From d2e336ddd6911ba37aea119aa2189f615f99d0f4 Mon Sep 17 00:00:00 2001
From: Regis Houssin <regis@dolibarr.fr>
Date: Sat, 8 Sep 2012 15:16:27 +0200
Subject: [PATCH] Fix: GET and POST treatment in dol_loginfunction()

---
 htdocs/core/lib/security2.lib.php          | 2 +-
 htdocs/core/tpl/login.tpl.php              | 2 +-
 htdocs/theme/bureau2crea/tpl/login.tpl.php | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/htdocs/core/lib/security2.lib.php b/htdocs/core/lib/security2.lib.php
index 7c2c1d897e8..3d1b69279f6 100644
--- a/htdocs/core/lib/security2.lib.php
+++ b/htdocs/core/lib/security2.lib.php
@@ -210,7 +210,7 @@ function dol_loginfunction($langs,$conf,$mysoc)
 	$hookmanager->executeHooks('getLoginPageOptions',$parameters);    // Note that $action and $object may have been modified by some hooks
 
 	// Login
-	$login = (! empty($hookmanager->resArray['username']) ? $hookmanager->resArray['username'] : (GETPOST("username","alpha",2) ? GETPOST("username","alpha",2) : $demologin));
+	$login = (! empty($hookmanager->resArray['username']) ? $hookmanager->resArray['username'] : (GETPOST("username","alpha") ? GETPOST("username","alpha") : $demologin));
 	$password = $demopassword;
 
 	// Show logo (search in order: small company logo, large company logo, theme logo, common logo)
diff --git a/htdocs/core/tpl/login.tpl.php b/htdocs/core/tpl/login.tpl.php
index 7f4d8b76cf1..586b8b645c9 100644
--- a/htdocs/core/tpl/login.tpl.php
+++ b/htdocs/core/tpl/login.tpl.php
@@ -103,7 +103,7 @@ $(document).ready(function () {
 <tr>
 <td valign="bottom"> &nbsp; <strong><label for="username"><?php echo $langs->trans('Login'); ?></label></strong> &nbsp; </td>
 <td valign="bottom" nowrap="nowrap">
-<input type="text" id="username" name="username" class="flat" size="15" maxlength="40" value="<?php echo dol_escape_htmltag(GETPOST('username')?GETPOST('username'):$login); ?>" tabindex="1" />
+<input type="text" id="username" name="username" class="flat" size="15" maxlength="40" value="<?php echo dol_escape_htmltag($login); ?>" tabindex="1" />
 </td>
 </tr>
 
diff --git a/htdocs/theme/bureau2crea/tpl/login.tpl.php b/htdocs/theme/bureau2crea/tpl/login.tpl.php
index e9a92c591f4..27a4ea87adf 100644
--- a/htdocs/theme/bureau2crea/tpl/login.tpl.php
+++ b/htdocs/theme/bureau2crea/tpl/login.tpl.php
@@ -109,7 +109,7 @@ $(document).ready(function () {
 
 <div id="parameterBox">
 
-<div id="logBox"><strong><label for="username"><?php echo $langs->trans('Login'); ?></label></strong><input type="text" id="username" name="username" class="flat" size="15" maxlength="40" value="<?php echo dol_escape_htmltag(GETPOST('username')?GETPOST('username'):$login); ?>" tabindex="1" /></div>
+<div id="logBox"><strong><label for="username"><?php echo $langs->trans('Login'); ?></label></strong><input type="text" id="username" name="username" class="flat" size="15" maxlength="40" value="<?php echo dol_escape_htmltag($login); ?>" tabindex="1" /></div>
 <div id="passBox"><strong><label for="password"><?php echo $langs->trans('Password'); ?></label></strong><input id="password" name="password" class="flat" type="password" size="15" maxlength="30" value="<?php echo dol_escape_htmltag($password); ?>" tabindex="2" /></div>
 
 	<?php
-- 
GitLab