Fix: W3C. No form into table. Make some browsers crazy.

c94083b5 · Laurent Destailleur · 42f032de · c94083b5
Commit c94083b5 authored 11 years ago by Laurent Destailleur
--- a/htdocs/compta/facture/impayees.php
+++ b/htdocs/compta/facture/impayees.php
@@ -49,7 +49,7 @@ $result = restrictedArea($user,'facture',$id,'');
 * Action
 */
-if ($action == "builddoc" && $user->rights->facture->lire)
+if ($action == "builddoc" && $user->rights->facture->lire && ! GETPOST('button_search'))
 {
 	if (is_array($_POST['toGenerate']))
 	{
@@ -149,14 +149,14 @@ if ($action == 'remove_file')
 * View
 */
+$form = new Form($db);
+$formfile = new FormFile($db);
 $title=$langs->trans("BillsCustomersUnpaid");
 if ($option=='late') $title=$langs->trans("BillsCustomersUnpaid");
 llxHeader('',$title);
-$form = new Form($db);
-$formfile = new FormFile($db);
 ?>
 <script type="text/javascript">
 $(document).ready(function() {
@@ -170,12 +170,6 @@ $(document).ready(function() {
 </script>
 <?php
-/***************************************************************************
- *                                                                         *
- *                      Mode Liste                                         *
- *                                                                         *
- ***************************************************************************/
 $now=dol_now();
 $search_ref = GETPOST("search_ref");
@@ -222,10 +216,10 @@ if (GETPOST('filtre'))
 		$sql .= " AND " . $filt[0] . " = " . $filt[1];
 	}
 }
-if ($search_ref)         $sql .= " AND f.facnumber LIKE '%".$search_ref."%'";
+if ($search_ref)         $sql .= " AND f.facnumber LIKE '%".$db->escape($search_ref)."%'";
-if ($search_societe)     $sql .= " AND s.nom LIKE '%".$search_societe."%'";
+if ($search_societe)     $sql .= " AND s.nom LIKE '%".$db->escape($search_societe)."%'";
-if ($search_montant_ht)  $sql .= " AND f.total = '".$search_montant_ht."'";
+if ($search_montant_ht)  $sql .= " AND f.total = '".$db->escape($search_montant_ht)."'";
-if ($search_montant_ttc) $sql .= " AND f.total_ttc = '".$search_montant_ttc."'";
+if ($search_montant_ttc) $sql .= " AND f.total_ttc = '".$db->escape($search_montant_ttc)."'";
 if (GETPOST('sf_ref'))   $sql .= " AND f.facnumber LIKE '%".$db->escape(GETPOST('sf_ref'))."%'";
 $sql.= " GROUP BY s.nom, s.rowid, f.facnumber, f.increment, f.total, f.tva, f.total_ttc, f.datef, f.date_lim_reglement, f.paye, f.rowid, f.fk_statut, f.type ";
 if (! $user->rights->societe->client->voir && ! $socid) $sql .= ", sc.fk_soc, sc.fk_user ";
@@ -271,10 +265,13 @@ if ($resql)
 	dol_htmloutput_mesg($mesg);
+	print '<form id="form_generate_pdf" method="POST" action="'.$_SERVER["PHP_SELF"].'?sortfield='. $sortfield .'&sortorder='. $sortorder .'">';
+	print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
+	if ($late) print '<input type="hidden" name="late" value="'.dol_escape_htmltag($late).'">';
 	$i = 0;
 	print '<table class="liste" width="100%">';
 	print '<tr class="liste_titre">';
 	print_liste_field_titre($langs->trans("Ref"),$_SERVER["PHP_SELF"],"f.facnumber","",$param,"",$sortfield,$sortorder);
 	print_liste_field_titre($langs->trans("Date"),$_SERVER["PHP_SELF"],"f.datef","",$param,'align="center"',$sortfield,$sortorder);
 	print_liste_field_titre($langs->trans("DateDue"),$_SERVER["PHP_SELF"],"f.date_lim_reglement","",$param,'align="center"',$sortfield,$sortorder);
@@ -289,17 +286,16 @@ if ($resql)
 	print "</tr>\n";
 	// Lignes des champs de filtre
-	print '<form method="GET" action="'.$_SERVER["PHP_SELF"].'">';
 	print '<tr class="liste_titre">';
 	// Ref
 	print '<td class="liste_titre">';
 	print '<input class="flat" size="10" type="text" name="search_ref" value="'.$search_ref.'"></td>';
 	print '<td class="liste_titre">&nbsp;</td>';
 	print '<td class="liste_titre">&nbsp;</td>';
-	print '<td class="liste_titre" align="left"><input class="flat" type="text" size="10" name="search_societe" value="'.$search_societe.'"></td>';
+	print '<td class="liste_titre" align="left"><input class="flat" type="text" size="10" name="search_societe" value="'.dol_escape_htmltag($search_societe).'"></td>';
-	print '<td class="liste_titre" align="right"><input class="flat" type="text" size="8" name="search_montant_ht" value="'.$search_montant_ht.'"></td>';
+	print '<td class="liste_titre" align="right"><input class="flat" type="text" size="8" name="search_montant_ht" value="'.dol_escape_htmltag($search_montant_ht).'"></td>';
 	print '<td class="liste_titre">&nbsp;</td>';
-	print '<td class="liste_titre" align="right"><input class="flat" type="text" size="8" name="search_montant_ttc" value="'.$search_montant_ttc.'"></td>';
+	print '<td class="liste_titre" align="right"><input class="flat" type="text" size="8" name="search_montant_ttc" value="'.dol_escape_htmltag($search_montant_ttc).'"></td>';
 	print '<td class="liste_titre">&nbsp;</td>';
 	print '<td class="liste_titre">&nbsp;</td>';
 	print '<td class="liste_titre" align="right">';
@@ -309,7 +305,6 @@ if ($resql)
 	if ($conf->use_javascript_ajax) print '<a href="#" id="checkall">'.$langs->trans("All").'</a> / <a href="#" id="checknone">'.$langs->trans("None").'</a>';
 	print '</td>';
 	print "</tr>\n";
-	print '</form>';
 	if ($num > 0)
 	{
@@ -321,9 +316,6 @@ if ($resql)
 		$facturestatic=new Facture($db);
-		print '<form id="form_generate_pdf" method="POST" action="'.$_SERVER["PHP_SELF"].'?sortfield='. $sortfield .'&sortorder='. $sortorder .'">';
-		print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
 		while ($i < $num)
 		{
 			$objp = $db->fetch_object($resql);
@@ -426,17 +418,13 @@ if ($resql)
 	 * Show list of available documents
 	 */
 	$filedir=$diroutputpdf;
-	if ($search_ref)         print '<input type="hidden" name="search_ref" value="'.$search_ref.'">';
-	if ($search_societe)     print '<input type="hidden" name="search_societe" value="'.$search_societe.'">';
-	if ($search_montant_ht)  print '<input type="hidden" name="search_montant_ht" value="'.$search_montant_ht.'">';
-	if ($search_montant_ttc) print '<input type="hidden" name="search_montant_ttc" value="'.$search_montant_ttc.'">';
-	if ($late)               print '<input type="hidden" name="late" value="'.$late.'">';
 	$genallowed=$user->rights->facture->lire;
 	$delallowed=$user->rights->facture->lire;
 	print '<br>';
 	print '<input type="hidden" name="option" value="'.$option.'">';
-	$formfile->show_documents('unpaid','',$filedir,$urlsource,$genallowed,$delallowed,'',1,0,0,48,1,$param,$langs->trans("PDFMerge"),$langs->trans("PDFMerge"));
+	// We disable multilang because we concat already existing pdf.
+	$formfile->show_documents('unpaid','',$filedir,$urlsource,$genallowed,$delallowed,'',1,1,0,48,1,$param,$langs->trans("PDFMerge"),$langs->trans("PDFMerge"));
 	print '</form>';
 	$db->free($resql);