From 9619c0cdea6de62d3b56259bb7529d5220cc8f1b Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Mon, 27 Oct 2014 00:58:56 +0100
Subject: [PATCH] Fix: [ bug #1581 ] SQL injection possbile

---
 htdocs/compta/prelevement/demandes.php | 4 ++--
 htdocs/compta/prelevement/list.php     | 8 ++++----
 htdocs/core/lib/functions.lib.php      | 2 +-
 htdocs/core/lib/invoice.lib.php        | 4 ++--
 htdocs/langs/en_US/withdrawals.lang    | 4 ++--
 htdocs/product/stock/list.php          | 6 +++---
 6 files changed, 14 insertions(+), 14 deletions(-)

diff --git a/htdocs/compta/prelevement/demandes.php b/htdocs/compta/prelevement/demandes.php
index 9b58f1e44c0..c99744f7430 100644
--- a/htdocs/compta/prelevement/demandes.php
+++ b/htdocs/compta/prelevement/demandes.php
@@ -112,8 +112,8 @@ if ($resql)
 	print '</tr>';
 
 	print '<form action="'.$_SERVER["PHP_SELF"].'" method="GET">';
-	print '<td class="liste_titre"><input type="text" class="flat" name="search_facture" size="12" value="'.GETPOST('search_facture','alpha').'"></td>';
-	print '<td class="liste_titre"><input type="text" class="flat" name="search_societe" size="18" value="'.GETPOST('search_societe','alpha').'"></td>';
+	print '<td class="liste_titre"><input type="text" class="flat" name="search_facture" size="12" value="'.dol_escape_htmltag(GETPOST('search_facture','alpha')).'"></td>';
+	print '<td class="liste_titre"><input type="text" class="flat" name="search_societe" size="18" value="'.dol_escape_htmltag(GETPOST('search_societe','alpha')).'"></td>';
 	print '<td colspan="2" class="liste_titre" align="right"><input type="image" class="liste_titre" src="'.img_picto($langs->trans("Search"),'search.png','','',1).'" name="button_search" value="'.dol_escape_htmltag($langs->trans("Search")).'" title="'.dol_escape_htmltag($langs->trans("Search")).'"></td>';
 	print '</tr>';
 	print '</form>';
diff --git a/htdocs/compta/prelevement/list.php b/htdocs/compta/prelevement/list.php
index 7e0b818279f..10fb995c023 100644
--- a/htdocs/compta/prelevement/list.php
+++ b/htdocs/compta/prelevement/list.php
@@ -122,11 +122,11 @@ if ($result)
 
     print '<form action="list.php" method="GET">';
     print '<tr class="liste_titre">';
-    print '<td class="liste_titre"><input type="text" class="flat" name="search_ligne" value="'. $search_line.'" size="6"></td>';
-    print '<td class="liste_titre"><input type="text" class="flat" name="search_bon" value="'. $search_bon.'" size="8"></td>';
+    print '<td class="liste_titre"><input type="text" class="flat" name="search_ligne" value="'. dol_escape_htmltag($search_line).'" size="6"></td>';
+    print '<td class="liste_titre"><input type="text" class="flat" name="search_bon" value="'. dol_escape_htmltag($search_bon).'" size="8"></td>';
     print '<td>&nbsp;</td>';
-    print '<td class="liste_titre"><input type="text" class="flat" name="search_societe" value="'. $search_societe.'" size="12"></td>';
-    print '<td class="liste_titre" align="center"><input type="text" class="flat" name="search_code" value="'. $search_code.'" size="8"></td>';
+    print '<td class="liste_titre"><input type="text" class="flat" name="search_societe" value="'. dol_escape_htmltag($search_societe).'" size="12"></td>';
+    print '<td class="liste_titre" align="center"><input type="text" class="flat" name="search_code" value="'. dol_escape_htmltag($search_code).'" size="8"></td>';
     print '<td class="liste_titre">&nbsp;</td>';
     print '<td class="liste_titre">&nbsp;</td>';
     print '<td class="liste_titre" align="right"><input type="image" class="liste_titre" src="'.img_picto($langs->trans("Search"),'search.png','','',1).'" name="button_search" value="'.dol_escape_htmltag($langs->trans("Search")).'" title="'.dol_escape_htmltag($langs->trans("Search")).'"></td>';
diff --git a/htdocs/core/lib/functions.lib.php b/htdocs/core/lib/functions.lib.php
index 64e3e9675dc..23092acfd0d 100644
--- a/htdocs/core/lib/functions.lib.php
+++ b/htdocs/core/lib/functions.lib.php
@@ -175,7 +175,7 @@ function dol_shutdown()
  *  @param	int		$method	     Type of method (0 = get then post, 1 = only get, 2 = only post, 3 = post then get, 4 = post then get then cookie)
  *  @param  int     $filter      Filter to apply when $check is set to custom. (See http://php.net/manual/en/filter.filters.php for détails)
  *  @param  mixed   $options     Options to pass to filter_var when $check is set to custom
- *  @return string||string[]      		 Value found, or '' if check fails
+ *  @return string||string[]     Value found (string or array), or '' if check fails
  */
 function GETPOST($paramname,$check='',$method=0,$filter=NULL,$options=NULL)
 {
diff --git a/htdocs/core/lib/invoice.lib.php b/htdocs/core/lib/invoice.lib.php
index f7f22c69b97..b26326ae5e7 100644
--- a/htdocs/core/lib/invoice.lib.php
+++ b/htdocs/core/lib/invoice.lib.php
@@ -79,7 +79,7 @@ function facture_prepare_head($object)
 		if(!empty($object->note_public)) $nbNote++;
     	$head[$h][0] = DOL_URL_ROOT.'/compta/facture/note.php?facid='.$object->id;
     	$head[$h][1] = $langs->trans('Notes');
-		if ($nbNote > 0) $head[$h][1].= ' ('.$nbNote.')';
+		if ($nbNote > 0) $head[$h][1].= ' <span class="badge">'.$nbNote.'</span>';
     	$head[$h][2] = 'note';
     	$h++;
     }
@@ -89,7 +89,7 @@ function facture_prepare_head($object)
 	$nbFiles = count(dol_dir_list($upload_dir,'files',0,'','(\.meta|_preview\.png)$'));
 	$head[$h][0] = DOL_URL_ROOT.'/compta/facture/document.php?facid='.$object->id;
 	$head[$h][1] = $langs->trans('Documents');
-	if($nbFiles > 0) $head[$h][1].= ' ('.$nbFiles.')';
+	if($nbFiles > 0) $head[$h][1].= ' <span class="badge">'.$nbFiles.'</span>';
 	$head[$h][2] = 'documents';
 	$h++;
 
diff --git a/htdocs/langs/en_US/withdrawals.lang b/htdocs/langs/en_US/withdrawals.lang
index d3dd7c9ca7c..dccee9d0c8e 100644
--- a/htdocs/langs/en_US/withdrawals.lang
+++ b/htdocs/langs/en_US/withdrawals.lang
@@ -14,8 +14,8 @@ WithdrawalReceiptShort=Receipt
 LastWithdrawalReceipts=Last %s withdrawal receipts
 WithdrawedBills=Withdrawn invoices
 WithdrawalsLines=Withdrawal lines
-RequestStandingOrderToTreat=Request for standing orders to treat
-RequestStandingOrderTreated=Request for standing orders treated
+RequestStandingOrderToTreat=Request for standing orders to process
+RequestStandingOrderTreated=Request for standing orders processed
 CustomersStandingOrders=Customer standing orders
 CustomerStandingOrder=Customer standing order
 NbOfInvoiceToWithdraw=Nb. of invoice with withdraw request
diff --git a/htdocs/product/stock/list.php b/htdocs/product/stock/list.php
index 85fb7c1896d..c55466ebdb1 100644
--- a/htdocs/product/stock/list.php
+++ b/htdocs/product/stock/list.php
@@ -31,9 +31,9 @@ $langs->load("stocks");
 // Security check
 $result=restrictedArea($user,'stock');
 
-$sref=GETPOST("sref");;
-$snom=GETPOST("snom");
-$sall=GETPOST("sall");
+$sref=GETPOST("sref","alpha");
+$snom=GETPOST("snom","alpha");
+$sall=GETPOST("sall","alpha");
 
 $sortfield = GETPOST("sortfield");
 $sortorder = GETPOST("sortorder");
-- 
GitLab