diff --git a/htdocs/core/photos_resize.php b/htdocs/core/photos_resize.php index ae73347edfa6f3e0e5ef1c1ac0a8e98c7695c68b..778c37f686ab786eb264b598c81ca3b4ad2dda99 100644 --- a/htdocs/core/photos_resize.php +++ b/htdocs/core/photos_resize.php @@ -197,7 +197,7 @@ llxHeader($head, $langs->trans("Image"), '', '', 0, 0, array('/includes/jquery/p print load_fiche_titre($langs->trans("ImageEditor")); -$infoarray=dol_getImageSize($dir."/".urldecode($_GET["file"])); +$infoarray=dol_getImageSize($dir."/".GETPOST("file")); $height=$infoarray['height']; $width=$infoarray['width']; print $langs->trans("CurrentInformationOnImage").': '; @@ -218,7 +218,7 @@ print '<legend>'.$langs->trans("Resize").'</legend>'; print $langs->trans("ResizeDesc").'<br>'; print $langs->trans("NewLength").': <input class="flat" name="sizex" size="10" type="text" > px '.$langs->trans("or").' '; print $langs->trans("NewHeight").': <input class="flat" name="sizey" size="10" type="text" > px <br>'; -print '<input type="hidden" name="file" value="'.$_GET['file'].'" />'; +print '<input type="hidden" name="file" value="'.dol_escape_htmltag(GETPOST('file')).'" />'; print '<input type="hidden" name="action" value="confirm_resize" />'; print '<input type="hidden" name="product" value="'.$id.'" />'; print '<input type="hidden" name="modulepart" value="'.$modulepart.'" />'; @@ -240,7 +240,7 @@ print '<br>'."\n"; if (! empty($conf->use_javascript_ajax)) { - $infoarray=dol_getImageSize($dir."/".urldecode($_GET["file"])); + $infoarray=dol_getImageSize($dir."/".GETPOST("file")); $height=$infoarray['height']; $width=$infoarray['width']; $widthforcrop=$width; $refsizeforcrop='orig'; $ratioforcrop=1; @@ -260,7 +260,7 @@ if (! empty($conf->use_javascript_ajax)) print '<img src="'.DOL_URL_ROOT.'/viewimage.php?modulepart='.$modulepart.'&entity='.$object->entity.'&file='.$original_file.'" alt="" id="cropbox" width="'.$widthforcrop.'px"/>'; print '</div>'; print '</div><br>'; - print '<form action="'.$_SERVER["PHP_SELF"].'?id='.$id.'" method="post"> + print '<form action="'.$_SERVER["PHP_SELF"].'?id='.$id.'" method="POST"> <div class="jc_coords"> '.$langs->trans("NewSizeAfterCropping").': <label>X1 <input type="text" size="4" id="x" name="x" /></label> @@ -271,13 +271,13 @@ if (! empty($conf->use_javascript_ajax)) <label>H <input type="text" size="4" id="h" name="h" /></label> </div> - <input type="hidden" id="file" name="file" value="'.urlencode($original_file).'" /> + <input type="hidden" id="file" name="file" value="'.dol_escape_htmltag($original_file).'" /> <input type="hidden" id="action" name="action" value="confirm_crop" /> - <input type="hidden" id="product" name="product" value="'.$id.'" /> + <input type="hidden" id="product" name="product" value="'.dol_escape_htmltag($id).'" /> <input type="hidden" id="refsizeforcrop" name="refsizeforcrop" value="'.$refsizeforcrop.'" /> <input type="hidden" id="ratioforcrop" name="ratioforcrop" value="'.$ratioforcrop.'" /> - <input type="hidden" name="modulepart" value="'.$modulepart.'" /> - <input type="hidden" name="id" value="'.$id.'" /> + <input type="hidden" name="modulepart" value="'.dol_escape_htmltag($modulepart).'" /> + <input type="hidden" name="id" value="'.dol_escape_htmltag($id).'" /> <br> <input type="submit" id="submitcrop" name="submitcrop" class="button" value="'.dol_escape_htmltag($langs->trans("Recenter")).'" />