From 1645ddbe4750718ebc40a8eeae05d30224713c40 Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Mon, 27 Feb 2012 22:26:22 +0100
Subject: [PATCH] Sec: Sanitize all input for ids.
---
htdocs/adherents/agenda.php | 2 +-
htdocs/adherents/card_subscriptions.php | 8 ++++----
htdocs/adherents/document.php | 2 +-
htdocs/adherents/ldap.php | 2 +-
htdocs/adherents/note.php | 2 +-
htdocs/adherents/stats/index.php | 4 ++--
htdocs/admin/dict.php | 10 +++++-----
htdocs/cashdesk/admin/cashdesk.php | 4 ++--
htdocs/cashdesk/index.php | 2 +-
htdocs/cashdesk/index_verif.php | 2 +-
htdocs/cashdesk/tpl/ticket.tpl.php | 2 +-
htdocs/categories/categorie.php | 4 ++--
htdocs/categories/edit.php | 2 +-
htdocs/categories/fiche.php | 2 +-
htdocs/categories/photos.php | 2 +-
htdocs/categories/viewcat.php | 2 +-
htdocs/comm/action/document.php | 2 +-
htdocs/comm/action/fiche.php | 14 +++++++-------
htdocs/comm/action/rapport/index.php | 4 ++--
htdocs/comm/contact.php | 2 +-
htdocs/comm/fiche.php | 2 +-
htdocs/comm/list.php | 2 +-
htdocs/comm/mailing/cibles.php | 2 +-
htdocs/comm/propal.php | 6 +++---
htdocs/comm/propal/apercu.php | 2 +-
htdocs/comm/propal/document.php | 2 +-
htdocs/comm/propal/stats/index.php | 4 ++--
htdocs/comm/prospect/fiche.php | 2 +-
htdocs/comm/remx.php | 4 ++--
htdocs/commande/apercu.php | 2 +-
htdocs/commande/contact.php | 2 +-
htdocs/commande/document.php | 2 +-
htdocs/commande/fiche.php | 8 ++++----
htdocs/commande/index.php | 2 +-
htdocs/commande/liste.php | 2 +-
htdocs/commande/stats/index.php | 4 ++--
htdocs/compta/bank/fiche.php | 4 ++--
htdocs/compta/deplacement/fiche.php | 4 ++--
htdocs/compta/deplacement/index.php | 2 +-
htdocs/compta/deplacement/info.php | 2 +-
htdocs/compta/deplacement/list.php | 2 +-
htdocs/compta/deplacement/stats/index.php | 4 ++--
htdocs/compta/dons/fiche.php | 2 +-
htdocs/compta/facture.php | 4 ++--
htdocs/compta/facture/apercu.php | 2 +-
htdocs/compta/facture/contact.php | 15 +++++++--------
htdocs/compta/facture/document.php | 2 +-
htdocs/compta/facture/fiche-rec.php | 4 ++--
htdocs/compta/facture/stats/index.php | 4 ++--
htdocs/compta/localtax/clients.php | 2 +-
htdocs/compta/paiement.php | 2 +-
htdocs/compta/paiement/cheque/fiche.php | 4 ++--
htdocs/compta/paiement/liste.php | 6 +++---
htdocs/compta/prelevement/bon.php | 2 +-
htdocs/compta/prelevement/bons.php | 2 +-
htdocs/compta/prelevement/demandes.php | 2 +-
htdocs/compta/prelevement/factures.php | 4 ++--
htdocs/compta/prelevement/fiche-rejet.php | 2 +-
htdocs/compta/prelevement/fiche-stat.php | 2 +-
htdocs/compta/prelevement/fiche.php | 2 +-
htdocs/compta/prelevement/index.php | 2 +-
htdocs/compta/prelevement/ligne.php | 4 ++--
htdocs/compta/prelevement/lignes.php | 4 ++--
htdocs/compta/prelevement/liste.php | 2 +-
htdocs/compta/prelevement/rejets.php | 2 +-
htdocs/compta/prelevement/stats.php | 2 +-
htdocs/compta/resultat/clientfourn.php | 2 +-
htdocs/compta/resultat/index.php | 2 +-
htdocs/compta/sociales/charges.php | 4 ++--
htdocs/compta/sociales/document.php | 2 +-
htdocs/compta/sociales/info.php | 4 ++--
htdocs/compta/stats/index.php | 4 ++--
htdocs/compta/tva/clients.php | 2 +-
htdocs/compta/tva/quadri_detail.php | 2 +-
.../canvas/default/tpl/contactcard_edit.tpl.php | 4 ++--
htdocs/contact/fiche.php | 4 ++--
htdocs/contrat/contact.php | 2 +-
htdocs/contrat/fiche.php | 4 ++--
htdocs/contrat/services.php | 4 ++--
htdocs/ecm/index.php | 2 +-
htdocs/expedition/fiche.php | 2 +-
htdocs/fichinter/apercu.php | 2 +-
htdocs/fichinter/contact.php | 2 +-
htdocs/fichinter/document.php | 2 +-
htdocs/fichinter/fiche.php | 4 ++--
htdocs/fichinter/info.php | 2 +-
htdocs/fichinter/list.php | 4 ++--
htdocs/fichinter/note.php | 2 +-
htdocs/fourn/commande/fiche.php | 4 ++--
htdocs/fourn/facture/contact.php | 2 +-
htdocs/fourn/facture/document.php | 2 +-
htdocs/fourn/facture/fiche.php | 2 +-
htdocs/fourn/facture/index.php | 2 +-
htdocs/fourn/facture/note.php | 2 +-
htdocs/fourn/facture/paiement.php | 2 +-
htdocs/fourn/fiche.php | 2 +-
htdocs/fourn/liste.php | 2 +-
htdocs/product/fiche.php | 2 +-
htdocs/product/stats/fiche.php | 2 +-
htdocs/projet/activity/list.php | 2 +-
htdocs/projet/contact.php | 2 +-
htdocs/projet/document.php | 2 +-
htdocs/projet/fiche.php | 2 +-
htdocs/projet/ganttview.php | 2 +-
htdocs/projet/note.php | 2 +-
htdocs/projet/tasks/contact.php | 2 +-
htdocs/projet/tasks/document.php | 2 +-
htdocs/projet/tasks/index.php | 2 +-
htdocs/projet/tasks/note.php | 2 +-
htdocs/projet/tasks/task.php | 4 ++--
htdocs/projet/tasks/time.php | 2 +-
htdocs/societe/agenda.php | 2 +-
htdocs/societe/ajaxcompanies.php | 2 +-
htdocs/societe/document.php | 2 +-
htdocs/societe/lien.php | 2 +-
htdocs/societe/soc.php | 2 +-
htdocs/societe/societe.php | 2 +-
htdocs/user/group/perms.php | 2 +-
test/phpunit/SecurityTest.php | 2 +-
119 files changed, 173 insertions(+), 174 deletions(-)
diff --git a/htdocs/adherents/agenda.php b/htdocs/adherents/agenda.php
index 973762b780c..bd5f0f66894 100644
--- a/htdocs/adherents/agenda.php
+++ b/htdocs/adherents/agenda.php
@@ -37,7 +37,7 @@ $langs->load("members");
$mesg=isset($_GET["mesg"])?'<div class="ok">'.$_GET["mesg"].'</div>':'';
-$id = GETPOST("id");
+$id = GETPOST('id','int');
// Security check
if (! $user->rights->adherent->lire) accessforbidden();
diff --git a/htdocs/adherents/card_subscriptions.php b/htdocs/adherents/card_subscriptions.php
index 4291d998559..a831ec46a2e 100644
--- a/htdocs/adherents/card_subscriptions.php
+++ b/htdocs/adherents/card_subscriptions.php
@@ -141,10 +141,10 @@ if ($action == 'setsocid')
$error=0;
if (! $error)
{
- if (GETPOST("socid") != $adh->fk_soc) // If link differs from currently in database
+ if (GETPOST('socid','int') != $adh->fk_soc) // If link differs from currently in database
{
$sql ="SELECT rowid FROM ".MAIN_DB_PREFIX."adherent";
- $sql.=" WHERE fk_soc = '".GETPOST("socid")."'";
+ $sql.=" WHERE fk_soc = '".GETPOST('socid','int')."'";
$resql = $db->query($sql);
if ($resql)
{
@@ -154,7 +154,7 @@ if ($action == 'setsocid')
$othermember=new Adherent($db);
$othermember->fetch($obj->rowid);
$thirdparty=new Societe($db);
- $thirdparty->fetch(GETPOST("socid"));
+ $thirdparty->fetch(GETPOST('socid','int'));
$error++;
$mesg='<div class="error">'.$langs->trans("ErrorMemberIsAlreadyLinkedToThisThirdParty",$othermember->getFullName($langs),$othermember->login,$thirdparty->name).'</div>';
}
@@ -162,7 +162,7 @@ if ($action == 'setsocid')
if (! $error)
{
- $result=$adh->setThirdPartyId(GETPOST("socid"));
+ $result=$adh->setThirdPartyId(GETPOST('socid','int'));
if ($result < 0) dol_print_error($adh->db,$adh->error);
$_POST['action']='';
$action='';
diff --git a/htdocs/adherents/document.php b/htdocs/adherents/document.php
index c7e596fe1a1..f62b7781be8 100644
--- a/htdocs/adherents/document.php
+++ b/htdocs/adherents/document.php
@@ -37,7 +37,7 @@ $langs->load('other');
$mesg = "";
// Security check
-$id = GETPOST('id');
+$id = GETPOST('id','int');
if ($user->societe_id > 0)
{
$id = $user->societe_id;
diff --git a/htdocs/adherents/ldap.php b/htdocs/adherents/ldap.php
index 5e3456c2cfd..304e0664225 100644
--- a/htdocs/adherents/ldap.php
+++ b/htdocs/adherents/ldap.php
@@ -34,7 +34,7 @@ $langs->load("members");
$langs->load("ldap");
$langs->load("admin");
-$rowid = GETPOST("id");
+$rowid = GETPOST('id','int');
$action = GETPOST('action');
// Protection
diff --git a/htdocs/adherents/note.php b/htdocs/adherents/note.php
index 7a2b9c3aca3..0cae0490222 100644
--- a/htdocs/adherents/note.php
+++ b/htdocs/adherents/note.php
@@ -28,7 +28,7 @@ require_once(DOL_DOCUMENT_ROOT.'/adherents/class/adherent.class.php');
require_once(DOL_DOCUMENT_ROOT."/adherents/class/adherent_type.class.php");
$action=GETPOST('action');
-$id=GETPOST("id");
+$id=GETPOST('id','int');
$langs->load("companies");
$langs->load("members");
diff --git a/htdocs/adherents/stats/index.php b/htdocs/adherents/stats/index.php
index c3486f5aeb1..8c5484d3e92 100644
--- a/htdocs/adherents/stats/index.php
+++ b/htdocs/adherents/stats/index.php
@@ -31,8 +31,8 @@ require_once(DOL_DOCUMENT_ROOT."/core/lib/member.lib.php");
$WIDTH=500;
$HEIGHT=200;
-$userid=GETPOST('userid'); if ($userid < 0) $userid=0;
-$socid=GETPOST('socid'); if ($socid < 0) $socid=0;
+$userid=GETPOST('userid','int'); if ($userid < 0) $userid=0;
+$socid=GETPOST('socid','int'); if ($socid < 0) $socid=0;
// Security check
if ($user->societe_id > 0)
{
diff --git a/htdocs/admin/dict.php b/htdocs/admin/dict.php
index 65f1fc4f64a..3b5baa48d1e 100644
--- a/htdocs/admin/dict.php
+++ b/htdocs/admin/dict.php
@@ -296,7 +296,7 @@ complete_dictionnary_with_modules($taborder,$tabname,$tablib,$tabsql,$tabsqlsort
// Define elementList and sourceList (used for dictionnary "type of contacts")
$elementList = array();
$sourceList=array();
-if (GETPOST("id") == 11)
+if (GETPOST('id','int') == 11)
{
$langs->load("orders");
$langs->load("contracts");
@@ -702,7 +702,7 @@ if ($_GET["id"])
if ($num > $listlimit)
{
print '<tr class="none"><td align="right" colspan="'.(3+count($fieldlist)).'">';
- print_fleche_navigation($page,$_SERVER["PHP_SELF"],'&id='.GETPOST('id'),($num > $listlimit),$langs->trans("Page").' '.($page+1));
+ print_fleche_navigation($page,$_SERVER["PHP_SELF"],'&id='.GETPOST('id','int'),($num > $listlimit),$langs->trans("Page").' '.($page+1));
print '</td></tr>';
}
@@ -737,10 +737,10 @@ if ($_GET["id"])
// Affiche nom du champ
if ($showfield)
{
- print_liste_field_titre($valuetoshow,"dict.php",$fieldlist[$field],($page?'page='.$page.'&':'').'&id='.GETPOST("id"),"","",$sortfield,$sortorder);
+ print_liste_field_titre($valuetoshow,"dict.php",$fieldlist[$field],($page?'page='.$page.'&':'').'&id='.GETPOST('id','int'),"","",$sortfield,$sortorder);
}
}
- print_liste_field_titre($langs->trans("Status"),"dict.php","active",($page?'page='.$page.'&':'').'&id='.GETPOST("id"),"",'align="center"',$sortfield,$sortorder);
+ print_liste_field_titre($langs->trans("Status"),"dict.php","active",($page?'page='.$page.'&':'').'&id='.GETPOST('id','int'),"",'align="center"',$sortfield,$sortorder);
print '<td colspan="2" class="liste_titre"> </td>';
print '</tr>';
@@ -756,7 +756,7 @@ if ($_GET["id"])
{
print '<form action="dict.php" method="post">';
print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
- print '<input type="hidden" name="id" value="'.GETPOST("id").'">';
+ print '<input type="hidden" name="id" value="'.GETPOST('id','int').'">';
print '<input type="hidden" name="page" value="'.$page.'">';
print '<input type="hidden" name="rowid" value="'.$_GET["rowid"].'">';
diff --git a/htdocs/cashdesk/admin/cashdesk.php b/htdocs/cashdesk/admin/cashdesk.php
index 254ea1c6263..8b3bb8a9fcf 100644
--- a/htdocs/cashdesk/admin/cashdesk.php
+++ b/htdocs/cashdesk/admin/cashdesk.php
@@ -49,11 +49,11 @@ if (GETPOST("action") == 'set')
{
$db->begin();
- if (GETPOST("socid") < 0) $_POST["socid"]='';
+ if (GETPOST('socid','int') < 0) $_POST["socid"]='';
/*if (GETPOST("CASHDESK_ID_BANKACCOUNT") < 0) $_POST["CASHDESK_ID_BANKACCOUNT"]='';
if (GETPOST("CASHDESK_ID_WAREHOUSE") < 0) $_POST["CASHDESK_ID_WAREHOUSE"]='';*/
- $res = dolibarr_set_const($db,"CASHDESK_ID_THIRDPARTY",GETPOST("socid"),'chaine',0,'',$conf->entity);
+ $res = dolibarr_set_const($db,"CASHDESK_ID_THIRDPARTY",GETPOST('socid','int'),'chaine',0,'',$conf->entity);
$res = dolibarr_set_const($db,"CASHDESK_ID_BANKACCOUNT_CASH",GETPOST("CASHDESK_ID_BANKACCOUNT_CASH"),'chaine',0,'',$conf->entity);
$res = dolibarr_set_const($db,"CASHDESK_ID_BANKACCOUNT_CHEQUE",GETPOST("CASHDESK_ID_BANKACCOUNT_CHEQUE"),'chaine',0,'',$conf->entity);
$res = dolibarr_set_const($db,"CASHDESK_ID_BANKACCOUNT_CB",GETPOST("CASHDESK_ID_BANKACCOUNT_CB"),'chaine',0,'',$conf->entity);
diff --git a/htdocs/cashdesk/index.php b/htdocs/cashdesk/index.php
index 104532b469d..3f5edb9e290 100644
--- a/htdocs/cashdesk/index.php
+++ b/htdocs/cashdesk/index.php
@@ -93,7 +93,7 @@ print '<td>';
$disabled=0;
$langs->load("companies");
if (! empty($conf->global->CASHDESK_ID_THIRDPARTY)) $disabled=1; // If a particular third party is defined, we disable choice
-print $form->select_company(GETPOST('socid')?GETPOST('socid'):$conf->global->CASHDESK_ID_THIRDPARTY,'socid','s.client in (1,3)',!$disabled,$disabled,1);
+print $form->select_company(GETPOST('socid','int')?GETPOST('socid','int'):$conf->global->CASHDESK_ID_THIRDPARTY,'socid','s.client in (1,3)',!$disabled,$disabled,1);
//print '<input name="warehouse_id" class="texte_login" type="warehouse_id" value="" />';
print '</td>';
print "</tr>\n";
diff --git a/htdocs/cashdesk/index_verif.php b/htdocs/cashdesk/index_verif.php
index 104035ce6e3..50b18218902 100644
--- a/htdocs/cashdesk/index_verif.php
+++ b/htdocs/cashdesk/index_verif.php
@@ -30,7 +30,7 @@ $langs->load("cashdesk");
$username = GETPOST("txtUsername");
$password = GETPOST("pwdPassword");
-$thirdpartyid = (GETPOST("socid")!='')?GETPOST("socid"):$conf->global->CASHDESK_ID_THIRDPARTY;
+$thirdpartyid = (GETPOST('socid','int')!='')?GETPOST('socid','int'):$conf->global->CASHDESK_ID_THIRDPARTY;
$warehouseid = (GETPOST("warehouseid")!='')?GETPOST("warehouseid"):$conf->global->CASHDESK_ID_WAREHOUSE;
// Check username
diff --git a/htdocs/cashdesk/tpl/ticket.tpl.php b/htdocs/cashdesk/tpl/ticket.tpl.php
index af52f517f8d..a3a055ac082 100644
--- a/htdocs/cashdesk/tpl/ticket.tpl.php
+++ b/htdocs/cashdesk/tpl/ticket.tpl.php
@@ -20,7 +20,7 @@ include_once(DOL_DOCUMENT_ROOT.'/compta/facture/class/facture.class.php');
$langs->load("main");
header("Content-type: text/html; charset=".$conf->file->character_set_client);
-$facid=GETPOST('facid');
+$facid=GETPOST('facid','int');
$object=new Facture($db);
$object->fetch($facid);
diff --git a/htdocs/categories/categorie.php b/htdocs/categories/categorie.php
index 5ca949410b6..1a159d03257 100644
--- a/htdocs/categories/categorie.php
+++ b/htdocs/categories/categorie.php
@@ -32,8 +32,8 @@ require_once(DOL_DOCUMENT_ROOT."/categories/class/categorie.class.php");
$langs->load("categories");
$langs->load("products");
-$socid = GETPOST('socid');
-$id = GETPOST('id');
+$socid = GETPOST('socid','int');
+$id = GETPOST('id','int');
$ref = GETPOST('ref');
$type = GETPOST('type');
$mesg = GETPOST('mesg');
diff --git a/htdocs/categories/edit.php b/htdocs/categories/edit.php
index efc432e7f94..ca82944a32a 100644
--- a/htdocs/categories/edit.php
+++ b/htdocs/categories/edit.php
@@ -28,7 +28,7 @@ require("../main.inc.php");
require_once(DOL_DOCUMENT_ROOT."/categories/class/categorie.class.php");
-$id=GETPOST('id');
+$id=GETPOST('id','int');
$ref=GETPOST('ref');
$type=GETPOST('type');
$action=GETPOST('action');
diff --git a/htdocs/categories/fiche.php b/htdocs/categories/fiche.php
index 893afea90e3..727524f7521 100644
--- a/htdocs/categories/fiche.php
+++ b/htdocs/categories/fiche.php
@@ -31,7 +31,7 @@ $langs->load("categories");
// Security check
-$socid=GETPOST('socid');
+$socid=GETPOST('socid','int');
if (!$user->rights->categorie->lire) accessforbidden();
$action = GETPOST('action');
diff --git a/htdocs/categories/photos.php b/htdocs/categories/photos.php
index 76f65ac07a0..747d2c92a5b 100644
--- a/htdocs/categories/photos.php
+++ b/htdocs/categories/photos.php
@@ -35,7 +35,7 @@ $langs->load("bills");
$mesg = '';
-$id=GETPOST('id');
+$id=GETPOST('id','int');
$ref=GETPOST('ref');
$type=GETPOST('type');
$action=GETPOST('action');
diff --git a/htdocs/categories/viewcat.php b/htdocs/categories/viewcat.php
index 88f5dcec269..5efa8c9ecec 100644
--- a/htdocs/categories/viewcat.php
+++ b/htdocs/categories/viewcat.php
@@ -31,7 +31,7 @@ require_once(DOL_DOCUMENT_ROOT."/core/lib/categories.lib.php");
$langs->load("categories");
$mesg = '';
-$id=GETPOST('id');
+$id=GETPOST('id','int');
$ref=GETPOST('ref');
$type=GETPOST('type');
$action=GETPOST('action');
diff --git a/htdocs/comm/action/document.php b/htdocs/comm/action/document.php
index 88fa0f440ea..9993faac02b 100755
--- a/htdocs/comm/action/document.php
+++ b/htdocs/comm/action/document.php
@@ -40,7 +40,7 @@ $langs->load("other");
$langs->load("bills");
if (isset($_GET["error"])) $error=$_GET["error"];
-$objectid = GETPOST("id");
+$objectid = GETPOST('id','int');
// Security check
if ($user->societe_id > 0)
diff --git a/htdocs/comm/action/fiche.php b/htdocs/comm/action/fiche.php
index 2951f701c77..023a12b1fee 100644
--- a/htdocs/comm/action/fiche.php
+++ b/htdocs/comm/action/fiche.php
@@ -153,10 +153,10 @@ if ($action == 'add_action')
$actioncomm->note = trim($_POST["note"]);
if (isset($_POST["contactid"])) $actioncomm->contact = $contact;
- if (GETPOST("socid") > 0)
+ if (GETPOST('socid','int') > 0)
{
$societe = new Societe($db);
- $societe->fetch(GETPOST("socid"));
+ $societe->fetch(GETPOST('socid','int'));
$actioncomm->societe = $societe;
}
@@ -508,12 +508,12 @@ if ($action == 'create')
// Societe, contact
print '<tr><td width="30%" nowrap="nowrap">'.$langs->trans("ActionOnCompany").'</td><td>';
- if (GETPOST("socid") > 0)
+ if (GETPOST('socid','int') > 0)
{
$societe = new Societe($db);
- $societe->fetch(GETPOST("socid"));
+ $societe->fetch(GETPOST('socid','int'));
print $societe->getNomUrl(1);
- print '<input type="hidden" name="socid" value="'.GETPOST("socid").'">';
+ print '<input type="hidden" name="socid" value="'.GETPOST('socid','int').'">';
}
else
{
@@ -522,10 +522,10 @@ if ($action == 'create')
print '</td></tr>';
// If company is forced, we propose contacts (may be contact is also forced)
- if (GETPOST("contactid") > 0 || GETPOST("socid") > 0)
+ if (GETPOST("contactid") > 0 || GETPOST('socid','int') > 0)
{
print '<tr><td nowrap>'.$langs->trans("ActionOnContact").'</td><td>';
- $form->select_contacts(GETPOST("socid"),GETPOST('contactid'),'contactid',1);
+ $form->select_contacts(GETPOST('socid','int'),GETPOST('contactid'),'contactid',1);
print '</td></tr>';
}
diff --git a/htdocs/comm/action/rapport/index.php b/htdocs/comm/action/rapport/index.php
index 25d0403f3c4..57c23879b45 100644
--- a/htdocs/comm/action/rapport/index.php
+++ b/htdocs/comm/action/rapport/index.php
@@ -40,7 +40,7 @@ if (! $sortorder) $sortorder="DESC";
if (! $sortfield) $sortfield="a.datep";
// Security check
-$socid = GETPOST("socid");
+$socid = GETPOST('socid','int');
if ($user->societe_id) $socid=$user->societe_id;
$result = restrictedArea($user, 'agenda', $socid, '', 'myactions');
@@ -53,7 +53,7 @@ $langs->load("commercial");
if ($_GET["action"] == 'builddoc')
{
$cat = new CommActionRapport($db, $_GET["month"], $_GET["year"]);
- $result=$cat->write_file(GETPOST("id"));
+ $result=$cat->write_file(GETPOST('id','int'));
if ($result < 0)
{
$mesg=$cat->error;
diff --git a/htdocs/comm/contact.php b/htdocs/comm/contact.php
index 38c9c4bed4c..38c20e438a6 100644
--- a/htdocs/comm/contact.php
+++ b/htdocs/comm/contact.php
@@ -40,7 +40,7 @@ $offset = $limit * $page ;
$type=$_GET["type"];
// Security check
-$socid = GETPOST('socid');
+$socid = GETPOST('socid','int');
if ($user->societe_id) $socid=$user->societe_id;
$result = restrictedArea($user, 'societe',$socid,'');
diff --git a/htdocs/comm/fiche.php b/htdocs/comm/fiche.php
index 56e78a0f523..cc83e426ca0 100644
--- a/htdocs/comm/fiche.php
+++ b/htdocs/comm/fiche.php
@@ -49,7 +49,7 @@ if ($conf->notification->enabled) $langs->load("mails");
if (!empty($conf->global->MAIN_MODULE_CHRONODOCS)) $langs->load("chronodocs");
// Security check
-$id = (GETPOST('socid','int') ? GETPOST('socid','int') : GETPOST('id'));
+$id = (GETPOST('socid','int') ? GETPOST('socid','int') : GETPOST('id','int'));
if ($user->societe_id > 0) $id=$user->societe_id;
$result = restrictedArea($user,'societe',$id,'&societe');
diff --git a/htdocs/comm/list.php b/htdocs/comm/list.php
index 0c47814e6f1..b636c8bd3b7 100755
--- a/htdocs/comm/list.php
+++ b/htdocs/comm/list.php
@@ -32,7 +32,7 @@ $langs->load("suppliers");
$langs->load("commercial");
// Security check
-$socid = GETPOST("socid");
+$socid = GETPOST('socid','int');
if ($user->societe_id) $socid=$user->societe_id;
$result = restrictedArea($user,'societe',$socid,'');
diff --git a/htdocs/comm/mailing/cibles.php b/htdocs/comm/mailing/cibles.php
index 45092f15267..01cd0bd4347 100644
--- a/htdocs/comm/mailing/cibles.php
+++ b/htdocs/comm/mailing/cibles.php
@@ -47,7 +47,7 @@ $pagenext = $page + 1;
if (! $sortorder) $sortorder="ASC";
if (! $sortfield) $sortfield="email";
-$id=GETPOST('rowid')?GETPOST('rowid'):GETPOST('id');
+$id=GETPOST('rowid')?GETPOST('rowid'):GETPOST('id','int');
$action=GETPOST("action");
$search_nom=GETPOST("search_nom");
$search_prenom=GETPOST("search_prenom");
diff --git a/htdocs/comm/propal.php b/htdocs/comm/propal.php
index cab31680ba3..4310a9de860 100644
--- a/htdocs/comm/propal.php
+++ b/htdocs/comm/propal.php
@@ -1080,7 +1080,7 @@ if ($id > 0 || ! empty($ref))
//'text' => $langs->trans("ConfirmClone"),
//array('type' => 'checkbox', 'name' => 'clone_content', 'label' => $langs->trans("CloneMainAttributes"), 'value' => 1),
//array('type' => 'checkbox', 'name' => 'update_prices', 'label' => $langs->trans("PuttingPricesUpToDate"), 'value' => 1),
- array('type' => 'other', 'name' => 'socid', 'label' => $langs->trans("SelectThirdParty"), 'value' => $form->select_company(GETPOST('socid'),'socid','(s.client=1 OR s.client=3)'))
+ array('type' => 'other', 'name' => 'socid', 'label' => $langs->trans("SelectThirdParty"), 'value' => $form->select_company(GETPOST('socid','int'),'socid','(s.client=1 OR s.client=3)'))
);
// Paiement incomplet. On demande si motif = escompte ou autre
$formconfirm=$form->formconfirm($_SERVER["PHP_SELF"].'?id='.$object->id,$langs->trans('ClonePropal'),$langs->trans('ConfirmClonePropal',$object->ref),'confirm_clone',$formquestion,'yes',1);
@@ -1352,11 +1352,11 @@ if ($id > 0 || ! empty($ref))
if ($action == 'editdelivery_address')
{
- $formother->form_address($_SERVER['PHP_SELF'].'?id='.$object->id,$object->fk_delivery_address,GETPOST('socid'),'fk_address','propal',$object->id);
+ $formother->form_address($_SERVER['PHP_SELF'].'?id='.$object->id,$object->fk_delivery_address,GETPOST('socid','int'),'fk_address','propal',$object->id);
}
else
{
- $formother->form_address($_SERVER['PHP_SELF'].'?id='.$object->id,$object->fk_delivery_address,GETPOST('socid'),'none','propal',$object->id);
+ $formother->form_address($_SERVER['PHP_SELF'].'?id='.$object->id,$object->fk_delivery_address,GETPOST('socid','int'),'none','propal',$object->id);
}
print '</td></tr>';
}
diff --git a/htdocs/comm/propal/apercu.php b/htdocs/comm/propal/apercu.php
index 56a0c9c06de..ea03bf2875a 100644
--- a/htdocs/comm/propal/apercu.php
+++ b/htdocs/comm/propal/apercu.php
@@ -37,7 +37,7 @@ $langs->load('compta');
// Security check
$socid=0;
-$id = GETPOST("id");
+$id = GETPOST('id','int');
$ref = GETPOST("ref");
if ($user->societe_id) $socid=$user->societe_id;
$result = restrictedArea($user, 'propale', $id, 'propal');
diff --git a/htdocs/comm/propal/document.php b/htdocs/comm/propal/document.php
index 56f8fd581fa..30592f90426 100644
--- a/htdocs/comm/propal/document.php
+++ b/htdocs/comm/propal/document.php
@@ -35,7 +35,7 @@ $langs->load('other');
$action = GETPOST('action');
$confirm = GETPOST('confirm');
-$id = GETPOST('id');
+$id = GETPOST('id','int');
$ref = GETPOST('ref');
// Security check
diff --git a/htdocs/comm/propal/stats/index.php b/htdocs/comm/propal/stats/index.php
index 7dcff4a5b54..408abed65cf 100644
--- a/htdocs/comm/propal/stats/index.php
+++ b/htdocs/comm/propal/stats/index.php
@@ -30,8 +30,8 @@ require_once(DOL_DOCUMENT_ROOT."/core/class/dolgraph.class.php");
$WIDTH=500;
$HEIGHT=200;
-$userid=GETPOST('userid'); if ($userid < 0) $userid=0;
-$socid=GETPOST('socid'); if ($socid < 0) $socid=0;
+$userid=GETPOST('userid','int'); if ($userid < 0) $userid=0;
+$socid=GETPOST('socid','int'); if ($socid < 0) $socid=0;
// Security check
if ($user->societe_id > 0)
{
diff --git a/htdocs/comm/prospect/fiche.php b/htdocs/comm/prospect/fiche.php
index db6a493c54e..020cc203f10 100644
--- a/htdocs/comm/prospect/fiche.php
+++ b/htdocs/comm/prospect/fiche.php
@@ -37,7 +37,7 @@ $langs->load('projects');
$langs->load('propal');
// Security check
-$socid = GETPOST("socid");
+$socid = GETPOST('socid','int');
if ($user->societe_id) $socid=$user->societe_id;
$result = restrictedArea($user, 'societe', $socid, '&societe');
diff --git a/htdocs/comm/remx.php b/htdocs/comm/remx.php
index 42bac50817f..828d231d3b8 100644
--- a/htdocs/comm/remx.php
+++ b/htdocs/comm/remx.php
@@ -36,7 +36,7 @@ $action=GETPOST('action','alpha');
$backtopage=GETPOST('backtopage','alpha');
// Security check
-$socid = GETPOST("id");
+$socid = GETPOST('id','int');
if ($user->societe_id > 0)
{
$socid = $user->societe_id;
@@ -189,7 +189,7 @@ if (GETPOST("action") == 'confirm_remove' && GETPOST("confirm")=='yes')
if ($result > 0)
{
$db->commit();
- header("Location: ".$_SERVER["PHP_SELF"].'?id='.GETPOST('id')); // To avoid pb whith back
+ header("Location: ".$_SERVER["PHP_SELF"].'?id='.GETPOST('id','int')); // To avoid pb whith back
exit;
}
else
diff --git a/htdocs/commande/apercu.php b/htdocs/commande/apercu.php
index 70561e6b8d4..0407eced627 100644
--- a/htdocs/commande/apercu.php
+++ b/htdocs/commande/apercu.php
@@ -40,7 +40,7 @@ $langs->load('sendings');
// Security check
$socid=0;
-$id = GETPOST("id");
+$id = GETPOST('id','int');
$ref = GETPOST("ref");
if ($user->societe_id) $socid=$user->societe_id;
$result=restrictedArea($user,'commande',$id,'');
diff --git a/htdocs/commande/contact.php b/htdocs/commande/contact.php
index 966e2c660fc..828dc7c0a26 100644
--- a/htdocs/commande/contact.php
+++ b/htdocs/commande/contact.php
@@ -79,7 +79,7 @@ if ($_POST["action"] == 'addcontact' && $user->rights->commande->creer)
if ($_GET["action"] == 'swapstatut' && $user->rights->commande->creer)
{
$commande = new Commande($db);
- if ($commande->fetch(GETPOST("id")))
+ if ($commande->fetch(GETPOST('id','int')))
{
$result=$commande->swapContactStatus(GETPOST('ligne'));
}
diff --git a/htdocs/commande/document.php b/htdocs/commande/document.php
index e2b9f431043..f4838e1663e 100644
--- a/htdocs/commande/document.php
+++ b/htdocs/commande/document.php
@@ -36,7 +36,7 @@ $langs->load('other');
$action = GETPOST('action');
$confirm = GETPOST('confirm');
-$id = GETPOST('id');
+$id = GETPOST('id','int');
$ref = GETPOST('ref');
// Security check
diff --git a/htdocs/commande/fiche.php b/htdocs/commande/fiche.php
index f8b2a4049cf..a8383c52d55 100644
--- a/htdocs/commande/fiche.php
+++ b/htdocs/commande/fiche.php
@@ -51,9 +51,9 @@ $langs->load('propal');
$langs->load('deliveries');
$langs->load('products');
-$id = (GETPOST("id")?GETPOST("id"):GETPOST("orderid"));
+$id = (GETPOST('id','int')?GETPOST('id','int'):GETPOST("orderid"));
$ref = GETPOST('ref');
-$socid = GETPOST('socid');
+$socid = GETPOST('socid','int');
$action = GETPOST('action');
$confirm = GETPOST('confirm');
$lineid = GETPOST('lineid');
@@ -191,7 +191,7 @@ if ($action == 'add' && $user->rights->commande->creer)
$datecommande = dol_mktime(12, 0, 0, $_POST['remonth'], $_POST['reday'], $_POST['reyear']);
$datelivraison = dol_mktime(12, 0, 0, $_POST['liv_month'],$_POST['liv_day'],$_POST['liv_year']);
- $object->socid=GETPOST('socid');
+ $object->socid=GETPOST('socid','int');
$object->fetch_thirdparty();
$db->begin();
@@ -1652,7 +1652,7 @@ else
//'text' => $langs->trans("ConfirmClone"),
//array('type' => 'checkbox', 'name' => 'clone_content', 'label' => $langs->trans("CloneMainAttributes"), 'value' => 1),
//array('type' => 'checkbox', 'name' => 'update_prices', 'label' => $langs->trans("PuttingPricesUpToDate"), 'value' => 1),
- array('type' => 'other', 'name' => 'socid', 'label' => $langs->trans("SelectThirdParty"), 'value' => $form->select_company(GETPOST('socid'),'socid','(s.client=1 OR s.client=3)'))
+ array('type' => 'other', 'name' => 'socid', 'label' => $langs->trans("SelectThirdParty"), 'value' => $form->select_company(GETPOST('socid','int'),'socid','(s.client=1 OR s.client=3)'))
);
// Paiement incomplet. On demande si motif = escompte ou autre
$formconfirm=$form->formconfirm($_SERVER["PHP_SELF"].'?id='.$object->id,$langs->trans('CloneOrder'),$langs->trans('ConfirmCloneOrder',$object->ref),'confirm_clone',$formquestion,'yes',1);
diff --git a/htdocs/commande/index.php b/htdocs/commande/index.php
index 94946d75c65..d70aaf52af1 100644
--- a/htdocs/commande/index.php
+++ b/htdocs/commande/index.php
@@ -33,7 +33,7 @@ if (!$user->rights->commande->lire) accessforbidden();
$langs->load("orders");
// Security check
-$socid=GETPOST('socid');
+$socid=GETPOST('socid','int');
if ($user->societe_id > 0)
{
$action = '';
diff --git a/htdocs/commande/liste.php b/htdocs/commande/liste.php
index 6ffe19b3df9..d628610b94c 100644
--- a/htdocs/commande/liste.php
+++ b/htdocs/commande/liste.php
@@ -44,7 +44,7 @@ $sall=GETPOST('sall');
$socid=GETPOST('socid','int');
// Security check
-$id = (GETPOST('orderid')?GETPOST('orderid'):GETPOST('id'));
+$id = (GETPOST('orderid')?GETPOST('orderid'):GETPOST('id','int'));
if ($user->societe_id) $socid=$user->societe_id;
$result = restrictedArea($user, 'commande', $id,'');
diff --git a/htdocs/commande/stats/index.php b/htdocs/commande/stats/index.php
index 57ce188be25..6ef7e808126 100644
--- a/htdocs/commande/stats/index.php
+++ b/htdocs/commande/stats/index.php
@@ -34,8 +34,8 @@ $mode=GETPOST("mode")?GETPOST("mode"):'customer';
if ($mode == 'customer' && ! $user->rights->commande->lire) accessforbidden();
if ($mode == 'supplier' && ! $user->rights->fournisseur->commande->lire) accessforbidden();
-$userid=GETPOST('userid'); if ($userid < 0) $userid=0;
-$socid=GETPOST('socid'); if ($socid < 0) $socid=0;
+$userid=GETPOST('userid','int'); if ($userid < 0) $userid=0;
+$socid=GETPOST('socid','int'); if ($socid < 0) $socid=0;
// Security check
if ($user->societe_id > 0)
{
diff --git a/htdocs/compta/bank/fiche.php b/htdocs/compta/bank/fiche.php
index 5a57bef27b7..f61d78641bb 100644
--- a/htdocs/compta/bank/fiche.php
+++ b/htdocs/compta/bank/fiche.php
@@ -468,10 +468,10 @@ else
/* */
/* ************************************************************************** */
- if (GETPOST("id") && $action == 'edit' && $user->rights->banque->configurer)
+ if (GETPOST('id','int') && $action == 'edit' && $user->rights->banque->configurer)
{
$account = new Account($db);
- $account->fetch(GETPOST("id"));
+ $account->fetch(GETPOST('id','int'));
print_fiche_titre($langs->trans("EditFinancialAccount"));
print "<br>";
diff --git a/htdocs/compta/deplacement/fiche.php b/htdocs/compta/deplacement/fiche.php
index fce385ea57e..66680ef089d 100644
--- a/htdocs/compta/deplacement/fiche.php
+++ b/htdocs/compta/deplacement/fiche.php
@@ -36,7 +36,7 @@ $langs->load("trips");
// Security check
-$id = GETPOST('id');
+$id = GETPOST('id','int');
if ($user->societe_id) $socid=$user->societe_id;
$result = restrictedArea($user, 'deplacement', $id,'');
@@ -287,7 +287,7 @@ if ($action == 'create')
// Company
print "<tr>";
print '<td>'.$langs->trans("CompanyVisited").'</td><td>';
- print $form->select_company(GETPOST("socid"),'socid','',1);
+ print $form->select_company(GETPOST('socid','int'),'socid','',1);
print '</td></tr>';
// Public note
diff --git a/htdocs/compta/deplacement/index.php b/htdocs/compta/deplacement/index.php
index 273e27bec66..1fe0e9549ac 100644
--- a/htdocs/compta/deplacement/index.php
+++ b/htdocs/compta/deplacement/index.php
@@ -32,7 +32,7 @@ $langs->load("users");
$langs->load("trips");
// Security check
-$socid = GETPOST('socid');
+$socid = GETPOST('socid','int');
if ($user->societe_id) $socid=$user->societe_id;
$result = restrictedArea($user, 'deplacement','','');
diff --git a/htdocs/compta/deplacement/info.php b/htdocs/compta/deplacement/info.php
index 7dee9417339..1d0874af388 100644
--- a/htdocs/compta/deplacement/info.php
+++ b/htdocs/compta/deplacement/info.php
@@ -30,7 +30,7 @@ require_once(DOL_DOCUMENT_ROOT."/compta/deplacement/class/deplacement.class.php"
$langs->load("trips");
// Security check
-$id = GETPOST('id');
+$id = GETPOST('id','int');
if ($user->societe_id) $socid=$user->societe_id;
$result = restrictedArea($user, 'deplacement', $id, '');
diff --git a/htdocs/compta/deplacement/list.php b/htdocs/compta/deplacement/list.php
index bd3ffc66e36..cc3d4542316 100755
--- a/htdocs/compta/deplacement/list.php
+++ b/htdocs/compta/deplacement/list.php
@@ -32,7 +32,7 @@ $langs->load("users");
$langs->load("trips");
// Security check
-$socid = GETPOST('socid');
+$socid = GETPOST('socid','int');
if ($user->societe_id) $socid=$user->societe_id;
$result = restrictedArea($user, 'deplacement','','');
diff --git a/htdocs/compta/deplacement/stats/index.php b/htdocs/compta/deplacement/stats/index.php
index d9847f8cb52..d07f816f1bc 100755
--- a/htdocs/compta/deplacement/stats/index.php
+++ b/htdocs/compta/deplacement/stats/index.php
@@ -31,8 +31,8 @@ $langs->load("trips");
$WIDTH=500;
$HEIGHT=200;
-$userid=GETPOST('userid'); if ($userid < 0) $userid=0;
-$socid=GETPOST('socid'); if ($socid < 0) $socid=0;
+$userid=GETPOST('userid','int'); if ($userid < 0) $userid=0;
+$socid=GETPOST('socid','int'); if ($socid < 0) $socid=0;
// Securite acces client
if ($user->societe_id > 0)
{
diff --git a/htdocs/compta/dons/fiche.php b/htdocs/compta/dons/fiche.php
index 5ee0351d559..5ee0ae1c95b 100644
--- a/htdocs/compta/dons/fiche.php
+++ b/htdocs/compta/dons/fiche.php
@@ -34,7 +34,7 @@ $langs->load("companies");
$langs->load("donations");
$langs->load("bills");
-$id=GETPOST('rowid')?GETPOST('rowid'):GETPOST('id');
+$id=GETPOST('rowid')?GETPOST('rowid'):GETPOST('id','int');
$action=GETPOST('action');
$mesg="";
diff --git a/htdocs/compta/facture.php b/htdocs/compta/facture.php
index 33ef351b0f8..e608d07d1a9 100644
--- a/htdocs/compta/facture.php
+++ b/htdocs/compta/facture.php
@@ -53,7 +53,7 @@ if (GETPOST('mesg','int',1) && isset($_SESSION['message'])) $mesg=$_SESSION['mes
$sall=trim(GETPOST('sall'));
$projectid=(GETPOST('projectid')?GETPOST('projectid','int'):0);
-$id=(GETPOST('id')?GETPOST('id','int'):GETPOST('facid','int')); // For backward compatibility
+$id=(GETPOST('id','int')?GETPOST('id','int'):GETPOST('facid','int')); // For backward compatibility
$ref=GETPOST('ref','alpha');
$socid=GETPOST('socid','int');
$action=GETPOST('action','alpha');
@@ -558,7 +558,7 @@ if ($action == 'confirm_converttoreduc' && $confirm == 'yes' && $user->rights->f
*/
if ($action == 'add' && $user->rights->facture->creer)
{
- $object->socid=GETPOST('socid');
+ $object->socid=GETPOST('socid','int');
$db->begin();
diff --git a/htdocs/compta/facture/apercu.php b/htdocs/compta/facture/apercu.php
index 6c07791e272..f29038bf0d3 100644
--- a/htdocs/compta/facture/apercu.php
+++ b/htdocs/compta/facture/apercu.php
@@ -36,7 +36,7 @@ $langs->load("bills");
// Security check
$socid=0;
-$id = GETPOST("facid");
+$id = GETPOST('facid','int');
$ref = GETPOST("ref");
if ($user->societe_id) $socid=$user->societe_id;
$result = restrictedArea($user, 'facture', $id);
diff --git a/htdocs/compta/facture/contact.php b/htdocs/compta/facture/contact.php
index 410cfcff75e..8e34d0aa48f 100644
--- a/htdocs/compta/facture/contact.php
+++ b/htdocs/compta/facture/contact.php
@@ -32,7 +32,9 @@ require_once(DOL_DOCUMENT_ROOT.'/core/class/html.formcompany.class.php');
$langs->load("bills");
$langs->load("companies");
-$facid = isset($_GET["facid"])?$_GET["facid"]:'';
+$facid = GETPOST('facid');
+$id = GETPOST('facid');
+$ref= GETPOST('ref');
// Security check
if ($user->societe_id) $socid=$user->societe_id;
@@ -45,12 +47,11 @@ $result = restrictedArea($user, 'facture', $facid);
if ($_POST["action"] == 'addcontact' && $user->rights->facture->creer)
{
-
$result = 0;
$facture = new Facture($db);
- $result = $facture->fetch($_GET["facid"]);
+ $result = $facture->fetch($facid);
- if ($result > 0 && $_GET["facid"] > 0)
+ if ($result > 0 && $facid > 0)
{
$result = $facture->add_contact($_POST["contactid"], $_POST["type"], $_POST["source"]);
}
@@ -78,7 +79,7 @@ if ($_POST["action"] == 'addcontact' && $user->rights->facture->creer)
if ($_GET["action"] == 'swapstatut' && $user->rights->facture->creer)
{
$facture = new Facture($db);
- if ($facture->fetch(GETPOST("facid")))
+ if ($facture->fetch($facid))
{
$result=$facture->swapContactStatus(GETPOST('ligne'));
}
@@ -92,7 +93,7 @@ if ($_GET["action"] == 'swapstatut' && $user->rights->facture->creer)
if ($_GET["action"] == 'deleteline' && $user->rights->facture->creer)
{
$facture = new Facture($db);
- $facture->fetch($_GET["facid"]);
+ $facture->fetch($facid);
$result = $facture->delete_contact($_GET["lineid"]);
if ($result >= 0)
@@ -125,8 +126,6 @@ $userstatic=new User($db);
/* *************************************************************************** */
dol_htmloutput_mesg($mesg);
-$id = $_GET['facid'];
-$ref= $_GET['ref'];
if ($id > 0 || ! empty($ref))
{
$facture = new Facture($db);
diff --git a/htdocs/compta/facture/document.php b/htdocs/compta/facture/document.php
index 720d37f7772..d76b6fc4b2d 100644
--- a/htdocs/compta/facture/document.php
+++ b/htdocs/compta/facture/document.php
@@ -39,7 +39,7 @@ $langs->load("bills");
$action = GETPOST('action');
$confirm = GETPOST('confirm');
-$id = GETPOST('facid');
+$id = GETPOST('facid','int');
$ref = GETPOST('ref');
// Security check
diff --git a/htdocs/compta/facture/fiche-rec.php b/htdocs/compta/facture/fiche-rec.php
index 36f8777f234..2960624597a 100644
--- a/htdocs/compta/facture/fiche-rec.php
+++ b/htdocs/compta/facture/fiche-rec.php
@@ -31,7 +31,7 @@ require_once(DOL_DOCUMENT_ROOT."/product/class/product.class.php");
$langs->load('bills');
// Security check
-$facid=GETPOST("facid");
+$facid=GETPOST('facid','int');
$action=GETPOST("action");
if ($user->societe_id) $socid=$user->societe_id;
$objecttype = 'facture_rec';
@@ -81,7 +81,7 @@ if ($_POST["action"] == 'add')
if ($_REQUEST["action"] == 'delete' && $user->rights->facture->supprimer)
{
$facrec = new FactureRec($db);
- $facrec->fetch(GETPOST("facid"));
+ $facrec->fetch(GETPOST('facid','int'));
$facrec->delete();
$facid = 0 ;
}
diff --git a/htdocs/compta/facture/stats/index.php b/htdocs/compta/facture/stats/index.php
index 54dc1244aeb..3b579f6e56f 100644
--- a/htdocs/compta/facture/stats/index.php
+++ b/htdocs/compta/facture/stats/index.php
@@ -33,8 +33,8 @@ $mode=GETPOST("mode")?GETPOST("mode"):'customer';
if ($mode == 'customer' && ! $user->rights->facture->lire) accessforbidden();
if ($mode == 'supplier' && ! $user->rights->fournisseur->facture->lire) accessforbidden();
-$userid=GETPOST('userid'); if ($userid < 0) $userid=0;
-$socid=GETPOST('socid'); if ($socid < 0) $socid=0;
+$userid=GETPOST('userid','int'); if ($userid < 0) $userid=0;
+$socid=GETPOST('socid','int'); if ($socid < 0) $socid=0;
// Security check
if ($user->societe_id > 0)
{
diff --git a/htdocs/compta/localtax/clients.php b/htdocs/compta/localtax/clients.php
index ce0dbf389d8..bea4c61aec4 100644
--- a/htdocs/compta/localtax/clients.php
+++ b/htdocs/compta/localtax/clients.php
@@ -75,7 +75,7 @@ $modetax = $conf->global->TAX_MODE;
if (isset($_REQUEST["modetax"])) $modetax=$_REQUEST["modetax"];
// Security check
-$socid = GETPOST("socid");
+$socid = GETPOST('socid','int');
if ($user->societe_id) $socid=$user->societe_id;
$result = restrictedArea($user, 'tax', '', '', 'charges');
diff --git a/htdocs/compta/paiement.php b/htdocs/compta/paiement.php
index 95658793d12..7d8caf6e69c 100644
--- a/htdocs/compta/paiement.php
+++ b/htdocs/compta/paiement.php
@@ -37,7 +37,7 @@ $langs->load('banks');
$action = GETPOST('action');
$confirm = GETPOST('confirm');
-$facid = GETPOST('facid');
+$facid = GETPOST('facid','int');
$socname = GETPOST('socname');
$accountid = GETPOST('accountid');
$paymentnum = GETPOST('num_paiement');
diff --git a/htdocs/compta/paiement/cheque/fiche.php b/htdocs/compta/paiement/cheque/fiche.php
index a67c000f748..6c49ce2a582 100644
--- a/htdocs/compta/paiement/cheque/fiche.php
+++ b/htdocs/compta/paiement/cheque/fiche.php
@@ -35,7 +35,7 @@ $langs->load('banks');
$langs->load('companies');
$langs->load('compta');
-$id =GETPOST("id");
+$id =GETPOST('id','int');
$ref=GETPOST("ref");
$action=GETPOST('action');
@@ -67,7 +67,7 @@ $filteraccountid=GETPOST('accountid');
if ($action == 'setdate' && $user->rights->banque->cheque)
{
$remisecheque = new RemiseCheque($db);
- $result = $remisecheque->fetch(GETPOST('id'));
+ $result = $remisecheque->fetch(GETPOST('id','int'));
if ($result > 0)
{
//print "x ".$_POST['liv_month'].", ".$_POST['liv_day'].", ".$_POST['liv_year'];
diff --git a/htdocs/compta/paiement/liste.php b/htdocs/compta/paiement/liste.php
index ddc95aa5642..b7c53db2c67 100644
--- a/htdocs/compta/paiement/liste.php
+++ b/htdocs/compta/paiement/liste.php
@@ -30,9 +30,9 @@ require_once(DOL_DOCUMENT_ROOT.'/compta/bank/class/account.class.php');
$langs->load("bills");
// Security check
-$facid =GETPOST("facid");
-$socid =GETPOST("socid");
-$userid=GETPOST('userid');
+$facid =GETPOST('facid','int');
+$socid =GETPOST('socid','int');
+$userid=GETPOST('userid','int');
if ($user->societe_id) $socid=$user->societe_id;
$result = restrictedArea($user, 'facture',$facid,'');
diff --git a/htdocs/compta/prelevement/bon.php b/htdocs/compta/prelevement/bon.php
index 67d7baee6ef..4a42b1fb08e 100644
--- a/htdocs/compta/prelevement/bon.php
+++ b/htdocs/compta/prelevement/bon.php
@@ -33,7 +33,7 @@ $langs->load("categories");
// Security check
$socid=0;
-$id = GETPOST("id");
+$id = GETPOST('id','int');
$ref = GETPOST("ref");
if ($user->societe_id) $socid=$user->societe_id;
$result = restrictedArea($user, 'prelevement', $id);
diff --git a/htdocs/compta/prelevement/bons.php b/htdocs/compta/prelevement/bons.php
index ff656c9857e..4cfbbf0a481 100644
--- a/htdocs/compta/prelevement/bons.php
+++ b/htdocs/compta/prelevement/bons.php
@@ -31,7 +31,7 @@ $langs->load("widthdrawals");
$langs->load("categories");
// Security check
-$socid = GETPOST("socid");
+$socid = GETPOST('socid','int');
if ($user->societe_id) $socid=$user->societe_id;
$result = restrictedArea($user, 'prelevement','','','bons');
diff --git a/htdocs/compta/prelevement/demandes.php b/htdocs/compta/prelevement/demandes.php
index 82ab1bb4402..4038446afb1 100644
--- a/htdocs/compta/prelevement/demandes.php
+++ b/htdocs/compta/prelevement/demandes.php
@@ -32,7 +32,7 @@ $langs->load("companies");
$langs->load("categories");
// Security check
-$socid = GETPOST("socid");
+$socid = GETPOST('socid','int');
if ($user->societe_id) $socid=$user->societe_id;
$result = restrictedArea($user, 'prelevement','','','bons');
diff --git a/htdocs/compta/prelevement/factures.php b/htdocs/compta/prelevement/factures.php
index 58fe3761db9..67e47420061 100644
--- a/htdocs/compta/prelevement/factures.php
+++ b/htdocs/compta/prelevement/factures.php
@@ -37,8 +37,8 @@ $langs->load("categories");
if ($user->societe_id > 0) accessforbidden();
// Get supervariables
-$prev_id = GETPOST("id");
-$socid = GETPOST("socid");
+$prev_id = GETPOST('id','int');
+$socid = GETPOST('socid','int');
$page = GETPOST("page");
$sortorder = ((GETPOST("sortorder")=="")) ? "DESC" : GETPOST("sortorder");
$sortfield = ((GETPOST("sortfield")=="")) ? "p.ref" : GETPOST("sortfield");
diff --git a/htdocs/compta/prelevement/fiche-rejet.php b/htdocs/compta/prelevement/fiche-rejet.php
index 0fb5e55cf77..f3ad78b9b64 100644
--- a/htdocs/compta/prelevement/fiche-rejet.php
+++ b/htdocs/compta/prelevement/fiche-rejet.php
@@ -35,7 +35,7 @@ $langs->load("categories");
if ($user->societe_id > 0) accessforbidden();
// Get supervariables
-$prev_id = GETPOST("id");
+$prev_id = GETPOST('id','int');
$page = GETPOST("page");
/*
diff --git a/htdocs/compta/prelevement/fiche-stat.php b/htdocs/compta/prelevement/fiche-stat.php
index 9d8261cf209..63b269c6286 100644
--- a/htdocs/compta/prelevement/fiche-stat.php
+++ b/htdocs/compta/prelevement/fiche-stat.php
@@ -34,7 +34,7 @@ $langs->load("withdrawals");
$langs->load("categories");
// Get supervariables
-$prev_id = GETPOST("id");
+$prev_id = GETPOST('id','int');
$page = GETPOST("page");
/*
diff --git a/htdocs/compta/prelevement/fiche.php b/htdocs/compta/prelevement/fiche.php
index 4b76e9c3a02..e2d5a32fafe 100644
--- a/htdocs/compta/prelevement/fiche.php
+++ b/htdocs/compta/prelevement/fiche.php
@@ -40,7 +40,7 @@ if ($user->societe_id > 0) accessforbidden();
// Get supervariables
$action = GETPOST("action");
-$id = GETPOST("id");
+$id = GETPOST('id','int');
/*
* Actions
diff --git a/htdocs/compta/prelevement/index.php b/htdocs/compta/prelevement/index.php
index 7c9a1347d9b..a208b9d6b47 100644
--- a/htdocs/compta/prelevement/index.php
+++ b/htdocs/compta/prelevement/index.php
@@ -32,7 +32,7 @@ $langs->load("withdrawals");
$langs->load("categories");
// Security check
-$socid = GETPOST("socid");
+$socid = GETPOST('socid','int');
if ($user->societe_id) $socid=$user->societe_id;
$result = restrictedArea($user, 'prelevement','','');
diff --git a/htdocs/compta/prelevement/ligne.php b/htdocs/compta/prelevement/ligne.php
index 0914abbdc65..9af1d17b642 100644
--- a/htdocs/compta/prelevement/ligne.php
+++ b/htdocs/compta/prelevement/ligne.php
@@ -39,8 +39,8 @@ $langs->load("categories");
// Get supervariables
$action = GETPOST("action");
-$id = GETPOST("id");
-$socid = GETPOST("socid");
+$id = GETPOST('id','int');
+$socid = GETPOST('socid','int');
$page = GETPOST("page");
$sortorder = GETPOST("sortorder");
diff --git a/htdocs/compta/prelevement/lignes.php b/htdocs/compta/prelevement/lignes.php
index 6df698b529a..4d0db99de3c 100644
--- a/htdocs/compta/prelevement/lignes.php
+++ b/htdocs/compta/prelevement/lignes.php
@@ -36,8 +36,8 @@ if ($user->societe_id > 0) accessforbidden();
$langs->load("categories");
// Get supervariables
-$prev_id = GETPOST("id");
-$socid = GETPOST("socid");
+$prev_id = GETPOST('id','int');
+$socid = GETPOST('socid','int');
$page = GETPOST("page");
$sortorder = ((GETPOST("sortorder")=="")) ? "DESC" : GETPOST("sortorder");
$sortfield = ((GETPOST("sortfield")=="")) ? "pl.fk_soc" : GETPOST("sortfield");
diff --git a/htdocs/compta/prelevement/liste.php b/htdocs/compta/prelevement/liste.php
index ba827ad3675..c27e09502d6 100644
--- a/htdocs/compta/prelevement/liste.php
+++ b/htdocs/compta/prelevement/liste.php
@@ -32,7 +32,7 @@ $langs->load("companies");
$langs->load("categories");
// Security check
-$socid = GETPOST("socid");
+$socid = GETPOST('socid','int');
if ($user->societe_id) $socid=$user->societe_id;
$result = restrictedArea($user, 'prelevement','','','bons');
diff --git a/htdocs/compta/prelevement/rejets.php b/htdocs/compta/prelevement/rejets.php
index 7a2faf26d59..2428cd8c016 100644
--- a/htdocs/compta/prelevement/rejets.php
+++ b/htdocs/compta/prelevement/rejets.php
@@ -30,7 +30,7 @@ $langs->load("companies");
$langs->load("categories");
// Security check
-$socid = GETPOST("socid");
+$socid = GETPOST('socid','int');
if ($user->societe_id) $socid=$user->societe_id;
$result = restrictedArea($user, 'prelevement','','','bons');
diff --git a/htdocs/compta/prelevement/stats.php b/htdocs/compta/prelevement/stats.php
index 85b525d2917..62ec73caa64 100644
--- a/htdocs/compta/prelevement/stats.php
+++ b/htdocs/compta/prelevement/stats.php
@@ -31,7 +31,7 @@ $langs->load("companies");
$langs->load("categories");
// Security check
-$socid = GETPOST("socid");
+$socid = GETPOST('socid','int');
if ($user->societe_id) $socid=$user->societe_id;
$result = restrictedArea($user, 'prelevement','','','bons');
diff --git a/htdocs/compta/resultat/clientfourn.php b/htdocs/compta/resultat/clientfourn.php
index e023149849a..4160071c1e4 100644
--- a/htdocs/compta/resultat/clientfourn.php
+++ b/htdocs/compta/resultat/clientfourn.php
@@ -33,7 +33,7 @@ require_once(DOL_DOCUMENT_ROOT."/core/lib/date.lib.php");
$langs->load("bills");
// Security check
-$socid = GETPOST("socid");
+$socid = GETPOST('socid','int');
if ($user->societe_id > 0) $socid = $user->societe_id;
if (!$user->rights->compta->resultat->lire && !$user->rights->accounting->comptarapport->lire) accessforbidden();
diff --git a/htdocs/compta/resultat/index.php b/htdocs/compta/resultat/index.php
index 5237142309c..928c74e24ce 100644
--- a/htdocs/compta/resultat/index.php
+++ b/htdocs/compta/resultat/index.php
@@ -38,7 +38,7 @@ else {
}
// Security check
-$socid = GETPOST('socid');
+$socid = GETPOST('socid','int');
if ($user->societe_id > 0) $socid = $user->societe_id;
if (!$user->rights->compta->resultat->lire && !$user->rights->accounting->comptarapport->lire)
accessforbidden();
diff --git a/htdocs/compta/sociales/charges.php b/htdocs/compta/sociales/charges.php
index 097571677f7..f9124c2edfd 100644
--- a/htdocs/compta/sociales/charges.php
+++ b/htdocs/compta/sociales/charges.php
@@ -30,11 +30,11 @@ require_once(DOL_DOCUMENT_ROOT."/core/lib/tax.lib.php");
$langs->load("compta");
$langs->load("bills");
-$id=GETPOST("id");
+$id=GETPOST('id','int');
$action=GETPOST("action");
// Security check
-$socid = GETPOST("socid");
+$socid = GETPOST('socid','int');
if ($user->societe_id) $socid=$user->societe_id;
$result = restrictedArea($user, 'tax', $langs->trans("SocialContribution"), '', 'charges');
diff --git a/htdocs/compta/sociales/document.php b/htdocs/compta/sociales/document.php
index 953d394896c..3261fab405a 100644
--- a/htdocs/compta/sociales/document.php
+++ b/htdocs/compta/sociales/document.php
@@ -38,7 +38,7 @@ $langs->load("companies");
$langs->load("compta");
$langs->load("bills");
-$id = GETPOST("id");
+$id = GETPOST('id','int');
$action = GETPOST("action");
// Security check
diff --git a/htdocs/compta/sociales/info.php b/htdocs/compta/sociales/info.php
index fc1a30fc15e..d48386bb623 100644
--- a/htdocs/compta/sociales/info.php
+++ b/htdocs/compta/sociales/info.php
@@ -29,11 +29,11 @@ require_once(DOL_DOCUMENT_ROOT."/core/lib/functions2.lib.php");
$langs->load("compta");
$langs->load("bills");
-$id=GETPOST("id");
+$id=GETPOST('id','int');
$action=GETPOST("action");
// Security check
-$socid = GETPOST("socid");
+$socid = GETPOST('socid','int');
if ($user->societe_id) $socid=$user->societe_id;
$result = restrictedArea($user, 'tax', $langs->trans("SocialContribution"), '', 'charges');
diff --git a/htdocs/compta/stats/index.php b/htdocs/compta/stats/index.php
index 8d2ed89267d..8fef71e5ff8 100644
--- a/htdocs/compta/stats/index.php
+++ b/htdocs/compta/stats/index.php
@@ -37,8 +37,8 @@ else {
$year_end=$year_start + ($nbofyear-1);
}
-$userid=GETPOST('userid');
-$socid=GETPOST('socid');
+$userid=GETPOST('userid','int');
+$socid=GETPOST('socid','int');
// Security check
if ($user->societe_id > 0) $socid = $user->societe_id;
if (!$user->rights->compta->resultat->lire && !$user->rights->accounting->comptarapport->lire) accessforbidden();
diff --git a/htdocs/compta/tva/clients.php b/htdocs/compta/tva/clients.php
index be5ab8163ab..9aeb55fa505 100644
--- a/htdocs/compta/tva/clients.php
+++ b/htdocs/compta/tva/clients.php
@@ -78,7 +78,7 @@ $modetax = $conf->global->TAX_MODE;
if (isset($_REQUEST["modetax"])) $modetax=$_REQUEST["modetax"];
// Security check
-$socid = GETPOST("socid");
+$socid = GETPOST('socid','int');
if ($user->societe_id) $socid=$user->societe_id;
$result = restrictedArea($user, 'tax', '', '', 'charges');
diff --git a/htdocs/compta/tva/quadri_detail.php b/htdocs/compta/tva/quadri_detail.php
index 62c3a1f052e..7123e828c1d 100644
--- a/htdocs/compta/tva/quadri_detail.php
+++ b/htdocs/compta/tva/quadri_detail.php
@@ -85,7 +85,7 @@ if (isset($_REQUEST["modetax"])) $modetax=$_REQUEST["modetax"];
if (empty($modetax)) $modetax=0;
// Security check
-$socid = GETPOST("socid");
+$socid = GETPOST('socid','int');
if ($user->societe_id) $socid=$user->societe_id;
$result = restrictedArea($user, 'tax', '', '', 'charges');
diff --git a/htdocs/contact/canvas/default/tpl/contactcard_edit.tpl.php b/htdocs/contact/canvas/default/tpl/contactcard_edit.tpl.php
index 43278ab3794..2ba3716dc6d 100644
--- a/htdocs/contact/canvas/default/tpl/contactcard_edit.tpl.php
+++ b/htdocs/contact/canvas/default/tpl/contactcard_edit.tpl.php
@@ -32,10 +32,10 @@ echo $this->control->tpl['ajax_selectcountry'];
<br>
-<form method="post" name="formsoc" action="<?php echo $_SERVER["PHP_SELF"].'?id='.GETPOST("id"); ?>">
+<form method="post" name="formsoc" action="<?php echo $_SERVER["PHP_SELF"].'?id='.GETPOST('id','int'); ?>">
<input type="hidden" name="token" value="<?php echo $_SESSION['newtoken']; ?>">
<input type="hidden" name="canvas" value="<?php echo $canvas ?>">
-<input type="hidden" name="id" value="<?php echo GETPOST("id"); ?>">
+<input type="hidden" name="id" value="<?php echo GETPOST('id','int'); ?>">
<input type="hidden" name="action" value="update">
<input type="hidden" name="contactid" value="<?php echo $this->control->tpl['id']; ?>">
<input type="hidden" name="old_name" value="<?php echo $this->control->tpl['name']; ?>">
diff --git a/htdocs/contact/fiche.php b/htdocs/contact/fiche.php
index bb6ff79a06d..6021767dbae 100644
--- a/htdocs/contact/fiche.php
+++ b/htdocs/contact/fiche.php
@@ -390,7 +390,7 @@ else
}
else {
print '<tr><td>'.$langs->trans("Company").'</td><td colspan="3">';
- print $form->select_company(GETPOST("socid"),'socid','',1);
+ print $form->select_company(GETPOST('socid','int'),'socid','',1);
print '</td></tr>';
}
}
@@ -562,7 +562,7 @@ else
{
print '<tr><td>'.$langs->trans("Company").'</td>';
print '<td colspan="3">';
- print $form->select_company(GETPOST("socid")?GETPOST("socid"):($object->socid?$object->socid:-1),'socid','',1);
+ print $form->select_company(GETPOST('socid','int')?GETPOST('socid','int'):($object->socid?$object->socid:-1),'socid','',1);
print '</td>';
print '</tr>';
}
diff --git a/htdocs/contrat/contact.php b/htdocs/contrat/contact.php
index df9f6cc6126..158fe53da6c 100644
--- a/htdocs/contrat/contact.php
+++ b/htdocs/contrat/contact.php
@@ -77,7 +77,7 @@ if ($_POST["action"] == 'addcontact' && $user->rights->contrat->creer)
if ($_GET["action"] == 'swapstatut' && $user->rights->contrat->creer)
{
$contrat = new Contrat($db);
- if ($contrat->fetch(GETPOST("id")))
+ if ($contrat->fetch(GETPOST('id','int')))
{
$result=$contrat->swapContactStatus(GETPOST('ligne'));
}
diff --git a/htdocs/contrat/fiche.php b/htdocs/contrat/fiche.php
index 769190bbae4..0714edb72c2 100644
--- a/htdocs/contrat/fiche.php
+++ b/htdocs/contrat/fiche.php
@@ -41,8 +41,8 @@ $langs->load("bills");
$langs->load("products");
$action=GETPOST('action');
-$socid = GETPOST("socid");
-$contratid = GETPOST("id");
+$socid = GETPOST('socid','int');
+$contratid = GETPOST('id','int');
// Security check
if ($user->societe_id) $socid=$user->societe_id;
diff --git a/htdocs/contrat/services.php b/htdocs/contrat/services.php
index fdcf83dba1f..30e0e81a72c 100644
--- a/htdocs/contrat/services.php
+++ b/htdocs/contrat/services.php
@@ -48,10 +48,10 @@ $search_nom=GETPOST("search_nom");
$search_contract=GETPOST("search_contract");
$search_service=GETPOST("search_service");
$statut=isset($_GET["statut"])?$_GET["statut"]:1;
-$socid=GETPOST("socid");
+$socid=GETPOST('socid','int');
// Security check
-$contratid = GETPOST("id");
+$contratid = GETPOST('id','int');
if ($user->societe_id) $socid=$user->societe_id;
$result = restrictedArea($user, 'contrat',$contratid,'');
diff --git a/htdocs/ecm/index.php b/htdocs/ecm/index.php
index 712f51e2cda..4258632f8c2 100644
--- a/htdocs/ecm/index.php
+++ b/htdocs/ecm/index.php
@@ -50,7 +50,7 @@ $result = restrictedArea($user, 'ecm', 0);
$user->getrights('ecm');
// Get parameters
-$socid=GETPOST('socid');
+$socid=GETPOST('socid','int');
$action=GETPOST("action");
$section=GETPOST("section");
$module=GETPOST("module");
diff --git a/htdocs/expedition/fiche.php b/htdocs/expedition/fiche.php
index ac06265df3f..40fb5917e89 100644
--- a/htdocs/expedition/fiche.php
+++ b/htdocs/expedition/fiche.php
@@ -50,7 +50,7 @@ $langs->load('other');
$langs->load('propal');
$origin = GETPOST("origin")?GETPOST("origin"):'expedition'; // Example: commande, propal
-$origin_id = GETPOST("id")?GETPOST("id"):'';
+$origin_id = GETPOST('id','int')?GETPOST('id','int'):'';
if (empty($origin_id)) $origin_id = GETPOST("origin_id"); // Id of order or propal
if (empty($origin_id)) $origin_id = GETPOST("object_id"); // Id of order or propal
$id = $origin_id;
diff --git a/htdocs/fichinter/apercu.php b/htdocs/fichinter/apercu.php
index 5d713eda2ca..f338c0b5b0d 100644
--- a/htdocs/fichinter/apercu.php
+++ b/htdocs/fichinter/apercu.php
@@ -35,7 +35,7 @@ $langs->load('interventions');
// Security check
$socid=0;
-$id = GETPOST("id");
+$id = GETPOST('id','int');
$ref = GETPOST("ref");
if ($user->societe_id) $socid=$user->societe_id;
$result = restrictedArea($user, 'ficheinter', $id, 'fichinter');
diff --git a/htdocs/fichinter/contact.php b/htdocs/fichinter/contact.php
index 467e8683527..74fa3b5b9a3 100644
--- a/htdocs/fichinter/contact.php
+++ b/htdocs/fichinter/contact.php
@@ -78,7 +78,7 @@ if ($_POST["action"] == 'addcontact' && $user->rights->ficheinter->creer)
if ($_GET["action"] == 'swapstatut' && $user->rights->ficheinter->creer)
{
$fichinter = new Fichinter($db);
- if ($fichinter->fetch(GETPOST("id")))
+ if ($fichinter->fetch(GETPOST('id','int')))
{
$result=$fichinter->swapContactStatus(GETPOST('ligne'));
}
diff --git a/htdocs/fichinter/document.php b/htdocs/fichinter/document.php
index be142263326..23c1196a088 100644
--- a/htdocs/fichinter/document.php
+++ b/htdocs/fichinter/document.php
@@ -38,7 +38,7 @@ $langs->load("fichinter");
$langs->load("companies");
$langs->load("interventions");
-$id = GETPOST("id");
+$id = GETPOST('id','int');
$action = GETPOST("action");
// Security check
diff --git a/htdocs/fichinter/fiche.php b/htdocs/fichinter/fiche.php
index 40c42a2e81c..9f753db3060 100644
--- a/htdocs/fichinter/fiche.php
+++ b/htdocs/fichinter/fiche.php
@@ -43,9 +43,9 @@ if (! empty($conf->global->FICHEINTER_ADDON) && is_readable(DOL_DOCUMENT_ROOT ."
$langs->load("companies");
$langs->load("interventions");
-$id = GETPOST('id');
+$id = GETPOST('id','int');
$ref = GETPOST('ref');
-$socid = GETPOST('socid');
+$socid = GETPOST('socid','int');
$action = GETPOST("action");
$confirm = GETPOST("confirm");
$mesg = GETPOST("msg");
diff --git a/htdocs/fichinter/info.php b/htdocs/fichinter/info.php
index 05c74544d24..1029880d487 100644
--- a/htdocs/fichinter/info.php
+++ b/htdocs/fichinter/info.php
@@ -31,7 +31,7 @@ require_once(DOL_DOCUMENT_ROOT."/core/lib/fichinter.lib.php");
$langs->load('companies');
$langs->load("interventions");
-$fichinterid = GETPOST("id");
+$fichinterid = GETPOST('id','int');
// Security check
if ($user->societe_id) $socid=$user->societe_id;
diff --git a/htdocs/fichinter/list.php b/htdocs/fichinter/list.php
index dfd0b4d39e5..a693e261e6c 100755
--- a/htdocs/fichinter/list.php
+++ b/htdocs/fichinter/list.php
@@ -40,11 +40,11 @@ $offset = $conf->liste_limit * $page;
$pageprev = $page - 1;
$pagenext = $page + 1;
-$socid=GETPOST("socid");
+$socid=GETPOST('socid','int');
$page=GETPOST("page");
// Security check
-$fichinterid = GETPOST("id");
+$fichinterid = GETPOST('id','int');
if ($user->societe_id) $socid=$user->societe_id;
$result = restrictedArea($user, 'ficheinter', $fichinterid,'fichinter');
diff --git a/htdocs/fichinter/note.php b/htdocs/fichinter/note.php
index 2622e58c6f2..891ffca9036 100644
--- a/htdocs/fichinter/note.php
+++ b/htdocs/fichinter/note.php
@@ -29,7 +29,7 @@ require_once(DOL_DOCUMENT_ROOT."/core/lib/fichinter.lib.php");
$langs->load('companies');
$langs->load("interventions");
-$fichinterid = GETPOST("id");
+$fichinterid = GETPOST('id','int');
$action=GETPOST("action");
// Security check
diff --git a/htdocs/fourn/commande/fiche.php b/htdocs/fourn/commande/fiche.php
index 5d18b8bbed2..9a8d2d9f637 100644
--- a/htdocs/fourn/commande/fiche.php
+++ b/htdocs/fourn/commande/fiche.php
@@ -47,12 +47,12 @@ $langs->load('deliveries');
$langs->load('products');
$langs->load('stocks');
-$id = GETPOST("id");
+$id = GETPOST('id','int');
$ref = GETPOST("ref");
$action = GETPOST("action");
$confirm = GETPOST("confirm");
$comclientid = GETPOST("comid");
-$socid = GETPOST("socid");
+$socid = GETPOST('socid','int');
$projectid = GETPOST("projectid");
// Security check
diff --git a/htdocs/fourn/facture/contact.php b/htdocs/fourn/facture/contact.php
index c10bf7bca87..42993e32703 100644
--- a/htdocs/fourn/facture/contact.php
+++ b/htdocs/fourn/facture/contact.php
@@ -80,7 +80,7 @@ if ($_POST["action"] == 'addcontact' && $user->rights->fournisseur->facture->cre
if ($_GET["action"] == 'swapstatut' && $user->rights->fournisseur->facture->creer)
{
$facture = new FactureFournisseur($db);
- if ($facture->fetch(GETPOST("facid")))
+ if ($facture->fetch(GETPOST('facid','int')))
{
$result=$facture->swapContactStatus(GETPOST('ligne'));
}
diff --git a/htdocs/fourn/facture/document.php b/htdocs/fourn/facture/document.php
index 5a934218c9f..f007070618c 100644
--- a/htdocs/fourn/facture/document.php
+++ b/htdocs/fourn/facture/document.php
@@ -35,7 +35,7 @@ $langs->load('bills');
$langs->load('other');
$langs->load("companies");
-$facid = GETPOST("facid")?GETPOST("facid"):GETPOST("id");
+$facid = GETPOST('facid','int')?GETPOST('facid','int'):GETPOST('id','int');
$action=empty($_GET['action']) ? (empty($_POST['action']) ? '' : $_POST['action']) : $_GET['action'];
// Security check
diff --git a/htdocs/fourn/facture/fiche.php b/htdocs/fourn/facture/fiche.php
index afae39f9309..ec0ca5d6ec4 100644
--- a/htdocs/fourn/facture/fiche.php
+++ b/htdocs/fourn/facture/fiche.php
@@ -42,7 +42,7 @@ $langs->load('suppliers');
$langs->load('companies');
$mesg='';
-$id = (GETPOST("facid") ? GETPOST("facid") : GETPOST("id"));
+$id = (GETPOST('facid','int') ? GETPOST('facid','int') : GETPOST('id','int'));
$action = GETPOST("action");
$confirm = GETPOST("confirm");
diff --git a/htdocs/fourn/facture/index.php b/htdocs/fourn/facture/index.php
index 372534d9bc0..eabafefda14 100644
--- a/htdocs/fourn/facture/index.php
+++ b/htdocs/fourn/facture/index.php
@@ -34,7 +34,7 @@ if (!$user->rights->fournisseur->facture->lire) accessforbidden();
$langs->load("companies");
$langs->load("bills");
-$socid = GETPOST("socid");
+$socid = GETPOST('socid','int');
// Security check
if ($user->societe_id > 0)
diff --git a/htdocs/fourn/facture/note.php b/htdocs/fourn/facture/note.php
index 98b73a767f6..7522b527fdb 100644
--- a/htdocs/fourn/facture/note.php
+++ b/htdocs/fourn/facture/note.php
@@ -31,7 +31,7 @@ require_once(DOL_DOCUMENT_ROOT.'/fourn/class/fournisseur.facture.class.php');
$langs->load('bills');
$langs->load("companies");
-$facid = GETPOST("facid")?GETPOST("facid"):GETPOST('id');
+$facid = GETPOST('facid','int')?GETPOST('facid','int'):GETPOST('id','int');
$action = GETPOST('action');
// Security check
diff --git a/htdocs/fourn/facture/paiement.php b/htdocs/fourn/facture/paiement.php
index e36158bfa00..1024a16c8f9 100644
--- a/htdocs/fourn/facture/paiement.php
+++ b/htdocs/fourn/facture/paiement.php
@@ -34,7 +34,7 @@ $langs->load('companies');
$langs->load('bills');
$langs->load('banks');
-$facid=GETPOST('facid');
+$facid=GETPOST('facid','int');
$action=GETPOST('action');
$socid=GETPOST('socid','int');
diff --git a/htdocs/fourn/fiche.php b/htdocs/fourn/fiche.php
index 7741ddfc42f..abf566aab22 100644
--- a/htdocs/fourn/fiche.php
+++ b/htdocs/fourn/fiche.php
@@ -42,7 +42,7 @@ $langs->load('commercial');
$action = GETPOST('action');
// Security check
-$id = (GETPOST("socid") ? GETPOST("socid") : GETPOST("id"));
+$id = (GETPOST('socid','int') ? GETPOST('socid','int') : GETPOST('id','int'));
if ($user->societe_id) $id=$user->societe_id;
$result = restrictedArea($user, 'societe&fournisseur', $id, '');
diff --git a/htdocs/fourn/liste.php b/htdocs/fourn/liste.php
index 71da3a75c5b..c8fdfb40d83 100644
--- a/htdocs/fourn/liste.php
+++ b/htdocs/fourn/liste.php
@@ -39,7 +39,7 @@ $search_compta_fournisseur = GETPOST("search_compta_fournisseur");
$search_datec = GETPOST("search_datec");
// Security check
-$socid = GETPOST('socid');
+$socid = GETPOST('socid','int');
if ($user->societe_id) $socid=$user->societe_id;
$result = restrictedArea($user,'societe',$socid,'');
diff --git a/htdocs/product/fiche.php b/htdocs/product/fiche.php
index a81069d21dd..5f5e5074e7f 100644
--- a/htdocs/product/fiche.php
+++ b/htdocs/product/fiche.php
@@ -49,7 +49,7 @@ $id = GETPOST('id', 'int');
$ref = GETPOST('ref', 'alpha');
$action=(GETPOST('action') ? GETPOST('action') : 'view');
$confirm=GETPOST('confirm');
-$socid=GETPOST("socid");
+$socid=GETPOST('socid','int');
if ($user->societe_id) $socid=$user->societe_id;
$object = new Product($db);
diff --git a/htdocs/product/stats/fiche.php b/htdocs/product/stats/fiche.php
index c567b876561..8c0752d0c7c 100644
--- a/htdocs/product/stats/fiche.php
+++ b/htdocs/product/stats/fiche.php
@@ -34,7 +34,7 @@ $langs->load("products");
$langs->load("bills");
$langs->load("other");
-$id = GETPOST('id');
+$id = GETPOST('id','int');
$ref = GETPOST('ref');
$mode = (GETPOST('mode') ? GETPOST('mode') : 'byunit');
$error = 0;
diff --git a/htdocs/projet/activity/list.php b/htdocs/projet/activity/list.php
index 254beb16949..fc876fcc7a5 100644
--- a/htdocs/projet/activity/list.php
+++ b/htdocs/projet/activity/list.php
@@ -34,7 +34,7 @@ $langs->load('projects');
$action=GETPOST('action');
$mode=GETPOST("mode");
-$id=GETPOST('id');
+$id=GETPOST('id','int');
$mine=0;
if ($mode == 'mine') $mine=1;
diff --git a/htdocs/projet/contact.php b/htdocs/projet/contact.php
index 2a218703394..d7f501e0a0f 100644
--- a/htdocs/projet/contact.php
+++ b/htdocs/projet/contact.php
@@ -30,7 +30,7 @@ require_once(DOL_DOCUMENT_ROOT.'/core/class/html.formcompany.class.php');
$langs->load("projects");
$langs->load("companies");
-$id = GETPOST('id');
+$id = GETPOST('id','int');
$ref= GETPOST('ref');
$mine = $_REQUEST['mode']=='mine' ? 1 : 0;
diff --git a/htdocs/projet/document.php b/htdocs/projet/document.php
index 9d2fc5cbaff..5bf9971b9d7 100644
--- a/htdocs/projet/document.php
+++ b/htdocs/projet/document.php
@@ -33,7 +33,7 @@ $langs->load('other');
$action=GETPOST('action');
$mine = $_REQUEST['mode']=='mine' ? 1 : 0;
//if (! $user->rights->projet->all->lire) $mine=1; // Special for projects
-$id = GETPOST('id');
+$id = GETPOST('id','int');
$ref= GETPOST('ref');
// Security check
diff --git a/htdocs/projet/fiche.php b/htdocs/projet/fiche.php
index 371028f02fd..d93a6462db6 100644
--- a/htdocs/projet/fiche.php
+++ b/htdocs/projet/fiche.php
@@ -302,7 +302,7 @@ if ($action == 'create' && $user->rights->projet->creer)
// Customer
print '<tr><td>'.$langs->trans("ThirdParty").'</td><td>';
- $text=$form->select_company(GETPOST("socid"),'socid','',1,1);
+ $text=$form->select_company(GETPOST('socid','int'),'socid','',1,1);
$texthelp=$langs->trans("IfNeedToUseOhterObjectKeepEmpty");
print $form->textwithtooltip($text.' '.img_help(),$texthelp,1);
print '</td></tr>';
diff --git a/htdocs/projet/ganttview.php b/htdocs/projet/ganttview.php
index b22deee7ff7..bd759d27bbe 100644
--- a/htdocs/projet/ganttview.php
+++ b/htdocs/projet/ganttview.php
@@ -30,7 +30,7 @@ require_once(DOL_DOCUMENT_ROOT."/core/lib/project.lib.php");
require_once(DOL_DOCUMENT_ROOT."/core/lib/date.lib.php");
require_once(DOL_DOCUMENT_ROOT."/core/class/html.formother.class.php");
-$id=GETPOST('id');
+$id=GETPOST('id','int');
$ref=GETPOST('ref');
$mine = $_REQUEST['mode']=='mine' ? 1 : 0;
//if (! $user->rights->projet->all->lire) $mine=1; // Special for projects
diff --git a/htdocs/projet/note.php b/htdocs/projet/note.php
index dc7a81e7774..51493df8346 100644
--- a/htdocs/projet/note.php
+++ b/htdocs/projet/note.php
@@ -28,7 +28,7 @@ require_once(DOL_DOCUMENT_ROOT."/core/lib/project.lib.php");
$langs->load('projects');
$action=GETPOST('action');
-$id = GETPOST('id');
+$id = GETPOST('id','int');
$ref= GETPOST('ref');
$mine = $_REQUEST['mode']=='mine' ? 1 : 0;
diff --git a/htdocs/projet/tasks/contact.php b/htdocs/projet/tasks/contact.php
index bf1cd5ae804..0e745f928ca 100644
--- a/htdocs/projet/tasks/contact.php
+++ b/htdocs/projet/tasks/contact.php
@@ -34,7 +34,7 @@ $langs->load("projects");
$langs->load("companies");
$taskid = isset($_GET["id"])?$_GET["id"]:'';
-$id = GETPOST('id');
+$id = GETPOST('id','int');
$ref= GETPOST('ref');
$action=GETPOST('action');
$withproject=GETPOST('withproject');
diff --git a/htdocs/projet/tasks/document.php b/htdocs/projet/tasks/document.php
index 3b8b260d9ee..bb5fd636665 100644
--- a/htdocs/projet/tasks/document.php
+++ b/htdocs/projet/tasks/document.php
@@ -35,7 +35,7 @@ $langs->load('other');
$action=GETPOST('action');
$mine = $_REQUEST['mode']=='mine' ? 1 : 0;
//if (! $user->rights->projet->all->lire) $mine=1; // Special for projects
-$id = GETPOST('id');
+$id = GETPOST('id','int');
$ref= GETPOST('ref');
$withproject=GETPOST('withproject');
diff --git a/htdocs/projet/tasks/index.php b/htdocs/projet/tasks/index.php
index 406eae738a5..94bb854e933 100644
--- a/htdocs/projet/tasks/index.php
+++ b/htdocs/projet/tasks/index.php
@@ -32,7 +32,7 @@ require_once(DOL_DOCUMENT_ROOT."/core/lib/date.lib.php");
$langs->load('projects');
$langs->load('users');
-$id=GETPOST('id');
+$id=GETPOST('id','int');
// Security check
$socid=0;
diff --git a/htdocs/projet/tasks/note.php b/htdocs/projet/tasks/note.php
index 2fb8e0c9bdf..b22351ac2bd 100644
--- a/htdocs/projet/tasks/note.php
+++ b/htdocs/projet/tasks/note.php
@@ -31,7 +31,7 @@ $langs->load('projects');
$action=GETPOST('action');
$mine = $_REQUEST['mode']=='mine' ? 1 : 0;
//if (! $user->rights->projet->all->lire) $mine=1; // Special for projects
-$id = GETPOST('id');
+$id = GETPOST('id','int');
$ref= GETPOST('ref');
$withproject=GETPOST('withproject');
diff --git a/htdocs/projet/tasks/task.php b/htdocs/projet/tasks/task.php
index 821ff229059..5903649c5e5 100644
--- a/htdocs/projet/tasks/task.php
+++ b/htdocs/projet/tasks/task.php
@@ -29,9 +29,9 @@ require_once(DOL_DOCUMENT_ROOT."/projet/class/task.class.php");
require_once(DOL_DOCUMENT_ROOT."/core/lib/project.lib.php");
require_once(DOL_DOCUMENT_ROOT."/core/class/html.formother.class.php");
-$taskid = GETPOST("id");
+$taskid = GETPOST('id','int');
$taskref = GETPOST("ref");
-$id = GETPOST('id');
+$id = GETPOST('id','int');
$ref= GETPOST('ref');
$action=GETPOST('action');
$withproject=GETPOST('withproject');
diff --git a/htdocs/projet/tasks/time.php b/htdocs/projet/tasks/time.php
index bed27babac4..ac6bda48e22 100644
--- a/htdocs/projet/tasks/time.php
+++ b/htdocs/projet/tasks/time.php
@@ -33,7 +33,7 @@ require_once(DOL_DOCUMENT_ROOT."/core/lib/date.lib.php");
$langs->load('projects');
$taskid = isset($_GET["id"])?$_GET["id"]:'';
-$id = GETPOST('id');
+$id = GETPOST('id','int');
$ref= GETPOST('ref');
$action=GETPOST('action');
$withproject=GETPOST('withproject');
diff --git a/htdocs/societe/agenda.php b/htdocs/societe/agenda.php
index 330cff56858..3c033a9f80e 100644
--- a/htdocs/societe/agenda.php
+++ b/htdocs/societe/agenda.php
@@ -35,7 +35,7 @@ $langs->load("companies");
$mesg=isset($_GET["mesg"])?'<div class="ok">'.$_GET["mesg"].'</div>':'';
// Security check
-$socid = GETPOST("socid");
+$socid = GETPOST('socid','int');
if ($user->societe_id) $socid=$user->societe_id;
$result = restrictedArea($user, 'societe', $socid);
diff --git a/htdocs/societe/ajaxcompanies.php b/htdocs/societe/ajaxcompanies.php
index 1127542dc78..49b49988eaf 100644
--- a/htdocs/societe/ajaxcompanies.php
+++ b/htdocs/societe/ajaxcompanies.php
@@ -50,7 +50,7 @@ dol_syslog(join(',',$_GET));
// Generation liste des societes
-if (GETPOST('newcompany') || GETPOST('socid') || GETPOST('id_fourn'))
+if (GETPOST('newcompany') || GETPOST('socid','int') || GETPOST('id_fourn'))
{
$return_arr = array();
diff --git a/htdocs/societe/document.php b/htdocs/societe/document.php
index fe2ec2a24f7..792ef0e99cc 100644
--- a/htdocs/societe/document.php
+++ b/htdocs/societe/document.php
@@ -37,7 +37,7 @@ $mesg='';
$action = GETPOST('action');
$confirm = GETPOST('confirm');
-$socid = (GETPOST('socid') ? GETPOST('socid') : GETPOST('id'));
+$socid = (GETPOST('socid','int') ? GETPOST('socid','int') : GETPOST('id','int'));
// Security check
if ($user->societe_id > 0)
diff --git a/htdocs/societe/lien.php b/htdocs/societe/lien.php
index 6ae5d7fb4dc..a8d80f2f84a 100644
--- a/htdocs/societe/lien.php
+++ b/htdocs/societe/lien.php
@@ -33,7 +33,7 @@ $langs->load("suppliers");
$langs->load("banks");
// Security check
-$socid = GETPOST("socid");
+$socid = GETPOST('socid','int');
if ($user->societe_id) $socid=$user->societe_id;
$result = restrictedArea($user, 'societe','','');
diff --git a/htdocs/societe/soc.php b/htdocs/societe/soc.php
index 4ebe1a4aeb3..6145155fafa 100644
--- a/htdocs/societe/soc.php
+++ b/htdocs/societe/soc.php
@@ -49,7 +49,7 @@ $mesg=''; $error=0; $errors=array();
$action = (GETPOST('action') ? GETPOST('action') : 'view');
$confirm = GETPOST('confirm');
-$socid = GETPOST("socid");
+$socid = GETPOST('socid','int');
if ($user->societe_id) $socid=$user->societe_id;
$object = new Societe($db);
diff --git a/htdocs/societe/societe.php b/htdocs/societe/societe.php
index 99f456cdd73..2403a204c02 100644
--- a/htdocs/societe/societe.php
+++ b/htdocs/societe/societe.php
@@ -32,7 +32,7 @@ $langs->load("customers");
$langs->load("suppliers");
// Security check
-$socid = GETPOST("socid");
+$socid = GETPOST('socid','int');
if ($user->societe_id) $socid=$user->societe_id;
$result = restrictedArea($user,'societe',$socid,'');
diff --git a/htdocs/user/group/perms.php b/htdocs/user/group/perms.php
index 9b367e7aeb4..175f005646a 100644
--- a/htdocs/user/group/perms.php
+++ b/htdocs/user/group/perms.php
@@ -30,7 +30,7 @@ require_once(DOL_DOCUMENT_ROOT."/core/lib/usergroups.lib.php");
$langs->load("users");
-$id=GETPOST("id");
+$id=GETPOST('id','int');
$action=GETPOST("action");
$confirm=GETPOST("confirm");
$module=GETPOST("module");
diff --git a/test/phpunit/SecurityTest.php b/test/phpunit/SecurityTest.php
index f4deb98b7a3..ef231baa464 100755
--- a/test/phpunit/SecurityTest.php
+++ b/test/phpunit/SecurityTest.php
@@ -145,7 +145,7 @@ class SecurityTest extends PHPUnit_Framework_TestCase
$_GET["param2"]='a/b#e(pr)qq-rr\cc';
$_GET["param3"]='"a/b#e(pr)qq-rr\cc'; // Same than param2 + "
- $result=GETPOST("id"); // Must return nothing
+ $result=GETPOST('id','int'); // Must return nothing
print __METHOD__." result=".$result."\n";
$this->assertEquals($result,'');
--
GitLab