From adf55408a4737c28cd788461b215fe73ce8f4f85 Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Sat, 7 Dec 2013 03:23:14 +0100
Subject: [PATCH] Fix: Bad parameter that duplicate info.

---
 htdocs/paypal/lib/paypal.lib.php   |  8 ++++----
 htdocs/public/paypal/paymentko.php | 10 ++++------
 htdocs/public/paypal/paymentok.php | 10 ++++------
 3 files changed, 12 insertions(+), 16 deletions(-)

diff --git a/htdocs/paypal/lib/paypal.lib.php b/htdocs/paypal/lib/paypal.lib.php
index 2d3683abe6b..31ed9b97ff8 100644
--- a/htdocs/paypal/lib/paypal.lib.php
+++ b/htdocs/paypal/lib/paypal.lib.php
@@ -309,10 +309,10 @@ function getPaypalPaymentUrl($mode,$type,$ref='',$amount='9.99',$freetag='your_f
             }
         }
     }
-    
+
     // For multicompany
-    $out.="&entity=".$conf->entity;
-    
+    //$out.="&entity=".$conf->entity; // This should not be into link. Link contains already a ref of an object that allow to retreive entity
+
     return $out;
 }
 
@@ -691,7 +691,7 @@ function hash_call($methodName,$nvpStr)
 
     curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, empty($conf->global->MAIN_USE_CONNECT_TIMEOUT)?5:$conf->global->MAIN_USE_CONNECT_TIMEOUT);
     curl_setopt($ch, CURLOPT_TIMEOUT, empty($conf->global->MAIN_USE_RESPONSE_TIMEOUT)?30:$conf->global->MAIN_USE_RESPONSE_TIMEOUT);
-    
+
     curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
     curl_setopt($ch, CURLOPT_POST, 1);
 
diff --git a/htdocs/public/paypal/paymentko.php b/htdocs/public/paypal/paymentko.php
index 730e0e954fb..6668f6f7276 100644
--- a/htdocs/public/paypal/paymentko.php
+++ b/htdocs/public/paypal/paymentko.php
@@ -29,12 +29,10 @@
 define("NOLOGIN",1);		// This means this output page does not require to be logged.
 define("NOCSRFCHECK",1);	// We accept to go on this page from external web site.
 
-// For MultiCompany module
-$entity=(! empty($_GET['entity']) ? (int) $_GET['entity'] : (! empty($_POST['entity']) ? (int) $_POST['entity'] : 1));
-if (is_int($entity))
-{
-	define("DOLENTITY", $entity);
-}
+// For MultiCompany module. This should be useless. Because entity must be retreive from object ref and not from url.
+$entity=GETPOST('entity')?GETPOST('entity','int'):1;
+if (is_int($entity)) define("DOLENTITY", $entity);
+
 
 require '../../main.inc.php';
 require_once DOL_DOCUMENT_ROOT.'/paypal/lib/paypal.lib.php';
diff --git a/htdocs/public/paypal/paymentok.php b/htdocs/public/paypal/paymentok.php
index 35dc64d377c..40d4f916b40 100644
--- a/htdocs/public/paypal/paymentok.php
+++ b/htdocs/public/paypal/paymentok.php
@@ -29,12 +29,10 @@
 define("NOLOGIN",1);		// This means this output page does not require to be logged.
 define("NOCSRFCHECK",1);	// We accept to go on this page from external web site.
 
-// For MultiCompany module
-$entity=(! empty($_GET['entity']) ? (int) $_GET['entity'] : (! empty($_POST['entity']) ? (int) $_POST['entity'] : 1));
-if (is_int($entity))
-{
-	define("DOLENTITY", $entity);
-}
+// For MultiCompany module. This should be useless. Because entity must be retreive from object ref and not from url.
+$entity=GETPOST('entity')?GETPOST('entity','int'):1;
+if (is_int($entity)) define("DOLENTITY", $entity);
+
 
 require '../../main.inc.php';
 require_once DOL_DOCUMENT_ROOT.'/paypal/lib/paypal.lib.php';
-- 
GitLab