Fix: Too much sanitizing

87099332 · Laurent Destailleur · f8a9733b · 87099332 · 87099332 · 87099332
Commit 87099332 authored 12 years ago by Laurent Destailleur
--- a/htdocs/admin/commande.php
+++ b/htdocs/admin/commande.php
@@ -209,7 +209,8 @@ if ($action == 'set_COMMANDE_DRAFT_WATERMARK')

 if ($action == 'set_COMMANDE_FREE_TEXT')
 {
-	$freetext = GETPOST("COMMANDE_FREE_TEXT");
+	$freetext = GETPOST("COMMANDE_FREE_TEXT");	// No alpha here, we want exact string
+
 	$res = dolibarr_set_const($db, "COMMANDE_FREE_TEXT",$freetext,'chaine',0,'',$conf->entity);

 	if (! $res > 0) $error++;
@@ -407,12 +408,12 @@ foreach ($dirmodels as $reldir)
                }
                closedir($handle);
                arsort($filelist);
-                
+
                foreach($filelist as $file)
                {
                    if (preg_match('/\.modules\.php$/i',$file) && preg_match('/^(pdf_|doc_)/',$file))
                    {
-            		
+
                    	if (file_exists($dir.'/'.$file))
                    	{
                    		$name = substr($file, 4, dol_strlen($file) -16);

--- a/htdocs/admin/facture.php
+++ b/htdocs/admin/facture.php
@@ -254,9 +254,9 @@ if ($action == 'set_FACTURE_DRAFT_WATERMARK')

 if ($action == 'set_FACTURE_FREE_TEXT')
 {
-	$free = GETPOST('FACTURE_FREE_TEXT','alpha');
+	$freetext = GETPOST('FACTURE_FREE_TEXT');	// No alpha here, we want exact string

-    $res = dolibarr_set_const($db, "FACTURE_FREE_TEXT",$free,'chaine',0,'',$conf->entity);
+    $res = dolibarr_set_const($db, "FACTURE_FREE_TEXT",$freetext,'chaine',0,'',$conf->entity);

 	if (! $res > 0) $error++;


--- a/htdocs/admin/fournisseur.php
+++ b/htdocs/admin/fournisseur.php
@@ -250,8 +250,9 @@ if ($action == 'addcat')

 if ($action == 'set_SUPPLIER_INVOICE_FREE_TEXT')
 {
-    $free = GETPOST('SUPPLIER_INVOICE_FREE_TEXT','alpha');
-    $res = dolibarr_set_const($db, "SUPPLIER_INVOICE_FREE_TEXT",$free,'chaine',0,'',$conf->entity);
+    $freetext = GETPOST('SUPPLIER_INVOICE_FREE_TEXT');	// No alpha here, we want exact string
+
+    $res = dolibarr_set_const($db, "SUPPLIER_INVOICE_FREE_TEXT",$freetext,'chaine',0,'',$conf->entity);

    if (! $res > 0) $error++;


--- a/htdocs/admin/propal.php
+++ b/htdocs/admin/propal.php
@@ -130,7 +130,7 @@ if ($action == 'set_PROPALE_DRAFT_WATERMARK')

 if ($action == 'set_PROPALE_FREE_TEXT')
 {
-	$freetext = GETPOST('PROPALE_FREE_TEXT','alpha');
+	$freetext = GETPOST('PROPALE_FREE_TEXT');	// No alpha here, we want exact string

 	$res = dolibarr_set_const($db, "PROPALE_FREE_TEXT",$freetext,'chaine',0,'',$conf->entity);


--- a/htdocs/compta/bank/admin/bank.php
+++ b/htdocs/compta/bank/admin/bank.php
@@ -45,8 +45,9 @@ $action = GETPOST('action','alpha');

 if ($action == 'set_BANK_CHEQUERECEIPT_FREE_TEXT')
 {
-	$free = GETPOST('BANK_CHEQUERECEIPT_FREE_TEXT','alpha');
-    $res = dolibarr_set_const($db, "BANK_CHEQUERECEIPT_FREE_TEXT",$free,'chaine',0,'',$conf->entity);
+	$freetext = GETPOST('BANK_CHEQUERECEIPT_FREE_TEXT');	// No alpha here, we want exact string
+
+    $res = dolibarr_set_const($db, "BANK_CHEQUERECEIPT_FREE_TEXT",$freetext,'chaine',0,'',$conf->entity);

 	if (! $res > 0) $error++;