancel'] && !$_POST['modelselected']) { +if (($action == 'send' || $action == 'relance') && !GETPOST('addfile') && !GETPOST('removAll') && !GETPOST('removedfile') && !GETPOST('cancel') && !GETPOST('modelselected')) { if (empty($trackid)) { $trackid = GETPOST('trackid', 'aZ09'); } @@ -171,7 +171,7 @@ if (($action == 'send' || $action == 'relance') && !$_POST['addfile'] && !$_POST $sendtoccuserid = array(); // Define $sendto - $receiver = $_POST['receiver']; + $receiver = GETPOST('receiver', 'alphawithlgt'); if (!is_array($receiver)) { if ($receiver == '-1') { $receiver = array(); @@ -183,12 +183,12 @@ if (($action == 'send' || $action == 'relance') && !$_POST['addfile'] && !$_POST $tmparray = array(); if (trim($_POST['sendto'])) { // Recipients are provided into free text field - $tmparray[] = trim($_POST['sendto']); + $tmparray[] = trim(GETPOST('sendto', 'alphawithlgt')); } if (trim($_POST['tomail'])) { // Recipients are provided into free hidden text field - $tmparray[] = trim($_POST['tomail']); + $tmparray[] = trim(GETPOST('tomail', 'alphawithlgt')); } if (count($receiver) > 0) { @@ -207,7 +207,7 @@ if (($action == 'send' || $action == 'relance') && !$_POST['addfile'] && !$_POST } if (!empty($conf->global->MAIN_MAIL_ENABLED_USER_DEST_SELECT)) { - $receiveruser = $_POST['receiveruser']; + $receiveruser = GETPOST('receiveruser', 'alphawithlgt'); if (is_array($receiveruser) && count($receiveruser) > 0) { $fuserdest = new User($db); foreach ($receiveruser as $key => $val) { @@ -220,7 +220,7 @@ if (($action == 'send' || $action == 'relance') && !$_POST['addfile'] && !$_POST $sendto = implode(',', $tmparray); // Define $sendtocc - $receivercc = $_POST['receivercc']; + $receivercc = GETPOST('receivercc', 'alphawithlgt'); if (!is_array($receivercc)) { if ($receivercc == '-1') { $receivercc = array(); @@ -230,7 +230,7 @@ if (($action == 'send' || $action == 'relance') && !$_POST['addfile'] && !$_POST } $tmparray = array(); if (trim($_POST['sendtocc'])) { - $tmparray[] = trim($_POST['sendtocc']); + $tmparray[] = trim(GETPOST('sendtocc', 'alphawithlgt')); } if (count($receivercc) > 0) { foreach ($receivercc as $key => $val) { @@ -248,7 +248,7 @@ if (($action == 'send' || $action == 'relance') && !$_POST['addfile'] && !$_POST } } if (!empty($conf->global->MAIN_MAIL_ENABLED_USER_DEST_SELECT)) { - $receiverccuser = $_POST['receiverccuser']; + $receiverccuser = GETPOST('receiverccuser', 'alphawithlgt'); if (is_array($receiverccuser) && count($receiverccuser) > 0) { $fuserdest = new User($db); @@ -293,10 +293,10 @@ if (($action == 'send' || $action == 'relance') && !$_POST['addfile'] && !$_POST $from = dol_string_nospecial($obj->label, ' ', array(",")).' <'.$obj->email.'>'; } } else { - $from = dol_string_nospecial($_POST['fromname'], ' ', array(",")).' <'.$_POST['frommail'].'>'; + $from = dol_string_nospecial(GETPOST('fromname'), ' ', array(",")).' <'.GETPOST('frommail').'>'; } - $replyto = dol_string_nospecial($_POST['replytoname'], ' ', array(",")).' <'.$_POST['replytomail'].'>'; + $replyto = dol_string_nospecial(GETPOST('replytoname'), ' ', array(",")).' <'.GETPOST('replytomail').'>'; $message = GETPOST('message', 'restricthtml'); $subject = GETPOST('subject', 'restricthtml'); @@ -313,7 +313,7 @@ if (($action == 'send' || $action == 'relance') && !$_POST['addfile'] && !$_POST $sendtobcc .= (empty($conf->global->$autocopy) ? '' : (($sendtobcc ? ", " : "").$conf->global->$autocopy)); } - $deliveryreceipt = $_POST['deliveryreceipt']; + $deliveryreceipt = GETPOST('deliveryreceipt'); if ($action == 'send' || $action == 'relance') { $actionmsg2 = $langs->transnoentities('MailSentBy').' '.CMailFile::getValidAddress($from, 4, 0, 1).' '.$langs->transnoentities('To').' '.CMailFile::getValidAddress($sendto, 4, 0, 1); diff --git a/htdocs/core/ajax/ajaxdirtree.php b/htdocs/core/ajax/ajaxdirtree.php index 19c389ec7f8..7daa715bbb9 100644 --- a/htdocs/core/ajax/ajaxdirtree.php +++ b/htdocs/core/ajax/ajaxdirtree.php @@ -47,8 +47,6 @@ if (!isset($mode) || $mode != 'noajax') { // For ajax call include_once DOL_DOCUMENT_ROOT.'/core/class/html.form.class.php'; include_once DOL_DOCUMENT_ROOT.'/ecm/class/ecmdirectory.class.php'; - //if (GETPOST('preopened')) { $_GET['dir'] = $_POST['dir'] = '/bbb/'; } - $openeddir = GETPOST('openeddir'); $modulepart = GETPOST('modulepart'); $selecteddir = jsUnEscape(GETPOST('dir')); // relative path. We must decode using same encoding function used by javascript: escape() @@ -60,7 +58,6 @@ if (!isset($mode) || $mode != 'noajax') { // For ajax call } } else { // For no ajax call - //if (GETPOST('preopened')) { $_GET['dir'] = $_POST['dir'] = GETPOST('preopened'); } $openeddir = GETPOST('openeddir'); $modulepart = GETPOST('modulepart'); diff --git a/htdocs/core/ajax/saveinplace.php b/htdocs/core/ajax/saveinplace.php index 2f88cebf58b..05fad8148fa 100644 --- a/htdocs/core/ajax/saveinplace.php +++ b/htdocs/core/ajax/saveinplace.php @@ -103,6 +103,7 @@ if (!empty($field) && !empty($element) && !empty($table_element) && !empty($fk_e } $_POST['action'] = 'update'; // Hack so restrictarea will test permissions on write too + $feature = $newelement; $feature2 = $subelement; $object_id = $fk_element; diff --git a/htdocs/core/boxes/box_graph_nb_ticket_last_x_days.php b/htdocs/core/boxes/box_graph_nb_ticket_last_x_days.php index 2ce9444f677..5c8bd2c8555 100644 --- a/htdocs/core/boxes/box_graph_nb_ticket_last_x_days.php +++ b/htdocs/core/boxes/box_graph_nb_ticket_last_x_days.php @@ -87,11 +87,11 @@ class box_graph_nb_ticket_last_x_days extends ModeleBoxes $param_day = 'DOLUSERCOOKIE_ticket_last_days'; - if (!empty($_POST[$param_day])) { - if ($_POST[$param_day] >= 15) { + if (GETPOST($param_day)) { + if (GETPOST($param_day) >= 15) { $days = 14; } else { - $days = $_POST[$param_day]; + $days = GETPOST($param_day); } } else { $days = 7; diff --git a/htdocs/core/class/commonobject.class.php b/htdocs/core/class/commonobject.class.php index 80fe8b95e5f..aaa3aa6a766 100644 --- a/htdocs/core/class/commonobject.class.php +++ b/htdocs/core/class/commonobject.class.php @@ -5708,11 +5708,11 @@ abstract class CommonObject if (in_array($key_type, array('date'))) { // Clean parameters // TODO GMT date in memory must be GMT so we should add gm=true in parameters - $value_key = dol_mktime(0, 0, 0, $_POST[$postfieldkey."month"], $_POST[$postfieldkey."day"], $_POST[$postfieldkey."year"]); + $value_key = dol_mktime(0, 0, 0, GETPOST($postfieldkey."month", 'int'), GETPOST($postfieldkey."day", 'int'), GETPOST($postfieldkey."year", 'int')); } elseif (in_array($key_type, array('datetime'))) { // Clean parameters // TODO GMT date in memory must be GMT so we should add gm=true in parameters - $value_key = dol_mktime($_POST[$postfieldkey."hour"], $_POST[$postfieldkey."min"], 0, $_POST[$postfieldkey."month"], $_POST[$postfieldkey."day"], $_POST[$postfieldkey."year"]); + $value_key = dol_mktime(GETPOST($postfieldkey."hour", 'int'), GETPOST($postfieldkey."min", 'int'), 0, GETPOST($postfieldkey."month", 'int'), GETPOST($postfieldkey."day", 'int'), GETPOST($postfieldkey."year", 'int')); } elseif (in_array($key_type, array('checkbox', 'chkbxlst'))) { $value_arr = GETPOST($postfieldkey, 'array'); // check if an array if (!empty($value_arr)) { diff --git a/htdocs/core/class/html.formticket.class.php b/htdocs/core/class/html.formticket.class.php index ad83c706c12..aba62587fa1 100644 --- a/htdocs/core/class/html.formticket.class.php +++ b/htdocs/core/class/html.formticket.class.php @@ -1364,7 +1364,7 @@ class FormTicket } elseif (!dol_textishtml($defaultmessage) && dol_textishtml($this->substit['__USER_SIGNATURE__'])) { $defaultmessage = dol_nl2br($defaultmessage); } - if (GETPOSTISSET("message") && !$_POST['modelselected']) { + if (GETPOSTISSET("message") && !GETPOST('modelselected')) { $defaultmessage = GETPOST('message', 'restricthtml'); } else { $defaultmessage = make_substitutions($defaultmessage, $this->substit); diff --git a/htdocs/core/lib/functions.lib.php b/htdocs/core/lib/functions.lib.php index 24f36d61404..aea77cd018d 100644 --- a/htdocs/core/lib/functions.lib.php +++ b/htdocs/core/lib/functions.lib.php @@ -713,11 +713,11 @@ function GETPOSTINT($paramname, $method = 0) /** * Return a value after checking on a rule. A sanitization may also have been done. * - * @param string $out Value to check/clear. - * @param string $check Type of check/sanitizing - * @param int $filter Filter to apply when $check is set to 'custom'. (See http://php.net/manual/en/filter.filters.php for détails) - * @param mixed $options Options to pass to filter_var when $check is set to 'custom' - * @return string|array Value sanitized (string or array). It may be '' if format check fails. + * @param string|array $out Value to check/clear. + * @param string $check Type of check/sanitizing + * @param int $filter Filter to apply when $check is set to 'custom'. (See http://php.net/manual/en/filter.filters.php for détails) + * @param mixed $options Options to pass to filter_var when $check is set to 'custom' + * @return string|array Value sanitized (string or array). It may be '' if format check fails. */ function checkVal($out = '', $check = 'alphanohtml', $filter = null, $options = null) { @@ -8799,7 +8799,7 @@ function printCommonFooter($zone = 'private') // A div to store page_y POST parameter so we can read it using javascript print "\n\n"; - print ''."\n"; + print ''."\n"; $parameters = array(); $reshook = $hookmanager->executeHooks('printCommonFooter', $parameters); // Note that $action and $object may have been modified by some hooks diff --git a/htdocs/core/login/functions_googleoauth.php b/htdocs/core/login/functions_googleoauth.php index 0fce5d50587..9e4bbe72c19 100644 --- a/htdocs/core/login/functions_googleoauth.php +++ b/htdocs/core/login/functions_googleoauth.php @@ -50,7 +50,7 @@ function check_user_password_googleoauth($usertotest, $passwordtotest, $entityto // Get identity from user and redirect browser to Google OAuth Server if (GETPOSTISSET('username')) { /*$openid = new SimpleOpenID(); - $openid->SetIdentity($_POST['username']); + $openid->SetIdentity(GETPOST('username')); $protocol = ($conf->file->main_force_https ? 'https://' : 'http://'); $openid->SetTrustRoot($protocol . $_SERVER["HTTP_HOST"]); $openid->SetRequiredFields(array('email','fullname')); diff --git a/htdocs/core/modules/mailings/thirdparties.modules.php b/htdocs/core/modules/mailings/thirdparties.modules.php index 8550440d5d1..23aaf6bcd59 100644 --- a/htdocs/core/modules/mailings/thirdparties.modules.php +++ b/htdocs/core/modules/mailings/thirdparties.modules.php @@ -72,7 +72,7 @@ class mailing_thirdparties extends MailingTargets $addDescription = ""; // Select the third parties from category - if (empty($_POST['filter'])) { + if (!GETPOST('filter')) { $sql = "SELECT s.rowid as id, s.email as email, s.nom as name, null as fk_contact, null as firstname, null as label"; $sql .= " FROM ".MAIN_DB_PREFIX."societe as s"; $sql .= " WHERE s.email <> ''"; diff --git a/htdocs/core/photos_resize.php b/htdocs/core/photos_resize.php index e5c652d7d51..65a3275dab7 100644 --- a/htdocs/core/photos_resize.php +++ b/htdocs/core/photos_resize.php @@ -413,7 +413,6 @@ if ($action == 'confirm_crop') { $fullpath = $dir."/".$original_file; - //var_dump($fullpath.' '.$_POST['w'].'x'.$_POST['h'].'-'.$_POST['x'].'x'.$_POST['y']);exit; $result = dol_imageResizeOrCrop($fullpath, 1, GETPOST('w', 'int'), GETPOST('h', 'int'), GETPOST('x', 'int'), GETPOST('y', 'int')); if ($result == $fullpath) { diff --git a/htdocs/don/payment/payment.php b/htdocs/don/payment/payment.php index e81a4a30af5..5128509c88c 100644 --- a/htdocs/don/payment/payment.php +++ b/htdocs/don/payment/payment.php @@ -78,7 +78,7 @@ if ($action == 'add_payment') { foreach ($_POST as $key => $value) { if (substr($key, 0, 7) == 'amount_') { $other_chid = substr($key, 7); - $amounts[$other_chid] = price2num($_POST[$key]); + $amounts[$other_chid] = price2num(GETPOST($key)); } } @@ -110,7 +110,7 @@ if ($action == 'add_payment') { } if (!$error) { - $result = $payment->addPaymentToBank($user, 'payment_donation', '(DonationPayment)', $_POST['accountid'], '', ''); + $result = $payment->addPaymentToBank($user, 'payment_donation', '(DonationPayment)', GETPOST('accountid', 'int'), '', ''); if (!$result > 0) { $errmsg = $payment->error; setEventMessages($errmsg, null, 'errors'); diff --git a/htdocs/eventorganization/core/actions_massactions_mail.inc.php b/htdocs/eventorganization/core/actions_massactions_mail.inc.php index afdee363f24..cda9274e6d6 100644 --- a/htdocs/eventorganization/core/actions_massactions_mail.inc.php +++ b/htdocs/eventorganization/core/actions_massactions_mail.inc.php @@ -111,7 +111,7 @@ if (!$error && $massaction == 'confirm_presend_attendees') { $massaction = 'presend_attendees'; } - $receiver = $_POST['receiver']; + $receiver = GETPOST('receiver', 'alphawithlgt'); if (!is_array($receiver)) { if (empty($receiver) || $receiver == '-1') { $receiver = array(); @@ -143,7 +143,7 @@ if (!$error && $massaction == 'confirm_presend_attendees') { $sendto = $attendees->thirdparty->name . '<' . trim($attendees->email) . '>'; // Define $sendtocc - $receivercc = $_POST['receivercc']; + $receivercc = GETPOST('receivercc', 'alphawithlgt'); if (!is_array($receivercc)) { if ($receivercc == '-1') { $receivercc = array(); @@ -153,7 +153,7 @@ if (!$error && $massaction == 'confirm_presend_attendees') { } $tmparray = array(); if (trim($_POST['sendtocc'])) { - $tmparray[] = trim($_POST['sendtocc']); + $tmparray[] = trim(GETPOST('sendtocc', 'alphawithlgt')); } $sendtocc = implode(',', $tmparray); @@ -177,17 +177,17 @@ if (!$error && $massaction == 'confirm_presend_attendees') { $resql = $db->query($sql); $obj = $db->fetch_object($resql); if ($obj) { - $from = $obj->label . ' <' . $obj->email . '>'; + $from = dol_string_nospecial($obj->label, ' ', array(",")) . ' <' . $obj->email . '>'; } } else { - $from = $_POST['fromname'] . ' <' . $_POST['frommail'] . '>'; + $from = dol_string_nospecial(GETPOST('fromname'), ' ', array(",")) . ' <' . GETPOST('frommail') . '>'; } $replyto = $from; $subject = GETPOST('subject', 'restricthtml'); $message = GETPOST('message', 'restricthtml'); - $sendtobcc = GETPOST('sendtoccc'); + $sendtobcc = GETPOST('sendtoccc', 'alphawithlgt'); // $objecttmp is a real object or an empty object if we choose to send one email per thirdparty instead of one per object // Make substitution in email content diff --git a/htdocs/expedition/card.php b/htdocs/expedition/card.php index f835e293f5f..00693469948 100644 --- a/htdocs/expedition/card.php +++ b/htdocs/expedition/card.php @@ -304,7 +304,6 @@ if (empty($reshook)) { $qty = "qtyl".$i.'_'.$j; } } else { - //var_dump(GETPOST($qty,'alpha')); var_dump($_POST); var_dump($batch);exit; //shipment line for product with no batch management and no multiple stock location if (GETPOST($qty, 'int') > 0) { $totalqty += price2num(GETPOST($qty, 'alpha'), 'MS'); @@ -473,7 +472,6 @@ if (empty($reshook)) { // } //} } elseif ($action == 'setdate_livraison' && $user->rights->expedition->creer) { - //print "x ".$_POST['liv_month'].", ".$_POST['liv_day'].", ".$_POST['liv_year']; $datedelivery = dol_mktime(GETPOST('liv_hour', 'int'), GETPOST('liv_min', 'int'), 0, GETPOST('liv_month', 'int'), GETPOST('liv_day', 'int'), GETPOST('liv_year', 'int')); $object->fetch($id); diff --git a/htdocs/expedition/shipment.php b/htdocs/expedition/shipment.php index bfa48e9aa0f..2919a42bdb7 100644 --- a/htdocs/expedition/shipment.php +++ b/htdocs/expedition/shipment.php @@ -112,7 +112,6 @@ if (empty($reshook)) { } if ($action == 'setdatedelivery' && $user->rights->commande->creer) { - //print "x ".$_POST['liv_month'].", ".$_POST['liv_day'].", ".$_POST['liv_year']; $datedelivery = dol_mktime(GETPOST('liv_hour', 'int'), GETPOST('liv_min', 'int'), 0, GETPOST('liv_month', 'int'), GETPOST('liv_day', 'int'), GETPOST('liv_year', 'int')); $object->fetch($id); diff --git a/htdocs/expensereport/payment/payment.php b/htdocs/expensereport/payment/payment.php index 845b8852cc1..ee80c9bc24a 100644 --- a/htdocs/expensereport/payment/payment.php +++ b/htdocs/expensereport/payment/payment.php @@ -87,8 +87,8 @@ if ($action == 'add_payment') { // Read possible payments foreach ($_POST as $key => $value) { if (substr($key, 0, 7) == 'amount_') { - $amounts[$expensereport->fk_user_author] = price2num($_POST[$key]); - $total += price2num($_POST[$key]); + $amounts[$expensereport->fk_user_author] = price2num(GETPOST($key)); + $total += price2num(GETPOST($key)); } } diff --git a/htdocs/exports/export.php b/htdocs/exports/export.php index ae5629b733b..b07d68f8591 100644 --- a/htdocs/exports/export.php +++ b/htdocs/exports/export.php @@ -388,7 +388,7 @@ if ($step == 4 && $action == 'submitFormField') { $_SESSION["export_filtered_fields"] = array(); foreach ($objexport->array_export_TypeFields[0] as $code => $type) { // $code: s.fieldname $value: Text|Boolean|List:ccc $newcode = (string) preg_replace('/\./', '_', $code); - //print 'xxx '.$code."=".$newcode."=".$type."=".$_POST[$newcode]."\n
"; + //print 'xxx '.$code."=".$newcode."=".$type."=".GETPOST($newcode)."\n
"; $check = 'alphanohtml'; $filterqualified = 1; if (!GETPOSTISSET($newcode) || GETPOST($newcode, $check) == '') { @@ -1212,7 +1212,7 @@ if ($step == 5 && $datatoexport) { // Show existing generated documents // NB: La fonction show_documents rescanne les modules qd genallowed=1, sinon prend $liste - print $formfile->showdocuments('export', '', $upload_dir, $_SERVER["PHP_SELF"].'?step=5&datatoexport='.$datatoexport, $liste, 1, (!empty($_POST['model']) ? $_POST['model'] : 'csv'), 1, 1, 0, 0, 0, '', 'none', '', '', ''); + print $formfile->showdocuments('export', '', $upload_dir, $_SERVER["PHP_SELF"].'?step=5&datatoexport='.$datatoexport, $liste, 1, (GETPOST('model') ? GETPOST('model') : 'csv'), 1, 1, 0, 0, 0, '', 'none', '', '', ''); } llxFooter(); diff --git a/htdocs/fourn/commande/card.php b/htdocs/fourn/commande/card.php index 35e5257fce0..c7a937518d7 100644 --- a/htdocs/fourn/commande/card.php +++ b/htdocs/fourn/commande/card.php @@ -1707,12 +1707,12 @@ if ($action == 'create') { // Payment term print ''.$langs->trans('PaymentConditionsShort').''; - $form->select_conditions_paiements(isset($_POST['cond_reglement_id']) ? $_POST['cond_reglement_id'] : $cond_reglement_id, 'cond_reglement_id'); + $form->select_conditions_paiements(GETPOSTISSET('cond_reglement_id') ? GETPOST('cond_reglement_id') : $cond_reglement_id, 'cond_reglement_id'); print ''; // Payment mode print ''.$langs->trans('PaymentMode').''; - $form->select_types_paiements(isset($_POST['mode_reglement_id']) ? $_POST['mode_reglement_id'] : $mode_reglement_id, 'mode_reglement_id'); + $form->select_types_paiements(GETPOSTISSET('mode_reglement_id') ? GETPOST('mode_reglement_id') : $mode_reglement_id, 'mode_reglement_id'); print ''; // Planned delivery date diff --git a/htdocs/fourn/commande/dispatch.php b/htdocs/fourn/commande/dispatch.php index f93e51dc850..ca9bd1b3065 100644 --- a/htdocs/fourn/commande/dispatch.php +++ b/htdocs/fourn/commande/dispatch.php @@ -305,8 +305,8 @@ if ($action == 'dispatch' && $permissiontoreceive) { $pu = 'pu_'.$reg[1].'_'.$reg[2]; $fk_commandefourndet = 'fk_commandefourndet_'.$reg[1].'_'.$reg[2]; $lot = 'lot_number_'.$reg[1].'_'.$reg[2]; - $dDLUO = dol_mktime(12, 0, 0, $_POST['dluo_'.$reg[1].'_'.$reg[2].'month'], $_POST['dluo_'.$reg[1].'_'.$reg[2].'day'], $_POST['dluo_'.$reg[1].'_'.$reg[2].'year']); - $dDLC = dol_mktime(12, 0, 0, $_POST['dlc_'.$reg[1].'_'.$reg[2].'month'], $_POST['dlc_'.$reg[1].'_'.$reg[2].'day'], $_POST['dlc_'.$reg[1].'_'.$reg[2].'year']); + $dDLUO = dol_mktime(12, 0, 0, GETPOST('dluo_'.$reg[1].'_'.$reg[2].'month', 'int'), GETPOST('dluo_'.$reg[1].'_'.$reg[2].'day', 'int'), GETPOST('dluo_'.$reg[1].'_'.$reg[2].'year', 'int')); + $dDLC = dol_mktime(12, 0, 0, GETPOST('dlc_'.$reg[1].'_'.$reg[2].'month', 'int'), GETPOST('dlc_'.$reg[1].'_'.$reg[2].'day', 'int'), GETPOST('dlc_'.$reg[1].'_'.$reg[2].'year', 'int')); $fk_commandefourndet = 'fk_commandefourndet_'.$reg[1].'_'.$reg[2]; diff --git a/htdocs/fourn/facture/card.php b/htdocs/fourn/facture/card.php index 4b052981955..d384f3f90d2 100644 --- a/htdocs/fourn/facture/card.php +++ b/htdocs/fourn/facture/card.php @@ -990,7 +990,7 @@ if (empty($reshook)) { if (!$error && GETPOST('origin', 'alpha') && GETPOST('originid')) { // Parse element/subelement (ex: project_task) $element = $subelement = GETPOST('origin', 'alpha'); - /*if (preg_match('/^([^_]+)_([^_]+)/i',$_POST['origin'],$regs)) + /*if (preg_match('/^([^_]+)_([^_]+)/i', GETPOST('origin'),$regs)) { $element = $regs[1]; $subelement = $regs[2]; @@ -1954,7 +1954,7 @@ if ($action == 'create') { $datetmp = dol_mktime(12, 0, 0, GETPOST('remonth', 'int'), GETPOST('reday', 'int'), GETPOST('reyear', 'int')); $dateinvoice = ($datetmp == '' ? (empty($conf->global->MAIN_AUTOFILL_DATE) ?-1 : '') : $datetmp); - $datetmp = dol_mktime(12, 0, 0, $_POST['echmonth'], $_POST['echday'], $_POST['echyear']); + $datetmp = dol_mktime(12, 0, 0, GETPOST('echmonth', 'int'), GETPOST('echday', 'int'), GETPOST('echyear', 'int')); $datedue = ($datetmp == '' ?-1 : $datetmp); // Replicate extrafields @@ -1967,7 +1967,7 @@ if ($action == 'create') { $fk_account = $societe->fk_account; $datetmp = dol_mktime(12, 0, 0, GETPOST('remonth', 'int'), GETPOST('reday', 'int'), GETPOST('reyear', 'int')); $dateinvoice = ($datetmp == '' ? (empty($conf->global->MAIN_AUTOFILL_DATE) ?-1 : '') : $datetmp); - $datetmp = dol_mktime(12, 0, 0, $_POST['echmonth'], $_POST['echday'], $_POST['echyear']); + $datetmp = dol_mktime(12, 0, 0, GETPOST('echmonth', 'int'), GETPOST('echday', 'int'), GETPOST('echyear', 'int')); $datedue = ($datetmp == '' ?-1 : $datetmp); if (!empty($conf->multicurrency->enabled) && !empty($soc->multicurrency_code)) { @@ -2110,7 +2110,7 @@ if ($action == 'create') { } // Ref supplier - print ''.$langs->trans('RefSupplier').''.$langs->trans('RefSupplier').'id > 0) { print ' autofocus'; } @@ -2203,8 +2203,9 @@ if ($action == 'create') { foreach ($facids as $facparam) { $options .= ''; @@ -2446,7 +2447,7 @@ if ($action == 'create') { if (!empty($conf->intracommreport->enabled)) { $langs->loadLangs(array("intracommreport")); print ''.$langs->trans('IntracommReportTransportMode').''; - $form->selectTransportMode(isset($_POST['transport_mode_id']) ? $_POST['transport_mode_id'] : $transport_mode_id, 'transport_mode_id'); + $form->selectTransportMode(GETPOSTISSET('transport_mode_id') ? GETPOST('transport_mode_id') : $transport_mode_id, 'transport_mode_id'); print ''; } diff --git a/htdocs/fourn/facture/note.php b/htdocs/fourn/facture/note.php index d59aefe7831..3b14dfeaf28 100644 --- a/htdocs/fourn/facture/note.php +++ b/htdocs/fourn/facture/note.php @@ -69,7 +69,7 @@ if (empty($reshook)) { // Set label if ($action == 'setlabel' && ($user->rights->fournisseur->facture->creer || $user->rights->supplier_invoice->creer)) { - $object->label = $_POST['label']; + $object->label = GETPOST('label'); $result = $object->update($user); if ($result < 0) { dol_print_error($db); diff --git a/htdocs/fourn/facture/paiement.php b/htdocs/fourn/facture/paiement.php index 6dc609041c8..4b6e5bf151c 100644 --- a/htdocs/fourn/facture/paiement.php +++ b/htdocs/fourn/facture/paiement.php @@ -187,7 +187,7 @@ if (empty($reshook)) { } } - $formquestion[$i++] = array('type' => 'hidden', 'name' => $key, 'value' => $_POST[$key]); + $formquestion[$i++] = array('type' => 'hidden', 'name' => $key, 'value' => GETPOST($key)); } elseif (substr($key, 0, 21) == 'multicurrency_amount_') { $cursorfacid = substr($key, 21); $multicurrency_amounts[$cursorfacid] = (GETPOST($key) ? price2num(GETPOST($key)) : 0); @@ -219,7 +219,7 @@ if (empty($reshook)) { } // Check parameters - if ($_POST['paiementid'] <= 0) { + if (GETPOST('paiementid') <= 0) { setEventMessages($langs->transnoentities('ErrorFieldRequired', $langs->transnoentities('PaymentMode')), null, 'errors'); $error++; } @@ -494,7 +494,7 @@ if ($action == 'create' || $action == 'confirm_paiement' || $action == 'add_paie print $form->selectDate($dateinvoice, '', '', '', 0, "addpaiement", 1, 1, 0, '', '', $object->date); print ''; print ''.$langs->trans('PaymentMode').''; - $form->select_types_paiements(empty($_POST['paiementid']) ? $obj->fk_mode_reglement : $_POST['paiementid'], 'paiementid'); + $form->select_types_paiements(!GETPOST('paiementid') ? $obj->fk_mode_reglement : GETPOST('paiementid'), 'paiementid'); print ''; if (!empty($conf->banque->enabled)) { print ''.$langs->trans('Account').''; @@ -504,10 +504,10 @@ if ($action == 'create' || $action == 'confirm_paiement' || $action == 'add_paie } else { print ' '; } - print ''.$langs->trans('Numero').''; + print ''.$langs->trans('Numero').''; print ''.$langs->trans('Comments').''; print ''; - print ''; + print ''; print ''; print dol_get_fiche_end(); @@ -683,10 +683,10 @@ if ($action == 'create' || $action == 'confirm_paiement' || $action == 'add_paie print img_picto("Auto fill", 'rightarrow', "class='AutoFillAmout' data-rowname='".$namef."' data-value='".($sign * $multicurrency_remaintopay)."'"); } print ''; - print ''; + print ''; } else { - print ''; - print ''; + print ''; + print ''; } } print ""; diff --git a/htdocs/fourn/paiement/card.php b/htdocs/fourn/paiement/card.php index f8f484f0cc9..1f421230bbb 100644 --- a/htdocs/fourn/paiement/card.php +++ b/htdocs/fourn/paiement/card.php @@ -108,9 +108,9 @@ if ($action == 'confirm_validate' && $confirm == 'yes' && } } -if ($action == 'setnum_paiement' && !empty($_POST['num_paiement'])) { +if ($action == 'setnum_paiement' && GETPOST('num_paiement')) { $object->fetch($id); - $res = $object->update_num($_POST['num_paiement']); + $res = $object->update_num(GETPOST('num_paiement')); if ($res === 0) { setEventMessages($langs->trans('PaymentNumberUpdateSucceeded'), null, 'mesgs'); } else { @@ -118,7 +118,7 @@ if ($action == 'setnum_paiement' && !empty($_POST['num_paiement'])) { } } -if ($action == 'setdatep' && !empty($_POST['datepday'])) { +if ($action == 'setdatep' && GETPOST('datepday')) { $object->fetch($id); $datepaye = dol_mktime(GETPOST('datephour', 'int'), GETPOST('datepmin', 'int'), GETPOST('datepsec', 'int'), GETPOST('datepmonth', 'int'), GETPOST('datepday', 'int'), GETPOST('datepyear', 'int')); $res = $object->update_date($datepaye); diff --git a/htdocs/holiday/card.php b/htdocs/holiday/card.php index fb53811aeaf..6ea0ec3b83c 100644 --- a/htdocs/holiday/card.php +++ b/htdocs/holiday/card.php @@ -654,7 +654,7 @@ if (empty($reshook)) { } if ($action == 'confirm_refuse' && GETPOST('confirm', 'alpha') == 'yes') { - if (!empty($_POST['detail_refuse'])) { + if (GETPOST('detail_refuse')) { $object->fetch($id); // If status pending validation and validator = user diff --git a/htdocs/holiday/define_holiday.php b/htdocs/holiday/define_holiday.php index 621443fb408..12a32ba3f50 100644 --- a/htdocs/holiday/define_holiday.php +++ b/htdocs/holiday/define_holiday.php @@ -145,7 +145,8 @@ if (empty($reshook)) { } //If the user set a comment, we add it to the log comment - $comment = ((isset($_POST['note_holiday'][$userID]) && !empty($_POST['note_holiday'][$userID])) ? ' ('.$_POST['note_holiday'][$userID].')' : ''); + $note_holiday = GETPOST('note_holiday'); + $comment = ((isset($note_holiday[$userID]) && !empty($note_holiday[$userID])) ? ' ('.$note_holiday[$userID].')' : ''); //print 'holiday: '.$val['rowid'].'-'.$userValue; if ($userValue != '') { diff --git a/htdocs/hrm/establishment/card.php b/htdocs/hrm/establishment/card.php index 0ce7d793003..1fe67dd0bd1 100644 --- a/htdocs/hrm/establishment/card.php +++ b/htdocs/hrm/establishment/card.php @@ -135,14 +135,14 @@ if ($action == 'confirm_delete' && $confirm == "yes") { $result = $object->update($user); if ($result > 0) { - header("Location: ".$_SERVER["PHP_SELF"]."?id=".$_POST['id']); + header("Location: ".$_SERVER["PHP_SELF"]."?id=".GETPOST('id', 'int')); exit; } else { setEventMessages($object->error, $object->errors, 'errors'); } } } else { - header("Location: ".$_SERVER["PHP_SELF"]."?id=".$_POST['id']); + header("Location: ".$_SERVER["PHP_SELF"]."?id=".GETPOST('id', 'int')); exit; } } diff --git a/htdocs/hrm/evaluation_card.php b/htdocs/hrm/evaluation_card.php index 8aeadeaa18c..7b0b7bcfd7d 100644 --- a/htdocs/hrm/evaluation_card.php +++ b/htdocs/hrm/evaluation_card.php @@ -269,9 +269,6 @@ if ($action == 'create') { print dol_get_fiche_head(array(), ''); - // Set some default values - //if (! GETPOSTISSET('fieldname')) $_POST['fieldname'] = 'myvalue'; - print ''."\n"; // Common attributes diff --git a/htdocs/hrm/job_card.php b/htdocs/hrm/job_card.php index d4501c8e685..906eb83b945 100644 --- a/htdocs/hrm/job_card.php +++ b/htdocs/hrm/job_card.php @@ -195,9 +195,6 @@ if ($action == 'create') { print dol_get_fiche_head(array(), ''); - // Set some default values - //if (! GETPOSTISSET('fieldname')) $_POST['fieldname'] = 'myvalue'; - print '
' . "\n"; // Common attributes diff --git a/htdocs/hrm/position.php b/htdocs/hrm/position.php index d36d352e895..19749d94c19 100644 --- a/htdocs/hrm/position.php +++ b/htdocs/hrm/position.php @@ -915,9 +915,6 @@ if ($action == 'create') { print dol_get_fiche_head(array(), ''); - // Set some default values - //if (! GETPOSTISSET('fieldname')) $_POST['fieldname'] = 'myvalue'; - print '
' . "\n"; // Common attributes diff --git a/htdocs/hrm/skill_card.php b/htdocs/hrm/skill_card.php index a06cf40952a..45e2bfea16a 100644 --- a/htdocs/hrm/skill_card.php +++ b/htdocs/hrm/skill_card.php @@ -196,9 +196,6 @@ if ($action == 'create') { print dol_get_fiche_head(array(), ''); - // Set some default values - //if (! GETPOSTISSET('fieldname')) $_POST['fieldname'] = 'myvalue'; - print '
' . "\n"; // Common attributes diff --git a/htdocs/knowledgemanagement/knowledgerecord_card.php b/htdocs/knowledgemanagement/knowledgerecord_card.php index 2fcf05a4393..91f127b0057 100644 --- a/htdocs/knowledgemanagement/knowledgerecord_card.php +++ b/htdocs/knowledgemanagement/knowledgerecord_card.php @@ -184,9 +184,6 @@ if ($action == 'create') { print dol_get_fiche_head(array(), ''); - // Set some default values - //if (! GETPOSTISSET('fieldname')) $_POST['fieldname'] = 'myvalue'; - print '
'."\n"; // Common attributes diff --git a/htdocs/margin/admin/margin.php b/htdocs/margin/admin/margin.php index 30c85197337..94330eb8dc1 100644 --- a/htdocs/margin/admin/margin.php +++ b/htdocs/margin/admin/margin.php @@ -64,7 +64,7 @@ if (preg_match('/del_([a-z0-9_\-]+)/i', $action, $reg)) { } if ($action == 'remises') { - if (dolibarr_set_const($db, 'MARGIN_METHODE_FOR_DISCOUNT', $_POST['MARGIN_METHODE_FOR_DISCOUNT'], 'chaine', 0, '', $conf->entity) > 0) { + if (dolibarr_set_const($db, 'MARGIN_METHODE_FOR_DISCOUNT', GETPOST('MARGIN_METHODE_FOR_DISCOUNT'), 'chaine', 0, '', $conf->entity) > 0) { setEventMessages($langs->trans("RecordModifiedSuccessfully"), null, 'mesgs'); } else { dol_print_error($db); @@ -72,7 +72,7 @@ if ($action == 'remises') { } if ($action == 'typemarges') { - if (dolibarr_set_const($db, 'MARGIN_TYPE', $_POST['MARGIN_TYPE'], 'chaine', 0, '', $conf->entity) > 0) { + if (dolibarr_set_const($db, 'MARGIN_TYPE', GETPOST('MARGIN_TYPE'), 'chaine', 0, '', $conf->entity) > 0) { setEventMessages($langs->trans("RecordModifiedSuccessfully"), null, 'mesgs'); } else { dol_print_error($db); @@ -80,7 +80,7 @@ if ($action == 'typemarges') { } if ($action == 'contact') { - if (dolibarr_set_const($db, 'AGENT_CONTACT_TYPE', $_POST['AGENT_CONTACT_TYPE'], 'chaine', 0, '', $conf->entity) > 0) { + if (dolibarr_set_const($db, 'AGENT_CONTACT_TYPE', GETPOST('AGENT_CONTACT_TYPE'), 'chaine', 0, '', $conf->entity) > 0) { setEventMessages($langs->trans("RecordModifiedSuccessfully"), null, 'mesgs'); } else { dol_print_error($db); diff --git a/htdocs/opensurvey/results.php b/htdocs/opensurvey/results.php index e37f9bf3de5..5b564f617fd 100644 --- a/htdocs/opensurvey/results.php +++ b/htdocs/opensurvey/results.php @@ -103,13 +103,13 @@ $testmodifier = false; $testligneamodifier = false; $ligneamodifier = -1; for ($i = 0; $i < $nblines; $i++) { - if (isset($_POST['modifierligne'.$i])) { + if (GETPOSTISSET('modifierligne'.$i)) { $ligneamodifier = $i; $testligneamodifier = true; } //test pour voir si une ligne est a modifier - if (isset($_POST['validermodifier'.$i])) { + if (GETPOSTISSET('validermodifier'.$i)) { $modifier = $i; $testmodifier = true; } @@ -153,7 +153,7 @@ if (GETPOST("ajoutercolonne") && GETPOST('nouvellecolonne') && $object->format = //on rajoute la valeur a la fin de tous les sujets deja entrés $nouveauxsujets .= ','; - $nouveauxsujets .= str_replace(array(",", "@"), " ", GETPOST("nouvellecolonne")).(empty($_POST["typecolonne"]) ? '' : '@'.GETPOST("typecolonne")); + $nouveauxsujets .= str_replace(array(",", "@"), " ", GETPOST("nouvellecolonne")).(!GETPOST("typecolonne") ? '' : '@'.GETPOST("typecolonne")); //mise a jour avec les nouveaux sujets dans la base $sql = 'UPDATE '.MAIN_DB_PREFIX."opensurvey_sondage"; diff --git a/htdocs/opensurvey/wizard/choix_date.php b/htdocs/opensurvey/wizard/choix_date.php index 817f3d88139..762770acee6 100644 --- a/htdocs/opensurvey/wizard/choix_date.php +++ b/htdocs/opensurvey/wizard/choix_date.php @@ -51,7 +51,8 @@ if (GETPOST('confirmation')) { for ($i = 0; $i < $nbofchoice; $i++) { // Show hours choices for ($j = 0; $j < $_SESSION["nbrecaseshoraires"]; $j++) { - $_SESSION["horaires$i"][$j] = $_POST["horaires$i"][$j]; + $horairesi = GETPOST("horaires".$i); + $_SESSION["horaires$i"][$j] = $horairesi[$j]; $tmphorairesi = GETPOST('horaires'.$i, 'array'); @@ -248,7 +249,8 @@ if (issetAndNoEmpty('moisavant_x') || issetAndNoEmpty('moisavant')) { for ($i = 0; $i < $nbofchoice; $i++) { //affichage des 5 cases horaires for ($j = 0; $j < $_SESSION["nbrecaseshoraires"]; $j++) { - $_SESSION["horaires$i"][$j] = $_POST["horaires$i"][$j]; + $horairesi = GETPOST("horaires".$i); + $_SESSION["horaires$i"][$j] = $horairesi[$j]; } } } @@ -269,7 +271,8 @@ if (issetAndNoEmpty('moisapres_x') || issetAndNoEmpty('moisapres')) { for ($i = 0; $i < $nbofchoice; $i++) { //affichage des 5 cases horaires for ($j = 0; $j < $_SESSION["nbrecaseshoraires"]; $j++) { - $_SESSION["horaires$i"][$j] = $_POST["horaires$i"][$j]; + $horairesi = GETPOST("horaires".$i); + $_SESSION["horaires$i"][$j] = $horairesi[$j]; } } } @@ -285,7 +288,8 @@ if (issetAndNoEmpty('anneeavant_x') || issetAndNoEmpty('anneeavant')) { for ($i = 0; $i < $nbofchoice; $i++) { //affichage des 5 cases horaires for ($j = 0; $j < $_SESSION["nbrecaseshoraires"]; $j++) { - $_SESSION["horaires$i"][$j] = $_POST["horaires$i"][$j]; + $horairesi = GETPOST("horaires".$i); + $_SESSION["horaires$i"][$j] = $horairesi[$j]; } } } @@ -301,7 +305,8 @@ if (issetAndNoEmpty('anneeapres_x') || issetAndNoEmpty('anneeapres')) { for ($i = 0; $i < $nbofchoice; $i++) { //affichage des 5 cases horaires for ($j = 0; $j < $_SESSION["nbrecaseshoraires"]; $j++) { - $_SESSION["horaires$i"][$j] = $_POST["horaires$i"][$j]; + $horairesi = GETPOST("horaires".$i); + $_SESSION["horaires$i"][$j] = $horairesi[$j]; } } } @@ -365,7 +370,8 @@ if (issetAndNoEmpty('choixjourajout')) { if (issetAndNoEmpty('totalchoixjour', $_SESSION) === true && issetAndNoEmpty('choixjourajout') === true) { $nbofchoice = count($_SESSION["totalchoixjour"]); for ($i = 0; $i < $nbofchoice; $i++) { - if ($_SESSION["totalchoixjour"][$i] == mktime(0, 0, 0, $_SESSION["mois"], $_POST["choixjourajout"][0], $_SESSION["annee"])) { + $choixjourajout = GETPOST("choixjourajout"); + if ($_SESSION["totalchoixjour"][$i] == mktime(0, 0, 0, $_SESSION["mois"], $choixjourajout[0], $_SESSION["annee"])) { $journeuf = false; } } @@ -373,15 +379,17 @@ if (issetAndNoEmpty('choixjourajout')) { // Si le test est passé, alors on insere la valeur dans la variable de session qui contient les dates if ($journeuf && issetAndNoEmpty('choixjourajout') === true) { - array_push($_SESSION["totalchoixjour"], dol_mktime(0, 0, 0, $_SESSION["mois"], $_POST["choixjourajout"][0], $_SESSION["annee"])); + $choixjourajout = GETPOST("choixjourajout"); + array_push($_SESSION["totalchoixjour"], dol_mktime(0, 0, 0, $_SESSION["mois"], $choixjourajout[0], $_SESSION["annee"])); sort($_SESSION["totalchoixjour"]); - $cle = array_search(dol_mktime(0, 0, 0, $_SESSION["mois"], $_POST["choixjourajout"][0], $_SESSION["annee"]), $_SESSION["totalchoixjour"]); + $cle = array_search(dol_mktime(0, 0, 0, $_SESSION["mois"], $choixjourajout[0], $_SESSION["annee"]), $_SESSION["totalchoixjour"]); //On sauvegarde les heures deja entrées for ($i = 0; $i < $cle; $i++) { + $horairesi = GETPOST("horaires".$i); for ($j = 0; $j < $_SESSION["nbrecaseshoraires"]; $j++) { if (issetAndNoEmpty('horaires'.$i) === true && issetAndNoEmpty($i, $_POST['horaires'.$i]) === true) { - $_SESSION["horaires$i"][$j] = $_POST["horaires$i"][$j]; + $_SESSION["horaires$i"][$j] = $horairesi[$j]; } } } @@ -391,7 +399,8 @@ if (issetAndNoEmpty('choixjourajout')) { $k = $i + 1; if (issetAndNoEmpty('horaires'.$i) === true && issetAndNoEmpty($i, $_POST['horaires'.$i]) === true) { for ($j = 0; $j < $_SESSION["nbrecaseshoraires"]; $j++) { - $_SESSION["horaires$k"][$j] = $_POST["horaires$i"][$j]; + $horairesi = GETPOST("horaires".$i); + $_SESSION["horaires$i"][$j] = $horairesi[$j]; } } } @@ -407,12 +416,14 @@ if (issetAndNoEmpty('choixjourretrait')) { for ($i = 0; $i < $nbofchoice; $i++) { //affichage des 5 cases horaires for ($j = 0; $j < $_SESSION["nbrecaseshoraires"]; $j++) { - $_SESSION["horaires$i"][$j] = $_POST["horaires$i"][$j]; + $horairesi = GETPOST("horaires".$i); + $_SESSION["horaires$i"][$j] = $horairesi[$j]; } } for ($i = 0; $i < $nbofchoice; $i++) { - if ($_SESSION["totalchoixjour"][$i] == mktime(0, 0, 0, $_SESSION["mois"], $_POST["choixjourretrait"][0], $_SESSION["annee"])) { + $choixjourretrait = GETPOST('choixjourretrait'); + if ($_SESSION["totalchoixjour"][$i] == mktime(0, 0, 0, $_SESSION["mois"], $choixjourretrait[0], $_SESSION["annee"])) { for ($j = $i; $j < $nbofchoice; $j++) { $k = $j + 1; $_SESSION["horaires$j"] = $_SESSION["horaires$k"]; @@ -425,7 +436,7 @@ if (issetAndNoEmpty('choixjourretrait')) { //report des horaires dans toutes les cases if (issetAndNoEmpty('reporterhoraires')) { - $_SESSION["horaires0"] = $_POST["horaires0"]; + $_SESSION["horaires0"] = GETPOST("horaires0"); $nbofchoice = count($_SESSION["totalchoixjour"]); for ($i = 0; $i < $nbofchoice; $i++) { $j = $i + 1; diff --git a/htdocs/partnership/partnership_card.php b/htdocs/partnership/partnership_card.php index 6afb9c88912..c460024be0f 100644 --- a/htdocs/partnership/partnership_card.php +++ b/htdocs/partnership/partnership_card.php @@ -273,9 +273,6 @@ if ($action == 'create') { print dol_get_fiche_head(array(), ''); - // Set some default values - //if (! GETPOSTISSET('fieldname')) $_POST['fieldname'] = 'myvalue'; - print '
'."\n"; // Common attributes diff --git a/htdocs/product/inventory/card.php b/htdocs/product/inventory/card.php index 23473545b11..b71047a5f47 100644 --- a/htdocs/product/inventory/card.php +++ b/htdocs/product/inventory/card.php @@ -196,9 +196,6 @@ if ($action == 'create') { print dol_get_fiche_head(array(), ''); - // Set some default values - //if (! GETPOSTISSET('fieldname')) $_POST['fieldname'] = 'myvalue'; - print '
'."\n"; // Common attributes diff --git a/htdocs/product/stock/product.php b/htdocs/product/stock/product.php index f522e61bec2..3d16b6bac7c 100644 --- a/htdocs/product/stock/product.php +++ b/htdocs/product/stock/product.php @@ -496,8 +496,8 @@ if ($action == 'updateline' && GETPOST('save') == $langs->trans("Save")) { if ((!GETPOST("sellby")) && (!GETPOST("eatby")) && (!$batchnumber)) { setEventMessages($langs->trans("ErrorFieldRequired", $langs->transnoentitiesnoconv("atleast1batchfield")), null, 'errors'); } else { - $d_eatby = dol_mktime(0, 0, 0, $_POST['eatbymonth'], $_POST['eatbyday'], $_POST['eatbyyear']); - $d_sellby = dol_mktime(0, 0, 0, $_POST['sellbymonth'], $_POST['sellbyday'], $_POST['sellbyyear']); + $d_eatby = dol_mktime(0, 0, 0, GETPOST('eatbymonth', 'int'), GETPOST('eatbyday', 'int'), GETPOST('eatbyyear', 'int')); + $d_sellby = dol_mktime(0, 0, 0, GETPOST('sellbymonth', 'int'), GETPOST('sellbyday', 'int'), GETPOST('sellbyyear', 'int')); $pdluo->batch = $batchnumber; $pdluo->eatby = $d_eatby; $pdluo->sellby = $d_sellby; diff --git a/htdocs/product/stock/productlot_card.php b/htdocs/product/stock/productlot_card.php index cbf7c901b37..eb6084e5f22 100644 --- a/htdocs/product/stock/productlot_card.php +++ b/htdocs/product/stock/productlot_card.php @@ -386,9 +386,6 @@ if ($action == 'create') { print dol_get_fiche_head(array(), ''); - // Set some default values - //if (! GETPOSTISSET('fieldname')) $_POST['fieldname'] = 'myvalue'; - print '
'."\n"; // Common attributes diff --git a/htdocs/projet/activity/permonth.php b/htdocs/projet/activity/permonth.php index 8238d112b7b..c8af7348716 100644 --- a/htdocs/projet/activity/permonth.php +++ b/htdocs/projet/activity/permonth.php @@ -196,7 +196,7 @@ if ($action == 'addtime' && $user->rights->projet->lire && GETPOST('assigntask') } if ($action == 'addtime' && $user->rights->projet->lire) { - $timetoadd = $_POST['task']; + $timetoadd = GETPOST('task'); if (empty($timetoadd)) { setEventMessages($langs->trans("ErrorTimeSpentIsEmpty"), null, 'errors'); } else { diff --git a/htdocs/projet/activity/perweek.php b/htdocs/projet/activity/perweek.php index 763ecefe650..6cb4a8600fc 100644 --- a/htdocs/projet/activity/perweek.php +++ b/htdocs/projet/activity/perweek.php @@ -257,7 +257,7 @@ if ($action == 'addtime' && $user->rights->projet->lire && GETPOST('assigntask') } if ($action == 'addtime' && $user->rights->projet->lire && GETPOST('formfilteraction') != 'listafterchangingselectedfields') { - $timetoadd = $_POST['task']; + $timetoadd = GETPOST('task'); if (empty($timetoadd)) { setEventMessages($langs->trans("ErrorTimeSpentIsEmpty"), null, 'errors'); } else { diff --git a/htdocs/projet/tasks.php b/htdocs/projet/tasks.php index 64d134a7254..310857e24cc 100644 --- a/htdocs/projet/tasks.php +++ b/htdocs/projet/tasks.php @@ -303,8 +303,6 @@ if ($action == 'createtask' && $user->rights->projet->creer) { $error = 0; // If we use user timezone, we must change also view/list to use user timezone everywhere - //$date_start = dol_mktime($_POST['dateohour'],$_POST['dateomin'],0,$_POST['dateomonth'],$_POST['dateoday'],$_POST['dateoyear'],'user'); - //$date_end = dol_mktime($_POST['dateehour'],$_POST['dateemin'],0,$_POST['dateemonth'],$_POST['dateeday'],$_POST['dateeyear'],'user'); $date_start = dol_mktime(GETPOST('dateohour', 'int'), GETPOST('dateomin', 'int'), 0, GETPOST('dateomonth', 'int'), GETPOST('dateoday', 'int'), GETPOST('dateoyear', 'int')); $date_end = dol_mktime(GETPOST('dateehour', 'int'), GETPOST('dateemin', 'int'), 0, GETPOST('dateemonth', 'int'), GETPOST('dateeday', 'int'), GETPOST('dateeyear', 'int')); @@ -318,7 +316,7 @@ if ($action == 'createtask' && $user->rights->projet->creer) { setEventMessages($langs->trans("ErrorFieldRequired", $langs->transnoentities("Label")), null, 'errors'); $action = 'create'; $error++; - } elseif (empty($_POST['task_parent'])) { + } elseif (!GETPOST('task_parent')) { setEventMessages($langs->trans("ErrorFieldRequired", $langs->transnoentities("ChildOfProjectTask")), null, 'errors'); $action = 'create'; $error++; diff --git a/htdocs/projet/tasks/task.php b/htdocs/projet/tasks/task.php index 8e773f92788..19be96cc558 100644 --- a/htdocs/projet/tasks/task.php +++ b/htdocs/projet/tasks/task.php @@ -91,7 +91,7 @@ if ($action == 'update' && !GETPOST("cancel") && $user->rights->projet->creer) { if (!$error) { $object->oldcopy = clone $object; - $tmparray = explode('_', $_POST['task_parent']); + $tmparray = explode('_', GETPOST('task_parent')); $task_parent = $tmparray[1]; if (empty($task_parent)) { $task_parent = 0; // If task_parent is '' diff --git a/htdocs/projet/tasks/time.php b/htdocs/projet/tasks/time.php index bc6ec7d15cf..3890b2a9990 100644 --- a/htdocs/projet/tasks/time.php +++ b/htdocs/projet/tasks/time.php @@ -1433,12 +1433,12 @@ if (($id > 0 || !empty($ref)) || $projectidforalltimes > 0 || $allprojectforuser // Note print ''; // Duration - Time spent print '
'; - print ''; + print ''; print ''; - $durationtouse = ($_POST['timespent_duration'] ? $_POST['timespent_duration'] : ''); + $durationtouse = (GETPOST('timespent_duration') ? GETPOST('timespent_duration') : ''); if (GETPOSTISSET('timespent_durationhour') || GETPOSTISSET('timespent_durationmin')) { $durationtouse = (GETPOST('timespent_durationhour') * 3600 + GETPOST('timespent_durationmin') * 60); } diff --git a/htdocs/public/demo/index.php b/htdocs/public/demo/index.php index 94ee0bb00b2..49bde1a2b9b 100644 --- a/htdocs/public/demo/index.php +++ b/htdocs/public/demo/index.php @@ -212,7 +212,7 @@ if (GETPOST('action', 'aZ09') == 'gotodemo') { // Action run when we click o // If we disable modules using personalized list foreach ($modules as $val) { $modulekeyname = strtolower($val->name); - if (empty($_POST[$modulekeyname]) && empty($val->always_enabled) && !in_array($modulekeyname, $alwayscheckedmodules)) { + if (!GETPOST($modulekeyname) && empty($val->always_enabled) && !in_array($modulekeyname, $alwayscheckedmodules)) { $disablestring .= $modulekeyname.','; if ($modulekeyname == 'propale') { $disablestring .= 'propal,'; diff --git a/htdocs/public/opensurvey/studs.php b/htdocs/public/opensurvey/studs.php index 42cde055ac2..c14935d6708 100644 --- a/htdocs/public/opensurvey/studs.php +++ b/htdocs/public/opensurvey/studs.php @@ -202,7 +202,6 @@ for ($i = 0; $i < $nblines; $i++) { } if ($testmodifier) { - //var_dump($_POST);exit; $nouveauchoix = ''; for ($i = 0; $i < $nbcolonnes; $i++) { if (GETPOSTISSET("choix".$i) && GETPOST("choix".$i) == '1') { diff --git a/htdocs/public/ticket/create_ticket.php b/htdocs/public/ticket/create_ticket.php index f2b72693a13..51424d9277e 100644 --- a/htdocs/public/ticket/create_ticket.php +++ b/htdocs/public/ticket/create_ticket.php @@ -126,7 +126,7 @@ if (empty($reshook) && GETPOST('removedfile', 'alpha') && !GETPOST('save', 'alph $upload_dir_tmp = $vardir.'/temp/'.session_id(); // TODO Delete only files that was uploaded from email form - dol_remove_file_process($_POST['removedfile'], 0, 0); + dol_remove_file_process(GETPOST('removedfile'), 0, 0); $action = 'create_ticket'; } diff --git a/htdocs/reception/card.php b/htdocs/reception/card.php index 2d7c46e0c85..93140b88ef5 100644 --- a/htdocs/reception/card.php +++ b/htdocs/reception/card.php @@ -323,7 +323,6 @@ if (empty($reshook)) { $stockLocation = "ent1".$i."_0"; $qty = "qtyl".$i; - //var_dump(GETPOST($qty,'int')); var_dump($_POST); var_dump($batch);exit; //reception line for product with no batch management and no multiple stock location if (GETPOST($qty, 'alpha') > 0) { $totalqty += price2num(GETPOST($qty, 'alpha'), 'MS'); @@ -335,7 +334,6 @@ if (empty($reshook)) { if ($totalqty > 0) { // There is at least one thing to ship - //var_dump($_POST);exit; for ($i = 1; $i <= $num; $i++) { $lineToTest = ''; $lineId = GETPOST($idl, 'int'); @@ -466,7 +464,6 @@ if (empty($reshook)) { setEventMessages($object->error, $object->errors, 'errors'); }*/ } elseif ($action == 'setdate_livraison' && $permissiontoadd) { - //print "x ".$_POST['liv_month'].", ".$_POST['liv_day'].", ".$_POST['liv_year']; $datedelivery = dol_mktime(GETPOST('liv_hour', 'int'), GETPOST('liv_min', 'int'), 0, GETPOST('liv_month', 'int'), GETPOST('liv_day', 'int'), GETPOST('liv_year', 'int')); $object->fetch($id); @@ -956,10 +953,10 @@ if ($action == 'create') { $ent = 'entrepot_' . $paramSuffix; $pu = 'pu_' . $paramSuffix; $lot = 'lot_number_' . $paramSuffix; - $dDLUO = dol_mktime(12, 0, 0, $_POST['dluo_'.$paramSuffix.'month'], $_POST['dluo_'.$paramSuffix.'day'], $_POST['dluo_'.$paramSuffix.'year']); - $dDLC = dol_mktime(12, 0, 0, $_POST['dlc_'.$paramSuffix.'month'], $_POST['dlc_'.$paramSuffix.'day'], $_POST['dlc_'.$paramSuffix.'year']); + $dDLUO = dol_mktime(12, 0, 0, GETPOST('dluo_'.$paramSuffix.'month', 'int'), GETPOST('dluo_'.$paramSuffix.'day', 'int'), GETPOST('dluo_'.$paramSuffix.'year', 'int')); + $dDLC = dol_mktime(12, 0, 0, GETPOST('dlc_'.$paramSuffix.'month', 'int'), GETPOST('dlc_'.$paramSuffix.'day', 'int'), GETPOST('dlc_'.$paramSuffix.'year', 'int')); $fk_commandefourndet = 'fk_commandefourndet_'.$paramSuffix; - $dispatchLines[$numAsked] = array('prod' => GETPOST($prod, 'int'), 'qty' => price2num(GETPOST($qty), 'MS'), 'ent' =>GETPOST($ent, 'int'), 'pu' => price2num(GETPOST($pu), 'MU'), 'comment' =>GETPOST('comment'), 'fk_commandefourndet' => GETPOST($fk_commandefourndet, 'int'), 'DLC'=> $dDLC, 'DLUO'=> $dDLUO, 'lot'=> GETPOST($lot, 'alpha')); + $dispatchLines[$numAsked] = array('prod' => GETPOST($prod, 'int'), 'qty' => price2num(GETPOST($qty), 'MS'), 'ent' => GETPOST($ent, 'int'), 'pu' => price2num(GETPOST($pu), 'MU'), 'comment' => GETPOST('comment'), 'fk_commandefourndet' => GETPOST($fk_commandefourndet, 'int'), 'DLC'=> $dDLC, 'DLUO'=> $dDLUO, 'lot'=> GETPOST($lot, 'alpha')); } // If create form is coming from same page, it means that post was sent but an error occured diff --git a/htdocs/recruitment/recruitmentcandidature_card.php b/htdocs/recruitment/recruitmentcandidature_card.php index ac6fc37591a..42145f66c43 100644 --- a/htdocs/recruitment/recruitmentcandidature_card.php +++ b/htdocs/recruitment/recruitmentcandidature_card.php @@ -325,9 +325,6 @@ if ($action == 'create') { print dol_get_fiche_head(array(), ''); - // Set some default values - //if (! GETPOSTISSET('fieldname')) $_POST['fieldname'] = 'myvalue'; - print ''."\n"; // Common attributes diff --git a/htdocs/salaries/paiement_salary.php b/htdocs/salaries/paiement_salary.php index 221e5cf2c0e..cfca26efca4 100644 --- a/htdocs/salaries/paiement_salary.php +++ b/htdocs/salaries/paiement_salary.php @@ -87,7 +87,7 @@ if ($action == 'add_payment' || ($action == 'confirm_paiement' && $confirm == 'y foreach ($_POST as $key => $value) { if (substr($key, 0, 7) == 'amount_') { $other_chid = substr($key, 7); - $amounts[$other_chid] = price2num($_POST[$key]); + $amounts[$other_chid] = price2num(GETPOST($key)); } } diff --git a/htdocs/societe/price.php b/htdocs/societe/price.php index 75818a34f72..897a372dc27 100644 --- a/htdocs/societe/price.php +++ b/htdocs/societe/price.php @@ -156,7 +156,7 @@ if (empty($reshook)) { $action = ''; } - if ($action == 'update_customer_price_confirm' && !$_POST ["cancel"] && ($user->rights->produit->creer || $user->rights->service->creer)) { + if ($action == 'update_customer_price_confirm' && !$cancel && ($user->rights->produit->creer || $user->rights->service->creer)) { $prodcustprice->fetch(GETPOST('lineid', 'int')); $update_child_soc = GETPOST('updatechildprice'); diff --git a/htdocs/societe/societecontact.php b/htdocs/societe/societecontact.php index 82d815f0ac4..df10c0d4bf9 100644 --- a/htdocs/societe/societecontact.php +++ b/htdocs/societe/societecontact.php @@ -111,13 +111,6 @@ if ($action == 'addcontact' && $user->rights->societe->creer) { dol_print_error($db); } } -/* -elseif ($action == 'setaddress' && $user->rights->societe->creer) -{ - $object->fetch($id); - $result=$object->setDeliveryAddress($_POST['fk_address']); - if ($result < 0) dol_print_error($db,$object->error); -}*/ /* diff --git a/htdocs/supplier_proposal/card.php b/htdocs/supplier_proposal/card.php index a5837c2557f..b66dfc94ed6 100644 --- a/htdocs/supplier_proposal/card.php +++ b/htdocs/supplier_proposal/card.php @@ -244,7 +244,7 @@ if (empty($reshook)) { } } } elseif ($action == 'setdate_livraison' && $usercancreate) { - $result = $object->setDeliveryDate($user, dol_mktime(12, 0, 0, $_POST['liv_month'], $_POST['liv_day'], $_POST['liv_year'])); + $result = $object->setDeliveryDate($user, dol_mktime(12, 0, 0, GETPOST('liv_month', 'int'), GETPOST('liv_day', 'int'), GETPOST('liv_year', 'int'))); if ($result < 0) { dol_print_error($db, $object->error); } @@ -895,7 +895,7 @@ if (empty($reshook)) { if (!empty($productid)) { $productsupplier = new ProductFournisseur($db); if (!empty($conf->global->SUPPLIER_PROPOSAL_WITH_PREDEFINED_PRICES_ONLY)) { - if ($productid > 0 && $productsupplier->get_buyprice(0, price2num($_POST['qty']), $productid, 'none', GETPOST('socid', 'int')) < 0) { + if ($productid > 0 && $productsupplier->get_buyprice(0, price2num(GETPOST('qty')), $productid, 'none', GETPOST('socid', 'int')) < 0) { setEventMessages($langs->trans("ErrorQtyTooLowForThisSupplier"), null, 'warnings'); } } @@ -1007,7 +1007,7 @@ if (empty($reshook)) { $object->setProject(GETPOST('projectid'), 'int'); } elseif ($action == 'setavailability' && $usercancreate) { // Delivery delay - $result = $object->availability($_POST['availability_id']); + $result = $object->availability(GETPOST('availability_id')); } elseif ($action == 'setconditions' && $usercancreate) { // Terms of payments $result = $object->setPaymentTerms(GETPOST('cond_reglement_id', 'int')); diff --git a/htdocs/user/passwordforgotten.php b/htdocs/user/passwordforgotten.php index 5da92482785..dabac0727dc 100644 --- a/htdocs/user/passwordforgotten.php +++ b/htdocs/user/passwordforgotten.php @@ -113,7 +113,7 @@ if (empty($reshook)) { // Action modif mot de passe if ($action == 'buildnewpassword' && $username) { $sessionkey = 'dol_antispam_value'; - $ok = (array_key_exists($sessionkey, $_SESSION) === true && (strtolower($_SESSION[$sessionkey]) == strtolower($_POST['code']))); + $ok = (array_key_exists($sessionkey, $_SESSION) === true && (strtolower($_SESSION[$sessionkey]) == strtolower(GETPOST('code')))); // Verify code if (!$ok) { diff --git a/test/phpunit/SecurityTest.php b/test/phpunit/SecurityTest.php index 15e4eaa8bda..ad73d5ce14a 100644 --- a/test/phpunit/SecurityTest.php +++ b/test/phpunit/SecurityTest.php @@ -574,7 +574,7 @@ class SecurityTest extends PHPUnit\Framework\TestCase $_POST["backtopage"]='javascripT&javascript#javascriptxjavascript3a alert(1)'; $result=GETPOST("backtopage"); print __METHOD__." result=".$result."\n"; - $this->assertEquals('x3a alert(1)', $result, 'Test for backtopage param'); + $this->assertEquals('x3aalert(1)', $result, 'Test for backtopage param'); return $result; }