diff --git a/htdocs/adherents/card.php b/htdocs/adherents/card.php
index ddbc7123d70940341d165ca7befb4b32090b8dc5..8c6f768726325e55cbaeb0bbdea0872baa2f77c2 100644
--- a/htdocs/adherents/card.php
+++ b/htdocs/adherents/card.php
@@ -822,7 +822,7 @@ else
// Login
if (empty($conf->global->ADHERENT_LOGIN_NOT_REQUIRED))
{
- print '<tr><td><span class="fieldrequired">'.$langs->trans("Login").' / '.$langs->trans("Id").'</span></td><td><input type="text" name="member_login" size="40" value="'.(isset($_POST["member_login"])?$_POST["member_login"]:$object->login).'"></td></tr>';
+ print '<tr><td><span class="fieldrequired">'.$langs->trans("Login").' / '.$langs->trans("Id").'</span></td><td><input type="text" name="member_login" class="maxwidth200" value="'.(isset($_POST["member_login"])?GETPOST("member_login", 'alpha', 2):$object->login).'"></td></tr>';
}
// Type
@@ -1066,7 +1066,7 @@ else
// Login
if (empty($conf->global->ADHERENT_LOGIN_NOT_REQUIRED))
{
- print '<tr><td><span class="fieldrequired">'.$langs->trans("Login").' / '.$langs->trans("Id").'</span></td><td colspan="2"><input type="text" name="login" size="30" value="'.(isset($_POST["login"])?$_POST["login"]:$object->login).'"></td></tr>';
+ print '<tr><td><span class="fieldrequired">'.$langs->trans("Login").' / '.$langs->trans("Id").'</span></td><td colspan="2"><input type="text" name="login" class="maxwidth200" value="'.(isset($_POST["login"])?GETPOST("login",'alpha',2):$object->login).'"></td></tr>';
}
// Morphy
@@ -1090,7 +1090,7 @@ else
print "</td></tr>";
// Company
- print '<tr><td id="tdcompany">'.$langs->trans("Company").'</td><td><input type="text" name="societe" size="40" value="'.(isset($_POST["societe"])?$_POST["societe"]:$object->societe).'"></td></tr>';
+ print '<tr><td id="tdcompany">'.$langs->trans("Company").'</td><td><input type="text" name="societe" size="40" value="'.(isset($_POST["societe"])?GETPOST("societe",'',2):$object->societe).'"></td></tr>';
// Civility
print '<tr><td>'.$langs->trans("UserTitle").'</td><td>';
@@ -1099,11 +1099,11 @@ else
print '</tr>';
// Lastname
- print '<tr><td id="tdlastname">'.$langs->trans("Lastname").'</td><td><input type="text" name="lastname" size="40" value="'.(isset($_POST["lastname"])?$_POST["lastname"]:$object->lastname).'"></td>';
+ print '<tr><td id="tdlastname">'.$langs->trans("Lastname").'</td><td><input type="text" name="lastname" size="40" value="'.(isset($_POST["lastname"])?GETPOST("lastname",'',2):$object->lastname).'"></td>';
print '</tr>';
// Firstname
- print '<tr><td id="tdfirstname">'.$langs->trans("Firstname").'</td><td><input type="text" name="firstname" size="40" value="'.(isset($_POST["firstname"])?$_POST["firstname"]:$object->firstname).'"></td>';
+ print '<tr><td id="tdfirstname">'.$langs->trans("Firstname").'</td><td><input type="text" name="firstname" size="40" value="'.(isset($_POST["firstname"])?GETPOST("firstname",'',3):$object->firstname).'"></td>';
print '</tr>';
// Photo
@@ -1122,24 +1122,24 @@ else
print '</td></tr>';
// EMail
- print '<tr><td>'.($conf->global->ADHERENT_MAIL_REQUIRED?'<span class="fieldrequired">':'').$langs->trans("EMail").($conf->global->ADHERENT_MAIL_REQUIRED?'</span>':'').'</td><td><input type="text" name="email" size="40" value="'.(isset($_POST["email"])?$_POST["email"]:$object->email).'"></td></tr>';
+ print '<tr><td>'.($conf->global->ADHERENT_MAIL_REQUIRED?'<span class="fieldrequired">':'').$langs->trans("EMail").($conf->global->ADHERENT_MAIL_REQUIRED?'</span>':'').'</td><td><input type="text" name="email" size="40" value="'.(isset($_POST["email"])?GETPOST("email",'',2):$object->email).'"></td></tr>';
// Password
if (empty($conf->global->ADHERENT_LOGIN_NOT_REQUIRED))
{
- print '<tr><td class="fieldrequired">'.$langs->trans("Password").'</td><td><input type="password" name="pass" size="30" value="'.(isset($_POST["pass"])?$_POST["pass"]:$object->pass).'"></td></tr>';
+ print '<tr><td class="fieldrequired">'.$langs->trans("Password").'</td><td><input type="password" name="pass" class="maxwdith200" value="'.(isset($_POST["pass"])?GETPOST("pass",'',2):$object->pass).'"></td></tr>';
}
// Address
print '<tr><td>'.$langs->trans("Address").'</td><td>';
- print '<textarea name="address" wrap="soft" class="quatrevingtpercent" rows="2">'.(isset($_POST["address"])?$_POST["address"]:$object->address).'</textarea>';
+ print '<textarea name="address" wrap="soft" class="quatrevingtpercent" rows="2">'.(isset($_POST["address"])?GETPOST("address",'',2):$object->address).'</textarea>';
print '</td></tr>';
// Zip / Town
print '<tr><td>'.$langs->trans("Zip").' / '.$langs->trans("Town").'</td><td>';
- print $formcompany->select_ziptown((isset($_POST["zipcode"])?$_POST["zipcode"]:$object->zip),'zipcode',array('town','selectcountry_id','state_id'),6);
+ print $formcompany->select_ziptown((isset($_POST["zipcode"])?GETPOST("zipcode",'',2):$object->zip),'zipcode',array('town','selectcountry_id','state_id'),6);
print ' ';
- print $formcompany->select_ziptown((isset($_POST["town"])?$_POST["town"]:$object->town),'town',array('zipcode','selectcountry_id','state_id'));
+ print $formcompany->select_ziptown((isset($_POST["town"])?GETPOST("town",'',2):$object->town),'town',array('zipcode','selectcountry_id','state_id'));
print '</td></tr>';
// Country
@@ -1153,23 +1153,23 @@ else
if (empty($conf->global->MEMBER_DISABLE_STATE))
{
print '<tr><td>'.$langs->trans('State').'</td><td>';
- print $formcompany->select_state($object->state_id,isset($_POST["country_id"])?$_POST["country_id"]:$object->country_id);
+ print $formcompany->select_state($object->state_id,isset($_POST["country_id"])?GETPOST("country_id"):$object->country_id);
print '</td></tr>';
}
// Pro phone
- print '<tr><td>'.$langs->trans("PhonePro").'</td><td><input type="text" name="phone" size="20" value="'.(isset($_POST["phone"])?$_POST["phone"]:$object->phone).'"></td></tr>';
+ print '<tr><td>'.$langs->trans("PhonePro").'</td><td><input type="text" name="phone" size="20" value="'.(isset($_POST["phone"])?GETPOST("phone"):$object->phone).'"></td></tr>';
// Personal phone
- print '<tr><td>'.$langs->trans("PhonePerso").'</td><td><input type="text" name="phone_perso" size="20" value="'.(isset($_POST["phone_perso"])?$_POST["phone_perso"]:$object->phone_perso).'"></td></tr>';
+ print '<tr><td>'.$langs->trans("PhonePerso").'</td><td><input type="text" name="phone_perso" size="20" value="'.(isset($_POST["phone_perso"])?GETPOST("phone_perso"):$object->phone_perso).'"></td></tr>';
// Mobile phone
- print '<tr><td>'.$langs->trans("PhoneMobile").'</td><td><input type="text" name="phone_mobile" size="20" value="'.(isset($_POST["phone_mobile"])?$_POST["phone_mobile"]:$object->phone_mobile).'"></td></tr>';
+ print '<tr><td>'.$langs->trans("PhoneMobile").'</td><td><input type="text" name="phone_mobile" size="20" value="'.(isset($_POST["phone_mobile"])?GETPOST("hone_mobile"):$object->phone_mobile).'"></td></tr>';
// Skype
if (! empty($conf->skype->enabled))
{
- print '<tr><td>'.$langs->trans("Skype").'</td><td><input type="text" name="skype" size="40" value="'.(isset($_POST["skype"])?$_POST["skype"]:$object->skype).'"></td></tr>';
+ print '<tr><td>'.$langs->trans("Skype").'</td><td><input type="text" name="skype" size="40" value="'.(isset($_POST["skype"])?GETPOST("skype"):$object->skype).'"></td></tr>';
}
// Birthday
@@ -1179,7 +1179,7 @@ else
// Public profil
print "<tr><td>".$langs->trans("Public")."</td><td>\n";
- print $form->selectyesno("public",(isset($_POST["public"])?$_POST["public"]:$object->public),1);
+ print $form->selectyesno("public",(isset($_POST["public"])?GETPOST("public",'',2):$object->public),1);
print "</td></tr>\n";
// Categories
diff --git a/htdocs/admin/menus/index.php b/htdocs/admin/menus/index.php
index c8b7b469bd20d858bb16440978005a5082c27998..acfa9d2dccde95e2f49cf09ef60836d9dda8e19f 100644
--- a/htdocs/admin/menus/index.php
+++ b/htdocs/admin/menus/index.php
@@ -71,7 +71,7 @@ if ($action == 'up')
// Get current position
$sql = "SELECT m.rowid, m.position, m.type, m.fk_menu";
$sql.= " FROM ".MAIN_DB_PREFIX."menu as m";
- $sql.= " WHERE m.rowid = ".$_GET["menuId"];
+ $sql.= " WHERE m.rowid = ".GETPOST("menuId","int");
dol_syslog("admin/menus/index.php ".$sql);
$result = $db->query($sql);
$num = $db->num_rows($result);
@@ -89,11 +89,11 @@ if ($action == 'up')
// Menu before
$sql = "SELECT m.rowid, m.position";
$sql.= " FROM ".MAIN_DB_PREFIX."menu as m";
- $sql.= " WHERE (m.position < ".($current['order'])." OR (m.position = ".($current['order'])." AND rowid < ".$_GET["menuId"]."))";
- $sql.= " AND m.menu_handler='".$menu_handler_to_search."'";
+ $sql.= " WHERE (m.position < ".($current['order'])." OR (m.position = ".($current['order'])." AND rowid < ".GETPOST("menuId","int")."))";
+ $sql.= " AND m.menu_handler='".$db->escape($menu_handler_to_search)."'";
$sql.= " AND m.entity = ".$conf->entity;
- $sql.= " AND m.type = '".$current['type']."'";
- $sql.= " AND m.fk_menu = '".$current['fk_menu']."'";
+ $sql.= " AND m.type = '".$db->escape($current['type'])."'";
+ $sql.= " AND m.fk_menu = '".$db->escape($current['fk_menu'])."'";
$sql.= " ORDER BY m.position, m.rowid";
dol_syslog("admin/menus/index.php ".$sql);
$result = $db->query($sql);
@@ -127,7 +127,7 @@ elseif ($action == 'down')
// Get current position
$sql = "SELECT m.rowid, m.position, m.type, m.fk_menu";
$sql.= " FROM ".MAIN_DB_PREFIX."menu as m";
- $sql.= " WHERE m.rowid = ".$_GET["menuId"];
+ $sql.= " WHERE m.rowid = ".GETPOST("menuId","int");
dol_syslog("admin/menus/index.php ".$sql);
$result = $db->query($sql);
$num = $db->num_rows($result);
@@ -145,11 +145,11 @@ elseif ($action == 'down')
// Menu after
$sql = "SELECT m.rowid, m.position";
$sql.= " FROM ".MAIN_DB_PREFIX."menu as m";
- $sql.= " WHERE (m.position > ".($current['order'])." OR (m.position = ".($current['order'])." AND rowid > ".$_GET["menuId"]."))";
- $sql.= " AND m.menu_handler='".$menu_handler_to_search."'";
+ $sql.= " WHERE (m.position > ".($current['order'])." OR (m.position = ".($current['order'])." AND rowid > ".GETPOST("menuId","int")."))";
+ $sql.= " AND m.menu_handler='".$db->escape($menu_handler_to_search)."'";
$sql.= " AND m.entity = ".$conf->entity;
- $sql.= " AND m.type = '".$current['type']."'";
- $sql.= " AND m.fk_menu = '".$current['fk_menu']."'";
+ $sql.= " AND m.type = '".$db->escape($current['type'])."'";
+ $sql.= " AND m.fk_menu = '".$db->escape($current['fk_menu'])."'";
$sql.= " ORDER BY m.position, m.rowid";
dol_syslog("admin/menus/index.php ".$sql);
$result = $db->query($sql);
@@ -180,7 +180,7 @@ elseif ($action == 'confirm_delete' && $confirm == 'yes')
$db->begin();
$sql = "DELETE FROM ".MAIN_DB_PREFIX."menu";
- $sql.= " WHERE rowid = ".$_GET['menuId'];
+ $sql.= " WHERE rowid = ".GETPOST('menuId','int');
$resql=$db->query($sql);
if ($resql)
{
@@ -245,11 +245,11 @@ if ($action == 'delete')
{
$sql = "SELECT m.titre";
$sql.= " FROM ".MAIN_DB_PREFIX."menu as m";
- $sql.= " WHERE m.rowid = ".$_GET['menuId'];
+ $sql.= " WHERE m.rowid = ".GETPOST('menuId','int');
$result = $db->query($sql);
$obj = $db->fetch_object($result);
- print $form->formconfirm("index.php?menu_handler=".$menu_handler."&menuId=".$_GET['menuId'],$langs->trans("DeleteMenu"),$langs->trans("ConfirmDeleteMenu",$obj->titre),"confirm_delete");
+ print $form->formconfirm("index.php?menu_handler=".$menu_handler."&menuId=".GETPOST('menuId','int'),$langs->trans("DeleteMenu"),$langs->trans("ConfirmDeleteMenu",$obj->titre),"confirm_delete");
}
@@ -298,7 +298,7 @@ if ($conf->use_javascript_ajax)
$sql = "SELECT m.rowid, m.titre, m.langs, m.mainmenu, m.leftmenu, m.fk_menu, m.fk_mainmenu, m.fk_leftmenu, m.module";
$sql.= " FROM ".MAIN_DB_PREFIX."menu as m";
- $sql.= " WHERE menu_handler = '".$menu_handler_to_search."'";
+ $sql.= " WHERE menu_handler = '".$db->escape($menu_handler_to_search)."'";
$sql.= " AND entity = ".$conf->entity;
//$sql.= " AND fk_menu >= 0";
$sql.= " ORDER BY m.position, m.rowid"; // Order is position then rowid (because we need a sort criteria when position is same)
diff --git a/htdocs/admin/perms.php b/htdocs/admin/perms.php
index 8ce7e046186a400a3f2a4f55970f5f0f2d3e7d3c..e023af900679db263df3e0559347e8434c92b213 100644
--- a/htdocs/admin/perms.php
+++ b/htdocs/admin/perms.php
@@ -44,7 +44,7 @@ if (!$user->admin) accessforbidden();
if ($action == 'add')
{
$sql = "UPDATE ".MAIN_DB_PREFIX."rights_def SET bydefault=1";
- $sql.= " WHERE id = ".$_GET["pid"];
+ $sql.= " WHERE id = ".GETPOST("pid",'int');
$sql.= " AND entity = ".$conf->entity;
$db->query($sql);
}
@@ -52,7 +52,7 @@ if ($action == 'add')
if ($action == 'remove')
{
$sql = "UPDATE ".MAIN_DB_PREFIX."rights_def SET bydefault=0";
- $sql.= " WHERE id = ".$_GET["pid"];
+ $sql.= " WHERE id = ".GETPOST('pid','int');
$sql.= " AND entity = ".$conf->entity;
$db->query($sql);
}
diff --git a/htdocs/bookmarks/card.php b/htdocs/bookmarks/card.php
index 67e01bcb773497d11867e633e16c6b142fc371cb..bef65d409a3d7e2250b572151921e5e241c62785 100644
--- a/htdocs/bookmarks/card.php
+++ b/htdocs/bookmarks/card.php
@@ -69,7 +69,7 @@ if ($action == 'add' || $action == 'addproduct' || $action == 'update')
exit;
}
- if ($action == 'update') $bookmark->fetch($_POST["id"]);
+ if ($action == 'update') $bookmark->fetch(GETPOST("id",'int'));
// Check if null because user not admin can't set an user and send empty value here.
if(!empty($userid))
$bookmark->fk_user=$userid;
@@ -217,7 +217,7 @@ if ($id > 0 && ! preg_match('/^add/i',$action))
print '<table class="border" width="100%">';
- print '<tr><td width="25%">'.$langs->trans("Ref").'</td><td>'.$bookmark->ref.'</td></tr>';
+ print '<tr><td class="titlefield">'.$langs->trans("Ref").'</td><td>'.$bookmark->ref.'</td></tr>';
print '<tr><td>';
if ($action == 'edit') {
@@ -231,7 +231,7 @@ if ($id > 0 && ! preg_match('/^add/i',$action))
}
print '</td><td>';
- if ($action == 'edit') print '<input class="flat" name="title" size="30" value="'.(isset($_POST["title"])?$_POST["title"]:$bookmark->title).'">';
+ if ($action == 'edit') print '<input class="flat minwidth200" name="title" value="'.(isset($_POST["title"])?GETPOST("title",'',2):$bookmark->title).'">';
else print $bookmark->title;
print '</td></tr>';
@@ -301,6 +301,8 @@ if ($id > 0 && ! preg_match('/^add/i',$action))
}
+ // Buttons
+
print "<div class=\"tabsAction\">\n";
// Edit
diff --git a/htdocs/cashdesk/tpl/validation2.tpl.php b/htdocs/cashdesk/tpl/validation2.tpl.php
index 7bc7999d377ca1d60834448a2cb16639f196b725..b74f5afdd52cb5f54758e3dfa5ab64e2e55538b1 100644
--- a/htdocs/cashdesk/tpl/validation2.tpl.php
+++ b/htdocs/cashdesk/tpl/validation2.tpl.php
@@ -33,7 +33,7 @@ $langs->load("bills");
largeur = 600;
hauteur = 500;
opt = 'width='+largeur+', height='+hauteur+', left='+(screen.width - largeur)/2+', top='+(screen.height-hauteur)/2+'';
- window.open('validation_ticket.php?facid=<?php echo $_GET['facid']; ?>', '<?php echo $langs->trans('PrintTicket') ?>', opt);
+ window.open('validation_ticket.php?facid=<?php echo GETPOST('facid','int'); ?>', '<?php echo $langs->trans('PrintTicket') ?>', opt);
}
popupTicket();
diff --git a/htdocs/comm/contact.php b/htdocs/comm/contact.php
index c7690e7e16f7b3572b2df2b2cfa76ab6822913f9..7b71e3ade9c87cb99467124a2f81d5ac899fe52d 100644
--- a/htdocs/comm/contact.php
+++ b/htdocs/comm/contact.php
@@ -125,6 +125,8 @@ if ($resql)
$title = (! empty($conf->global->SOCIETE_ADDRESSES_MANAGEMENT) ? $langs->trans("ListOfContacts") : $langs->trans("ListOfContactsAddresses"));
print_barre_liste($title.($label?" (".$label.")":""),$page, $_SERVER["PHP_SELF"], $param,$sortfield,$sortorder,"",$num);
+ print '<form action="'.$_SERVER["PHP_SELF"].'?type='.GETPOST("type", "alpha").'" method="GET">';
+
print '<table class="liste" width="100%">';
print '<tr class="liste_titre">';
print_liste_field_titre($langs->trans("Lastname"),$_SERVER["PHP_SELF"],"p.name", $begin, $param,"",$sortfield,$sortorder);
@@ -134,7 +136,6 @@ if ($resql)
print_liste_field_titre($langs->trans("Phone"));
print "</tr>\n";
- print '<form action="'.$_SERVER["PHP_SELF"].'?type='.$_GET["type"].'" method="GET">';
print '<tr class="liste_titre">';
print '<td class="liste_titre"><input class="flat" name="search_lastname" size="12" value="'.$search_lastname.'"></td>';
print '<td class="liste_titre"><input class="flat" name="search_firstname" size="12" value="'.$search_firstname.'"></td>';
@@ -142,7 +143,6 @@ if ($resql)
print '<td class="liste_titre"> </td>';
print '<td class="liste_titre" align="right"><input type="image" class="liste_titre" src="'.img_picto($langs->trans("Search"),'search.png','','',1).'" value="'.dol_escape_htmltag($langs->trans("Search")).'" title="'.dol_escape_htmltag($langs->trans("Search")).'"></td>';
print "</tr>\n";
- print '</form>';
$var=True;
$i = 0;
@@ -167,7 +167,10 @@ if ($resql)
print "</tr>\n";
$i++;
}
- print "</table></p>";
+ print "</table>";
+
+ print '</form>';
+
$db->free($resql);
}
else
diff --git a/htdocs/comm/remx.php b/htdocs/comm/remx.php
index 5cc7fcedf4df988f63c5533bf2bab47e429c0f7b..575a55e435fdb5996601602951ff0ccf5a08d722 100644
--- a/htdocs/comm/remx.php
+++ b/htdocs/comm/remx.php
@@ -283,14 +283,14 @@ if ($socid > 0)
print '<div class="underbanner clearboth"></div>';
print '<table class="border" width="100%">';
print '<tr><td class="titlefield fieldrequired">'.$langs->trans("AmountHT").'</td>';
- print '<td><input type="text" size="5" name="amount_ht" value="'.$_POST["amount_ht"].'">';
+ print '<td><input type="text" size="5" name="amount_ht" value="'.price2num(GETPOST("amount_ht")).'">';
print '<span class="hideonsmartphone"> '.$langs->trans("Currency".$conf->currency).'</span></td></tr>';
print '<tr><td>'.$langs->trans("VAT").'</td>';
print '<td>';
print $form->load_tva('tva_tx',GETPOST('tva_tx'),$mysoc,$object);
print '</td></tr>';
print '<tr><td class="fieldrequired" >'.$langs->trans("NoteReason").'</td>';
- print '<td><input type="text" size="60" name="desc" value="'.GETPOST('desc').'"></td></tr>';
+ print '<td><input type="text" class="quatrevingtpercent" name="desc" value="'.GETPOST('desc').'"></td></tr>';
print "</table>";
}
diff --git a/htdocs/commande/customer.php b/htdocs/commande/customer.php
index 391962c98cb1cdf29e71b8e6a795c2ef5151cbe0..8190367a06ad7060187486da9b2ecc418b8bcd4d 100644
--- a/htdocs/commande/customer.php
+++ b/htdocs/commande/customer.php
@@ -44,11 +44,13 @@ accessforbidden();
$langs->load("companies");
$langs->load("orders");
+
+$limit = GETPOST("limit")?GETPOST("limit","int"):$conf->liste_limit;
$sortfield = GETPOST("sortfield",'alpha');
$sortorder = GETPOST("sortorder",'alpha');
$page = GETPOST("page",'int');
if ($page == -1) { $page = 0; }
-$offset = $conf->liste_limit * $page;
+$offset = $limit * $page;
$pageprev = $page - 1;
$pagenext = $page + 1;
if (! $sortorder) $sortorder="ASC";
@@ -77,32 +79,32 @@ $sql.= " AND s.entity IN (".getEntity('societe', 1).")";
if (!$user->rights->societe->client->voir && !$socid) $sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id;
if (dol_strlen($stcomm))
{
- $sql.= " AND s.fk_stcomm=$stcomm";
-}
-
-if ($_GET["search_nom"])
-{
- $sql.= " AND s.nom like '%".$db->escape(strtolower($_GET["search_nom"]))."%'";
-}
-if ($_GET["search_compta"])
-{
- $sql.= " AND s.code_compta like '%".$db->escape($_GET["search_compta"])."%'";
-}
-if ($_GET["search_code_client"])
-{
- $sql.= " AND s.code_client like '%".$db->escape($_GET["search_code_client"])."%'";
+ $sql.= " AND s.fk_stcomm=".$stcomm;
}
+if (GETPOST("search_nom")) $sql.= natural_search("s.nom", GETPOST("search_nom"));
+if (GETPOST("search_compta")) $sql.= natural_search("s.code_compta", GETPOST("search_compta"));
+if (GETPOST("search_code_client")) $sql.= natural_search("s.code_client", GETPOST("search_code_client"));
if (dol_strlen($begin))
{
$sql.= " AND s.nom like '".$db->escape($begin)."'";
}
-if ($socid)
+if ($socid > 0)
{
$sql.= " AND s.rowid = ".$socid;
}
$sql.= " AND c.fk_statut in (1, 2) AND c.facture = 0";
$sql.= " GROUP BY s.nom";
-$sql.= " ORDER BY $sortfield $sortorder " . $db->plimit($conf->liste_limit+1, $offset);
+$sql.= $db->order($sortfield,$sortorder);
+
+// Count total nb of records
+$nbtotalofrecords = -1;
+if (empty($conf->global->MAIN_DISABLE_FULL_SCANLIST))
+{
+ $result = $db->query($sql);
+ $nbtotalofrecords = $db->num_rows($result);
+}
+
+$sql.= $db->plimit($limit + 1, $offset);
//print $sql;
$resql = $db->query($sql);
@@ -129,26 +131,27 @@ if ($resql)
print '<tr class="liste_titre">';
print '<td align="left" class="liste_titre">';
- print '<input class="flat" type="text" name="search_nom" value="'.$_GET["search_nom"].'"></td>';
+ print '<input class="flat" type="text" name="search_nom" value="'.dol_escape_htmltag(GETPOST("search_nom")).'"></td>';
print '<td class="liste_titre"> </td>';
print '<td align="left" class="liste_titre">';
- print '<input class="flat" type="text" size="10" name="search_code_client" value="'.$_GET["search_code_client"].'">';
+ print '<input class="flat" type="text" size="10" name="search_code_client" value="'.dol_escape_htmltag(GETPOST("search_code_client")).'">';
print '</td>';
print '<td align="left" class="liste_titre">';
- print '<input class="flat" type="text" size="10" name="search_compta" value="'.$_GET["search_compta"].'">';
+ print '<input class="flat" type="text" size="10" name="search_compta" value="'.dol_escape_htmltag(GETPOST("search_compta")).'">';
print '</td>';
print '<td align="right" colspan="2" class="liste_titre">';
print '<input type="image" class="liste_titre" src="'.img_picto($langs->trans("Search"),'search.png','','',1).'" name="button_search" value="'.dol_escape_htmltag($langs->trans("Search")).'" title="'.dol_escape_htmltag($langs->trans("Search")).'">';
print '</td>';
+
print "</tr>\n";
$var=true;
- while ($i < min($num,$conf->liste_limit))
+ while ($i < min($num,$limit))
{
$obj = $db->fetch_object($resql);
diff --git a/htdocs/commande/orderstoinvoice.php b/htdocs/commande/orderstoinvoice.php
index f9767c74695ed5cbc6b90c7fe80e779b641baaca..74861d3ee67fb925bf00d92765c73495f08ce8ae 100644
--- a/htdocs/commande/orderstoinvoice.php
+++ b/htdocs/commande/orderstoinvoice.php
@@ -46,7 +46,7 @@ $langs->load('companies');
if (! $user->rights->facture->creer)
accessforbidden();
-$id = (GETPOST('id')?GETPOST('id','int'):GETPOST("facid")); // For backward compatibility
+$id = (GETPOST('id')?GETPOST('id','int'):GETPOST("facid","int")); // For backward compatibility
$ref = GETPOST('ref','alpha');
$action = GETPOST('action','alpha');
$confirm = GETPOST('confirm','alpha');
@@ -112,7 +112,7 @@ if (($action == 'create' || $action == 'add') && !$error)
$langs->load('main');
if (isset($_GET['orders_to_invoice']))
{
- $orders_id = $_GET['orders_to_invoice'];
+ $orders_id = GETPOST('orders_to_invoice','',1);
$n = count($orders_id);
$i = 0;
@@ -122,7 +122,7 @@ if (($action == 'create' || $action == 'add') && !$error)
}
if (isset($_POST['orders_to_invoice']))
{
- $orders_id = $_POST['orders_to_invoice'];
+ $orders_id = GETPOST('orders_to_invoice','',1);
$nn = count($orders_id);
$ii = 0;
diff --git a/htdocs/compta/localtax/reglement.php b/htdocs/compta/localtax/reglement.php
index 54530b144438f6cadde557afc46ccfdc46200524..df96d0b7d67de59f837d43e2bc6c70f2a08f3313 100644
--- a/htdocs/compta/localtax/reglement.php
+++ b/htdocs/compta/localtax/reglement.php
@@ -31,7 +31,7 @@ $langs->load("compta");
$socid = isset($_GET["socid"])?$_GET["socid"]:'';
if ($user->societe_id) $socid=$user->societe_id;
$result = restrictedArea($user, 'tax', '', '', 'charges');
-$ltt=$_REQUEST["localTaxType"];
+$ltt=GETPOST("localTaxType");
/*
* View
@@ -45,7 +45,7 @@ print load_fiche_titre($langs->transcountry($ltt==2?"LT2Payments":"LT1Payments",
$sql = "SELECT rowid, amount, label, f.datev as dm";
$sql.= " FROM ".MAIN_DB_PREFIX."localtax as f ";
-$sql.= " WHERE f.entity = ".$conf->entity." AND localtaxtype=".$ltt;
+$sql.= " WHERE f.entity = ".$conf->entity." AND localtaxtype=".$db->escape($ltt);
$sql.= " ORDER BY dm DESC";
$result = $db->query($sql);
diff --git a/htdocs/compta/tva/quadri_detail.php b/htdocs/compta/tva/quadri_detail.php
index 128eb6456f3af0e128bb6c6f417dd10abfd36bdd..e0a19d7a0f396cfaceb0e3761fa7b2b85e9308b0 100644
--- a/htdocs/compta/tva/quadri_detail.php
+++ b/htdocs/compta/tva/quadri_detail.php
@@ -48,7 +48,7 @@ $langs->load("trips");
$langs->load("other");
// Date range
-$year=GETPOST("year");
+$year=GETPOST("year","int");
if (empty($year))
{
$year_current = strftime("%Y",dol_now());
@@ -57,15 +57,15 @@ if (empty($year))
$year_current = $year;
$year_start = $year;
}
-$date_start=dol_mktime(0,0,0,$_REQUEST["date_startmonth"],$_REQUEST["date_startday"],$_REQUEST["date_startyear"]);
-$date_end=dol_mktime(23,59,59,$_REQUEST["date_endmonth"],$_REQUEST["date_endday"],$_REQUEST["date_endyear"]);
+$date_start=dol_mktime(0,0,0,GETPOST("date_startmonth"),GETPOST("date_startday"),GETPOST("date_startyear"));
+$date_end=dol_mktime(23,59,59,GETPOST("date_endmonth"),GETPOST("date_endday"),GETPOST("date_endyear"));
// Quarter
if (empty($date_start) || empty($date_end)) // We define date_start and date_end
{
$q=GETPOST("q");
if (empty($q))
{
- if (isset($_REQUEST["month"])) { $date_start=dol_get_first_day($year_start,$_REQUEST["month"],false); $date_end=dol_get_last_day($year_start,$_REQUEST["month"],false); }
+ if (GETPOST("month")) { $date_start=dol_get_first_day($year_start,GETPOST("month"),false); $date_end=dol_get_last_day($year_start,GETPOST("month"),false); }
else
{
$month_current = strftime("%m",dol_now());
diff --git a/htdocs/core/class/html.formsms.class.php b/htdocs/core/class/html.formsms.class.php
index b2802f91c099ff3dbf1ba0f20829228a10085bf5..9412582599ddbcfb33883f2a6a85dd04024f2cf1 100644
--- a/htdocs/core/class/html.formsms.class.php
+++ b/htdocs/core/class/html.formsms.class.php
@@ -255,7 +255,7 @@ function limitChars(textarea, limit, infodiv)
}
else
{
- print "<input size=\"16\" id=\"sendto\" name=\"sendto\" value=\"".(! is_array($this->withto) && $this->withto != '1'? (isset($_REQUEST["sendto"])?$_REQUEST["sendto"]:$this->withto):"+")."\">";
+ print "<input size=\"16\" id=\"sendto\" name=\"sendto\" value=\"".dol_escape_htmltag(! is_array($this->withto) && $this->withto != '1'? (isset($_REQUEST["sendto"])?GETPOST("sendto"):$this->withto):"+")."\">";
if (! empty($this->withtosocid) && $this->withtosocid > 0)
{
$liste=array();
@@ -290,11 +290,11 @@ function limitChars(textarea, limit, infodiv)
if ($this->withbodyreadonly)
{
print nl2br($defaultmessage);
- print '<input type="hidden" name="message" value="'.$defaultmessage.'">';
+ print '<input type="hidden" name="message" value="'.dol_escape_htmltag($defaultmessage).'">';
}
else
{
- print '<textarea cols="40" name="message" id="message" rows="4" onkeyup="limitChars(this, 160, \'charlimitinfospan\')">'.$defaultmessage.'</textarea>';
+ print '<textarea class="quatrevingtpercent" name="message" id="message" rows="'.ROWS_4.'" onkeyup="limitChars(this, 160, \'charlimitinfospan\')">'.$defaultmessage.'</textarea>';
print '<div id="charlimitinfo">'.$langs->trans("SmsInfoCharRemain").': <span id="charlimitinfospan">'.(160-dol_strlen($defaultmessage)).'</span></div></td>';
}
print "</td></tr>\n";
diff --git a/htdocs/core/datepicker.php b/htdocs/core/datepicker.php
index 63b765fbadb29b08b80d2b750f24c00fe231c532..eeb20ee265c8b537b109106dce188c9061223c60 100644
--- a/htdocs/core/datepicker.php
+++ b/htdocs/core/datepicker.php
@@ -108,7 +108,7 @@ if (isset($_GET["m"]) && isset($_GET["y"]))
if ($qualified)
{
//print $_GET["cm"].",".$_GET["sd"].",".$_GET["m"].",".$_GET["y"];exit;
- displayBox($_GET["sd"],$_GET["m"],$_GET["y"]);
+ displayBox(GETPOST("sd",'alpha'),GETPOST("m",'int'),GETPOST("y",'int'));
}
else
{
diff --git a/htdocs/core/filemanagerdol/connectors/php/io.php b/htdocs/core/filemanagerdol/connectors/php/io.php
index 731509b6e107c2f1a7adc7943b2b7c1ea873be89..77c8c3ec253d94288e532b942adbb29109c91aa1 100644
--- a/htdocs/core/filemanagerdol/connectors/php/io.php
+++ b/htdocs/core/filemanagerdol/connectors/php/io.php
@@ -44,7 +44,7 @@ function GetResourceTypePath($resourceType, $sCommand)
{
global $Config ;
- if ( $sCommand == "QuickUpload")
+ if ($sCommand == "QuickUpload")
return $Config['QuickUploadPath'][$resourceType] ;
else
return $Config['FileTypesPath'][$resourceType] ;
@@ -60,7 +60,7 @@ function GetResourceTypePath($resourceType, $sCommand)
function GetResourceTypeDirectory($resourceType, $sCommand)
{
global $Config ;
- if ( $sCommand == "QuickUpload")
+ if ($sCommand == "QuickUpload")
{
if ( strlen($Config['QuickUploadAbsolutePath'][$resourceType]) > 0)
return $Config['QuickUploadAbsolutePath'][$resourceType] ;
@@ -299,7 +299,7 @@ function IsAllowedCommand($sCommand)
{
global $Config ;
- if ( !in_array($sCommand, $Config['ConfigAllowedCommands']))
+ if (! in_array($sCommand, $Config['ConfigAllowedCommands']))
return false ;
return true ;
@@ -315,7 +315,7 @@ function GetCurrentFolder()
if (!isset($_GET)) {
global $_GET;
}
- $sCurrentFolder = isset( $_GET['CurrentFolder'] ) ? $_GET['CurrentFolder'] : '/' ;
+ $sCurrentFolder = isset( $_GET['CurrentFolder'] ) ? GETPOST('CurrentFolder', '', 1) : '/' ;
// Check the current folder syntax (must begin and start with a slash).
if (!preg_match('|/$|', $sCurrentFolder))
diff --git a/htdocs/core/photos_resize.php b/htdocs/core/photos_resize.php
index 2ef81d6e8dfe4d838a0767c8a47c1d8e41d87e47..ae73347edfa6f3e0e5ef1c1ac0a8e98c7695c68b 100644
--- a/htdocs/core/photos_resize.php
+++ b/htdocs/core/photos_resize.php
@@ -34,7 +34,7 @@ $langs->load("other");
$id=GETPOST('id','int');
$action=GETPOST('action','alpha');
$modulepart=GETPOST('modulepart','alpha')?GETPOST('modulepart','alpha'):'produit|service';
-$original_file = isset($_REQUEST["file"])?urldecode($_REQUEST["file"]):'';
+$original_file = GETPOST("file");
$backtourl=GETPOST('backtourl');
$cancel=GETPOST("cancel");
diff --git a/htdocs/core/tpl/objectline_create.tpl.php b/htdocs/core/tpl/objectline_create.tpl.php
index c87a243a1c337362f3836a47c3c071a92a895172..30027560140ea2baa864a56951d52042515ab6ce 100644
--- a/htdocs/core/tpl/objectline_create.tpl.php
+++ b/htdocs/core/tpl/objectline_create.tpl.php
@@ -153,7 +153,7 @@ else {
}
}
- echo $form->select_type_of_lines(isset($_POST["type"])?$_POST["type"]:-1,'type',1,1,$forceall);
+ echo $form->select_type_of_lines(isset($_POST["type"])?GETPOST("type",'alpha',2):-1,'type',1,1,$forceall);
echo '</span>';
@@ -253,25 +253,25 @@ else {
<td class="nobottom linecolvat" align="right"><?php
if ($seller->tva_assuj == "0") echo '<input type="hidden" name="tva_tx" id="tva_tx" value="0">'.vatrate(0, true);
- else echo $form->load_tva('tva_tx', (isset($_POST["tva_tx"])?$_POST["tva_tx"]:-1), $seller, $buyer, 0, 0, '', false, 1);
+ else echo $form->load_tva('tva_tx', (isset($_POST["tva_tx"])?GETPOST("tva_tx",'alpha',2):-1), $seller, $buyer, 0, 0, '', false, 1);
?>
</td>
<td class="nobottom linecoluht" align="right">
- <input type="text" size="5" name="price_ht" id="price_ht" class="flat" value="<?php echo (isset($_POST["price_ht"])?$_POST["price_ht"]:''); ?>">
+ <input type="text" size="5" name="price_ht" id="price_ht" class="flat" value="<?php echo (isset($_POST["price_ht"])?GETPOST("price_ht",'alpha',2):''); ?>">
</td>
<?php if (!empty($conf->multicurrency->enabled)) { $colspan++;?>
<td class="nobottom linecoluht_currency" align="right">
- <input type="text" size="5" name="multicurrency_price_ht" id="multicurrency_price_ht" class="flat" value="<?php echo (isset($_POST["multicurrency_price_ht"])?$_POST["multicurrency_price_ht"]:''); ?>">
+ <input type="text" size="5" name="multicurrency_price_ht" id="multicurrency_price_ht" class="flat" value="<?php echo (isset($_POST["multicurrency_price_ht"])?GETPOST("multicurrency_price_ht",'alpha',2):''); ?>">
</td>
<?php } ?>
<?php if (! empty($inputalsopricewithtax)) { ?>
<td class="nobottom linecoluttc" align="right">
- <input type="text" size="5" name="price_ttc" id="price_ttc" class="flat" value="<?php echo (isset($_POST["price_ttc"])?$_POST["price_ttc"]:''); ?>">
+ <input type="text" size="5" name="price_ttc" id="price_ttc" class="flat" value="<?php echo (isset($_POST["price_ttc"])?GETPOST("price_ttc",'alpha',2):''); ?>">
</td>
<?php } ?>
- <td class="nobottom linecolqty" align="right"><input type="text" size="2" name="qty" id="qty" class="flat" value="<?php echo (isset($_POST["qty"])?$_POST["qty"]:1); ?>">
+ <td class="nobottom linecolqty" align="right"><input type="text" size="2" name="qty" id="qty" class="flat" value="<?php echo (isset($_POST["qty"])?GETPOST("qty",'alpha',2):1); ?>">
</td>
<?php
if($conf->global->PRODUCT_USE_UNITS)
@@ -281,7 +281,7 @@ else {
print '</td>';
}
?>
- <td class="nobottom nowrap linecoldiscount" align="right"><input type="text" size="1" name="remise_percent" id="remise_percent" class="flat" value="<?php echo (isset($_POST["remise_percent"])?$_POST["remise_percent"]:$buyer->remise_percent); ?>"><span class="hideonsmartphone">%</span></td>
+ <td class="nobottom nowrap linecoldiscount" align="right"><input type="text" size="1" name="remise_percent" id="remise_percent" class="flat" value="<?php echo (isset($_POST["remise_percent"])?GETPOST("remise_percent",'alpha',2):$buyer->remise_percent); ?>"><span class="hideonsmartphone">%</span></td>
<?php
if ($this->situation_cycle_ref) {
$coldisplay++;
@@ -296,7 +296,7 @@ else {
<select id="fournprice_predef" name="fournprice_predef" class="flat" data-role="none" style="display: none;"></select>
<?php } ?>
<!-- For free product -->
- <input type="text" size="5" id="buying_price" name="buying_price" class="flat" value="<?php echo (isset($_POST["buying_price"])?$_POST["buying_price"]:''); ?>">
+ <input type="text" size="5" id="buying_price" name="buying_price" class="flat" value="<?php echo (isset($_POST["buying_price"])?GETPOST("buying_price",'alpha',2):''); ?>">
</td>
<?php
@@ -305,12 +305,12 @@ else {
{
if (! empty($conf->global->DISPLAY_MARGIN_RATES))
{
- echo '<td align="right" class="nobottom nowrap margininfos"><input type="text" size="2" id="np_marginRate" name="np_marginRate" value="'.(isset($_POST["np_marginRate"])?$_POST["np_marginRate"]:'').'"><span class="np_marginRate hideonsmartphone">%</span></td>';
+ echo '<td align="right" class="nobottom nowrap margininfos"><input type="text" size="2" id="np_marginRate" name="np_marginRate" value="'.(isset($_POST["np_marginRate"])?GETPOST("np_marginRate",'alpha',2):'').'"><span class="np_marginRate hideonsmartphone">%</span></td>';
$coldisplay++;
}
if (! empty($conf->global->DISPLAY_MARK_RATES))
{
- echo '<td align="right" class="nobottom nowrap margininfos"><input type="text" size="2" id="np_markRate" name="np_markRate" value="'.(isset($_POST["np_markRate"])?$_POST["np_markRate"]:'').'"><span class="np_markRate hideonsmartphone">%</span></td>';
+ echo '<td align="right" class="nobottom nowrap margininfos"><input type="text" size="2" id="np_markRate" name="np_markRate" value="'.(isset($_POST["np_markRate"])?GETPOST("np_markRate",'alpha',2):'').'"><span class="np_markRate hideonsmartphone">%</span></td>';
$coldisplay++;
}
}
diff --git a/htdocs/core/tpl/objectline_edit.tpl.php b/htdocs/core/tpl/objectline_edit.tpl.php
index 74c6bdd42112bd60497e1d4c3103ce5d98191d04..e684e3c27501397fe0974a6d6a09cf6a44ac1aba 100644
--- a/htdocs/core/tpl/objectline_edit.tpl.php
+++ b/htdocs/core/tpl/objectline_edit.tpl.php
@@ -185,7 +185,7 @@ $coldisplay=-1; // We remove first td
<?php if ($user->rights->margins->creer) {
if (! empty($conf->global->DISPLAY_MARGIN_RATES))
{
- $margin_rate = (isset($_POST["np_marginRate"])?$_POST["np_marginRate"]:(($line->pa_ht == 0)?'':price($line->marge_tx)));
+ $margin_rate = (isset($_POST["np_marginRate"])?GETPOST("np_marginRate","alpha",2):(($line->pa_ht == 0)?'':price($line->marge_tx)));
// if credit note, dont allow to modify margin
if ($line->subprice < 0)
echo '<td align="right" class="nowrap margininfos">'.$margin_rate.'<span class="hideonsmartphone">%</span></td>';
@@ -195,7 +195,7 @@ $coldisplay=-1; // We remove first td
}
elseif (! empty($conf->global->DISPLAY_MARK_RATES))
{
- $mark_rate = (isset($_POST["np_markRate"])?$_POST["np_markRate"]:price($line->marque_tx));
+ $mark_rate = (isset($_POST["np_markRate"])?GETPOST("np_markRate",'alpha',2):price($line->marque_tx));
// if credit note, dont allow to modify margin
if ($line->subprice < 0)
echo '<td align="right" class="nowrap margininfos">'.$mark_rate.'<span class="hideonsmartphone">%</span></td>';
diff --git a/htdocs/expensereport/synchro_compta.php b/htdocs/expensereport/synchro_compta.php
deleted file mode 100644
index eba616d2620229599fb5d332d05413da9ce98d87..0000000000000000000000000000000000000000
--- a/htdocs/expensereport/synchro_compta.php
+++ /dev/null
@@ -1,216 +0,0 @@
-<?php
-/* Copyright (C) 2015 Laurent Destailleur <eldy@users.sourceforge.net>
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 3 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program. If not, see <http://www.gnu.org/licenses/>.
- */
-
-require '../main.inc.php';
-require_once DOL_DOCUMENT_ROOT . '/compta/bank/class/account.class.php';
-require_once DOL_DOCUMENT_ROOT . '/expensereport/class/expensereport.class.php';
-
-$langs->load("companies");
-$langs->load("users");
-$langs->load("trips");
-$langs->load("banks");
-
-$idAccount=isset($_GET["account"])?$_GET["account"]:$_POST["account"];
-
-if ($_GET["action"] == 'confirm_ndf_to_account' && $_GET["confirm"] == "yes"):
-
- $idTrip = $_GET['idTrip'];
-
- $expensereport = new ExpenseReport($db);
- $expensereport->fetch($idTrip,$user);
-
- $dateop = dol_mktime(12,0,0,$datePaiement[1],$datePaiement[2],$datePaiement[0]);
- $operation = $expensereport->code_paiement;
- $label = "Règlement ".$expensereport->ref;
- $amount = - price2num($expensereport->total_ttc);
- $num_chq = '';
- $cat1 = '';
-
- $user = new User($db);
- $user->fetch($user->id);
-
- $acct=new Account($db,$idAccount);
- $insertid = $acct->addline($dateop, $operation, $label, $amount, $num_chq, $cat1, $user);
-
- if ($insertid > 0):
- $sql = " UPDATE ".MAIN_DB_PREFIX."expensereport as d";
- $sql.= " SET integration_compta = 1, fk_bank_account = $idAccount";
- $sql.= " WHERE rowid = $idTrip";
- $resql=$db->query($sql);
- if($result):
- Header("Location: ".$_SERVER["PHP_SELF"]."?account=".$idAccount);
- exit;
- else:
- dol_print_error($db);
- endif;
- else:
- dol_print_error($db,$acct->error);
- endif;
-endif;
-
-if ($_GET["action"] == 'confirm_account_to_ndf' && $_GET["confirm"] == "yes"):
-
- $idTrip = $_GET['idTrip'];
-
- $expensereport = new ExpenseReport($db);
- $expensereport->fetch($idTrip,$user);
-
- $sql = "DELETE FROM ".MAIN_DB_PREFIX."bank";
- $sql.= " WHERE label LIKE '%".$expensereport->ref."%'";
- $resql=$db->query($sql);
- if ($resql > 0):
- $sql = " UPDATE ".MAIN_DB_PREFIX."expensereport as d";
- $sql.= " SET integration_compta = 0, fk_bank_account = 0";
- $sql.= " WHERE rowid = $idTrip";
- $resql=$db->query($sql);
- if($result):
- Header("Location: ".$_SERVER["PHP_SELF"]."?account=".$idAccount);
- exit;
- else:
- dol_print_error($db);
- endif;
- else:
- dol_print_error($db);
- endif;
-endif;
-
-
-/*
- * Actions
- */
-
-llxHeader();
-
-$html = new Form($db);
-
-$submit = isset($_POST['submit'])?true:false;
-$idAccount=isset($_GET["account"])?$_GET["account"]:$_POST["account"];
-
-print load_fiche_titre($langs->trans("TripSynch"));
-
-
-dol_fiche_head('');
-
-
-if ($_GET["action"] == 'ndfTOaccount'):
- $idTrip = $_GET['idTrip'];
- $ret=$html->form_confirm($_SERVER["PHP_SELF"]."?idTrip=".$idTrip."&account=".$idAccount,$langs->trans("ndfToAccount"),$langs->trans("ConfirmNdfToAccount"),"confirm_ndf_to_account","","",1);
- if ($ret == 'html') print '<br />';
-endif;
-
-if ($_GET["action"] == 'accountTOndf'):
- $idTrip = $_GET['idTrip'];
- $ret=$html->form_confirm($_SERVER["PHP_SELF"]."?idTrip=".$idTrip."&account=".$idAccount,$langs->trans("AccountToNdf"),$langs->trans("ConfirmAccountToNdf"),"confirm_account_to_ndf","","",1);
- if ($ret == 'html') print '<br />';
-endif;
-
-if(empty($submit) && empty($idAccount)):
-
- print "<form name='add' method=\"post\" action=\"synchro_compta.php\">";
- print 'Choix du compte ';
- print $html->select_comptes($_POST['account'],'account',0,'',1);
- print ' <input type="submit" name="submit" class="button" value="'.$langs->trans("ViewAccountSynch").'">';
- print "</form>";
-
-else:
-
- print "<form name='add' method=\"post\" action=\"synchro_compta.php\">";
- print 'Choix du compte ';
- print $html->select_comptes($idAccount,'account',0,'',1);
- print ' <input type="submit" class="button" value="'.$langs->trans("ViewAccountSynch").'">';
- print "</form>";
-
- $sql = "SELECT d.fk_bank_account, d.ref, d.rowid, d.date_valid, d.fk_user_author, d.total_ttc, d.integration_compta, d.fk_statut";
- $sql.= " ,CONCAT(u.firstname,' ',u.lastname) as declarant_NDF";
- $sql.= " FROM ".MAIN_DB_PREFIX."expensereport as d";
- $sql.= " INNER JOIN ".MAIN_DB_PREFIX."user as u ON d.fk_user_author = u.rowid";
- $sql.= " WHERE d.fk_statut = 6";
- $sql.= ' AND d.entity IN ('.getEntity('expensereport', 1).')';
- $sql.= " ORDER BY d.date_valid DESC";
-
- $resql=$db->query($sql);
- if ($resql):
- $num = $db->num_rows($resql); $i = 0;
- if($num>0):
-
- $account=new Account($db);
- $account->fetch($idAccount);
-
- print '<br>';
-
- print "<table class='noborder' width='80%'>";
- print '<tr class="liste_titre">';
- print '<td>'.$langs->trans("Ref").'</td>';
- print '<td>'.$langs->trans("DateValidation").'</td>';
- print '<td>'.$langs->trans("USER_AUTHOR").'</td>';
- print '<td align="center">'.$langs->trans("TotalTTC").'</td>';
- print '<td align="center">Actions</td>';
- print '<td>Compte</td>';
- print '<td align="center">Int.</td>';
- print '</tr>';
-
- while($i<$num):
- $objp = $db->fetch_object($resql);
- $var=!$var;
- print '<tr'. $bc[$var].'>';
- print '<td>'.$objp->ref.'</td>';
- print '<td>'.dol_print_date($db->jdate($objp->date_valid),'day').'</td>';
- print '<td><a href="'.DOL_URL_ROOT.'/user/card.php?id='.$objp->fk_user_author.'">'.img_object($langs->trans("ShowUser"),"user").' '.$objp->declarant_NDF.'</a></td>';
- print '<td align="center">'.$objp->total_ttc.' '.$langs->trans("EURO").'</td>';
-
- if($objp->integration_compta)
- {
- print '<td align="center"><a href="synchro_compta.php?action=accountTOndf&idTrip='.$objp->rowid.'&account='.$idAccount.'"><img src="'.DOL_URL_ROOT.'/theme/'.$conf->theme.'/img/1leftarrow.png" style="border:0px;" alt="Compte vers NDF" title="Compte vers NDF"/></a></td>';
- }
- else
- {
- print '<td align="center"><a href="synchro_compta.php?action=ndfTOaccount&idTrip='.$objp->rowid.'&account='.$idAccount.'"><img src="'.DOL_URL_ROOT.'/theme/'.$conf->theme.'/img/1rightarrow.png" style="border:0px;" alt="NDF vers Compte" title="NDF vers Compte"/></a></td>';
- }
-
- print '<td>'.$account->label.'</td>';
-
- if($objp->integration_compta)
- {
- print '<td align="center"><img src="'.DOL_URL_ROOT.'/theme/'.$conf->theme.'/img/tick.png" style="border:0px;" alt="Intégration OK" /></td>';
- }
- else
- {
- print '<td align="center"><img src="'.DOL_URL_ROOT.'/theme/'.$conf->theme.'/img/off.png" style="border:0px;" alt="Intégration Non OK" /></td>';
- }
-
- print "</tr>";
- $i++;
- endwhile;
-
- print "</table>";
-
- else:
- print '<div class="error">'.$langs->trans("NoTripToSync").'</div>';
- endif;
-
- $db->free($resql);
- else:
- dol_print_error($db);
- endif;
-
-endif;
-
-dol_fiche_end();
-
-llxFooter();
-
-$db->close();
\ No newline at end of file
diff --git a/htdocs/fourn/commande/orderstoinvoice.php b/htdocs/fourn/commande/orderstoinvoice.php
index 89f0a942172a382de8f73d39c1ea95248225201d..1f87cdf592926977b9c47fdb7cc8dfa55d8b2ff5 100644
--- a/htdocs/fourn/commande/orderstoinvoice.php
+++ b/htdocs/fourn/commande/orderstoinvoice.php
@@ -108,7 +108,7 @@ if (($action == 'create' || $action == 'add') && ! $error) {
$langs->load('products');
$langs->load('main');
if (isset($_GET['orders_to_invoice'])) {
- $orders_id = $_GET['orders_to_invoice'];
+ $orders_id = GETPOST('orders_to_invoice','',1);
$n = count($orders_id);
$i = 0;
@@ -116,7 +116,7 @@ if (($action == 'create' || $action == 'add') && ! $error) {
$_GET['originid'] = $orders_id[0];
}
if (isset($_POST['orders_to_invoice'])) {
- $orders_id = $_POST['orders_to_invoice'];
+ $orders_id = GETPOST('orders_to_invoice','',1);
$nn = count($orders_id);
$ii = 0;
@@ -149,10 +149,10 @@ if (($action == 'create' || $action == 'add') && ! $error) {
$datefacture = dol_mktime(date("h"), date("M"), 0, date("m"), date("d"), date("Y"));
}
if (! $error) {
- $object->ref = $_POST['ref'];
- $object->ref_supplier = $_POST['ref_supplier'];
- $object->socid = $_POST['socid'];
- $object->libelle = $_POST['libelle'];
+ $object->ref = GETPOST('ref');
+ $object->ref_supplier = GETPOST('ref_supplier');
+ $object->socid = GETPOST('socid','int');
+ $object->libelle = GETPOST('libelle');
$object->date = $datefacture;
$object->date_echeance = $datedue;
$object->note_public = GETPOST('note_public');
@@ -178,7 +178,7 @@ if (($action == 'create' || $action == 'add') && ! $error) {
foreach ( $orders_id as $origin => $origin_id ) {
$origin_id = (! empty($origin_id) ? $origin_id : $orders_id[$ii]);
- $object->add_object_linked($_POST['origin'], $origin_id);
+ $object->add_object_linked(GETPOST('origin'), $origin_id);
}
while ( $ii < $nn ) {
@@ -321,7 +321,7 @@ if ($action == 'create' && !$error) {
print '<tr><td class="fieldrequired">' . $langs->trans('Ref') . '</td><td colspan="2">' . $langs->trans('Draft') . '</td></tr>';
// Ref supplier
- print '<tr><td class="fieldrequired">' . $langs->trans('RefSupplier') . '</td><td><input name="ref_supplier" value="' . (isset($_POST['ref_supplier']) ? $_POST['ref_supplier'] : '') . '" type="text"></td>';
+ print '<tr><td class="fieldrequired">' . $langs->trans('RefSupplier') . '</td><td><input name="ref_supplier" value="' . dol_escape_htmltag(isset($_POST['ref_supplier']) ? GETPOST('ref_supplier','alpha', 2) : '') . '" type="text"></td>';
print '</tr>';
// Third party
@@ -387,7 +387,7 @@ if ($action == 'create' && !$error) {
print '<tr>';
print '<td class="border" valign="top">' . $langs->trans('NotePublic') . '</td>';
print '<td valign="top" colspan="2">';
- print '<textarea name="note_public" wrap="soft" cols="70" rows="' . ROWS_3 . '">';
+ print '<textarea name="note_public" wrap="soft" class="quatrevingtpercent" rows="' . ROWS_3 . '">';
print $langs->trans("Orders") . ": " . implode(', ', $listoforders);
@@ -422,7 +422,7 @@ if ($action == 'create' && !$error) {
if (($action != 'create' && $action != 'add') && !$error) {
llxHeader();
?>
-<script type="text/javascript">
+ <script type="text/javascript">
jQuery(document).ready(function() {
jQuery("#checkall").click(function() {
jQuery(".checkformerge").prop('checked', true);
@@ -456,10 +456,10 @@ if (($action != 'create' && $action != 'add') && !$error) {
if (! $user->rights->societe->client->voir && ! $socid)
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = " . $user->id;
if ($sref) {
- $sql .= " AND c.ref LIKE '%" . $db->escape($sref) . "%'";
+ $sql .= natural_search("c.ref", $sref);
}
if ($sall) {
- $sql .= " AND (c.ref LIKE '%" . $db->escape($sall) . "%' OR c.note LIKE '%" . $db->escape($sall) . "%')";
+ $sql .= natural_search(array("c.ref","c.note"), $sall);
}
// Date filter
@@ -469,7 +469,7 @@ if (($action != 'create' && $action != 'add') && !$error) {
$sql .= " AND c.date_livraison >= '" . $db->idate($date_starty) . "' AND c.date_livraison <= '" . $db->idate($date_endy) . "'";
if (! empty($sref_client)) {
- $sql .= ' AND c.ref_supplier LIKE \'%' . $db->escape($sref_client) . '%\'';
+ $sql .= natural_search('c.ref_supplier', $sref_client);
}
$sql .= ' ORDER BY ' . $sortfield . ' ' . $sortorder;
dol_syslog('fourn/commande/ordertoinvoice.php sql=' . $sql);
@@ -495,7 +495,7 @@ if (($action != 'create' && $action != 'add') && !$error) {
print '<h3>' . $companystatic->getNomUrl(1, 'customer') . '</h3>';
}
- print '<form method="get" action="orderstoinvoice.php">';
+ print '<form name="orders2invoice" method="GET" action="orderstoinvoice.php">';
print '<input type="hidden" name="socid" value="' . $socid . '">';
print '<table class="noborder" width="100%">';
print '<tr class="liste_titre">';
@@ -541,7 +541,6 @@ if (($action != 'create' && $action != 'add') && !$error) {
print '</td></tr>';
- print '<form name="orders2invoice" action="orderstoinvoice.php" method="GET">';
$var = True;
$generic_commande = new CommandeFournisseur($db);
@@ -607,7 +606,9 @@ if (($action != 'create' && $action != 'add') && !$error) {
print '<input type="submit" class="butAction" value="' . $langs->trans("GenerateBill") . '">';
print '</div>';
print '</div>';
+
print '</form>';
+
$db->free($resql);
} else {
print dol_print_error($db);
diff --git a/htdocs/fourn/facture/card.php b/htdocs/fourn/facture/card.php
index 861893d1900ca29be509dfbad27ee313f4c260cd..8b7409f8bc5a396140eb3f0324c087542cd4834d 100644
--- a/htdocs/fourn/facture/card.php
+++ b/htdocs/fourn/facture/card.php
@@ -386,13 +386,13 @@ if (empty($reshook))
if (! $error) {
// This is a replacement invoice
- $result = $object->fetch($_POST['fac_replacement']);
+ $result = $object->fetch(GETPOST('fac_replacement'),'int');
$object->fetch_thirdparty();
- $object->ref = $_POST['ref'];
- $object->ref_supplier = $_POST['ref_supplier'];
- $object->socid = $_POST['socid'];
- $object->libelle = $_POST['label'];
+ $object->ref = GETPOST('ref');
+ $object->ref_supplier = GETPOST('ref_supplier','alpha');
+ $object->socid = GETPOST('socid','int');
+ $object->libelle = GETPOST('label');
$object->date = $datefacture;
$object->date_echeance = $datedue;
$object->note_public = GETPOST('note_public');
@@ -407,7 +407,7 @@ if (empty($reshook))
$object->multicurrency_tx = GETPOST('originmulticurrency_tx', 'int');
// Proprietes particulieres a facture de remplacement
- $object->fk_facture_source = $_POST['fac_replacement'];
+ $object->fk_facture_source = GETPOST('fac_replacement');
$object->type = FactureFournisseur::TYPE_REPLACEMENT;
$id = $object->createFromCurrent($user);
@@ -586,7 +586,7 @@ if (empty($reshook))
if (! $error && $_POST['origin'] && $_POST['originid'])
{
// Parse element/subelement (ex: project_task)
- $element = $subelement = $_POST['origin'];
+ $element = $subelement = GETPOST('origin');
/*if (preg_match('/^([^_]+)_([^_]+)/i',$_POST['origin'],$regs))
{
$element = $regs[1];
@@ -610,8 +610,8 @@ if (empty($reshook))
{
$element = 'projet';
}
- $object->origin = $_POST['origin'];
- $object->origin_id = $_POST['originid'];
+ $object->origin = GETPOST('origin');
+ $object->origin_id = GETPOST('originid');
$id = $object->create($user);
@@ -623,7 +623,7 @@ if (empty($reshook))
if ($classname == 'Fournisseur.commande') $classname='CommandeFournisseur';
$srcobject = new $classname($db);
- $result=$srcobject->fetch($_POST['originid']);
+ $result=$srcobject->fetch(GETPOST('originid','int'));
if ($result > 0)
{
$lines = $srcobject->lines;
diff --git a/htdocs/societe/checkvat/checkVatPopup.php b/htdocs/societe/checkvat/checkVatPopup.php
index 4d3daf138b3154d9caa1b53fa7319e799b40ec4d..dd1cd7df740f0ca8a6ad4ad102d5986006d3cc54 100644
--- a/htdocs/societe/checkvat/checkVatPopup.php
+++ b/htdocs/societe/checkvat/checkVatPopup.php
@@ -1,5 +1,5 @@
<?php
-/* Copyright (C) 2006-2010 Laurent Destailleur <eldy@users.sourceforge.net>
+/* Copyright (C) 2006-2016 Laurent Destailleur <eldy@users.sourceforge.net>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -41,17 +41,18 @@ print '<div>';
print load_fiche_titre($langs->trans("VATIntraCheckableOnEUSite"),'','title_setup');
+$vatNumber = GETPOST("vatNumber",'alpha');
-if (! $_REQUEST["vatNumber"])
+if (! $vatNumber)
{
print '<br>';
print '<font class="error">'.$langs->transnoentities("ErrorFieldRequired",$langs->trans("VATIntraShort")).'</font><br>';
}
else
{
- $_REQUEST["vatNumber"] = preg_replace('/\^\w/', '', $_REQUEST["vatNumber"]);
- $countryCode=substr($_REQUEST["vatNumber"],0,2);
- $vatNumber=substr($_REQUEST["vatNumber"],2);
+ $vatNumber = preg_replace('/\^\w/', '', $vatNumber);
+ $countryCode=substr($vatNumber,0,2);
+ $vatNumber=substr($vatNumber,2);
print '<b>'.$langs->trans("Country").'</b>: '.$countryCode.'<br>';
print '<b>'.$langs->trans("VATIntraShort").'</b>: '.$vatNumber.'<br>';
diff --git a/htdocs/societe/rib.php b/htdocs/societe/rib.php
index 0d61c0d98fa4f38e891e1ccb05cd7d42a9ab1292..8a6a9b872098270b8a703c043ec33ebb8083a248 100644
--- a/htdocs/societe/rib.php
+++ b/htdocs/societe/rib.php
@@ -330,7 +330,7 @@ if ($socid && $action == 'edit' && $user->rights->societe->creer)
print '<form action="rib.php?socid='.$object->id.'" method="post">';
print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
print '<input type="hidden" name="action" value="update">';
- print '<input type="hidden" name="id" value="'.$_GET["id"].'">';
+ print '<input type="hidden" name="id" value="'.GETPOST("id","int").'">';
}
if ($socid && $action == 'create' && $user->rights->societe->creer)
{
diff --git a/htdocs/user/bank.php b/htdocs/user/bank.php
index 951c3a6ef7e6ed1341109f8285486525b18ed440..7dc774c501ddd07f7fdddedf824d0e5f0c085e2e 100644
--- a/htdocs/user/bank.php
+++ b/htdocs/user/bank.php
@@ -117,7 +117,7 @@ if ($id && $action == 'edit' && $user->rights->user->user->creer)
print '<form action="'.$_SERVER['PHP_SELF'].'?id='.$object->id.'" method="post">';
print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
print '<input type="hidden" name="action" value="update">';
- print '<input type="hidden" name="id" value="'.$_GET["id"].'">';
+ print '<input type="hidden" name="id" value="'.GETPOST("id",'int').'">';
}
if ($id && $action == 'create' && $user->rights->user->user->creer)
{
diff --git a/htdocs/user/notify/card.php b/htdocs/user/notify/card.php
index ec3691e85db8488ce1ef4d2209e75ed4366a011b..4e84a8b83fa3d2b346c3367be4a62180888d9522 100644
--- a/htdocs/user/notify/card.php
+++ b/htdocs/user/notify/card.php
@@ -108,7 +108,7 @@ if ($action == 'add')
// Remove a notification
if ($action == 'delete')
{
- $sql = "DELETE FROM ".MAIN_DB_PREFIX."notify_def where rowid=".$_GET["actid"];
+ $sql = "DELETE FROM ".MAIN_DB_PREFIX."notify_def where rowid=".GETPOST("actid","int");
$db->query($sql);
}