diff --git a/htdocs/core/lib/security.lib.php b/htdocs/core/lib/security.lib.php
index eb84d0690534b7ec2df61808a70f2fab34cebe3e..a189fa8de6d55308ecee0f6acc5573dcb40e7f93 100644
--- a/htdocs/core/lib/security.lib.php
+++ b/htdocs/core/lib/security.lib.php
@@ -237,7 +237,7 @@ function dol_loginfunction($langs,$conf,$mysoc)
}
// Login
- $login = (!empty($lastuser)?$lastuser:(GETPOST("username")?GETPOST("username"):$demologin));
+ $login = (!empty($lastuser)?$lastuser:(GETPOST("username","alpha",2)?GETPOST("username","alpha",2):$demologin));
$password = $demopassword;
// Show logo (search in order: small company logo, large company logo, theme logo, common logo)
diff --git a/htdocs/main.inc.php b/htdocs/main.inc.php
index 436c40527cf388b2428811d1e1499bf299aa5f50..ef1bbaec397df418b2e2e4f52511894567c907c3 100644
--- a/htdocs/main.inc.php
+++ b/htdocs/main.inc.php
@@ -338,7 +338,7 @@ if (! defined('NOLOGIN'))
}
// Verification security graphic code
- if (isset($_POST["username"]) && ! empty($conf->global->MAIN_SECURITY_ENABLECAPTCHA))
+ if (GETPOST("username","alpha",2) && ! empty($conf->global->MAIN_SECURITY_ENABLECAPTCHA))
{
require_once(ARTICHOW_PATH.'Artichow.cfg.php');
require_once(ARTICHOW.'/AntiSpam.class.php');
@@ -352,7 +352,7 @@ if (! defined('NOLOGIN'))
$langs->load('main');
$langs->load('errors');
- $user->trigger_mesg='ErrorBadValueForCode - login='.$_POST["username"];
+ $user->trigger_mesg='ErrorBadValueForCode - login='.GETPOST("username","alpha",2);
$_SESSION["dol_loginmesg"]=$langs->trans("ErrorBadValueForCode");
$test=false;
@@ -365,7 +365,7 @@ if (! defined('NOLOGIN'))
}
}
- $usertotest = (! empty($_COOKIE['login_dolibarr']) ? $_COOKIE['login_dolibarr'] : $_POST["username"]);
+ $usertotest = (! empty($_COOKIE['login_dolibarr']) ? $_COOKIE['login_dolibarr'] : GETPOST("username","alpha",2));
$passwordtotest = (! empty($_COOKIE['password_dolibarr']) ? $_COOKIE['password_dolibarr'] : $_POST["password"]);
$entitytotest = (! empty($_POST["entity"]) ? $_POST["entity"] : 1);