diff --git a/ChangeLog b/ChangeLog
index 0f7bee2018640fc2692e6c582dd49c624a2e4547..c8238ac46c8998d022ced2dd798c40ef27677a06 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -146,9 +146,10 @@ Fix: When disabled, all fields to add time into task line must be disabled.
Fix: Missing include files.lib.php in some pages that use dol_delete_recursive
Fix: [ bug #1558 ] Product/service edit page title shows new Ref instead of old ref.
Fix: [ bug #1553 ] Saving User displays setup removes menu.
-Fix: [ bug #1544 ] Can remove date from invoice
-Fix: list event view lost type event filter
-Fix: Add code save on create event
+Fix: [ bug #1544 ] Can remove date from invoice.
+Fix: list event view lost type event filter.
+Fix: Add code save on create event.
+Fix: SQL injection.
***** ChangeLog for 3.5.4 compared to 3.5.3 *****
Fix: Hide title of event when agenda module disabled.
diff --git a/htdocs/adherents/class/adherent.class.php b/htdocs/adherents/class/adherent.class.php
index fd30c21486d4c6cb30220cdbb46d22826b72cf90..04056e0bbb0601ec8a25790f1cfb2e72159c0735 100644
--- a/htdocs/adherents/class/adherent.class.php
+++ b/htdocs/adherents/class/adherent.class.php
@@ -1081,7 +1081,7 @@ class Adherent extends CommonObject
if ($rowid) $sql.= " AND d.rowid=".$rowid;
elseif ($ref || $fk_soc) {
$sql.= " AND d.entity IN (".getEntity().")";
- if ($ref) $sql.= " AND d.rowid='".$ref."'";
+ if ($ref) $sql.= " AND d.rowid='".$this->db->escape($ref)."'";
elseif ($fk_soc) $sql.= " AND d.fk_soc='".$fk_soc."'";
}
elseif ($ref_ext)
diff --git a/htdocs/cashdesk/index.php b/htdocs/cashdesk/index.php
index 9ab47249d2a5ce852d00fc9142282633f0153c08..8ea6063a5e41adf72151a19bcc6e524e0d6e2e1f 100644
--- a/htdocs/cashdesk/index.php
+++ b/htdocs/cashdesk/index.php
@@ -39,6 +39,7 @@ if ( $_SESSION['uid'] > 0 )
}
$usertxt=GETPOST('user','',1);
+$err=GETPOST("err");
/*
@@ -64,7 +65,7 @@ top_htmlhead('','',0,0,'',$arrayofcss);
<div class="contenu">
<div class="principal_login">
-<?php if (! empty($_GET["err"])) print $_GET["err"]."<br><br>\n"; ?>
+<?php if ($err) print dol_escape_htmltag($err)."<br><br>\n"; ?>
<fieldset class="cadre_facturation"><legend class="titre1"><?php echo $langs->trans("Identification"); ?></legend>
<form id="frmLogin" method="POST" action="index_verif.php">
<input type="hidden" name="token" value="<?php echo $_SESSION['newtoken']; ?>" />
diff --git a/htdocs/comm/propal/class/propal.class.php b/htdocs/comm/propal/class/propal.class.php
index c50e96f56c17d98c674e61eeaad7f0a12f48c288..e854c278ec3a6e336306059489b53eeef1ab9a69 100644
--- a/htdocs/comm/propal/class/propal.class.php
+++ b/htdocs/comm/propal/class/propal.class.php
@@ -1072,7 +1072,7 @@ class Propal extends CommonObject
$sql.= ' LEFT JOIN '.MAIN_DB_PREFIX.'c_input_reason as dr ON p.fk_input_reason = dr.rowid';
$sql.= " WHERE p.fk_statut = c.id";
$sql.= " AND p.entity = ".$conf->entity;
- if ($ref) $sql.= " AND p.ref='".$ref."'";
+ if ($ref) $sql.= " AND p.ref='".$this->db->escape($ref)."'";
else $sql.= " AND p.rowid=".$rowid;
dol_syslog(get_class($this)."::fetch sql=".$sql, LOG_DEBUG);
diff --git a/htdocs/commande/info.php b/htdocs/commande/info.php
index de559e2b53fe6c4c095b522398977dd94bf832ea..bae932857fe34f07f03f3bfb6bdc771040a03d0f 100644
--- a/htdocs/commande/info.php
+++ b/htdocs/commande/info.php
@@ -34,7 +34,7 @@ $langs->load("sendings");
// Security check
$socid=0;
-$comid = isset($_GET["id"])?$_GET["id"]:'';
+$comid = GETPOST("id",'int');
if ($user->societe_id) $socid=$user->societe_id;
$result=restrictedArea($user,'commande',$comid,'');
@@ -47,8 +47,8 @@ $result=restrictedArea($user,'commande',$comid,'');
llxHeader('',$langs->trans('Order'),'EN:Customers_Orders|FR:Commandes_Clients|ES:Pedidos de clientes');
$commande = new Commande($db);
-$commande->fetch($_GET["id"]);
-$commande->info($_GET["id"]);
+$commande->fetch($comid);
+$commande->info($comid);
$soc = new Societe($db);
$soc->fetch($commande->socid);
diff --git a/htdocs/commande/orderstoinvoice.php b/htdocs/commande/orderstoinvoice.php
index 5332690e40b53a94b28c90e307c9f0623c10e217..bea20200882b78ec81f5d4d76964f5fe2764f2a9 100644
--- a/htdocs/commande/orderstoinvoice.php
+++ b/htdocs/commande/orderstoinvoice.php
@@ -45,7 +45,7 @@ $langs->load('companies');
if (! $user->rights->facture->creer)
accessforbidden();
-$id = (GETPOST('id')?GETPOST("id"):GETPOST("facid")); // For backward compatibility
+$id = (GETPOST('id')?GETPOST('id','int'):GETPOST("facid")); // For backward compatibility
$ref = GETPOST('ref','alpha');
$action = GETPOST('action','alpha');
$confirm = GETPOST('confirm','alpha');
diff --git a/htdocs/compta/bank/bankid_fr.php b/htdocs/compta/bank/bankid_fr.php
index 907792010ba69303f52bab12869acb90aa765c1a..43666cba5a549e334c3060d4929483104a0ffd88 100644
--- a/htdocs/compta/bank/bankid_fr.php
+++ b/htdocs/compta/bank/bankid_fr.php
@@ -34,7 +34,7 @@ $langs->load("categories");
$langs->load("bills");
$action=GETPOST('action');
-$id=GETPOST('id');
+$id=GETPOST('id','int');
$ref=GETPOST('ref');
// Security check
diff --git a/htdocs/compta/prelevement/class/bonprelevement.class.php b/htdocs/compta/prelevement/class/bonprelevement.class.php
index 5c21c3c5fbfea7ab9195327253e3c1d2d4c769c2..104277f4ed5d478c18c998463622c4b919868951 100644
--- a/htdocs/compta/prelevement/class/bonprelevement.class.php
+++ b/htdocs/compta/prelevement/class/bonprelevement.class.php
@@ -917,7 +917,7 @@ class BonPrelevement extends CommonObject
$sql = "INSERT INTO ".MAIN_DB_PREFIX."prelevement_bons (";
$sql.= " ref, entity, datec";
$sql.= ") VALUES (";
- $sql.= "'".$ref."'";
+ $sql.= "'".$this->db->escape($ref)."'";
$sql.= ", ".$conf->entity;
$sql.= ", '".$this->db->idate($now)."'";
$sql.= ")";
diff --git a/htdocs/compta/prelevement/liste.php b/htdocs/compta/prelevement/liste.php
index 9521ba7e3d25345c63270dab67684c2db4dc0e84..a9fb602499252da6b380de5d263383fe815f466c 100644
--- a/htdocs/compta/prelevement/liste.php
+++ b/htdocs/compta/prelevement/liste.php
@@ -78,19 +78,19 @@ $sql.= " AND f.entity = ".$conf->entity;
if ($socid) $sql.= " AND s.rowid = ".$socid;
if ($search_line)
{
- $sql.= " AND pl.rowid = '".$search_line."'";
+ $sql.= " AND pl.rowid = '".$db->escape($search_line)."'";
}
if ($search_bon)
{
- $sql.= " AND p.ref LIKE '%".$search_bon."%'";
+ $sql.= " AND p.ref LIKE '%".$db->escape($search_bon)."%'";
}
if ($search_code)
{
- $sql.= " AND s.code_client LIKE '%".$search_code."%'";
+ $sql.= " AND s.code_client LIKE '%".$db->escape($search_code)."%'";
}
if ($search_societe)
{
- $sql .= " AND s.nom LIKE '%".$search_societe."%'";
+ $sql .= " AND s.nom LIKE '%".$db->escape($search_societe)."%'";
}
$sql.=$db->order($sortfield,$sortorder);
$sql.=$db->plimit($conf->liste_limit+1, $offset);
@@ -104,7 +104,7 @@ if ($result)
$urladd = "&statut=".$statut;
$urladd .= "&search_bon=".$search_bon;
- print_barre_liste($langs->trans("WithdrawalsLines"), $page, "liste.php", $urladd, $sortfield, $sortorder, '', $num);
+ print_barre_liste($langs->trans("WithdrawalsLines"), $page, $_SERVER["PHP_SELF"], $urladd, $sortfield, $sortorder, '', $num);
print"\n<!-- debut table -->\n";
print '<table class="liste" width="100%">';
diff --git a/htdocs/compta/prelevement/rejets.php b/htdocs/compta/prelevement/rejets.php
index e8e27d957ea3e7390052480a4e9449d6bb35f3af..30b36a59775cf2ee9dc8dfb5efa029bb4c9f3051 100644
--- a/htdocs/compta/prelevement/rejets.php
+++ b/htdocs/compta/prelevement/rejets.php
@@ -76,7 +76,8 @@ $sql.= " AND pl.fk_prelevement_bons = p.rowid";
$sql.= " AND pl.fk_soc = s.rowid";
$sql.= " AND p.entity = ".$conf->entity;
if ($socid) $sql.= " AND s.rowid = ".$socid;
-$sql .= " ORDER BY $sortfield $sortorder " . $db->plimit($conf->liste_limit+1, $offset);
+$sql.= " ".$db->order($sortfield, $sortorder);
+$sql.= " ".$db->plimit($conf->liste_limit+1, $offset);
$result = $db->query($sql);
if ($result)
diff --git a/htdocs/compta/recap-compta.php b/htdocs/compta/recap-compta.php
index 62cb7a631cb81f63c062a67e442747dd02a59471..42f91e3132bf55247b723a9f59961f7b15116462 100644
--- a/htdocs/compta/recap-compta.php
+++ b/htdocs/compta/recap-compta.php
@@ -30,7 +30,7 @@ $langs->load("companies");
if (! empty($conf->facture->enabled)) $langs->load("bills");
// Security check
-$socid = $_GET["socid"];
+$socid = GETPOST("socid",'int');
if ($user->societe_id > 0)
{
$action = '';
diff --git a/htdocs/contact/info.php b/htdocs/contact/info.php
index 53777ce3e40513baa20dc3c709b93086f85c6f10..51a80d8d9944f70cba4791d53696b46729d382be 100644
--- a/htdocs/contact/info.php
+++ b/htdocs/contact/info.php
@@ -31,22 +31,22 @@ require_once DOL_DOCUMENT_ROOT.'/core/lib/contact.lib.php';
$langs->load("companies");
// Security check
-$contactid = isset($_GET["id"])?$_GET["id"]:'';
+$contactid = GETPOST("id",'int');
if ($user->societe_id) $socid=$user->societe_id;
$result = restrictedArea($user, 'contact', $contactid, 'socpeople&societe');
/*
-* View
-*/
+ * View
+ */
llxHeader('',$langs->trans("ContactsAddresses"),'EN:Module_Third_Parties|FR:Module_Tiers|ES:Módulo_Empresas');
$contact = new Contact($db);
-$contact->fetch($_GET["id"], $user);
-$contact->info($_GET["id"]);
+$contact->fetch($contactid, $user);
+$contact->info($contactid);
$head = contact_prepare_head($contact);
diff --git a/htdocs/contrat/class/contrat.class.php b/htdocs/contrat/class/contrat.class.php
index 1c23eb62be581f9b3594d5d5b76c6d301f94b036..073ef7bd0f52e43bf98134240261e593748eb3f3 100644
--- a/htdocs/contrat/class/contrat.class.php
+++ b/htdocs/contrat/class/contrat.class.php
@@ -411,7 +411,7 @@ class Contrat extends CommonObject
$sql.= " FROM ".MAIN_DB_PREFIX."contrat";
if ($ref)
{
- $sql.= " WHERE ref='".$ref."'";
+ $sql.= " WHERE ref='".$this->db->escape($ref)."'";
$sql.= " AND entity IN (".getEntity('contract').")";
}
else $sql.= " WHERE rowid=".$id;
@@ -1964,7 +1964,7 @@ class ContratLigne
$sql.= " t.commentaire";
$sql.= " FROM ".MAIN_DB_PREFIX."contratdet as t";
if ($id) $sql.= " WHERE t.rowid = ".$id;
- if ($ref) $sql.= " WHERE t.rowid = '".$ref."'";
+ if ($ref) $sql.= " WHERE t.rowid = '".$this->db->escape($ref)."'";
dol_syslog(get_class($this)."::fetch sql=".$sql, LOG_DEBUG);
$resql=$this->db->query($sql);
diff --git a/htdocs/contrat/info.php b/htdocs/contrat/info.php
index 234f986a00ca33e9a3db9b386b8b9bc465e905a5..53af58a241544edfb7477eee64c9a5149fa875d9 100644
--- a/htdocs/contrat/info.php
+++ b/htdocs/contrat/info.php
@@ -29,7 +29,7 @@ require_once DOL_DOCUMENT_ROOT.'/contrat/class/contrat.class.php';
$langs->load("contracts");
// Security check
-$contratid = isset($_GET["id"])?$_GET["id"]:'';
+$contratid = GETPOST("id",'int');
if ($user->societe_id) $socid=$user->societe_id;
$result = restrictedArea($user, 'contrat',$contratid,'');
@@ -41,8 +41,8 @@ $result = restrictedArea($user, 'contrat',$contratid,'');
llxHeader();
$contrat = new Contrat($db);
-$contrat->fetch($_GET["id"]);
-$contrat->info($_GET["id"]);
+$contrat->fetch($contratid);
+$contrat->info($contratid);
$head = contract_prepare_head($contrat);
diff --git a/htdocs/core/class/commonobject.class.php b/htdocs/core/class/commonobject.class.php
index 914d9be59a3b193aa0664f36b2c837ede30e61cf..53fa3b9c002ec4cdef71402baaa1d29508f91a12 100644
--- a/htdocs/core/class/commonobject.class.php
+++ b/htdocs/core/class/commonobject.class.php
@@ -2039,7 +2039,7 @@ abstract class CommonObject
$sql.= " FROM ".MAIN_DB_PREFIX.$this->table_element;
$sql.= " WHERE entity IN (".getEntity($this->element, 1).")";
if (! empty($id)) $sql.= " AND rowid = ".$id;
- if (! empty($ref)) $sql.= " AND ref = '".$ref."'";
+ if (! empty($ref)) $sql.= " AND ref = '".$this->db->escape($ref)."'";
$resql = $this->db->query($sql);
if ($resql)
diff --git a/htdocs/fourn/class/fournisseur.commande.class.php b/htdocs/fourn/class/fournisseur.commande.class.php
index d1483c52f70d15b91206030712e6a01e03209b5c..155c8111f81ec6f4d9d043d21a89ca9d9a204681 100644
--- a/htdocs/fourn/class/fournisseur.commande.class.php
+++ b/htdocs/fourn/class/fournisseur.commande.class.php
@@ -135,7 +135,7 @@ class CommandeFournisseur extends CommonOrder
$sql.= " LEFT JOIN ".MAIN_DB_PREFIX."c_paiement as p ON (c.fk_mode_reglement = p.id)";
$sql.= " LEFT JOIN ".MAIN_DB_PREFIX."c_input_method as cm ON cm.rowid = c.fk_input_method";
$sql.= " WHERE c.entity = ".$conf->entity;
- if ($ref) $sql.= " AND c.ref='".$ref."'";
+ if ($ref) $sql.= " AND c.ref='".$this->db->escape($ref)."'";
else $sql.= " AND c.rowid=".$id;
dol_syslog(get_class($this)."::fetch sql=".$sql,LOG_DEBUG);
diff --git a/htdocs/holiday/index.php b/htdocs/holiday/index.php
index 4c660bf6526eb90c0e818e31bb13c13831969033..26f413a4e4388f56df45f6afcf3f60d348b23db1 100644
--- a/htdocs/holiday/index.php
+++ b/htdocs/holiday/index.php
@@ -51,7 +51,7 @@ $offset = $conf->liste_limit * $page ;
$pageprev = $page - 1;
$pagenext = $page + 1;
-$id = GETPOST('id');
+$id = GETPOST('id','int');
$search_ref = GETPOST('search_ref');
$month_create = GETPOST('month_create');
diff --git a/htdocs/opensurvey/list.php b/htdocs/opensurvey/list.php
index d7cdaae62ace02376b57fb317ba898740984c4f4..83482bbe04fbed321ad2daadc9167d00f2285460 100644
--- a/htdocs/opensurvey/list.php
+++ b/htdocs/opensurvey/list.php
@@ -30,7 +30,7 @@ require_once(DOL_DOCUMENT_ROOT."/core/lib/files.lib.php");
if (!$user->rights->opensurvey->read) accessforbidden();
$action=GETPOST('action');
-$id=GETPOST('id');
+$id=GETPOST('id','alpha');
$numsondage= $id;
$surveytitle=GETPOST('surveytitle');
$status=GETPOST('status');
diff --git a/htdocs/product/index.php b/htdocs/product/index.php
index b3af35d5b3c0a37544bd7f27d2272e102fa0c770..33025dd1551c5a16b2c5cfeef7e59ac204c3fa0e 100644
--- a/htdocs/product/index.php
+++ b/htdocs/product/index.php
@@ -28,7 +28,7 @@ require '../main.inc.php';
require_once DOL_DOCUMENT_ROOT.'/product/class/product.class.php';
require_once DOL_DOCUMENT_ROOT.'/core/lib/date.lib.php';
-$type=isset($_GET["type"])?$_GET["type"]:(isset($_POST["type"])?$_POST["type"]:'');
+$type=GETPOST("type",'int');
if ($type =='' && !$user->rights->produit->lire) $type='1'; // Force global page on service page only
if ($type =='' && !$user->rights->service->lire) $type='0'; // Force global page on product page only
diff --git a/htdocs/product/stats/contrat.php b/htdocs/product/stats/contrat.php
index 12c97435c7e478c1517463ffec6790f78c572a89..518daf2b8f136651ba1b9a91f6d8b3ac47562570 100644
--- a/htdocs/product/stats/contrat.php
+++ b/htdocs/product/stats/contrat.php
@@ -70,7 +70,7 @@ if ($id > 0 || ! empty($ref))
{
$product = new Product($db);
$result = $product->fetch($id, $ref);
-
+
$parameters=array('id'=>$id);
$reshook=$hookmanager->executeHooks('doActions',$parameters,$product,$action); // Note that $action and $object may have been modified by some hooks
$error=$hookmanager->error; $errors=$hookmanager->errors;
@@ -83,7 +83,7 @@ if ($id > 0 || ! empty($ref))
$titre=$langs->trans("CardProduct".$product->type);
$picto=($product->type==1?'service':'product');
dol_fiche_head($head, 'referers', $titre, 0, $picto);
-
+
$reshook=$hookmanager->executeHooks('formObjectOptions',$parameters,$product,$action); // Note that $action and $object may have been modified by hook
print '<table class="border" width="100%">';
@@ -135,7 +135,7 @@ if ($id > 0 || ! empty($ref))
if (!$user->rights->societe->client->voir && !$socid) $sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id;
if ($socid) $sql.= " AND s.rowid = ".$socid;
$sql.= " GROUP BY c.rowid, c.date_contrat, c.statut, s.nom, s.rowid, s.code_client";
- $sql.= " ORDER BY $sortfield $sortorder";
+ $sql.= $db->order($sortfield, $sortorder);
$sql.= $db->plimit($conf->liste_limit +1, $offset);
$result = $db->query($sql);
diff --git a/htdocs/product/stock/liste.php b/htdocs/product/stock/liste.php
index b7ca2b7ba480b671606811682bffb3e3c9094a5a..a639bd86239c8eb74ddec1eb73f826835016ecc0 100644
--- a/htdocs/product/stock/liste.php
+++ b/htdocs/product/stock/liste.php
@@ -31,12 +31,12 @@ $langs->load("stocks");
// Security check
$result=restrictedArea($user,'stock');
-$sref=isset($_GET["sref"])?$_GET["sref"]:$_POST["sref"];
-$snom=isset($_GET["snom"])?$_GET["snom"]:$_POST["snom"];
-$sall=isset($_GET["sall"])?$_GET["sall"]:$_POST["sall"];
+$sref=GETPOST("sref");;
+$snom=GETPOST("snom");
+$sall=GETPOST("sall");
-$sortfield = isset($_GET["sortfield"])?$_GET["sortfield"]:$_POST["sortfield"];
-$sortorder = isset($_GET["sortorder"])?$_GET["sortorder"]:$_POST["sortorder"];
+$sortfield = GETPOST("sortfield");
+$sortorder = GETPOST("sortorder");
if (! $sortfield) $sortfield="e.label";
if (! $sortorder) $sortorder="ASC";
$page = $_GET["page"];
@@ -50,13 +50,13 @@ $sql.= " FROM ".MAIN_DB_PREFIX."entrepot as e";
$sql.= " WHERE e.entity = ".$conf->entity;
if ($sref)
{
- $sql.= " AND e.label like '%".$sref."%'";
+ $sql.= " AND e.label like '%".$db->escape($sref)."%'";
}
if ($sall)
{
- $sql.= " AND (e.description like '%".$sall."%' OR e.lieu like '%".$sall."%' OR e.address like '%".$sall."%' OR e.town like '%".$sall."%')";
+ $sql.= " AND (e.description like '%".$db->escape($sall)."%' OR e.lieu like '%".$db->escape($sall)."%' OR e.address like '%".$db->escape($sall)."%' OR e.town like '%".$db->escape($sall)."%')";
}
-$sql.= " ORDER BY $sortfield $sortorder";
+$sql.= $db->order($sortfield,$sortorder);
$sql.= $db->plimit($limit+1, $offset);
$result = $db->query($sql);
diff --git a/htdocs/product/stock/massstockmove.php b/htdocs/product/stock/massstockmove.php
index afe9e20e28b15b37a3ee07523b063c642106314a..ee94d9652c65241a205c3f74cdc2852f05301142 100644
--- a/htdocs/product/stock/massstockmove.php
+++ b/htdocs/product/stock/massstockmove.php
@@ -44,9 +44,9 @@ $result=restrictedArea($user,'produit|service');
//checks if a product has been ordered
$action = GETPOST('action','alpha');
-$id_product = GETPOST('productid', 'productid');
-$id_sw = GETPOST('id_sw', 'id_sw');
-$id_tw = GETPOST('id_tw', 'id_tw');
+$id_product = GETPOST('productid', 'int');
+$id_sw = GETPOST('id_sw', 'int');
+$id_tw = GETPOST('id_tw', 'int');
$qty = GETPOST('qty');
$idline = GETPOST('idline');
diff --git a/htdocs/product/stock/replenishorders.php b/htdocs/product/stock/replenishorders.php
index f0f2bfca8e996fe645bf6c36df5958b1e4f6932e..5ebb36a7054bae4b0a4f498debec95f3dd68c344 100644
--- a/htdocs/product/stock/replenishorders.php
+++ b/htdocs/product/stock/replenishorders.php
@@ -72,13 +72,8 @@ $sproduct = GETPOST('sproduct', 'int');
$sortorder = GETPOST('sortorder', 'alpha');
$sortfield = GETPOST('sortfield', 'alpha');
-if (!$sortorder) {
- $sortorder = 'DESC';
-}
-
-if (!$sortfield) {
- $sortfield = 'cf.date_creation';
-}
+if (!$sortorder) $sortorder = 'DESC';
+if (!$sortfield) $sortfield = 'cf.date_creation';
$offset = $conf->liste_limit * $page ;
@@ -146,7 +141,7 @@ if (GETPOST('statut', 'int')) {
}
$sql .= ' GROUP BY cf.rowid, cf.ref, cf.date_creation, cf.fk_statut';
$sql .= ', cf.total_ttc, cf.fk_user_author, u.login, s.rowid, s.nom';
-$sql .= ' ORDER BY ' . $sortfield . ' ' . $sortorder . ' ';
+$sql .= $db->order($sortfield, $sortorder);
$sql .= $db->plimit($conf->liste_limit+1, $offset);
$resql = $db->query($sql);
if ($resql)
@@ -317,7 +312,7 @@ if ($resql)
'</form>';
$db->free($resql);
-
+
dol_fiche_end();
}
else
diff --git a/htdocs/projet/class/project.class.php b/htdocs/projet/class/project.class.php
index e6c718c655f7c50443feb06bff96c92379245f60..26b73062370298e3823a0c79602bd55cac8dc253 100644
--- a/htdocs/projet/class/project.class.php
+++ b/htdocs/projet/class/project.class.php
@@ -299,7 +299,7 @@ class Project extends CommonObject
}
else if (! empty($ref))
{
- $sql.= " WHERE ref='".$ref."'";
+ $sql.= " WHERE ref='".$this->db->escape($ref)."'";
$sql.= " AND entity IN (".getEntity('project').")";
}
diff --git a/htdocs/projet/class/task.class.php b/htdocs/projet/class/task.class.php
index c17c8c9beb5c4e6261c2c50fcecb3cab66c4d3e9..ea0cce9e121b758f28ceb00bdefff32117ab0aec 100644
--- a/htdocs/projet/class/task.class.php
+++ b/htdocs/projet/class/task.class.php
@@ -207,7 +207,7 @@ class Task extends CommonObject
$sql.= " FROM ".MAIN_DB_PREFIX."projet_task as t";
$sql.= " WHERE ";
if (!empty($ref)) {
- $sql.="t.ref = '".$ref."'";
+ $sql.="t.ref = '".$this->db->escape($ref)."'";
}else {
$sql.="t.rowid = ".$id;
}
diff --git a/htdocs/projet/contact.php b/htdocs/projet/contact.php
index c6880547c60f84a12e7b4fd50360199c56a83379..14627b2f8894c93e4f23adf77067b50fa83cd213 100644
--- a/htdocs/projet/contact.php
+++ b/htdocs/projet/contact.php
@@ -93,7 +93,7 @@ if ($action == 'swapstatut' && $user->rights->projet->creer)
{
if ($object->fetch($id))
{
- $result=$object->swapContactStatus(GETPOST('ligne'));
+ $result=$object->swapContactStatus(GETPOST('ligne','int'));
}
else
{
@@ -105,7 +105,7 @@ if ($action == 'swapstatut' && $user->rights->projet->creer)
if (($action == 'deleteline' || $action == 'deletecontact') && $user->rights->projet->creer)
{
$object->fetch($id);
- $result = $object->delete_contact($_GET["lineid"]);
+ $result = $object->delete_contact(GETPOST("lineid"));
if ($result >= 0)
{
diff --git a/htdocs/projet/tasks/index.php b/htdocs/projet/tasks/index.php
index d019a629bddf1a6bf19e22179c506b66093caa7b..6aa58979a79fe2be6be97d2866636fe6078fa789 100644
--- a/htdocs/projet/tasks/index.php
+++ b/htdocs/projet/tasks/index.php
@@ -43,9 +43,9 @@ $socid=0;
if ($user->societe_id > 0) $socid = $user->societe_id;
if (!$user->rights->projet->lire) accessforbidden();
-$sortfield = isset($_GET["sortfield"])?$_GET["sortfield"]:$_POST["sortfield"];
-$sortorder = isset($_GET["sortorder"])?$_GET["sortorder"]:$_POST["sortorder"];
-$page = isset($_GET["page"])? $_GET["page"]:$_POST["page"];
+$sortfield = GETPOST("sortfield");
+$sortorder = GETPOST("sortorder");
+$page = GETPOST("page");
$page = is_numeric($page) ? $page : 0;
$page = $page == -1 ? 0 : $page;
diff --git a/htdocs/theme/amarok/img/object_address.png b/htdocs/theme/amarok/img/object_address.png
new file mode 100644
index 0000000000000000000000000000000000000000..b20734da69abc6d778f525e70f27b74ff67f07b2
Binary files /dev/null and b/htdocs/theme/amarok/img/object_address.png differ