diff --git a/htdocs/admin/menus/menu.js.php b/htdocs/admin/menus/menu.js.php
index 0043388efc3dd3e0ab5395b80fa8039f3aace876..135e36767d06eb62aa2d928fe4bcfb4690753043 100644
--- a/htdocs/admin/menus/menu.js.php
+++ b/htdocs/admin/menus/menu.js.php
@@ -49,8 +49,8 @@ else header('Cache-Control: no-cache');
// On the fly GZIP compression for all pages (if browser support it). Must set the bit 3 of constant to 1.
if (isset($conf->global->MAIN_OPTIMIZE_SPEED) && ($conf->global->MAIN_OPTIMIZE_SPEED & 0x04)) { ob_start("ob_gzhandler"); }
-if (! empty($_GET["lang"])) $langs->setDefaultLang($_GET["lang"]); // If language was forced on URL
-if (! empty($_GET["theme"])) $conf->theme=$_GET["theme"]; // If theme was forced on URL
+if (GETPOST('lang')) $langs->setDefaultLang(GETPOST('lang')); // If language was forced on URL
+if (GETPOST('theme')) $conf->theme=GETPOST('theme'); // If theme was forced on URL
$langs->load("main",0,0);
?>
diff --git a/htdocs/document.php b/htdocs/document.php
index e7ddb7ad1be3bf400e74086f1617c5d89fa74d6a..61c0c49431cf7d9e54b94c2f594c1018d751a39b 100644
--- a/htdocs/document.php
+++ b/htdocs/document.php
@@ -32,12 +32,7 @@
define('NOTOKENRENEWAL',1); // Disables token renewal
-// Do not use urldecode here ($_GET and $_REQUEST are already decoded by PHP).
-$encoding = '';
-$action = isset($_GET["action"])?$_GET["action"]:'';
-$original_file = isset($_GET["file"])?$_GET["file"]:'';
-$modulepart = isset($_GET["modulepart"])?$_GET["modulepart"]:'';
-$urlsource = isset($_GET["urlsource"])?$_GET["urlsource"]:'';
+$modulepart = (!empty($_GET['modulepart'])?$_GET['modulepart']:'');
// Pour autre que bittorrent, on charge environnement + info issus de logon (comme le user)
if (($modulepart == 'bittorrent') && ! defined("NOLOGIN"))
@@ -61,9 +56,15 @@ function llxHeader() { }
require("./main.inc.php"); // Load $user and permissions
require_once(DOL_DOCUMENT_ROOT.'/lib/files.lib.php');
+// Do not use urldecode here ($_GET and $_REQUEST are already decoded by PHP).
+$encoding = '';
+$action = GETPOST('action');
+$original_file = GETPOST('file');
+$urlsource = GETPOST('urlsource');
+
// Define mime type
$type = 'application/octet-stream';
-if (! empty($_GET["type"])) $type=$_GET["type"];
+if (GETPOST('type')) $type=GETPOST('type');
else $type=dol_mimetype($original_file);
//print 'X'.$type.'-'.$original_file;exit;
@@ -478,7 +479,7 @@ if (preg_match('/\.\./',$original_file) || preg_match('/[<>|]/',$original_file))
{
dol_syslog("Refused to deliver file ".$original_file);
// Do no show plain path in shown error message
- dol_print_error(0,$langs->trans("ErrorFileNameInvalid",$_GET["file"]));
+ dol_print_error(0,$langs->trans("ErrorFileNameInvalid",$original_file));
exit;
}
@@ -493,7 +494,7 @@ if ($action == 'remove_file') // Remove a file
$original_file_osencoded=dol_osencode($original_file); // New file name encoded in OS encoding charset
if (! file_exists($original_file_osencoded))
{
- dol_print_error(0,$langs->trans("ErrorFileDoesNotExists",$_GET["file"]));
+ dol_print_error(0,$langs->trans("ErrorFileDoesNotExists",$original_file));
exit;
}
diff --git a/htdocs/externalsite/frames.php b/htdocs/externalsite/frames.php
index 5678d8d4945be623f4c0dfbba3d8d6d62a049d5f..a826416cd52aa8cf051e47286565501013dcc287 100644
--- a/htdocs/externalsite/frames.php
+++ b/htdocs/externalsite/frames.php
@@ -36,11 +36,11 @@ if (empty($conf->global->EXTERNALSITE_URL))
llxFooter('$Date$ - $Revision$');
}
-$mainmenu=isset($_GET["mainmenu"])?$_GET["mainmenu"]:"";
-$leftmenu=isset($_GET["leftmenu"])?$_GET["leftmenu"]:"";
-$idmenu=isset($_GET["idmenu"])?$_GET["idmenu"]:"";
-$theme=isset($_GET["theme"])?$_GET["theme"]:"";
-$codelang=isset($_GET["lang"])?$_GET["lang"]:"";
+$mainmenu=GETPOST('mainmenu');
+$leftmenu=GETPOST('leftmenu');
+$idmenu=GETPOST('idmenu');
+$theme=GETPOST('theme');
+$codelang=GETPOST('lang');
print "
<html>
diff --git a/htdocs/lib/datepicker.php b/htdocs/lib/datepicker.php
index 12c651ee7a337365bd526b0a95c0fe4858f31c80..3988c2d4ce1a57b575029c77a95c9f327d37c667 100644
--- a/htdocs/lib/datepicker.php
+++ b/htdocs/lib/datepicker.php
@@ -39,7 +39,7 @@ if (! defined('NOREQUIREHTML')) define('NOREQUIREHTML',1);
require_once("../main.inc.php");
-if (! empty($_GET["lang"])) $langs->setDefaultLang($_GET["lang"]); // If language was forced on URL by the main.inc.php
+if (GETPOST('lang')) $langs->setDefaultLang(GETPOST('lang')); // If language was forced on URL by the main.inc.php
$langs->load("main");
$right=($langs->trans("DIRECTION")=='rtl'?'left':'right');
$left=($langs->trans("DIRECTION")=='rtl'?'right':'left');
@@ -53,7 +53,7 @@ $left=($langs->trans("DIRECTION")=='rtl'?'right':'left');
print '<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">'."\n";
print '<html>'."\n";
print '<head>'."\n";
-if (isset($_GET["mode"]) && $_GET["mode"] == 'test')
+if (GETPOST('mode') && GETPOST('mode') == 'test')
{
print '<script type="text/javascript" src="'.DOL_URL_ROOT.'/lib/lib_head.js"></script>'."\n";
}
diff --git a/htdocs/lib/security.lib.php b/htdocs/lib/security.lib.php
index e2a4c6940f25273dfbf1b894ce008b567b10cfe5..9379b41ca0b1a9c2dcf36ce24d5a5ffc780b48bc 100644
--- a/htdocs/lib/security.lib.php
+++ b/htdocs/lib/security.lib.php
@@ -90,7 +90,7 @@ function dol_loginfunction($langs,$conf,$mysoc)
global $dolibarr_main_demo,$db;
global $smartphone;
- $langcode=(empty($_GET["lang"])?((is_object($langs)&&$langs->defaultlang)?$langs->defaultlang:'auto'):$_GET["lang"]);
+ $langcode=(GETPOST('lang')?((is_object($langs)&&$langs->defaultlang)?$langs->defaultlang:'auto'):GETPOST('lang'));
$langs->setDefaultLang($langcode);
$langs->load("main");
diff --git a/htdocs/main.inc.php b/htdocs/main.inc.php
index 6049738dc6dddab3680436814c7409d42d81c7d9..1ef7549889e293f4d3813b6a4ebfdfbea012aad4 100644
--- a/htdocs/main.inc.php
+++ b/htdocs/main.inc.php
@@ -261,8 +261,7 @@ if (! empty($conf->global->MAIN_SECURITY_CSRF)) // Check validity of token, only
}
// Disable modules (this must be after session_start and after conf has been loaded)
-if (! empty($_GET["disablemodules"])) $_SESSION["disablemodules"]=$_GET["disablemodules"];
-if (! empty($_POST["disablemodules"])) $_SESSION["disablemodules"]=$_POST["disablemodules"];
+if (GETPOST('disablemodules')) $_SESSION["disablemodules"]=GETPOST('disablemodules');
if (! empty($_SESSION["disablemodules"]))
{
$disabled_modules=explode(',',$_SESSION["disablemodules"]);
@@ -369,7 +368,7 @@ if (! defined('NOLOGIN'))
// Appel des triggers
include_once(DOL_DOCUMENT_ROOT . "/core/class/interfaces.class.php");
$interface=new Interfaces($db);
- $result=$interface->run_triggers('USER_LOGIN_FAILED',$user,$user,$langs,$conf,$_POST["entity"]);
+ $result=$interface->run_triggers('USER_LOGIN_FAILED',$user,$user,$langs,$conf,GETPOST('entity'));
if ($result < 0) { $error++; }
// Fin appel triggers
}
@@ -664,7 +663,7 @@ if (! defined('NOLOGIN'))
$conf->css = "/theme/".$conf->theme."/style.css.php";
}
// Set javascript option
- if (empty($_GET["nojs"])) // If javascript was not disabled on URL
+ if (! GETPOST('nojs')) // If javascript was not disabled on URL
{
if (! empty($user->conf->MAIN_DISABLE_JAVASCRIPT))
{
@@ -677,7 +676,7 @@ if (! defined('NOLOGIN'))
if (! defined('NOREQUIRETRAN'))
{
- if (empty($_GET["lang"])) // If language was not forced on URL
+ if (! GETPOST('lang')) // If language was not forced on URL
{
// If user has chosen its own language
if (! empty($user->conf->MAIN_LANG_DEFAULT))
@@ -692,7 +691,7 @@ if (! defined('NOREQUIRETRAN'))
}
else // If language was forced on URL
{
- $langs->setDefaultLang($_GET["lang"]);
+ $langs->setDefaultLang(GETPOST('lang'));
}
}
@@ -887,13 +886,13 @@ function top_htmlhead($head, $title='', $disablejs=0, $disablehead=0, $arrayofjs
// Output style sheets (optioncss='print' or '')
$themepath=dol_buildpath((empty($conf->global->MAIN_FORCETHEMEDIR)?'':$conf->global->MAIN_FORCETHEMEDIR).$conf->css,1);
//print 'themepath='.$themepath;exit;
- print '<link rel="stylesheet" type="text/css" title="default" href="'.$themepath.'?lang='.$langs->defaultlang.'&theme='.$conf->theme.(! empty($_GET["optioncss"])?'&optioncss='.$_GET["optioncss"]:'').'">'."\n";
+ print '<link rel="stylesheet" type="text/css" title="default" href="'.$themepath.'?lang='.$langs->defaultlang.'&theme='.$conf->theme.(GETPOST('optioncss')?'&optioncss='.GETPOST('optioncss'):'').'">'."\n";
// CSS forced by modules (relative url starting with /)
if (is_array($conf->css_modules))
{
foreach($conf->css_modules as $cssfile)
{ // cssfile is an absolute path
- print '<link rel="stylesheet" type="text/css" title="default" href="'.dol_buildpath($cssfile,1).'?lang='.$langs->defaultlang.'&theme='.$conf->theme.(! empty($_GET["optioncss"])?'&optioncss='.$_GET["optioncss"]:'').'">'."\n";
+ print '<link rel="stylesheet" type="text/css" title="default" href="'.dol_buildpath($cssfile,1).'?lang='.$langs->defaultlang.'&theme='.$conf->theme.(GETPOST('optioncss')?'&optioncss='.GETPOST('optioncss'):'').'">'."\n";
}
}
// CSS forced by page in top_htmlhead call (relative url starting with /)
@@ -901,7 +900,7 @@ function top_htmlhead($head, $title='', $disablejs=0, $disablehead=0, $arrayofjs
{
foreach($arrayofcss as $cssfile)
{
- print '<link rel="stylesheet" type="text/css" title="default" href="'.dol_buildpath($cssfile,1).'?lang='.$langs->defaultlang.'&theme='.$conf->theme.(! empty($_GET["optioncss"])?'&optioncss='.$_GET["optioncss"]:'').'">'."\n";
+ print '<link rel="stylesheet" type="text/css" title="default" href="'.dol_buildpath($cssfile,1).'?lang='.$langs->defaultlang.'&theme='.$conf->theme.(GETPOST('optioncss')?'&optioncss='.GETPOST('optioncss'):'').'">'."\n";
}
}
diff --git a/htdocs/support/inc.php b/htdocs/support/inc.php
index f04f809c587e1705137950117e9f68371ed1df72..ba4c7488a33d2cb5ce7d6107158bb23a4001c2f7 100644
--- a/htdocs/support/inc.php
+++ b/htdocs/support/inc.php
@@ -146,7 +146,7 @@ if (function_exists('get_magic_quotes_gpc')) // magic_quotes_* removed in PHP6
// Defini objet langs
$langs = new Translate('..',$conf);
-if (isset($_GET["lang"])) $langs->setDefaultLang($_GET["lang"]);
+if (GETPOST('lang')) $langs->setDefaultLang(GETPOST('lang'));
else $langs->setDefaultLang('auto');
$bc[false]=' class="bg1"';
diff --git a/htdocs/theme/auguria/style.css.php b/htdocs/theme/auguria/style.css.php
index 6ea249010ba5e376b9c3c8b373fb62b05fcceea7..fd6c0f16fe90643621fc6758081cc5af6bdfd674 100644
--- a/htdocs/theme/auguria/style.css.php
+++ b/htdocs/theme/auguria/style.css.php
@@ -50,8 +50,8 @@ else header('Cache-Control: no-cache');
// On the fly GZIP compression for all pages (if browser support it). Must set the bit 3 of constant to 1.
if (isset($conf->global->MAIN_OPTIMIZE_SPEED) && ($conf->global->MAIN_OPTIMIZE_SPEED & 0x04)) { ob_start("ob_gzhandler"); }
-if (! empty($_GET["lang"])) $langs->setDefaultLang($_GET["lang"]); // If language was forced on URL
-if (! empty($_GET["theme"])) $conf->theme=$_GET["theme"]; // If theme was forced on URL
+if (GETPOST('lang')) $langs->setDefaultLang(GETPOST('lang')); // If language was forced on URL
+if (GETPOST('theme')) $conf->theme=GETPOST('theme'); // If theme was forced on URL
$langs->load("main",0,1);
$right=($langs->trans("DIRECTION")=='rtl'?'left':'right');
$left=($langs->trans("DIRECTION")=='rtl'?'right':'left');
diff --git a/htdocs/theme/bureau2crea/style.css.php b/htdocs/theme/bureau2crea/style.css.php
index f474988aa37729ba65da2601fd98e6093af4d8ec..bc69d263462eb7a2b6882fab5abcecf974f80c40 100644
--- a/htdocs/theme/bureau2crea/style.css.php
+++ b/htdocs/theme/bureau2crea/style.css.php
@@ -49,8 +49,8 @@ else header('Cache-Control: no-cache');
// On the fly GZIP compression for all pages (if browser support it). Must set the bit 3 of constant to 1.
if (isset($conf->global->MAIN_OPTIMIZE_SPEED) && ($conf->global->MAIN_OPTIMIZE_SPEED & 0x04)) { ob_start("ob_gzhandler"); }
-if (! empty($_GET["lang"])) $langs->setDefaultLang($_GET["lang"]); // If language was forced on URL
-if (! empty($_GET["theme"])) $conf->theme=$_GET["theme"]; // If theme was forced on URL
+if (GETPOST('lang')) $langs->setDefaultLang(GETPOST('lang')); // If language was forced on URL
+if (GETPOST('theme')) $conf->theme=GETPOST('theme'); // If theme was forced on URL
$langs->load("main",0,1);
$right=($langs->trans("DIRECTION")=='rtl'?'left':'right');
$left=($langs->trans("DIRECTION")=='rtl'?'right':'left');
diff --git a/htdocs/theme/eldy/style.css.php b/htdocs/theme/eldy/style.css.php
index b9426ea04cfef9520357f209defb7ebff187d788..30f8441902a439567dba538eda31ce9ae5e875b0 100644
--- a/htdocs/theme/eldy/style.css.php
+++ b/htdocs/theme/eldy/style.css.php
@@ -50,8 +50,8 @@ else header('Cache-Control: no-cache');
// On the fly GZIP compression for all pages (if browser support it). Must set the bit 3 of constant to 1.
if (isset($conf->global->MAIN_OPTIMIZE_SPEED) && ($conf->global->MAIN_OPTIMIZE_SPEED & 0x04)) { ob_start("ob_gzhandler"); }
-if (! empty($_GET["lang"])) $langs->setDefaultLang($_GET["lang"]); // If language was forced on URL
-if (! empty($_GET["theme"])) $conf->theme=$_GET["theme"]; // If theme was forced on URL
+if (GETPOST('lang')) $langs->setDefaultLang(GETPOST('lang')); // If language was forced on URL
+if (GETPOST('theme')) $conf->theme=GETPOST('theme'); // If theme was forced on URL
$langs->load("main",0,1);
$right=($langs->trans("DIRECTION")=='rtl'?'left':'right');
$left=($langs->trans("DIRECTION")=='rtl'?'right':'left');
diff --git a/htdocs/theme/freelug/style.css.php b/htdocs/theme/freelug/style.css.php
index 2e78af9fd5c9859cbb66ba513449d5e5cd55f91d..05c00eca8f2f46b0e187055f42b44b023b9d4548 100644
--- a/htdocs/theme/freelug/style.css.php
+++ b/htdocs/theme/freelug/style.css.php
@@ -49,8 +49,8 @@ else header('Cache-Control: no-cache');
// On the fly GZIP compression for all pages (if browser support it). Must set the bit 3 of constant to 1.
if (isset($conf->global->MAIN_OPTIMIZE_SPEED) && ($conf->global->MAIN_OPTIMIZE_SPEED & 0x04)) { ob_start("ob_gzhandler"); }
-if (! empty($_GET["lang"])) $langs->setDefaultLang($_GET["lang"]); // If language was forced on URL
-if (! empty($_GET["theme"])) $conf->theme=$_GET["theme"]; // If theme was forced on URL
+if (GETPOST('lang')) $langs->setDefaultLang(GETPOST('lang')); // If language was forced on URL
+if (GETPOST('theme')) $conf->theme=GETPOST('theme'); // If theme was forced on URL
$langs->load("main",0,1);
$right=($langs->trans("DIRECTION")=='rtl'?'left':'right');
$left=($langs->trans("DIRECTION")=='rtl'?'right':'left');
diff --git a/htdocs/theme/yellow/style.css.php b/htdocs/theme/yellow/style.css.php
index fe1fe6ab01ade6808dc95329da009b8ec30d59f0..6c0bd890516efc336d85d5344ce7e7164edf0c68 100644
--- a/htdocs/theme/yellow/style.css.php
+++ b/htdocs/theme/yellow/style.css.php
@@ -49,8 +49,8 @@ else header('Cache-Control: no-cache');
// On the fly GZIP compression for all pages (if browser support it). Must set the bit 3 of constant to 1.
if (isset($conf->global->MAIN_OPTIMIZE_SPEED) && ($conf->global->MAIN_OPTIMIZE_SPEED & 0x04)) { ob_start("ob_gzhandler"); }
-if (! empty($_GET["lang"])) $langs->setDefaultLang($_GET["lang"]); // If language was forced on URL
-if (! empty($_GET["theme"])) $conf->theme=$_GET["theme"]; // If theme was forced on URL
+if (GETPOST('lang')) $langs->setDefaultLang(GETPOST('lang')); // If language was forced on URL
+if (GETPOST('theme')) $conf->theme=GETPOST('theme'); // If theme was forced on URL
$langs->load("main",0,1);
$right=($langs->trans("DIRECTION")=='rtl'?'left':'right');
$left=($langs->trans("DIRECTION")=='rtl'?'right':'left');