diff --git a/htdocs/adherents/cotisations.php b/htdocs/adherents/cotisations.php
index 38049cd4cd3dc93d4af3ce1ae839b679729432ed..3c18c0edfcce48d9542f710879744465507aba1e 100644
--- a/htdocs/adherents/cotisations.php
+++ b/htdocs/adherents/cotisations.php
@@ -32,18 +32,18 @@ require_once(DOL_DOCUMENT_ROOT."/compta/bank/class/account.class.php");
$langs->load("members");
-$sortorder=$_GET["sortorder"];
-$sortfield=$_GET["sortfield"];
-$page=$_GET["page"];
$filter=$_GET["filter"];
$statut=isset($_GET["statut"])?$_GET["statut"]:1;
-if (! $sortorder) { $sortorder="DESC"; }
-if (! $sortfield) { $sortfield="c.dateadh"; }
+$sortfield = GETPOST("sortfield",'alpha');
+$sortorder = GETPOST("sortorder",'alpha');
+$page = GETPOST("page",'int');
if ($page == -1) { $page = 0 ; }
$offset = $conf->liste_limit * $page ;
$pageprev = $page - 1;
$pagenext = $page + 1;
+if (! $sortorder) { $sortorder="DESC"; }
+if (! $sortfield) { $sortfield="c.dateadh"; }
$msg='';
$date_select=isset($_GET["date_select"])?$_GET["date_select"]:$_POST["date_select"];
diff --git a/htdocs/adherents/document.php b/htdocs/adherents/document.php
index 14a65528517f857d9a0b463aa4903d2715baf81e..aaf62c657ce5d832c1830d896ee6e5c1ad59aa1f 100644
--- a/htdocs/adherents/document.php
+++ b/htdocs/adherents/document.php
@@ -47,22 +47,17 @@ if ($user->societe_id > 0)
//$result = restrictedArea($user, 'societe', $id);
// Get parameters
-$page=$_GET["page"];
-$sortorder=$_GET["sortorder"];
-$sortfield=$_GET["sortfield"];
-
-if (! $sortorder) $sortorder="ASC";
-if (! $sortfield) $sortfield="name";
+$sortfield = GETPOST("sortfield",'alpha');
+$sortorder = GETPOST("sortorder",'alpha');
+$page = GETPOST("page",'int');
if ($page == -1) { $page = 0 ; }
$offset = $conf->liste_limit * $page ;
$pageprev = $page - 1;
$pagenext = $page + 1;
-
-$sortorder=$_GET["sortorder"];
-$sortfield=$_GET["sortfield"];
if (! $sortorder) $sortorder="ASC";
if (! $sortfield) $sortfield="name";
+
$upload_dir = $conf->adherent->dir_output . "/" . get_exdir($id,2,0,1) . '/' . $id;
diff --git a/htdocs/adherents/liste.php b/htdocs/adherents/liste.php
index e66a1ab00c4975ffe85aaff9db930e4fc1b13ff0..c92247726bfb5d5711650768363aecfe92f10cc3 100644
--- a/htdocs/adherents/liste.php
+++ b/htdocs/adherents/liste.php
@@ -35,18 +35,19 @@ $langs->load("companies");
$sall=isset($_GET["sall"])?$_GET["sall"]:$_POST["sall"];
-$sortorder=$_GET["sortorder"];
-$sortfield=$_GET["sortfield"];
-$page=$_GET["page"];
-$filter=$_GET["filter"];
-$statut=isset($_GET["statut"])?$_GET["statut"]:'';
-
-if (! $sortorder) { $sortorder="ASC"; }
-if (! $sortfield) { $sortfield="d.nom"; }
+$sortfield = GETPOST("sortfield",'alpha');
+$sortorder = GETPOST("sortorder",'alpha');
+$page = GETPOST("page",'int');
if ($page == -1) { $page = 0 ; }
$offset = $conf->liste_limit * $page ;
$pageprev = $page - 1;
$pagenext = $page + 1;
+if (! $sortorder) { $sortorder="ASC"; }
+if (! $sortfield) { $sortfield="d.nom"; }
+
+$filter=$_GET["filter"];
+$statut=isset($_GET["statut"])?$_GET["statut"]:'';
+
if ($_REQUEST["button_removefilter"])
{
diff --git a/htdocs/admin/dict.php b/htdocs/admin/dict.php
index ac1b8ae9a58400401ef3d1cbcab83bfff32f6270..60a1ad7fa255a2c3cf4b3bf5f93ccc47c5e7a5fc 100644
--- a/htdocs/admin/dict.php
+++ b/htdocs/admin/dict.php
@@ -244,9 +244,14 @@ $tabcond[19]= $conf->societe->enabled;
$msg='';
+$sortfield = GETPOST("sortfield",'alpha');
+$sortorder = GETPOST("sortorder",'alpha');
+$page = GETPOST("page",'int');
+if ($page == -1) { $page = 0 ; }
+$offset = $conf->liste_limit * $page ;
+$pageprev = $page - 1;
+$pagenext = $page + 1;
-$sortfield=$_GET["sortfield"];
-$sortorder=$_GET["sortorder"];
/*
* Actions ajout ou modification d'une entree dans un dictionnaire de donnee
diff --git a/htdocs/admin/tools/listevents.php b/htdocs/admin/tools/listevents.php
index 5ca35e13ac19e3bcc13b140c5c7dc0619e0e870c..3fb1e240e6662542b5cb0124a6ecae438ee3ab64 100644
--- a/htdocs/admin/tools/listevents.php
+++ b/htdocs/admin/tools/listevents.php
@@ -41,16 +41,15 @@ $langs->load("companies");
$langs->load("users");
$langs->load("other");
-$page=$_GET["page"];
-$sortorder=$_GET["sortorder"];
-$sortfield=$_GET["sortfield"];
-
-if (! $sortorder) $sortorder="DESC";
-if (! $sortfield) $sortfield="dateevent";
+$sortfield = GETPOST("sortfield",'alpha');
+$sortorder = GETPOST("sortorder",'alpha');
+$page = GETPOST("page",'int');
if ($page == -1) { $page = 0 ; }
$offset = $conf->liste_limit * $page ;
$pageprev = $page - 1;
$pagenext = $page + 1;
+if (! $sortorder) $sortorder="DESC";
+if (! $sortfield) $sortfield="dateevent";
/*
diff --git a/htdocs/admin/tools/listsessions.php b/htdocs/admin/tools/listsessions.php
index 9c4f37f9f619a168b001e685a993ba69d0734e0f..8543dc49277cfc5f8ac690e9ad688720a10f107f 100644
--- a/htdocs/admin/tools/listsessions.php
+++ b/htdocs/admin/tools/listsessions.php
@@ -41,16 +41,15 @@ $langs->load("companies");
$langs->load("users");
$langs->load("other");
-$page=$_GET["page"];
-$sortorder=$_GET["sortorder"];
-$sortfield=$_GET["sortfield"];
-
-if (! $sortorder) $sortorder="DESC";
-if (! $sortfield) $sortfield="dateevent";
+$sortfield = GETPOST("sortfield",'alpha');
+$sortorder = GETPOST("sortorder",'alpha');
+$page = GETPOST("page",'int');
if ($page == -1) { $page = 0 ; }
$offset = $conf->liste_limit * $page ;
$pageprev = $page - 1;
$pagenext = $page + 1;
+if (! $sortorder) $sortorder="DESC";
+if (! $sortfield) $sortfield="dateevent";
/*
diff --git a/htdocs/bookmarks/liste.php b/htdocs/bookmarks/liste.php
index b0e1e2965b9cd2706cb802bf4da751ab9803d69e..883de99eb2db7219bf767b393a52b789b84ce3ea 100644
--- a/htdocs/bookmarks/liste.php
+++ b/htdocs/bookmarks/liste.php
@@ -27,17 +27,16 @@ require("../main.inc.php");
require_once(DOL_DOCUMENT_ROOT."/bookmarks/class/bookmark.class.php");
-$page=$_GET["page"];
-$sortorder=$_GET["sortorder"];
-$sortfield=$_GET["sortfield"];
-if (! $sortorder) $sortorder="ASC";
-if (! $sortfield) $sortfield="position";
-
+$sortfield = GETPOST("sortfield",'alpha');
+$sortorder = GETPOST("sortorder",'alpha');
+$page = GETPOST("page",'int');
if ($page == -1) { $page = 0 ; }
-$limit = 26;
-$offset = $limit * $page ;
+$offset = $conf->liste_limit * $page ;
$pageprev = $page - 1;
$pagenext = $page + 1;
+if (! $sortorder) $sortorder="ASC";
+if (! $sortfield) $sortfield="position";
+$limit=$conf->liste_limit;
/*
diff --git a/htdocs/cashdesk/index.php b/htdocs/cashdesk/index.php
index 059d7b74191d74e6eeffda950cb66c2e8305209a..5df22e0b4d9db7d060ba3ec197e8ed2d6cc8802a 100644
--- a/htdocs/cashdesk/index.php
+++ b/htdocs/cashdesk/index.php
@@ -38,6 +38,8 @@ if ( $_SESSION['uid'] > 0 )
exit;
}
+$usertxt=GETPOST('user','',1);
+
/*
* View
@@ -71,7 +73,7 @@ top_htmlhead('','',0,0,'',$arrayofcss);
<tr>
<td class="label1"><?php echo $langs->trans("Login"); ?></td>
- <td><input name="txtUsername" class="texte_login" type="text" value="<?php echo $_GET['user']; ?>" /></td>
+ <td><input name="txtUsername" class="texte_login" type="text" value="<?php echo $usertxt; ?>" /></td>
</tr>
<tr>
<td class="label1"><?php echo $langs->trans("Password"); ?></td>
diff --git a/htdocs/comm/action/document.php b/htdocs/comm/action/document.php
index 59d5e0c0b0e5ab880260e24e88303be71a9d3ac7..80e976644a45c937fd995422464f6e198f29977b 100755
--- a/htdocs/comm/action/document.php
+++ b/htdocs/comm/action/document.php
@@ -52,16 +52,15 @@ if ($user->societe_id > 0)
}
// Get parameters
-$page=$_GET["page"];
-$sortorder=$_GET["sortorder"];
-$sortfield=$_GET["sortfield"];
-
-if (! $sortorder) $sortorder="ASC";
-if (! $sortfield) $sortfield="name";
-if ($page == -1) { $page = 0 ; }
-$offset = $conf->liste_limit * $page ;
+$sortfield = GETPOST("sortfield",'alpha');
+$sortorder = GETPOST("sortorder",'alpha');
+$page = GETPOST("page",'int');
+if ($page == -1) { $page = 0; }
+$offset = $conf->liste_limit * $page;
$pageprev = $page - 1;
$pagenext = $page + 1;
+if (! $sortorder) $sortorder="ASC";
+if (! $sortfield) $sortfield="name";
/*
diff --git a/htdocs/comm/action/index.php b/htdocs/comm/action/index.php
index ab438e83053cd50a3488c1230b400a91bc14cfa2..0d5639a9ba66371624f3235306ce4e2e5ba867c0 100644
--- a/htdocs/comm/action/index.php
+++ b/htdocs/comm/action/index.php
@@ -64,7 +64,8 @@ if (! $user->rights->agenda->allactions->read || $filter =='mine') // If no perm
$filterd=$user->id;
}
-$action=GETPOST('action');
+$action=GETPOST('action','alpha');
+//$year=GETPOST("year");
$year=GETPOST("year","int")?GETPOST("year","int"):date("Y");
$month=GETPOST("month","int")?GETPOST("month","int"):date("m");
$day=GETPOST("day","int")?GETPOST("day","int"):0;
diff --git a/htdocs/comm/action/listactions.php b/htdocs/comm/action/listactions.php
index 3fc760d5fbea3a23fa9b2426d0560211f07123da..3cc9c05d7486a8b80ffb72550a33141fe4d4e2b0 100644
--- a/htdocs/comm/action/listactions.php
+++ b/htdocs/comm/action/listactions.php
@@ -36,22 +36,20 @@ if ($conf->projet->enabled) require_once(DOL_DOCUMENT_ROOT."/lib/project.lib.php
$langs->load("companies");
$langs->load("agenda");
-$action=isset($_REQUEST['action'])?$_REQUEST['action']:'';
-$year=isset($_REQUEST["year"])?$_REQUEST["year"]:'';
-$month=isset($_REQUEST["month"])?$_REQUEST["month"]:'';
-$day=isset($_REQUEST["day"])?$_REQUEST["day"]:0;
-$pid=isset($_REQUEST["projectid"])?$_REQUEST["projectid"]:0;
-$status=isset($_GET["status"])?$_GET["status"]:$_POST["status"];
-
-$filtera = isset($_REQUEST["userasked"])?$_REQUEST["userasked"]:(isset($_REQUEST["filtera"])?$_REQUEST["filtera"]:'');
-$filtert = isset($_REQUEST["usertodo"])?$_REQUEST["usertodo"]:(isset($_REQUEST["filtert"])?$_REQUEST["filtert"]:'');
-$filterd = isset($_REQUEST["userdone"])?$_REQUEST["userdone"]:(isset($_REQUEST["filterd"])?$_REQUEST["filterd"]:'');
-
-$socid = isset($_GET["socid"])?$_GET["socid"]:$_POST["socid"];
-
-$sortfield = isset($_GET["sortfield"])?$_GET["sortfield"]:$_POST["sortfield"];
-$sortorder = isset($_GET["sortorder"])?$_GET["sortorder"]:$_POST["sortorder"];
-$page = isset($_GET["page"])?$_GET["page"]:$_POST["page"];
+$action=GETPOST('action','alpha');
+$year=GETPOST("year",'int');
+$month=GETPOST("month",'int');
+$day=GETPOST("day",'int');
+$pid=GETPOST("projectid",'int');
+$status=GETPOST("status",'alpha');
+
+$filtera = GETPOST("userasked","int")?GETPOST("userasked","int"):GETPOST("filtera","int");
+$filtert = GETPOST("usertodo","int")?GETPOST("usertodo","int"):GETPOST("filtert","int");
+$filterd = GETPOST("userdone","int")?GETPOST("userdone","int"):GETPOST("filterd","int");
+
+$sortfield = GETPOST("sortfield",'alpha');
+$sortorder = GETPOST("sortorder",'alpha');
+$page = GETPOST("page",'int');
if ($page == -1) { $page = 0 ; }
$limit = $conf->liste_limit;
$offset = $limit * $page ;
@@ -69,7 +67,7 @@ if (! $sortfield)
}
// Security check
-$socid = isset($_GET["socid"])?$_GET["socid"]:'';
+$socid = GETPOST("socid",'int');
if ($user->societe_id) $socid=$user->societe_id;
$result = restrictedArea($user, 'agenda', 0, '', 'myactions');
diff --git a/htdocs/comm/action/rapport/index.php b/htdocs/comm/action/rapport/index.php
index 127de0cbba236a83b0b508edae316cedac907262..564a39f9a24699a4683f14881de392b934bdae40 100644
--- a/htdocs/comm/action/rapport/index.php
+++ b/htdocs/comm/action/rapport/index.php
@@ -22,7 +22,7 @@
/**
* \file htdocs/comm/action/rapport/index.php
* \ingroup commercial
- * \brief Page accueil des rapports des actions
+ * \brief Page with reports of actions
* \version $Id$
*/
@@ -32,9 +32,9 @@ require_once(DOL_DOCUMENT_ROOT."/contact/class/contact.class.php");
require_once(DOL_DOCUMENT_ROOT."/comm/action/class/actioncomm.class.php");
require_once(DOL_DOCUMENT_ROOT."/includes/modules/action/rapport.pdf.php");
-$page = $_GET["page"];
-$sortfield=$_GET["sortfield"];
-$sortorder=$_GET["sortorder"];
+$sortfield = GETPOST("sortfield",'alpha');
+$sortorder = GETPOST("sortorder",'alpha');
+$page = GETPOST("page",'int');
if ($page == -1) { $page = 0 ; }
$limit = $conf->liste_limit;
$offset = $limit * $page ;
@@ -42,7 +42,7 @@ if (! $sortorder) $sortorder="DESC";
if (! $sortfield) $sortfield="a.datep";
// Security check
-$socid = isset($_GET["socid"])?$_GET["socid"]:'';
+$socid = GETPOST("socid");
if ($user->societe_id) $socid=$user->societe_id;
$result = restrictedArea($user, 'agenda', $socid, '', 'myactions');
diff --git a/htdocs/comm/bookmark.php b/htdocs/comm/bookmark.php
index 5b159aca806bee7b33e1f6b34b87a016a57bbcb5..a2564deceecb9d8fbf41b8bee2e64e13f8582280 100644
--- a/htdocs/comm/bookmark.php
+++ b/htdocs/comm/bookmark.php
@@ -26,20 +26,20 @@
require("../main.inc.php");
-
-llxHeader();
-
-$page=$_GET["page"];
-$sortorder=$_GET["sortorder"];
-$sortfield=$_GET["sortfield"];
+$sortfield = GETPOST("sortfield",'alpha');
+$sortorder = GETPOST("sortorder",'alpha');
+$page = GETPOST("page",'int');
+if ($page == -1) { $page = 0; }
+$offset = $conf->liste_limit * $page;
+$pageprev = $page - 1;
+$pagenext = $page + 1;
if (! $sortorder) $sortorder="DESC";
if (! $sortfield) $sortfield="bid";
+$limit = $conf->liste_limit;
+
+
+llxHeader();
-if ($page == -1) { $page = 0 ; }
-$limit = 26;
-$offset = $limit * $page ;
-$pageprev = $page - 1;
-$pagenext = $page + 1;
/*
* Actions
@@ -94,7 +94,7 @@ $sql.= " FROM ".MAIN_DB_PREFIX."bookmark as b, ".MAIN_DB_PREFIX."societe as s, "
$sql.= " WHERE b.fk_soc = s.rowid AND b.fk_user=u.rowid";
if (! $user->admin) $sql.= " AND b.fk_user = ".$user->id;
$sql.= $db->order($sortfield,$sortorder);
-$sql.= $db->plimit( $limit, $offset);
+$sql.= $db->plimit($limit, $offset);
$resql=$db->query($sql);
if ($resql)
diff --git a/htdocs/comm/fiche.php b/htdocs/comm/fiche.php
index 81260e0fe9f2d3865fe065d2ed4cbdeb6d56783a..0a12de5231338b641ac544f5e9d820235aa97597 100644
--- a/htdocs/comm/fiche.php
+++ b/htdocs/comm/fiche.php
@@ -52,8 +52,13 @@ $socid = isset($_GET["socid"])?$_GET["socid"]:'';
if ($user->societe_id > 0) $socid=$user->societe_id;
$result = restrictedArea($user,'societe',$socid,'');
-$sortorder=$_GET["sortorder"];
-$sortfield=$_GET["sortfield"];
+$sortfield = GETPOST("sortfield",'alpha');
+$sortorder = GETPOST("sortorder",'alpha');
+$page = GETPOST("page",'int');
+if ($page == -1) { $page = 0; }
+$offset = $conf->liste_limit * $page;
+$pageprev = $page - 1;
+$pagenext = $page + 1;
if (! $sortorder) $sortorder="ASC";
if (! $sortfield) $sortfield="nom";
diff --git a/htdocs/comm/mailing/cibles.php b/htdocs/comm/mailing/cibles.php
index 30cb894d4be0a182f9b876229c0f084e396a22c2..6bdbae8d46c5ddd08640a02a0bbb44ef6b15b5bf 100644
--- a/htdocs/comm/mailing/cibles.php
+++ b/htdocs/comm/mailing/cibles.php
@@ -44,13 +44,13 @@ $dirmod=DOL_DOCUMENT_ROOT."/includes/modules/mailings";
$mesg = '';
-$page=$_GET["page"];
-$sortorder=$_GET["sortorder"];
-$sortfield=$_GET["sortfield"];
-if ($page == -1) { $page = 0 ; }
-$offset = $conf->liste_limit * $_GET["page"] ;
-$pageprev = $_GET["page"] - 1;
-$pagenext = $_GET["page"] + 1;
+$sortfield = GETPOST("sortfield",'alpha');
+$sortorder = GETPOST("sortorder",'alpha');
+$page = GETPOST("page",'int');
+if ($page == -1) { $page = 0; }
+$offset = $conf->liste_limit * $page;
+$pageprev = $page - 1;
+$pagenext = $page + 1;
if (! $sortorder) $sortorder="ASC";
if (! $sortfield) $sortfield="email";
diff --git a/htdocs/comm/mailing/liste.php b/htdocs/comm/mailing/liste.php
index 564f575e6eb2bf504e2475318d6ef7f825eb047a..827d7e4a6ebbad83549bcb9745b623f1fbe5c853 100644
--- a/htdocs/comm/mailing/liste.php
+++ b/htdocs/comm/mailing/liste.php
@@ -36,14 +36,13 @@ if ($user->societe_id > 0)
$socid = $user->societe_id;
}
-$page=$_GET["page"];
-$sortorder=$_GET["sortorder"];
-$sortfield=$_GET["sortfield"];
-
-if ($page == -1) { $page = 0 ; }
-$offset = $conf->liste_limit * $_GET["page"] ;
-$pageprev = $_GET["page"] - 1;
-$pagenext = $_GET["page"] + 1;
+$sortfield = GETPOST("sortfield",'alpha');
+$sortorder = GETPOST("sortorder",'alpha');
+$page = GETPOST("page",'int');
+if ($page == -1) { $page = 0; }
+$offset = $conf->liste_limit * $page;
+$pageprev = $page - 1;
+$pagenext = $page + 1;
if (! $sortorder) $sortorder="DESC";
if (! $sortfield) $sortfield="m.date_creat";
diff --git a/htdocs/comm/propal.php b/htdocs/comm/propal.php
index d7be10b903353a687a65eb317c570e24a3de413b..4da6686c778ffde72563d86d6cba3f6c8aa4d8e3 100644
--- a/htdocs/comm/propal.php
+++ b/htdocs/comm/propal.php
@@ -1631,9 +1631,14 @@ else
$now=dol_now();
- $sortorder=$_GET['sortorder'];
- $sortfield=$_GET['sortfield'];
- $page=$_GET['page'];
+ $sortfield = GETPOST("sortfield",'alpha');
+ $sortorder = GETPOST("sortorder",'alpha');
+ $page = GETPOST("page",'int');
+ if ($page == -1) { $page = 0; }
+ $offset = $conf->liste_limit * $page;
+ $pageprev = $page - 1;
+ $pagenext = $page + 1;
+
$viewstatut=addslashes($_GET['viewstatut']);
$object_statut = addslashes($_GET['propal_statut']);
if($object_statut != '')
@@ -1642,9 +1647,6 @@ else
if (! $sortfield) $sortfield='p.datep';
if (! $sortorder) $sortorder='DESC';
$limit = $conf->liste_limit;
- $offset = $limit * $page ;
- $pageprev = $page - 1;
- $pagenext = $page + 1;
$sql = 'SELECT s.nom, s.rowid, s.client, ';
$sql.= 'p.rowid as propalid, p.total_ht, p.ref, p.fk_statut, p.fk_user_author, p.datep as dp, p.fin_validite as dfv,';
diff --git a/htdocs/comm/propal/document.php b/htdocs/comm/propal/document.php
index 66c715e9f7fcd7a526dda00e7ef758daf62f60cc..25bd527d84120d08ab83e734bf8536d04fa94d06 100644
--- a/htdocs/comm/propal/document.php
+++ b/htdocs/comm/propal/document.php
@@ -49,16 +49,15 @@ if ($user->societe_id)
$result = restrictedArea($user, 'propale', $id, 'propal');
// Get parameters
-$page=$_GET["page"];
-$sortorder=$_GET["sortorder"];
-$sortfield=$_GET["sortfield"];
-
-if (! $sortorder) $sortorder="ASC";
-if (! $sortfield) $sortfield="name";
-if ($page == -1) { $page = 0 ; }
-$offset = $conf->liste_limit * $page ;
+$sortfield = GETPOST("sortfield",'alpha');
+$sortorder = GETPOST("sortorder",'alpha');
+$page = GETPOST("page",'int');
+if ($page == -1) { $page = 0; }
+$offset = $conf->liste_limit * $page;
$pageprev = $page - 1;
$pagenext = $page + 1;
+if (! $sortorder) $sortorder="ASC";
+if (! $sortfield) $sortfield="name";
/*
diff --git a/htdocs/comm/prospect/prospects.php b/htdocs/comm/prospect/prospects.php
index 741bc4ef7be735a9980632f33a28feb42a4460c8..28f0b281712066655e7a5ef87789da69be76eefd 100644
--- a/htdocs/comm/prospect/prospects.php
+++ b/htdocs/comm/prospect/prospects.php
@@ -33,16 +33,16 @@ $langs->load("propal");
$langs->load("companies");
// Security check
-$socid = isset($_GET["socid"])?$_GET["socid"]:'';
+$socid = GETPOST("socid",'int');
if ($user->societe_id) $socid=$user->societe_id;
$result = restrictedArea($user, 'societe',$socid,'');
-$socname=isset($_GET["socname"])?$_GET["socname"]:$_POST["socname"];
-$stcomm=isset($_GET["stcomm"])?$_GET["stcomm"]:$_POST["stcomm"];
+$socname=GETPOST("socname",'alpha');
+$stcomm=GETPOST("stcomm",'int');
-$sortfield = isset($_GET["sortfield"])?$_GET["sortfield"]:$_POST["sortfield"];
-$sortorder = isset($_GET["sortorder"])?$_GET["sortorder"]:$_POST["sortorder"];
-$page=isset($_GET["page"])?$_GET["page"]:$_POST["page"];
+$sortfield = GETPOST("sortfield",'alpha');
+$sortorder = GETPOST("sortorder",'alpha');
+$page = GETPOST("page",'int');
if ($page == -1) { $page = 0; }
$offset = $conf->liste_limit * $page;
$pageprev = $page - 1;
@@ -50,10 +50,8 @@ $pagenext = $page + 1;
if (! $sortorder) $sortorder="ASC";
if (! $sortfield) $sortfield="s.nom";
-// Added by Matelli (see http://matelli.fr/showcases/patchs-dolibarr/enhance-prospect-searching.html)
-// Load potentiels filters
-$search_level_from = isset($_GET["search_level_from"])?$_GET["search_level_from"]:(isSet($_POST["search_level_from"])?$_POST["search_level_from"]:'');
-$search_level_to = isset($_GET["search_level_to"])?$_GET["search_level_to"]:(isSet($_POST["search_level_to"])?$_POST["search_level_to"]:'');
+$search_level_from = GETPOST("search_level_from","alpha");
+$search_level_to = GETPOST("search_level_to","alpha");
// If both parameters are set, search for everything BETWEEN them
if ($search_level_from != '' && $search_level_to != '')
diff --git a/htdocs/commande/document.php b/htdocs/commande/document.php
index abe08c4701aeea6411a822d362cd92956edf3d21..1db72e2fff4fb07b4a9a0635361be05a3b2a8a10 100644
--- a/htdocs/commande/document.php
+++ b/htdocs/commande/document.php
@@ -48,19 +48,18 @@ if ($user->societe_id) $socid=$user->societe_id;
$result=restrictedArea($user,'commande',$comid,'');
// Get parameters
-$page=$_GET["page"];
-$sortorder=$_GET["sortorder"];
-$sortfield=$_GET["sortfield"];
-
-if (! $sortorder) $sortorder="ASC";
-if (! $sortfield) $sortfield="name";
-if ($page == -1) { $page = 0 ; }
-$offset = $conf->liste_limit * $page ;
+$sortfield = GETPOST("sortfield",'alpha');
+$sortorder = GETPOST("sortorder",'alpha');
+$page = GETPOST("page",'int');
+if ($page == -1) { $page = 0; }
+$offset = $conf->liste_limit * $page;
$pageprev = $page - 1;
$pagenext = $page + 1;
+if (! $sortorder) $sortorder="ASC";
+if (! $sortfield) $sortfield="name";
-$id = $_GET['id'];
+$id = GETPOST('id','int');
$ref= $_GET['ref'];
$commande = new Commande($db);
if (! $commande->fetch($_GET['id'],$_GET['ref']) > 0)
diff --git a/htdocs/commande/liste.php b/htdocs/commande/liste.php
index 15e952943fac9ff9c224f27adceac5c2e9f27b0b..49bfe93747c7d0c2f6f04dccf514d6dff755dfbd 100644
--- a/htdocs/commande/liste.php
+++ b/htdocs/commande/liste.php
@@ -50,12 +50,23 @@ $orderid = isset($_GET["orderid"])?$_GET["orderid"]:'';
if ($user->societe_id) $socid=$user->societe_id;
$result = restrictedArea($user, 'commande', $orderid,'');
+$sortfield = GETPOST("sortfield",'alpha');
+$sortorder = GETPOST("sortorder",'alpha');
+$page = GETPOST("page",'int');
+if ($page == -1) { $page = 0; }
+$offset = $conf->liste_limit * $page;
+$pageprev = $page - 1;
+$pagenext = $page + 1;
+if (! $sortfield) $sortfield='c.rowid';
+if (! $sortorder) $sortorder='DESC';
+$limit = $conf->liste_limit;
+
/*
* View
*/
-$now=gmmktime();
+$now=dol_now();
$html = new Form($db);
$formfile = new FormFile($db);
@@ -63,16 +74,8 @@ $companystatic = new Societe($db);
llxHeader();
-$begin=$_GET['begin'];
-$sortorder=$_GET['sortorder'];
-$sortfield=$_GET['sortfield'];
$viewstatut=$_GET['viewstatut'];
-if (! $sortfield) $sortfield='c.rowid';
-if (! $sortorder) $sortorder='DESC';
-
-$limit = $conf->liste_limit;
-$offset = $limit * $_GET['page'] ;
$sql = 'SELECT s.nom, s.rowid as socid, s.client, c.rowid, c.ref, c.total_ht, c.ref_client,';
$sql.= ' c.date_commande, c.date_livraison, c.fk_statut, c.facture as facturee';
diff --git a/htdocs/compta/bank/search.php b/htdocs/compta/bank/search.php
index 5d46b566f4aebc36274591b757fdba3aacaa5f25..213007a89af12f7f385ca1786580b2740283daf4 100644
--- a/htdocs/compta/bank/search.php
+++ b/htdocs/compta/bank/search.php
@@ -49,11 +49,14 @@ if (! empty($_REQUEST["credit"])) $param.='&credit='.$_REQUEST["credit"];
if (! empty($_REQUEST["account"])) $param.='&account='.$_REQUEST["account"];
if (! empty($_REQUEST["bid"])) $param.='&bid='.$_REQUEST["bid"];
-$page =$_GET['page'];
-$sortorder=$_GET['sortorder'];
-$sortfield=$_GET['sortfield'];
+$sortfield = GETPOST("sortfield",'alpha');
+$sortorder = GETPOST("sortorder",'alpha');
+$page = GETPOST("page",'int');
+if ($page == -1) { $page = 0; }
+$offset = $conf->liste_limit * $page;
+$pageprev = $page - 1;
+$pagenext = $page + 1;
$limit = $conf->liste_limit;
-$offset = $limit * $page ;
if (! $sortorder) $sortorder='DESC';
if (! $sortfield) $sortfield='b.dateo';
diff --git a/htdocs/compta/clients.php b/htdocs/compta/clients.php
index 9f342f500faf0eb8fe92cc41fc349b0b96a87116..6a34816ccf9d189f2a5bc3da7df9e00bca44cf5d 100644
--- a/htdocs/compta/clients.php
+++ b/htdocs/compta/clients.php
@@ -42,16 +42,15 @@ accessforbidden();
$langs->load("companies");
-$page=$_GET["page"];
-$sortorder=$_GET["sortorder"];
-$sortfield=$_GET["sortfield"];
-
-if (! $sortorder) $sortorder="ASC";
-if (! $sortfield) $sortfield="nom";
-if ($page == -1) { $page = 0 ; }
-$offset = $conf->liste_limit * $page ;
+$sortfield = GETPOST("sortfield",'alpha');
+$sortorder = GETPOST("sortorder",'alpha');
+$page = GETPOST("page",'int');
+if ($page == -1) { $page = 0; }
+$offset = $conf->liste_limit * $page;
$pageprev = $page - 1;
$pagenext = $page + 1;
+if (! $sortorder) $sortorder="ASC";
+if (! $sortfield) $sortfield="nom";
/*
diff --git a/htdocs/compta/commande/liste.php b/htdocs/compta/commande/liste.php
index 7eeead1d754c43c0f4c13d3fa5b066d3fba782d8..e8bd998fc0939935195bc7a36dcb311005b99c5e 100644
--- a/htdocs/compta/commande/liste.php
+++ b/htdocs/compta/commande/liste.php
@@ -34,26 +34,29 @@ require_once(DOL_DOCUMENT_ROOT."/commande/class/commande.class.php");
$langs->load('companies');
// Security check
-$orderid = isset($_GET["orderid"])?$_GET["orderid"]:'';
+$orderid = GETPOST("orderid",'int');
if ($user->societe_id) $socid=$user->societe_id;
$result = restrictedArea($user, 'commande',$orderid,'');
// Assign and check variable
-$year=GETPOST('year','int',1);
-$month=GETPOST('month','int',1);
-$status=GETPOST('status','int',1);
-$onbill=GETPOST('afacturer','int',1);
-$page=GETPOST('page','int',1);
+$year=GETPOST('year','int');
+$month=GETPOST('month','int');
+$status=GETPOST('status','int');
+$onbill=GETPOST('afacturer','int');
+$page=GETPOST('page','int');
$sf_ref=GETPOST('sf_ref','',2);
-$begin=GETPOST('begin','',1); // TODO used ?
-$sortorder=GETPOST('sortorder','',1);
-$sortfield=GETPOST('sortfield','',1);
+$sortorder=GETPOST('sortorder','alpha');
+$sortfield=GETPOST('sortfield','alpha');
+$page = GETPOST("page",'int');
+if ($page == -1) { $page = 0; }
+$offset = $conf->liste_limit * $page;
+$pageprev = $page - 1;
+$pagenext = $page + 1;
if (! $sortfield) $sortfield="c.rowid";
if (! $sortorder) $sortorder="DESC";
$limit = $conf->liste_limit;
-$offset = $limit * $page ;
$html = new Form($db);
$formfile = new FormFile($db);
diff --git a/htdocs/compta/deplacement/index.php b/htdocs/compta/deplacement/index.php
index e4184dddf0b60eea1f8ffafd7fb532aec5489acd..24c9d37b862dd5e9ed2bb59afddd18651f15fe5e 100644
--- a/htdocs/compta/deplacement/index.php
+++ b/htdocs/compta/deplacement/index.php
@@ -40,20 +40,16 @@ $result = restrictedArea($user, 'deplacement','','');
llxHeader();
-$sortorder=$_GET["sortorder"];
-$sortfield=$_GET["sortfield"];
-$page=$_GET["page"];
-
+$sortfield = GETPOST("sortfield",'alpha');
+$sortorder = GETPOST("sortorder",'alpha');
+$page = GETPOST("page",'int');
+if ($page == -1) { $page = 0; }
+$offset = $conf->liste_limit * $page;
+$pageprev = $page - 1;
+$pagenext = $page + 1;
if (! $sortorder) $sortorder="DESC";
if (! $sortfield) $sortfield="d.dated";
-
-
-if ($page == -1) { $page = 0 ; }
-
$limit = $conf->liste_limit;
-$offset = $limit * $page ;
-$pageprev = $page - 1;
-$pagenext = $page + 1;
$sql = "SELECT s.nom, s.rowid as socid,"; // Ou
diff --git a/htdocs/compta/dons/liste.php b/htdocs/compta/dons/liste.php
index 8641faafdeaa316f47b9cfa9d7a461ad5d348d68..343ddc8c6068a9f5171573f598467e1161b7590a 100644
--- a/htdocs/compta/dons/liste.php
+++ b/htdocs/compta/dons/liste.php
@@ -31,18 +31,18 @@ if ($conf->projet->enabled) require_once(DOL_DOCUMENT_ROOT."/projet/class/projec
$langs->load("companies");
$langs->load("donations");
-$sortorder=$_GET["sortorder"];
-$sortfield=$_GET["sortfield"];
+$sortfield = GETPOST("sortfield",'alpha');
+$sortorder = GETPOST("sortorder",'alpha');
+$page = GETPOST("page",'int');
+if ($page == -1) { $page = 0; }
+$offset = $conf->liste_limit * $page;
+$pageprev = $page - 1;
+$pagenext = $page + 1;
+
$statut=isset($_GET["statut"])?$_GET["statut"]:"-1";
-$page=$_GET["page"];
if (! $sortorder) { $sortorder="DESC"; }
if (! $sortfield) { $sortfield="d.datedon"; }
-if ($page == -1) { $page = 0 ; }
-
-$offset = $conf->liste_limit * $page ;
-$pageprev = $page - 1;
-$pagenext = $page + 1;
/*
diff --git a/htdocs/compta/facture.php b/htdocs/compta/facture.php
index 86ef099895abf07f1688704420b8eaa1285f9e58..2c778448a9b9089895b1fe1022f79605d9e51d26 100644
--- a/htdocs/compta/facture.php
+++ b/htdocs/compta/facture.php
@@ -3031,14 +3031,18 @@ else
***************************************************************************/
$now=dol_now();
- $page =$_GET['page'];
- $sortorder=$_GET['sortorder'];
- $sortfield=$_GET['sortfield'];
- $month =$_GET['month'];
- $year =$_GET['year'];
- $limit = $conf->liste_limit;
- $offset = $limit * $page ;
+ $sortfield = GETPOST("sortfield",'alpha');
+ $sortorder = GETPOST("sortorder",'alpha');
+ $page = GETPOST("page",'int');
+ if ($page == -1) { $page = 0; }
+ $offset = $conf->liste_limit * $page;
+ $pageprev = $page - 1;
+ $pagenext = $page + 1;
+
+ $month =GETPOST('month','int');
+ $year =GETPOST('year','int');
+ $limit = $conf->liste_limit;
if (! $sortorder) $sortorder='DESC';
if (! $sortfield) $sortfield='f.datef';
diff --git a/htdocs/compta/facture/document.php b/htdocs/compta/facture/document.php
index 06887448d302fbf8c7d79ba0502f5621b5223aa7..f7716c40b8bcdecd2b1804a8cf6fbc333f2ad1a4 100644
--- a/htdocs/compta/facture/document.php
+++ b/htdocs/compta/facture/document.php
@@ -53,16 +53,15 @@ if ($user->societe_id > 0)
}
// Get parameters
-$page=$_GET["page"];
-$sortorder=$_GET["sortorder"];
-$sortfield=$_GET["sortfield"];
-
-if (! $sortorder) $sortorder="ASC";
-if (! $sortfield) $sortfield="name";
-if ($page == -1) { $page = 0 ; }
-$offset = $conf->liste_limit * $page ;
+$sortfield = GETPOST("sortfield",'alpha');
+$sortorder = GETPOST("sortorder",'alpha');
+$page = GETPOST("page",'int');
+if ($page == -1) { $page = 0; }
+$offset = $conf->liste_limit * $page;
$pageprev = $page - 1;
$pagenext = $page + 1;
+if (! $sortorder) $sortorder="ASC";
+if (! $sortfield) $sortfield="name";
/*
diff --git a/htdocs/compta/facture/impayees.php b/htdocs/compta/facture/impayees.php
index e25b48d736a95d4e8140c5e6780ed5b583c45020..3b19b37b4e6cc8ca051cad996c270109406d44fc 100644
--- a/htdocs/compta/facture/impayees.php
+++ b/htdocs/compta/facture/impayees.php
@@ -159,14 +159,17 @@ jQuery(document).ready(function() {
$now=dol_now();
-$page = $_GET["page"];
-$sortfield=$_GET["sortfield"];
-$sortorder=$_GET["sortorder"];
+$sortfield = GETPOST("sortfield",'alpha');
+$sortorder = GETPOST("sortorder",'alpha');
+$page = GETPOST("page",'int');
+if ($page == -1) { $page = 0; }
+$offset = $conf->liste_limit * $page;
+$pageprev = $page - 1;
+$pagenext = $page + 1;
if (! $sortfield) $sortfield="f.date_lim_reglement";
if (! $sortorder) $sortorder="ASC";
$limit = $conf->liste_limit;
-$offset = $limit * $page ;
$sql = "SELECT s.nom, s.rowid as socid";
$sql.= ", f.facnumber,f.increment,f.total as total_ht,f.total_ttc";
diff --git a/htdocs/compta/paiement/avalider.php b/htdocs/compta/paiement/avalider.php
index b5fcfa5a4c9a05444adc003cf9b615f82e5293f2..3c4f1c6b5d3702689d8adaf8525b5485a7392879 100644
--- a/htdocs/compta/paiement/avalider.php
+++ b/htdocs/compta/paiement/avalider.php
@@ -46,14 +46,16 @@ if ($user->societe_id > 0)
llxHeader();
-$page=$_GET["page"];
-$sortorder=$_GET["sortorder"];
-$sortfield=$_GET["sortfield"];
+$sortfield = GETPOST("sortfield",'alpha');
+$sortorder = GETPOST("sortorder",'alpha');
+$page = GETPOST("page",'int');
+if ($page == -1) { $page = 0; }
+$offset = $conf->liste_limit * $page;
+$pageprev = $page - 1;
+$pagenext = $page + 1;
if (! $sortorder) $sortorder="DESC";
if (! $sortfield) $sortfield="p.rowid";
-if ($page == -1) $page = 0 ;
$limit = $conf->liste_limit;
-$offset = $limit * $page ;
$sql = "SELECT p.rowid, p.datep as dp, p.amount, p.statut";
$sql .=", c.libelle as paiement_type, p.num_paiement";
diff --git a/htdocs/compta/paiement/cheque/liste.php b/htdocs/compta/paiement/cheque/liste.php
index 8ab2180406188855b2391c2d28bf38adf34e8e0a..24cbe6ad5fdf3aa4195506b40761e24599c1e7e7 100644
--- a/htdocs/compta/paiement/cheque/liste.php
+++ b/htdocs/compta/paiement/cheque/liste.php
@@ -35,12 +35,14 @@ $langs->load("bills");
if ($user->societe_id) $socid=$user->societe_id;
$result = restrictedArea($user, 'banque', '','');
-$page=$_GET["page"];
-$sortorder=$_GET["sortorder"];
-$sortfield=$_GET["sortfield"];
-
+$sortfield = GETPOST("sortfield",'alpha');
+$sortorder = GETPOST("sortorder",'alpha');
+$page = GETPOST("page",'int');
+if ($page == -1) { $page = 0; }
+$offset = $conf->liste_limit * $page;
+$pageprev = $page - 1;
+$pagenext = $page + 1;
$limit = $conf->liste_limit;
-$offset = $limit * $page ;
if (! $sortorder) $sortorder="DESC";
if (! $sortfield) $sortfield="bc.number";
diff --git a/htdocs/compta/paiement/liste.php b/htdocs/compta/paiement/liste.php
index 2c62831c9800a8085edc1901a72a62e3f32c23c1..18954b60456576f198691fbe85e58492a4c4e3e5 100644
--- a/htdocs/compta/paiement/liste.php
+++ b/htdocs/compta/paiement/liste.php
@@ -40,12 +40,14 @@ $paymentstatic=new Paiement($db);
$accountstatic=new Account($db);
$companystatic=new Societe($db);
-$page=$_GET["page"];
-$sortorder=$_GET["sortorder"];
-$sortfield=$_GET["sortfield"];
-
+$sortfield = GETPOST("sortfield",'alpha');
+$sortorder = GETPOST("sortorder",'alpha');
+$page = GETPOST("page",'int');
+if ($page == -1) { $page = 0; }
+$offset = $conf->liste_limit * $page;
+$pageprev = $page - 1;
+$pagenext = $page + 1;
$limit = $conf->liste_limit;
-$offset = $limit * $page ;
if (! $sortorder) $sortorder="DESC";
if (! $sortfield) $sortfield="p.rowid";
diff --git a/htdocs/compta/propal.php b/htdocs/compta/propal.php
index ef1b91ed9a6040a1f8b2ef131f1483f5b62c4d8f..a159d3cc5235da6eb39427898ab221f9eb8e94e9 100644
--- a/htdocs/compta/propal.php
+++ b/htdocs/compta/propal.php
@@ -40,9 +40,14 @@ $langs->load('compta');
$langs->load('orders');
$langs->load('bills');
-$page=$_GET["page"];
-$sortorder=$_GET["sortorder"];
-$sortfield=$_GET["sortfield"];
+$sortfield = GETPOST("sortfield",'alpha');
+$sortorder = GETPOST("sortorder",'alpha');
+$page = GETPOST("page",'int');
+if ($page == -1) { $page = 0; }
+$offset = $conf->liste_limit * $page;
+$pageprev = $page - 1;
+$pagenext = $page + 1;
+
$viewstatut=$_GET['viewstatut'];
$propal_statut = $_GET['propal_statut'];
if($propal_statut != '')
@@ -50,7 +55,6 @@ $viewstatut=$propal_statut;
if (! $sortorder) $sortorder="DESC";
if (! $sortfield) $sortfield="p.datep";
-if ($page == -1) { $page = 0 ; }
$module='propale';
if (! empty($_GET["socid"]))
diff --git a/htdocs/compta/sociales/index.php b/htdocs/compta/sociales/index.php
index 2b3fb933323960b10b42314ba8e3d9e82d3e0b69..fa3230f86b87985799326c8bcb00eb852d084c19 100644
--- a/htdocs/compta/sociales/index.php
+++ b/htdocs/compta/sociales/index.php
@@ -34,22 +34,19 @@ if ($user->societe_id) $socid=$user->societe_id;
$result = restrictedArea($user, 'tax', '', '', 'charges');
-$sortfield = isset($_GET["sortfield"])?$_GET["sortfield"]:$_POST["sortfield"];
-$sortorder = isset($_GET["sortorder"])?$_GET["sortorder"]:$_POST["sortorder"];
-$page = $_GET["page"];
-if ($page < 0) $page = 0;
-
+$sortfield = GETPOST("sortfield",'alpha');
+$sortorder = GETPOST("sortorder",'alpha');
+$page = GETPOST("page",'int');
+if ($page == -1) { $page = 0; }
+$offset = $conf->liste_limit * $page;
+$pageprev = $page - 1;
+$pagenext = $page + 1;
$limit = $conf->liste_limit;
-$offset = $limit * $page ;
-
if (! $sortfield) $sortfield="s.date_ech";
if (! $sortorder) $sortorder="DESC";
$year=$_GET["year"];
$filtre=$_GET["filtre"];
-$limit = $conf->liste_limit;
-$offset = $limit * $page ;
-//if (! $year) { $year=date("Y", time()); }
if (empty($_REQUEST['typeid']))
{
diff --git a/htdocs/compta/ventilation/liste.php b/htdocs/compta/ventilation/liste.php
index 65dd91bea564561da20e89941213c4d626e52c8b..7e0a85c4dbc03f2cc0abccb948ba5dc786d8b6d7 100644
--- a/htdocs/compta/ventilation/liste.php
+++ b/htdocs/compta/ventilation/liste.php
@@ -46,12 +46,16 @@ llxHeader('','Ventilation');
/*
* Lignes de factures
-*
*/
-$page = $_GET["page"];
-if ($page < 0) $page = 0;
+
+$sortfield = GETPOST("sortfield",'alpha');
+$sortorder = GETPOST("sortorder",'alpha');
+$page = GETPOST("page",'int');
+if ($page == -1) { $page = 0; }
+$offset = $conf->liste_limit * $page;
+$pageprev = $page - 1;
+$pagenext = $page + 1;
$limit = $conf->liste_limit;
-$offset = $limit * $page ;
$sql = "SELECT f.facnumber, f.rowid as facid, l.fk_product, l.description, l.price, l.rowid, l.fk_code_ventilation,";
$sql.= " p.rowid as product_id, p.ref as product_ref, p.label as product_label, p.fk_product_type as type";
diff --git a/htdocs/contrat/document.php b/htdocs/contrat/document.php
index 369f9272b35741aedd5c1c04b9d3703c010b9008..cb475acad1523090fa2db46f61dd17b4862ea15e 100644
--- a/htdocs/contrat/document.php
+++ b/htdocs/contrat/document.php
@@ -48,16 +48,15 @@ if ($user->societe_id > 0)
}
// Get parameters
-$page=$_GET["page"];
-$sortorder=$_GET["sortorder"];
-$sortfield=$_GET["sortfield"];
-
-if (! $sortorder) $sortorder="ASC";
-if (! $sortfield) $sortfield="name";
-if ($page == -1) { $page = 0 ; }
-$offset = $conf->liste_limit * $page ;
+$sortfield = GETPOST("sortfield",'alpha');
+$sortorder = GETPOST("sortorder",'alpha');
+$page = GETPOST("page",'int');
+if ($page == -1) { $page = 0; }
+$offset = $conf->liste_limit * $page;
$pageprev = $page - 1;
$pagenext = $page + 1;
+if (! $sortorder) $sortorder="ASC";
+if (! $sortfield) $sortfield="name";
$contrat = new Contrat($db);
diff --git a/htdocs/ecm/docdir.php b/htdocs/ecm/docdir.php
index a1f81eb19382bb7d7f987d350492d1d19b9b0708..de2511b4cac456d34330be86e9d20abeed111e26 100644
--- a/htdocs/ecm/docdir.php
+++ b/htdocs/ecm/docdir.php
@@ -53,12 +53,13 @@ $section=$_GET["section"];
if (! $section) $section='misc';
$upload_dir = $conf->ecm->dir_output.'/'.$section;
-$page=$_GET["page"];
-$sortorder=$_GET["sortorder"];
-$sortfield=$_GET["sortfield"];
-
-$limit = $conf->liste_limit;
-$offset = $limit * $page ;
+$sortfield = GETPOST("sortfield",'alpha');
+$sortorder = GETPOST("sortorder",'alpha');
+$page = GETPOST("page",'int');
+if ($page == -1) { $page = 0; }
+$offset = $conf->liste_limit * $page;
+$pageprev = $page - 1;
+$pagenext = $page + 1;
if (! $sortorder) $sortorder="ASC";
if (! $sortfield) $sortfield="label";
diff --git a/htdocs/ecm/docfile.php b/htdocs/ecm/docfile.php
index 5ce624f94a85de4de01032dc54c69aaee0c26658..7f80ebeb1f1a509910b1d1c6c9aa70408c026fdf 100644
--- a/htdocs/ecm/docfile.php
+++ b/htdocs/ecm/docfile.php
@@ -50,12 +50,13 @@ if (!$user->rights->ecm->setup) accessforbidden();
$socid = isset($_GET["socid"])?$_GET["socid"]:'';
-$page=$_GET["page"];
-$sortorder=$_GET["sortorder"];
-$sortfield=$_GET["sortfield"];
-
-$limit = $conf->liste_limit;
-$offset = $limit * $page ;
+$sortfield = GETPOST("sortfield",'alpha');
+$sortorder = GETPOST("sortorder",'alpha');
+$page = GETPOST("page",'int');
+if ($page == -1) { $page = 0; }
+$offset = $conf->liste_limit * $page;
+$pageprev = $page - 1;
+$pagenext = $page + 1;
if (! $sortorder) $sortorder="ASC";
if (! $sortfield) $sortfield="label";
diff --git a/htdocs/ecm/docmine.php b/htdocs/ecm/docmine.php
index 12500b66aedd35f5d8b86f0c890b9883d1e59a16..6736c9548105b70f1bdcf17dda4d7ff64c0198d9 100644
--- a/htdocs/ecm/docmine.php
+++ b/htdocs/ecm/docmine.php
@@ -45,16 +45,15 @@ $user->getrights('ecm');
if ($user->societe_id > 0) $socid = $user->societe_id;
// Get parameters
-$page=$_GET["page"];
-$sortorder=$_GET["sortorder"];
-$sortfield=$_GET["sortfield"];
-
-if (! $sortorder) $sortorder="ASC";
-if (! $sortfield) $sortfield="name";
-if ($page == -1) { $page = 0 ; }
-$offset = $conf->liste_limit * $page ;
+$sortfield = GETPOST("sortfield",'alpha');
+$sortorder = GETPOST("sortorder",'alpha');
+$page = GETPOST("page",'int');
+if ($page == -1) { $page = 0; }
+$offset = $conf->liste_limit * $page;
$pageprev = $page - 1;
$pagenext = $page + 1;
+if (! $sortorder) $sortorder="ASC";
+if (! $sortfield) $sortfield="name";
$section=GETPOST("section");
if (! $section)
diff --git a/htdocs/ecm/index.php b/htdocs/ecm/index.php
index 6be444e387cd10333acba1e06d1a7a4256a8cfd2..a635c8f76fa5b9c357af47cbfb0e49901d422304 100644
--- a/htdocs/ecm/index.php
+++ b/htdocs/ecm/index.php
@@ -59,12 +59,13 @@ if (! $section) $section=0;
$upload_dir = $conf->ecm->dir_output.'/'.$section;
-$page=$_GET["page"];
-$sortorder=$_GET["sortorder"];
-$sortfield=$_GET["sortfield"];
-
-$limit = $conf->liste_limit;
-$offset = $limit * $page ;
+$sortfield = GETPOST("sortfield",'alpha');
+$sortorder = GETPOST("sortorder",'alpha');
+$page = GETPOST("page",'int');
+if ($page == -1) { $page = 0; }
+$offset = $conf->liste_limit * $page;
+$pageprev = $page - 1;
+$pagenext = $page + 1;
if (! $sortorder) $sortorder="ASC";
if (! $sortfield) $sortfield="label";
diff --git a/htdocs/ecm/search.php b/htdocs/ecm/search.php
index 4e0f299c2a6190844c64c6df4958e1adc4d0833d..989a17a3e46e35ed83b000aaa9995a6a12c32b1d 100644
--- a/htdocs/ecm/search.php
+++ b/htdocs/ecm/search.php
@@ -57,12 +57,13 @@ if (! $section) $section=0;
$upload_dir = $conf->ecm->dir_output.'/'.$section;
-$page=$_GET["page"];
-$sortorder=$_GET["sortorder"];
-$sortfield=$_GET["sortfield"];
-
-$limit = $conf->liste_limit;
-$offset = $limit * $page ;
+$sortfield = GETPOST("sortfield",'alpha');
+$sortorder = GETPOST("sortorder",'alpha');
+$page = GETPOST("page",'int');
+if ($page == -1) { $page = 0; }
+$offset = $conf->liste_limit * $page;
+$pageprev = $page - 1;
+$pagenext = $page + 1;
if (! $sortorder) $sortorder="ASC";
if (! $sortfield) $sortfield="label";
diff --git a/htdocs/expedition/liste.php b/htdocs/expedition/liste.php
index cd4677f984d2f6be7751ece1cfef3ef41cc25fe4..10d95c63123814f15930fb7af5f144cf70ce2b90 100644
--- a/htdocs/expedition/liste.php
+++ b/htdocs/expedition/liste.php
@@ -37,13 +37,17 @@ if ($user->societe_id) $socid=$user->societe_id;
$result = restrictedArea($user, 'expedition',$expeditionid,'');
-$sortfield=isset($_GET["sortfield"])?$_GET["sortfield"]:"";
-$sortorder=isset($_GET["sortorder"])?$_GET["sortorder"]:"";
+$sortfield = GETPOST("sortfield",'alpha');
+$sortorder = GETPOST("sortorder",'alpha');
+$page = GETPOST("page",'int');
+if ($page == -1) { $page = 0; }
+$offset = $conf->liste_limit * $page;
+$pageprev = $page - 1;
+$pagenext = $page + 1;
+$limit = $conf->liste_limit;
if (! $sortfield) $sortfield="e.ref";
if (! $sortorder) $sortorder="DESC";
-
$limit = $conf->liste_limit;
-$offset = $limit * $_GET["page"] ;
/*
diff --git a/htdocs/fichinter/document.php b/htdocs/fichinter/document.php
index d3a3b0bba3c4d07424fc4d14aae7ce4733fd4db1..2ce6bbdf10d77ed13d489187d66cd8a8a3a48475 100644
--- a/htdocs/fichinter/document.php
+++ b/htdocs/fichinter/document.php
@@ -45,16 +45,15 @@ $result = restrictedArea($user, 'ficheinter', $fichinterid, 'fichinter');
// Get parameters
-$page=$_GET["page"];
-$sortorder=$_GET["sortorder"];
-$sortfield=$_GET["sortfield"];
-
-if (! $sortorder) $sortorder="ASC";
-if (! $sortfield) $sortfield="name";
-if ($page == -1) { $page = 0 ; }
-$offset = $conf->liste_limit * $page ;
+$sortfield = GETPOST("sortfield",'alpha');
+$sortorder = GETPOST("sortorder",'alpha');
+$page = GETPOST("page",'int');
+if ($page == -1) { $page = 0; }
+$offset = $conf->liste_limit * $page;
$pageprev = $page - 1;
$pagenext = $page + 1;
+if (! $sortorder) $sortorder="ASC";
+if (! $sortfield) $sortfield="name";
$object = new Fichinter($db);
diff --git a/htdocs/fichinter/index.php b/htdocs/fichinter/index.php
index 3517ad688a3523ceb2729260bd10213acf05f65d..aca2231cc7669541d94eaf5e3ff39e6f558a2409 100644
--- a/htdocs/fichinter/index.php
+++ b/htdocs/fichinter/index.php
@@ -33,8 +33,14 @@ require_once(DOL_DOCUMENT_ROOT."/lib/date.lib.php");
$langs->load("companies");
$langs->load("interventions");
-$sortorder=$_GET["sortorder"]?$_GET["sortorder"]:$_POST["sortorder"];
-$sortfield=$_GET["sortfield"]?$_GET["sortfield"]:$_POST["sortfield"];
+$sortfield = GETPOST("sortfield",'alpha');
+$sortorder = GETPOST("sortorder",'alpha');
+$page = GETPOST("page",'int');
+if ($page == -1) { $page = 0; }
+$offset = $conf->liste_limit * $page;
+$pageprev = $page - 1;
+$pagenext = $page + 1;
+
$socid=$_GET["socid"]?$_GET["socid"]:$_POST["socid"];
$page=$_GET["page"]?$_GET["page"]:$_POST["page"];
diff --git a/htdocs/fourn/commande/document.php b/htdocs/fourn/commande/document.php
index 777e9aa2822ce0759f55685ce325b9cc7dc4c42d..6894dc827601af138fde75cf42ffe55051518bd3 100644
--- a/htdocs/fourn/commande/document.php
+++ b/htdocs/fourn/commande/document.php
@@ -49,16 +49,15 @@ if ($user->societe_id) $socid=$user->societe_id;
$result = restrictedArea($user, 'commande_fournisseur', $id,'');
// Get parameters
-$page=$_GET["page"];
-$sortorder=$_GET["sortorder"];
-$sortfield=$_GET["sortfield"];
-
-if (! $sortorder) $sortorder="ASC";
-if (! $sortfield) $sortfield="name";
-if ($page == -1) { $page = 0 ; }
-$offset = $conf->liste_limit * $page ;
+$sortfield = GETPOST("sortfield",'alpha');
+$sortorder = GETPOST("sortorder",'alpha');
+$page = GETPOST("page",'int');
+if ($page == -1) { $page = 0; }
+$offset = $conf->liste_limit * $page;
$pageprev = $page - 1;
$pagenext = $page + 1;
+if (! $sortorder) $sortorder="ASC";
+if (! $sortfield) $sortfield="name";
$commande = new CommandeFournisseur($db);
diff --git a/htdocs/fourn/contact.php b/htdocs/fourn/contact.php
index 9cef3874718361bb1cc5a0d3de4ab346014612af..3e5e3c9ad1eea72e7501036e4dd3813c2d4771a7 100644
--- a/htdocs/fourn/contact.php
+++ b/htdocs/fourn/contact.php
@@ -45,15 +45,16 @@ if ($user->societe_id > 0)
$socid = $user->societe_id;
}
-$page=$_GET["page"];
-$sortorder=$_GET["sortorder"];
-$sortfield=$_GET["sortfield"];
-
+$sortfield = GETPOST("sortfield",'alpha');
+$sortorder = GETPOST("sortorder",'alpha');
+$page = GETPOST("page",'int');
+if ($page == -1) { $page = 0; }
+$offset = $conf->liste_limit * $page;
+$pageprev = $page - 1;
+$pagenext = $page + 1;
if (! $sortorder) $sortorder="ASC";
if (! $sortfield) $sortfield="p.name";
-if ($page == -1) { $page = 0 ; }
$limit = $conf->liste_limit;
-$offset = $limit * $page ;
/*
diff --git a/htdocs/fourn/facture/document.php b/htdocs/fourn/facture/document.php
index 11c5f87f0c39f83ea0f5ddd1d6a9e54b604d4c53..53a2ce32755c4341c212ade024d0bbdd1215f1bd 100644
--- a/htdocs/fourn/facture/document.php
+++ b/htdocs/fourn/facture/document.php
@@ -45,16 +45,15 @@ if ($user->societe_id) $socid=$user->societe_id;
$result = restrictedArea($user, 'fournisseur', $facid, 'facture_fourn', 'facture');
// Get parameters
-$page=$_GET["page"];
-$sortorder=$_GET["sortorder"];
-$sortfield=$_GET["sortfield"];
-
-if (! $sortorder) $sortorder="ASC";
-if (! $sortfield) $sortfield="name";
-if ($page == -1) { $page = 0 ; }
-$offset = $conf->liste_limit * $page ;
+$sortfield = GETPOST("sortfield",'alpha');
+$sortorder = GETPOST("sortorder",'alpha');
+$page = GETPOST("page",'int');
+if ($page == -1) { $page = 0; }
+$offset = $conf->liste_limit * $page;
$pageprev = $page - 1;
$pagenext = $page + 1;
+if (! $sortorder) $sortorder="ASC";
+if (! $sortfield) $sortfield="name";
diff --git a/htdocs/fourn/facture/impayees.php b/htdocs/fourn/facture/impayees.php
index 64dbff428e7d2f1bfad75e934ead0b3bb144dffe..2effbbf87dfe8959fa8621f3fa4afb8c3ca1b67d 100644
--- a/htdocs/fourn/facture/impayees.php
+++ b/htdocs/fourn/facture/impayees.php
@@ -65,17 +65,19 @@ $companystatic=new Societe($db);
* Mode Liste *
* *
***************************************************************************/
-$page = $_GET["page"];
-$sortfield=$_GET["sortfield"];
-$sortorder=$_GET["sortorder"];
+
+$sortfield = GETPOST("sortfield",'alpha');
+$sortorder = GETPOST("sortorder",'alpha');
+$page = GETPOST("page",'int');
+if ($page == -1) { $page = 0; }
+$offset = $conf->liste_limit * $page;
+$pageprev = $page - 1;
+$pagenext = $page + 1;
if (! $sortfield) $sortfield="f.date_lim_reglement";
if (! $sortorder) $sortorder="ASC";
if ($user->rights->fournisseur->facture->lire)
{
- $limit = $conf->liste_limit;
- $offset = $limit * $page ;
-
$sql = "SELECT s.nom, s.rowid as socid,";
$sql.= " f.rowid as ref, f.facnumber, f.total_ht, f.total_ttc,";
$sql.= " f.datef as df, f.date_lim_reglement as datelimite, ";
@@ -136,8 +138,6 @@ if ($user->rights->fournisseur->facture->lire)
foreach ($listfield as $key => $value) $sql.=$listfield[$key]." ".$sortorder.",";
$sql.= " f.facnumber DESC";
- //$sql .= $db->plimit($limit+1,$offset);
-
$result = $db->query($sql);
if ($result)
diff --git a/htdocs/fourn/facture/paiement.php b/htdocs/fourn/facture/paiement.php
index 7cdb22af9b736d5e044e2d4d03274aa46e2c7285..f6339e301e467130687873bfc03b9e92c9002606 100644
--- a/htdocs/fourn/facture/paiement.php
+++ b/htdocs/fourn/facture/paiement.php
@@ -39,12 +39,14 @@ $langs->load('banks');
$facid=isset($_GET['facid'])?$_GET['facid']:$_POST['facid'];
$action=isset($_GET['action'])?$_GET['action']:$_POST['action'];
-$sortfield = isset($_GET['sortfield'])?$_GET['sortfield']:$_POST['sortfield'];
-$sortorder = isset($_GET['sortorder'])?$_GET['sortorder']:$_POST['sortorder'];
-$page=isset($_GET['page'])?$_GET['page']:$_POST['page'];
-
+$sortfield = GETPOST("sortfield",'alpha');
+$sortorder = GETPOST("sortorder",'alpha');
+$page = GETPOST("page",'int');
+if ($page == -1) { $page = 0; }
+$offset = $conf->liste_limit * $page;
+$pageprev = $page - 1;
+$pagenext = $page + 1;
$limit = $conf->liste_limit;
-$offset = $limit * $page ;
if (! $sortorder) $sortorder="DESC";
if (! $sortfield) $sortfield="p.rowid";
diff --git a/htdocs/ftp/index.php b/htdocs/ftp/index.php
index 75c198560f84021d4f037acb74cd65ada6fe4085..06cdce2b82cf91dca1b67151908a2aff31260c60 100644
--- a/htdocs/ftp/index.php
+++ b/htdocs/ftp/index.php
@@ -53,12 +53,13 @@ $file=isset($_GET["file"])?$_GET["file"]:$_POST['file'];
$upload_dir = $conf->ftp->dir_temp;
$download_dir = $conf->ftp->dir_temp;
-$page=$_GET["page"];
-$sortorder=$_GET["sortorder"];
-$sortfield=$_GET["sortfield"];
-
-$limit = $conf->liste_limit;
-$offset = $limit * $page ;
+$sortfield = GETPOST("sortfield",'alpha');
+$sortorder = GETPOST("sortorder",'alpha');
+$page = GETPOST("page",'int');
+if ($page == -1) { $page = 0; }
+$offset = $conf->liste_limit * $page;
+$pageprev = $page - 1;
+$pagenext = $page + 1;
if (! $sortorder) $sortorder="ASC";
if (! $sortfield) $sortfield="label";
diff --git a/htdocs/lib/functions.lib.php b/htdocs/lib/functions.lib.php
index e5c50f0219f945c9d3d64b71ac09695c514e2167..332cc45fe0fab73e7eb38a5b5e3db553f5d2dbdf 100644
--- a/htdocs/lib/functions.lib.php
+++ b/htdocs/lib/functions.lib.php
@@ -38,11 +38,11 @@ if (! defined('ADODB_DATE_VERSION')) include_once(DOL_DOCUMENT_ROOT."/includes/a
/**
- * Return value of a param into get or post variable
+ * Return value of a param into GET or POST supervariable
* @param paramname Name of parameter to found
- * @param check Type of check ('' or 'int')
+ * @param check Type of check (''=no check, 'int'=check it's numeric, 'alpha'=check it's alpha only)
* @param method Type of method (0 = get or post, 1 = only get, 2 = only post)
- * @return string Value found
+ * @return string Value found or '' if check fails
*/
function GETPOST($paramname,$check='',$method=0)
{
@@ -50,13 +50,12 @@ function GETPOST($paramname,$check='',$method=0)
else if ($method==2) isset($_POST[$paramname])?$_POST[$paramname]:'';
else $out = isset($_GET[$paramname])?$_GET[$paramname]:(isset($_POST[$paramname])?$_POST[$paramname]:'');
- // Clean value
- $out = trim($out);
-
if (!empty($check))
{
// Check if integer
- if ($check == 'int' && ! is_numeric($out)) $out='';
+ if ($check == 'int' && ! is_numeric(trim($out))) $out='';
+ // Check if alpha
+ if ($check == 'alpha' && ! preg_match('/^[#\(\)\-\._a-z0-9]+$/i',trim($out))) $out='';
}
return $out;
@@ -1526,7 +1525,7 @@ function img_allow($allow,$alt='default')
function img_mime($file,$alt='')
{
require_once(DOL_DOCUMENT_ROOT.'/lib/files.lib.php');
-
+
$mimetype=dol_mimetype($file,'',1);
$mimeimg=dol_mimetype($file,'',2);
diff --git a/htdocs/main.inc.php b/htdocs/main.inc.php
index f403db23783da0d6bbb0c97d63765de1234f5d9f..d6b97d0a079a47306c19b3bbb0ca85b77d9af2e1 100644
--- a/htdocs/main.inc.php
+++ b/htdocs/main.inc.php
@@ -59,39 +59,43 @@ if (function_exists('get_magic_quotes_gpc')) // magic_quotes_* removed in PHP6
$_POST = array_map('stripslashes_deep', $_POST);
// $_REQUEST = array_map('stripslashes_deep', $_REQUEST);
$_COOKIE = array_map('stripslashes_deep', $_COOKIE);
+ @set_magic_quotes_runtime(0);
}
- @set_magic_quotes_runtime(0);
}
// Security: SQL Injection and XSS Injection (scripts) protection (Filters on GET, POST)
-function test_sql_and_script_inject($val)
+function test_sql_and_script_inject($val,$get)
{
$sql_inj = 0;
+ // For SQL Injection
$sql_inj += preg_match('/delete[\s]+from/i', $val);
$sql_inj += preg_match('/create[\s]+table/i', $val);
$sql_inj += preg_match('/update.+set.+=/i', $val);
$sql_inj += preg_match('/insert[\s]+into/i', $val);
$sql_inj += preg_match('/select.+from/i', $val);
$sql_inj += preg_match('/union.+select/i', $val);
+ // For XSS Injection done by adding javascript with script
$sql_inj += preg_match('/<script/i', $val);
+ // For XSS Injection done by adding javascript with onmousemove, etc... (closing a src or href tag with not cleaned param)
+ if ($get) $sql_inj += preg_match('/"/i', $val); // We refused " in GET parameters value
return $sql_inj;
}
-function analyse_sql_and_script(&$var)
+function analyse_sql_and_script(&$var,$get)
{
if (is_array($var))
{
$result = array();
foreach ($var as $key => $value)
{
- if (test_sql_and_script_inject($key) > 0)
+ if (test_sql_and_script_inject($key,$get) > 0)
{
print 'Access refused by SQL/Script injection protection in main.inc.php';
exit;
}
else
{
- if (analyse_sql_and_script($value))
+ if (analyse_sql_and_script($value,$get))
{
$var[$key] = $value;
}
@@ -106,11 +110,11 @@ function analyse_sql_and_script(&$var)
}
else
{
- return (test_sql_and_script_inject($var) <= 0);
+ return (test_sql_and_script_inject($var,$get) <= 0);
}
}
-analyse_sql_and_script($_GET);
-analyse_sql_and_script($_POST);
+analyse_sql_and_script($_GET,1);
+analyse_sql_and_script($_POST,0);
// This is to make Dolibarr working with Plesk
set_include_path($_SERVER['DOCUMENT_ROOT'].'/htdocs');
diff --git a/htdocs/product/composition/fiche.php b/htdocs/product/composition/fiche.php
index 2def135a32bd0f970f9c3c4ee4a67de3a75bca0b..9378c982314f7f39dd4b7fd4f8ae4aec06f3c013 100644
--- a/htdocs/product/composition/fiche.php
+++ b/htdocs/product/composition/fiche.php
@@ -124,7 +124,6 @@ if($action == 'search' )
$sql.= " AND cp.fk_categorie ='".addslashes($catMere)."'";
}
$sql.= " ORDER BY p.ref ASC";
- // $sql.= $db->plimit($limit + 1 ,$offset);
$resql = $db->query($sql) ;
}
diff --git a/htdocs/product/document.php b/htdocs/product/document.php
index 5b5c19e683d47f481f3c4d4f576e37d2e6e82352..38aac4c135ba7611811eed7f543ea98122e35a41 100755
--- a/htdocs/product/document.php
+++ b/htdocs/product/document.php
@@ -48,16 +48,15 @@ if ($user->societe_id) $socid=$user->societe_id;
$result=restrictedArea($user,'produit|service',$id,'product','','',$fieldid);
// Get parameters
-$page=$_GET["page"];
-$sortorder=$_GET["sortorder"];
-$sortfield=$_GET["sortfield"];
-
-if (! $sortorder) $sortorder="ASC";
-if (! $sortfield) $sortfield="name";
-if ($page == -1) { $page = 0 ; }
-$offset = $conf->liste_limit * $page ;
+$sortfield = GETPOST("sortfield",'alpha');
+$sortorder = GETPOST("sortorder",'alpha');
+$page = GETPOST("page",'int');
+if ($page == -1) { $page = 0; }
+$offset = $conf->liste_limit * $page;
$pageprev = $page - 1;
$pagenext = $page + 1;
+if (! $sortorder) $sortorder="ASC";
+if (! $sortfield) $sortfield="name";
$product = new Product($db);
diff --git a/htdocs/product/liste.php b/htdocs/product/liste.php
index 533cfb616600a12a8e66364a5bbd6a213eb4d397..8836e74527b8874274e32011e655233c3b73c36b 100644
--- a/htdocs/product/liste.php
+++ b/htdocs/product/liste.php
@@ -33,7 +33,7 @@ if ($conf->categorie->enabled) require_once(DOL_DOCUMENT_ROOT."/categories/class
$langs->load("products");
$langs->load("stocks");
-$canvas=GETPOST('canvas','',1);
+$canvas=GETPOST('canvas','alpha');
$sref=GETPOST("sref");
$sbarcode=GETPOST("sbarcode");
@@ -41,13 +41,17 @@ $snom=GETPOST("snom");
$sall=GETPOST("sall");
$type=GETPOST("type","int");
-$sortfield = GETPOST("sortfield");
-$sortorder = GETPOST("sortorder");
+$sortfield = GETPOST("sortfield",'alpha');
+$sortorder = GETPOST("sortorder",'alpha');
+$page = GETPOST("page",'int');
+if ($page == -1) { $page = 0; }
+$offset = $conf->liste_limit * $page;
+$pageprev = $page - 1;
+$pagenext = $page + 1;
if (! $sortfield) $sortfield="p.ref";
if (! $sortorder) $sortorder="ASC";
-$page = $_GET["page"];
+
$limit = $conf->liste_limit;
-$offset = $limit * $page ;
// Security check
if ($type=='0') $result=restrictedArea($user,'produit',$id,'product','','',$fieldid);
diff --git a/htdocs/product/stats/commande.php b/htdocs/product/stats/commande.php
index 2377f8daa9e102b551be05462fe85d084558784c..05f03cd398f48b6baa66b7eb8cc43fad74ff824f 100644
--- a/htdocs/product/stats/commande.php
+++ b/htdocs/product/stats/commande.php
@@ -45,13 +45,13 @@ $result=restrictedArea($user,'produit|service',$id,'product','','',$fieldid);
$mesg = '';
-$page = $_GET["page"];
-$sortfield=$_GET["sortfield"];
-$sortorder=$_GET["sortorder"];
-if ($page == -1) { $page = 0 ; }
-$offset = $conf->liste_limit * $_GET["page"] ;
-$pageprev = $_GET["page"] - 1;
-$pagenext = $_GET["page"] + 1;
+$sortfield = GETPOST("sortfield",'alpha');
+$sortorder = GETPOST("sortorder",'alpha');
+$page = GETPOST("page",'int');
+if ($page == -1) { $page = 0; }
+$offset = $conf->liste_limit * $page;
+$pageprev = $page - 1;
+$pagenext = $page + 1;
if (! $sortorder) $sortorder="DESC";
if (! $sortfield) $sortfield="c.date_commande";
diff --git a/htdocs/product/stats/commande_fournisseur.php b/htdocs/product/stats/commande_fournisseur.php
index 561754dac3c3a3436df49ea3847e687384938399..5720d45f891a53bb25ea452b81a434bd6dcf6849 100644
--- a/htdocs/product/stats/commande_fournisseur.php
+++ b/htdocs/product/stats/commande_fournisseur.php
@@ -45,13 +45,13 @@ $result=restrictedArea($user,'produit|service',$id,'product','','',$fieldid);
$mesg = '';
-$page = $_GET["page"];
-$sortfield=$_GET["sortfield"];
-$sortorder=$_GET["sortorder"];
-if ($page == -1) { $page = 0 ; }
-$offset = $conf->liste_limit * $_GET["page"] ;
-$pageprev = $_GET["page"] - 1;
-$pagenext = $_GET["page"] + 1;
+$sortfield = GETPOST("sortfield",'alpha');
+$sortorder = GETPOST("sortorder",'alpha');
+$page = GETPOST("page",'int');
+if ($page == -1) { $page = 0; }
+$offset = $conf->liste_limit * $page;
+$pageprev = $page - 1;
+$pagenext = $page + 1;
if (! $sortorder) $sortorder="DESC";
if (! $sortfield) $sortfield="c.date_commande";
diff --git a/htdocs/product/stats/contrat.php b/htdocs/product/stats/contrat.php
index e2ea1510be19231aafbfd1f1e2bc221c1cb84e30..cc2bf0ec89ea88d5d32bb06a603902da7d386def 100644
--- a/htdocs/product/stats/contrat.php
+++ b/htdocs/product/stats/contrat.php
@@ -45,13 +45,13 @@ $result=restrictedArea($user,'produit|service',$id,'product','','',$fieldid);
$mesg = '';
-$page = $_GET["page"];
-$sortfield=$_GET["sortfield"];
-$sortorder=$_GET["sortorder"];
-if ($page == -1) { $page = 0 ; }
-$offset = $conf->liste_limit * $_GET["page"] ;
-$pageprev = $_GET["page"] - 1;
-$pagenext = $_GET["page"] + 1;
+$sortfield = GETPOST("sortfield",'alpha');
+$sortorder = GETPOST("sortorder",'alpha');
+$page = GETPOST("page",'int');
+if ($page == -1) { $page = 0; }
+$offset = $conf->liste_limit * $page;
+$pageprev = $page - 1;
+$pagenext = $page + 1;
if (! $sortorder) $sortorder="DESC";
if (! $sortfield) $sortfield="c.date_contrat";
diff --git a/htdocs/product/stats/facture.php b/htdocs/product/stats/facture.php
index f69ba4e4df83e1e596b0ce10fb17459678deeb56..3c758e5a8f77fdbff453d403bb8f0f11bb08f18f 100644
--- a/htdocs/product/stats/facture.php
+++ b/htdocs/product/stats/facture.php
@@ -45,13 +45,13 @@ $result=restrictedArea($user,'produit|service',$id,'product','','',$fieldid);
$mesg = '';
-$page = $_GET["page"];
-$sortfield=$_GET["sortfield"];
-$sortorder=$_GET["sortorder"];
-if ($page == -1) { $page = 0 ; }
-$offset = $conf->liste_limit * $_GET["page"] ;
-$pageprev = $_GET["page"] - 1;
-$pagenext = $_GET["page"] + 1;
+$sortfield = GETPOST("sortfield",'alpha');
+$sortorder = GETPOST("sortorder",'alpha');
+$page = GETPOST("page",'int');
+if ($page == -1) { $page = 0; }
+$offset = $conf->liste_limit * $page;
+$pageprev = $page - 1;
+$pagenext = $page + 1;
if (! $sortorder) $sortorder="DESC";
if (! $sortfield) $sortfield="f.datef";
diff --git a/htdocs/product/stats/facture_fournisseur.php b/htdocs/product/stats/facture_fournisseur.php
index 5b6b939b0144b50afeb8f072c302f65d059df407..1441cd5b44e02ffc6f2d189f505f1b67e754464f 100644
--- a/htdocs/product/stats/facture_fournisseur.php
+++ b/htdocs/product/stats/facture_fournisseur.php
@@ -46,13 +46,13 @@ $result=restrictedArea($user,'produit|service',$id,'product','','',$fieldid);
$mesg = '';
-$page = $_GET["page"];
-$sortfield=$_GET["sortfield"];
-$sortorder=$_GET["sortorder"];
-if ($page == -1) { $page = 0 ; }
-$offset = $conf->liste_limit * $_GET["page"] ;
-$pageprev = $_GET["page"] - 1;
-$pagenext = $_GET["page"] + 1;
+$sortfield = GETPOST("sortfield",'alpha');
+$sortorder = GETPOST("sortorder",'alpha');
+$page = GETPOST("page",'int');
+if ($page == -1) { $page = 0; }
+$offset = $conf->liste_limit * $page;
+$pageprev = $page - 1;
+$pagenext = $page + 1;
if (! $sortorder) $sortorder="DESC";
if (! $sortfield) $sortfield="f.datef";
diff --git a/htdocs/product/stats/propal.php b/htdocs/product/stats/propal.php
index 26e3ed8db97f84f9618f81f0fba512a92ea52cfd..c88bba5e69342e679b0953d22ebef957066d52a5 100644
--- a/htdocs/product/stats/propal.php
+++ b/htdocs/product/stats/propal.php
@@ -45,13 +45,13 @@ $result=restrictedArea($user,'produit|service',$id,'product','','',$fieldid);
$mesg = '';
-$page = $_GET["page"];
-$sortfield=$_GET["sortfield"];
-$sortorder=$_GET["sortorder"];
-if ($page == -1) { $page = 0 ; }
-$offset = $conf->liste_limit * $_GET["page"] ;
-$pageprev = $_GET["page"] - 1;
-$pagenext = $_GET["page"] + 1;
+$sortfield = GETPOST("sortfield",'alpha');
+$sortorder = GETPOST("sortorder",'alpha');
+$page = GETPOST("page",'int');
+if ($page == -1) { $page = 0; }
+$offset = $conf->liste_limit * $page;
+$pageprev = $page - 1;
+$pagenext = $page + 1;
if (! $sortorder) $sortorder="DESC";
if (! $sortfield) $sortfield="p.datep";
diff --git a/htdocs/product/stock/fiche.php b/htdocs/product/stock/fiche.php
index 6e330fae6291884b8f46e80a717577c5b8415210..2165ac76d61effb652a0756cddd6732afcd3828e 100644
--- a/htdocs/product/stock/fiche.php
+++ b/htdocs/product/stock/fiche.php
@@ -364,7 +364,6 @@ else
if (!$user->rights->service->hidden) $sql.=' AND (p.hidden=0 OR p.fk_product_type != 1)';
}
$sql.= $db->order($sortfield,$sortorder);
- //$sql .= $db->plimit($limit + 1 ,$offset);
dol_syslog('List products sql='.$sql);
$resql = $db->query($sql) ;
diff --git a/htdocs/product/stock/user.php b/htdocs/product/stock/user.php
index f9289916b16ed543b38b334eafcbfb0ae4d52f48..654d564b462f10337d7c4426aa6d955c22cf9b28 100644
--- a/htdocs/product/stock/user.php
+++ b/htdocs/product/stock/user.php
@@ -143,9 +143,6 @@ if ($_GET["id"])
$sql .= " WHERE ue.fk_user = u.rowid ";
$sql .= " AND ue.fk_entrepot = ".$entrepot->id;
- //$sql .= $db->order($sortfield,$sortorder);
- //$sql .= $db->plimit($limit + 1 ,$offset);
-
$resql = $db->query($sql) ;
if ($resql)
{
diff --git a/htdocs/projet/document.php b/htdocs/projet/document.php
index 763c204acb54f10952e3bd1362313a755b463c23..93d573669629fad3b0758908aaf3c8a844d467a8 100644
--- a/htdocs/projet/document.php
+++ b/htdocs/projet/document.php
@@ -43,16 +43,15 @@ if ($user->societe_id > 0) $socid=$user->societe_id;
$result=restrictedArea($user,'projet',$id,'');
// Get parameters
-$page=$_GET["page"];
-$sortorder=$_GET["sortorder"];
-$sortfield=$_GET["sortfield"];
-
-if (! $sortorder) $sortorder="ASC";
-if (! $sortfield) $sortfield="name";
-if ($page == -1) { $page = 0 ; }
-$offset = $conf->liste_limit * $page ;
+$sortfield = GETPOST("sortfield",'alpha');
+$sortorder = GETPOST("sortorder",'alpha');
+$page = GETPOST("page",'int');
+if ($page == -1) { $page = 0; }
+$offset = $conf->liste_limit * $page;
$pageprev = $page - 1;
$pagenext = $page + 1;
+if (! $sortorder) $sortorder="ASC";
+if (! $sortfield) $sortfield="name";
$id = $_GET['id'];
diff --git a/htdocs/projet/tasks/document.php b/htdocs/projet/tasks/document.php
index a9869e30e5a82af8a3f22d1eb570f6f1d21f2fe2..71a040aa46d2c7af58b0268c827e6ccc1025c234 100644
--- a/htdocs/projet/tasks/document.php
+++ b/htdocs/projet/tasks/document.php
@@ -48,16 +48,15 @@ if ($user->societe_id > 0) $socid = $user->societe_id;
if (!$user->rights->projet->lire) accessforbidden();
// Get parameters
-$page=$_GET["page"];
-$sortorder=$_GET["sortorder"];
-$sortfield=$_GET["sortfield"];
-
-if (! $sortorder) $sortorder="ASC";
-if (! $sortfield) $sortfield="name";
-if ($page == -1) { $page = 0 ; }
-$offset = $conf->liste_limit * $page ;
+$sortfield = GETPOST("sortfield",'alpha');
+$sortorder = GETPOST("sortorder",'alpha');
+$page = GETPOST("page",'int');
+if ($page == -1) { $page = 0; }
+$offset = $conf->liste_limit * $page;
$pageprev = $page - 1;
$pagenext = $page + 1;
+if (! $sortorder) $sortorder="ASC";
+if (! $sortfield) $sortfield="name";
$id = $_GET['id'];
diff --git a/htdocs/public/members/public_list.php b/htdocs/public/members/public_list.php
index f50f5d3b60f49c48fadcc6991585b43860aad530..979db4cd3aacdd596467c2e2b278eb5e1b7ef86d 100644
--- a/htdocs/public/members/public_list.php
+++ b/htdocs/public/members/public_list.php
@@ -59,19 +59,19 @@ function llxFooterVierge()
}
+$sortfield = GETPOST("sortfield",'alpha');
+$sortorder = GETPOST("sortorder",'alpha');
+$page = GETPOST("page",'int');
+if ($page == -1) { $page = 0; }
+$offset = $conf->liste_limit * $page;
+$pageprev = $page - 1;
+$pagenext = $page + 1;
-$sortorder=$_GET["sortorder"];
-$sortfield=$_GET["sortfield"];
-$page=$_GET["page"];
$filter=$_GET["filter"];
$statut=isset($_GET["statut"])?$_GET["statut"]:'';
if (! $sortorder) { $sortorder="ASC"; }
if (! $sortfield) { $sortfield="nom"; }
-if ($page == -1) { $page = 0 ; }
-$offset = $conf->liste_limit * $page ;
-$pageprev = $page - 1;
-$pagenext = $page + 1;
/*
diff --git a/htdocs/societe/document.php b/htdocs/societe/document.php
index e7f5becfad0835f1fd5c61b01791c1dc48710e6a..6ef3aa61869cfda87aa645084aa9ebe2f5efef0e 100644
--- a/htdocs/societe/document.php
+++ b/htdocs/societe/document.php
@@ -47,19 +47,13 @@ if ($user->societe_id > 0)
$result = restrictedArea($user, 'societe', $socid);
// Get parameters
-$page=$_GET["page"];
-$sortorder=$_GET["sortorder"];
-$sortfield=$_GET["sortfield"];
-
-if (! $sortorder) $sortorder="ASC";
-if (! $sortfield) $sortfield="name";
-if ($page == -1) { $page = 0 ; }
-$offset = $conf->liste_limit * $page ;
+$sortfield = GETPOST("sortfield",'alpha');
+$sortorder = GETPOST("sortorder",'alpha');
+$page = GETPOST("page",'int');
+if ($page == -1) { $page = 0; }
+$offset = $conf->liste_limit * $page;
$pageprev = $page - 1;
$pagenext = $page + 1;
-
-$sortorder=$_GET["sortorder"];
-$sortfield=$_GET["sortfield"];
if (! $sortorder) $sortorder="ASC";
if (! $sortfield) $sortfield="name";
diff --git a/htdocs/societe/notify/fiche.php b/htdocs/societe/notify/fiche.php
index 4e8800ce6bb7e00986cf5d50e14c8d955ead1356..b913a8fad1d7e37b8942a0071574e36bd7595ed1 100644
--- a/htdocs/societe/notify/fiche.php
+++ b/htdocs/societe/notify/fiche.php
@@ -38,8 +38,13 @@ $socid = isset($_GET["socid"])?$_GET["socid"]:'';
if ($user->societe_id) $socid=$user->societe_id;
$result = restrictedArea($user, 'societe','','');
-$sortorder=$_GET["sortorder"];
-$sortfield=$_GET["sortfield"];
+$sortfield = GETPOST("sortfield",'alpha');
+$sortorder = GETPOST("sortorder",'alpha');
+$page = GETPOST("page",'int');
+if ($page == -1) { $page = 0; }
+$offset = $conf->liste_limit * $page;
+$pageprev = $page - 1;
+$pagenext = $page + 1;
if (! $sortorder) $sortorder="ASC";
if (! $sortfield) $sortfield="c.name";
diff --git a/htdocs/user/group/index.php b/htdocs/user/group/index.php
index 36aab9bef62ad3db60b681ba03286c36895b3b1a..697df76d0f6c34874dc2851e92fda9c8789e353c 100644
--- a/htdocs/user/group/index.php
+++ b/htdocs/user/group/index.php
@@ -36,13 +36,13 @@ $langs->load("users");
$sall=isset($_GET["sall"])?$_GET["sall"]:$_POST["sall"];
-$sortfield = isset($_GET["sortfield"])?$_GET["sortfield"]:$_POST["sortfield"];
-$sortorder = isset($_GET["sortorder"])?$_GET["sortorder"]:$_POST["sortorder"];
-$page=isset($_GET["page"])?$_GET["page"]:$_POST["page"];
-if ($page < 0) $page = 0;
-
-$limit = $conf->liste_limit;
-$offset = $limit * $page ;
+$sortfield = GETPOST("sortfield",'alpha');
+$sortorder = GETPOST("sortorder",'alpha');
+$page = GETPOST("page",'int');
+if ($page == -1) { $page = 0; }
+$offset = $conf->liste_limit * $page;
+$pageprev = $page - 1;
+$pagenext = $page + 1;
if (! $sortfield) $sortfield="g.nom";
if (! $sortorder) $sortorder="ASC";
diff --git a/htdocs/user/index.php b/htdocs/user/index.php
index 68d40be201660d8b45dadc8c43f6c066a9a1b2aa..6bd0ab4607d2d40f0a66c4dc6784bb02daf4fa45 100644
--- a/htdocs/user/index.php
+++ b/htdocs/user/index.php
@@ -38,14 +38,14 @@ if ($user->societe_id > 0) $socid = $user->societe_id;
$sall=isset($_GET["sall"])?$_GET["sall"]:$_POST["sall"];
-$sortfield = isset($_GET["sortfield"])?$_GET["sortfield"]:$_POST["sortfield"];
-$sortorder = isset($_GET["sortorder"])?$_GET["sortorder"]:$_POST["sortorder"];
-$page=isset($_GET["page"])?$_GET["page"]:$_POST["page"];
-if ($page < 0) $page = 0;
-
+$sortfield = GETPOST("sortfield",'alpha');
+$sortorder = GETPOST("sortorder",'alpha');
+$page = GETPOST("page",'int');
+if ($page == -1) { $page = 0; }
+$offset = $conf->liste_limit * $page;
+$pageprev = $page - 1;
+$pagenext = $page + 1;
$limit = $conf->liste_limit;
-$offset = $limit * $page ;
-
if (! $sortfield) $sortfield="u.login";
if (! $sortorder) $sortorder="ASC";