From 7281338f8d4c9cb937fabdfda4f435309cdd1b43 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Rapha=C3=ABl=20Doursenaud?= <rdoursenaud@gpcsolutions.fr>
Date: Fri, 8 Jan 2016 06:50:16 +0100
Subject: [PATCH] FIX #4291 Correctly filter bank card GETPOSTs

---
 htdocs/compta/bank/card.php | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/htdocs/compta/bank/card.php b/htdocs/compta/bank/card.php
index c6c34d87129..712549b1166 100644
--- a/htdocs/compta/bank/card.php
+++ b/htdocs/compta/bank/card.php
@@ -276,7 +276,7 @@ if ($action == 'create')
 
 	// Label
 	print '<tr><td class="fieldrequired">'.$langs->trans("LabelBankCashAccount").'</td>';
-	print '<td colspan="3"><input size="30" type="text" class="flat" name="label" value="'.GETPOST("label").'"></td></tr>';
+	print '<td colspan="3"><input size="30" type="text" class="flat" name="label" value="'.GETPOST("label", 'alpha').'"></td></tr>';
 
 	// Type
 	print '<tr><td class="fieldrequired">'.$langs->trans("AccountType").'</td>';
@@ -477,19 +477,19 @@ if ($action == 'create')
     if (! empty($conf->global->MAIN_BANK_ACCOUNTANCY_CODE_ALWAYS_REQUIRED))
     {
         print '<tr><td class="fieldrequired"  width="25%">'.$langs->trans("AccountancyCode").'</td>';
-        print '<td colspan="3"><input type="text" name="account_number" value="'.(GETPOST("account_number")?GETPOST('account_number'):$account->account_number).'"></td></tr>';
+        print '<td colspan="3"><input type="text" name="account_number" value="'.(GETPOST("account_number")?GETPOST('account_number', 'alpha'):$account->account_number).'"></td></tr>';
     }
     else
     {
         print '<tr><td width="25%">'.$langs->trans("AccountancyCode").'</td>';
-        print '<td colspan="3"><input type="text" name="account_number" value="'.(GETPOST("account_number")?GETPOST('account_number'):$account->account_number).'"></td></tr>';
+        print '<td colspan="3"><input type="text" name="account_number" value="'.(GETPOST("account_number")?GETPOST('account_number', 'alpha'):$account->account_number).'"></td></tr>';
     }
 
 	// Accountancy journal
 	if (! empty($conf->accounting->enabled))
 	{
 		print '<tr><td>'.$langs->trans("AccountancyJournal").'</td>';
-	    print '<td colspan="3"><input type="text" name="accountancy_journal" value="'.(GETPOST("accountancy_journal")?GETPOST('accountancy_journal'):$account->accountancy_journal).'"></td></tr>';
+	    print '<td colspan="3"><input type="text" name="accountancy_journal" value="'.(GETPOST("accountancy_journal")?GETPOST('accountancy_journal', 'alpha'):$account->accountancy_journal).'"></td></tr>';
 	}
 
 	print '</table>';
-- 
GitLab