From fc401a9c68a36c4e79720e679b44c19dea32a1f6 Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Sun, 18 Dec 2016 13:27:14 +0100
Subject: [PATCH] Fix more security fixes
---
htdocs/accountancy/expensereport/index.php | 2 +-
htdocs/compta/bank/bankentries.php | 2 +-
htdocs/compta/bank/card.php | 30 ++++----
htdocs/compta/bank/class/account.class.php | 2 +-
htdocs/compta/bank/graph.php | 14 ++--
htdocs/compta/clients.php | 15 ++--
htdocs/compta/localtax/card.php | 12 ++--
htdocs/compta/paiement.php | 14 ++--
htdocs/compta/paiement/rapport.php | 2 +-
htdocs/compta/payment_sc/card.php | 6 +-
htdocs/compta/salaries/card.php | 4 +-
htdocs/compta/stats/index.php | 2 +-
htdocs/compta/tva/card.php | 4 +-
htdocs/compta/tva/quadri.php | 2 +-
htdocs/contact/card.php | 79 +++++++++++-----------
htdocs/theme/eldy/style.css.php | 6 +-
16 files changed, 100 insertions(+), 96 deletions(-)
diff --git a/htdocs/accountancy/expensereport/index.php b/htdocs/accountancy/expensereport/index.php
index 7ead3a9940e..fea9cff6020 100644
--- a/htdocs/accountancy/expensereport/index.php
+++ b/htdocs/accountancy/expensereport/index.php
@@ -45,7 +45,7 @@ if (! $user->rights->accounting->bind->write)
accessforbidden();
// Filter
-$year = $_GET["year"];
+$year = GETPOST('year', 'int');
if ($year == 0) {
$year_current = strftime("%Y", time());
$year_start = $year_current;
diff --git a/htdocs/compta/bank/bankentries.php b/htdocs/compta/bank/bankentries.php
index ce70e7ac938..47405d0e748 100644
--- a/htdocs/compta/bank/bankentries.php
+++ b/htdocs/compta/bank/bankentries.php
@@ -576,7 +576,7 @@ if ($resql)
print '<input type="hidden" name="sortorder" value="'.$sortorder.'">';
print '<input type="hidden" name="id" value="'.$id.'">';
print '<input type="hidden" name="ref" value="'.$ref.'">';
- if (! empty($_REQUEST['bid'])) print '<input type="hidden" name="bid" value="'.$_REQUEST["bid"].'">';
+ if (GETPOST('bid')) print '<input type="hidden" name="bid" value="'.GETPOST("bid").'">';
// Form to reconcile
if ($user->rights->banque->consolidate && $action == 'reconcile')
diff --git a/htdocs/compta/bank/card.php b/htdocs/compta/bank/card.php
index d2b3c167872..baf2f3e26b1 100644
--- a/htdocs/compta/bank/card.php
+++ b/htdocs/compta/bank/card.php
@@ -50,7 +50,7 @@ $cancel = GETPOST('cancel', 'alpha');
// Security check
if (isset($_GET["id"]) || isset($_GET["ref"]))
{
- $id = isset($_GET["id"])?$_GET["id"]:(isset($_GET["ref"])?$_GET["ref"]:'');
+ $id = isset($_GET["id"])?GETPOST("id"):(isset($_GET["ref"])?GETPOST("ref"):'');
}
$fieldid = isset($_GET["ref"])?'ref':'rowid';
if ($user->societe_id) $socid=$user->societe_id;
@@ -93,7 +93,7 @@ if ($action == 'add')
$object->iban = trim($_POST["iban"]);
$object->domiciliation = trim($_POST["domiciliation"]);
- $object->proprio = trim($_POST["proprio"]);
+ $object->proprio = trim($_POST["proprio"]);
$object->owner_address = trim($_POST["owner_address"]);
$account_number = GETPOST('account_number','alpha');
@@ -105,12 +105,12 @@ if ($action == 'add')
$object->currency_code = trim($_POST["account_currency_code"]);
- $object->state_id = $_POST["account_state_id"];
+ $object->state_id = $_POST["account_state_id"];
$object->country_id = $_POST["account_country_id"];
$object->min_allowed = GETPOST("account_min_allowed",'int');
$object->min_desired = GETPOST("account_min_desired",'int');
- $object->comment = trim($_POST["account_comment"]);
+ $object->comment = trim(GETPOST("account_comment"));
$object->fk_user_author = $user->id;
@@ -172,7 +172,7 @@ if ($action == 'update')
// Update account
$object = new Account($db);
- $object->fetch($_POST["id"]);
+ $object->fetch(GETPOST("id"));
$object->ref = dol_string_nospecial(trim($_POST["ref"]));
$object->label = trim($_POST["label"]);
@@ -190,7 +190,7 @@ if ($action == 'update')
$object->iban = trim($_POST["iban"]);
$object->domiciliation = trim($_POST["domiciliation"]);
- $object->proprio = trim($_POST["proprio"]);
+ $object->proprio = trim($_POST["proprio"]);
$object->owner_address = trim($_POST["owner_address"]);
$account_number = GETPOST('account_number', 'int');
@@ -204,7 +204,7 @@ if ($action == 'update')
$object->min_allowed = GETPOST("account_min_allowed",'int');
$object->min_desired = GETPOST("account_min_desired",'int');
- $object->comment = trim($_POST["account_comment"]);
+ $object->comment = trim(GETPOST("account_comment"));
if ($conf->global->MAIN_BANK_ACCOUNTANCY_CODE_ALWAYS_REQUIRED && empty($object->account_number))
{
@@ -251,7 +251,7 @@ if ($_POST["action"] == 'confirm_delete' && $_POST["confirm"] == "yes" && $user-
{
// Delete
$object = new Account($db);
- $object->fetch($_GET["id"]);
+ $object->fetch(GETPOST("id","int"));
$object->delete();
header("Location: ".DOL_URL_ROOT."/compta/bank/index.php");
@@ -367,7 +367,7 @@ if ($action == 'create')
// Web
print '<tr><td>'.$langs->trans("Web").'</td>';
- print '<td colspan="3"><input size="50" type="text" class="flat" name="url" value="'.$_POST["url"].'"></td></tr>';
+ print '<td colspan="3"><input class="minwidth300" type="text" class="flat" name="url" value="'.GETPOST("url").'"></td></tr>';
// Tags-Categories
if ($conf->categorie->enabled)
@@ -836,11 +836,11 @@ else
// Ref
print '<tr><td class="fieldrequired titlefieldcreate">'.$langs->trans("Ref").'</td>';
- print '<td><input size="8" type="text" class="flat" name="ref" value="'.(isset($_POST["ref"])?$_POST["ref"]:$object->ref).'"></td></tr>';
+ print '<td><input size="8" type="text" class="flat" name="ref" value="'.(isset($_POST["ref"])?GETPOST("ref"):$object->ref).'"></td></tr>';
// Label
print '<tr><td class="fieldrequired">'.$langs->trans("Label").'</td>';
- print '<td><input type="text" class="flat minwidth300" name="label" value="'.(isset($_POST["label"])?$_POST["label"]:$object->label).'"></td></tr>';
+ print '<td><input type="text" class="flat minwidth300" name="label" value="'.(isset($_POST["label"])?GETPOST("label"):$object->label).'"></td></tr>';
// Type
print '<tr><td class="fieldrequired">'.$langs->trans("AccountType").'</td>';
@@ -902,14 +902,14 @@ else
// Balance
print '<tr><td>'.$langs->trans("BalanceMinimalAllowed").'</td>';
- print '<td><input size="12" type="text" class="flat" name="account_min_allowed" value="'.(isset($_POST["account_min_allowed"])?$_POST["account_min_allowed"]:$object->min_allowed).'"></td></tr>';
+ print '<td><input size="12" type="text" class="flat" name="account_min_allowed" value="'.(isset($_POST["account_min_allowed"])?GETPOST("account_min_allowed"):$object->min_allowed).'"></td></tr>';
print '<tr><td>'.$langs->trans("BalanceMinimalDesired").'</td>';
- print '<td ><input size="12" type="text" class="flat" name="account_min_desired" value="'.(isset($_POST["account_min_desired"])?$_POST["account_min_desired"]:$object->min_desired).'"></td></tr>';
+ print '<td ><input size="12" type="text" class="flat" name="account_min_desired" value="'.(isset($_POST["account_min_desired"])?GETPOST("account_min_desired"):$object->min_desired).'"></td></tr>';
// Web
print '<tr><td>'.$langs->trans("Web").'</td>';
- print '<td><input class="maxwidth200onsmartphone" type="text" class="flat" name="url" value="'.(isset($_POST["url"])?$_POST["url"]:$object->url).'">';
+ print '<td><input class="maxwidth200onsmartphone" type="text" class="flat" name="url" value="'.(isset($_POST["url"])?GETPOST("url"):$object->url).'">';
print '</td></tr>';
// Tags-Categories
@@ -970,7 +970,7 @@ else
if (! empty($conf->accounting->enabled))
{
print '<tr><td>'.$langs->trans("AccountancyJournal").'</td>';
- print '<td><input type="text" name="accountancy_journal" value="'.(isset($_POST["accountancy_journal"])?$_POST["accountancy_journal"]:$object->accountancy_journal).'"></td></tr>';
+ print '<td><input type="text" name="accountancy_journal" value="'.(isset($_POST["accountancy_journal"])?GETPOST("accountancy_journal"):$object->accountancy_journal).'"></td></tr>';
}
print '</table>';
diff --git a/htdocs/compta/bank/class/account.class.php b/htdocs/compta/bank/class/account.class.php
index 139f578c5d6..73dd2d4f199 100644
--- a/htdocs/compta/bank/class/account.class.php
+++ b/htdocs/compta/bank/class/account.class.php
@@ -833,7 +833,7 @@ class Account extends CommonObject
* @param string $ref Ref of bank account to get
* @return int <0 if KO, >0 if OK
*/
- function fetch($id,$ref='')
+ function fetch($id, $ref='')
{
global $conf;
diff --git a/htdocs/compta/bank/graph.php b/htdocs/compta/bank/graph.php
index bf69fe98a3b..31a4087815c 100644
--- a/htdocs/compta/bank/graph.php
+++ b/htdocs/compta/bank/graph.php
@@ -43,9 +43,9 @@ $fieldid = isset($_GET["ref"])?'ref':'rowid';
if ($user->societe_id) $socid=$user->societe_id;
$result=restrictedArea($user,'banque',$id,'bank_account&bank_account','','',$fieldid);
-$account=$_GET["account"];
+$account=GETPOST("account");
$mode='standard';
-if (isset($_GET["mode"]) && $_GET["mode"] == 'showalltime') $mode='showalltime';
+if (GETPOST("mode") == 'showalltime') $mode='showalltime';
$error=0;
@@ -63,18 +63,18 @@ $datetime = dol_now();
$year = dol_print_date($datetime, "%Y");
$month = dol_print_date($datetime, "%m");
$day = dol_print_date($datetime, "%d");
-if (! empty($_GET["year"])) $year=sprintf("%04d",$_GET["year"]);
-if (! empty($_GET["month"])) $month=sprintf("%02d",$_GET["month"]);
+if (GETPOST("year")) $year=sprintf("%04d",GETPOST("year"));
+if (GETPOST("month")) $month=sprintf("%02d",GETPOST("month"));
$object = new Account($db);
if ($_GET["account"] && ! preg_match('/,/',$_GET["account"])) // if for a particular account and not a list
{
- $result=$object->fetch($_GET["account"]);
+ $result=$object->fetch(GETPOST("account", "int"));
}
if ($_GET["ref"])
{
- $result=$object->fetch(0,$_GET["ref"]);
+ $result=$object->fetch(0, GETPOST("ref"));
$account=$object->id;
}
@@ -823,7 +823,7 @@ print '<br><br></td></tr>';
// Graphs
if ($mode == 'standard')
{
- $prevyear=$year;$nextyear=$year;
+ $prevyear=$year; $nextyear=$year;
$prevmonth=$month-1;$nextmonth=$month+1;
if ($prevmonth < 1) { $prevmonth=12; $prevyear--; }
if ($nextmonth > 12) { $nextmonth=1; $nextyear++; }
diff --git a/htdocs/compta/clients.php b/htdocs/compta/clients.php
index db9d4e623ca..6a3052a938d 100644
--- a/htdocs/compta/clients.php
+++ b/htdocs/compta/clients.php
@@ -97,35 +97,36 @@ $sql.= " AND s.entity IN (".getEntity('societe', 1).")";
if (!$user->rights->societe->client->voir && !$socid) $sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id;
if (dol_strlen($stcomm))
{
- $sql.= " AND s.fk_stcomm=$stcomm";
+ $sql.= " AND s.fk_stcomm=".$stcomm;
}
if ($socname)
{
- $sql.= " AND s.nom LIKE '%".$db->escape($socname)."%'";
+ $sql.= natural_search("s.nom", $socname);
$sortfield = "s.nom";
$sortorder = "ASC";
}
if ($_GET["search_nom"])
{
- $sql.= " AND s.nom LIKE '%".$db->escape($_GET["search_nom"])."%'";
+ $sql.= natural_search("s.nom", GETPOST("search_nom"));
}
if ($_GET["search_compta"])
{
- $sql.= " AND s.code_compta LIKE '%".$db->escape($_GET["search_compta"])."%'";
+ $sql.= natural_search("s.code_compta", GETPOST("search_compta"));
}
if ($_GET["search_code_client"])
{
- $sql.= " AND s.code_client LIKE '%".$db->escape($_GET["search_code_client"])."%'";
+ $sql.= natural_search("s.code_client", GETPOST("search_code_client"));
}
if (dol_strlen($begin))
{
- $sql.= " AND s.nom LIKE '".$db->escape($begin)."'";
+ $sql.= natural_search("s.nom", $begin);
}
if ($socid)
{
$sql.= " AND s.rowid = ".$socid;
}
-$sql.= " ORDER BY $sortfield $sortorder " . $db->plimit($conf->liste_limit+1, $offset);
+$sql.= " ORDER BY $sortfield $sortorder ";
+$sql.= $db->plimit($conf->liste_limit+1, $offset);
//print $sql;
$resql = $db->query($sql);
diff --git a/htdocs/compta/localtax/card.php b/htdocs/compta/localtax/card.php
index 8fbc028a589..1772b6861dd 100644
--- a/htdocs/compta/localtax/card.php
+++ b/htdocs/compta/localtax/card.php
@@ -66,12 +66,12 @@ if ($action == 'add' && $_POST["cancel"] <> $langs->trans("Cancel"))
$datev=dol_mktime(12,0,0, $_POST["datevmonth"], $_POST["datevday"], $_POST["datevyear"]);
$datep=dol_mktime(12,0,0, $_POST["datepmonth"], $_POST["datepday"], $_POST["datepyear"]);
- $localtax->accountid=$_POST["accountid"];
- $localtax->paymenttype=$_POST["paiementtype"];
+ $localtax->accountid=GETPOST("accountid");
+ $localtax->paymenttype=GETPOST("paiementtype");
$localtax->datev=$datev;
$localtax->datep=$datep;
- $localtax->amount=$_POST["amount"];
- $localtax->label=$_POST["label"];
+ $localtax->amount=price2num(GETPOST("amount"));
+ $localtax->label=GETPOST("label");
$localtax->ltt=$lttype;
$ret=$localtax->addPayment($user);
@@ -178,10 +178,10 @@ if ($action == 'create')
print '</td></tr>';
// Label
- print '<tr><td class="fieldrequired">'.$langs->trans("Label").'</td><td><input name="label" size="40" value="'.($_POST["label"]?$_POST["label"]:$langs->transcountry(($lttype==2?"LT2Payment":"LT1Payment"),$mysoc->country_code)).'"></td></tr>';
+ print '<tr><td class="fieldrequired">'.$langs->trans("Label").'</td><td><input name="label" class="minwidth200" value="'.($_POST["label"]?GETPOST("label",'',2):$langs->transcountry(($lttype==2?"LT2Payment":"LT1Payment"),$mysoc->country_code)).'"></td></tr>';
// Amount
- print '<tr><td class="fieldrequired">'.$langs->trans("Amount").'</td><td><input name="amount" size="10" value="'.$_POST["amount"].'"></td></tr>';
+ print '<tr><td class="fieldrequired">'.$langs->trans("Amount").'</td><td><input name="amount" size="10" value="'.GETPOST("amount").'"></td></tr>';
if (! empty($conf->banque->enabled))
{
diff --git a/htdocs/compta/paiement.php b/htdocs/compta/paiement.php
index 82749f4949f..9980ea396de 100644
--- a/htdocs/compta/paiement.php
+++ b/htdocs/compta/paiement.php
@@ -251,9 +251,9 @@ if (empty($reshook))
$paiement->datepaye = $datepaye;
$paiement->amounts = $amounts; // Array with all payments dispatching
$paiement->multicurrency_amounts = $multicurrency_amounts; // Array with all payments dispatching
- $paiement->paiementid = dol_getIdFromCode($db,$_POST['paiementcode'],'c_paiement');
- $paiement->num_paiement = $_POST['num_paiement'];
- $paiement->note = $_POST['comment'];
+ $paiement->paiementid = dol_getIdFromCode($db,GETPOST('paiementcode'),'c_paiement');
+ $paiement->num_paiement = GETPOST('num_paiement');
+ $paiement->note = GETPOST('comment');
if (! $error)
{
@@ -513,7 +513,7 @@ if ($action == 'create' || $action == 'confirm_paiement' || $action == 'add_paie
// Comments
print '<tr><td>'.$langs->trans('Comments').'</td>';
print '<td valign="top">';
- print '<textarea name="comment" wrap="soft" class="quatrevingtpercent" rows="'.ROWS_3.'">'.(empty($_POST['comment'])?'':$_POST['comment']).'</textarea></td></tr>';
+ print '<textarea name="comment" wrap="soft" class="quatrevingtpercent" rows="'.ROWS_3.'">'.GETPOST('comment').'</textarea></td></tr>';
print '</table>';
@@ -683,12 +683,12 @@ if ($action == 'create' || $action == 'confirm_paiement' || $action == 'add_paie
if (!empty($conf->use_javascript_ajax))
print img_picto("Auto fill",'rightarrow', "class='AutoFillAmout' data-rowname='".$namef."' data-value='".($sign * $remaintopay)."'");
print '<input type=hidden class="remain" name="'.$nameRemain.'" value="'.$remaintopay.'">';
- print '<input type="text" size="8" class="amount" name="'.$namef.'" value="'.$_POST[$namef].'">';
+ print '<input type="text" size="8" class="amount" name="'.$namef.'" value="'.dol_escape_htmltag(GETPOST($namef)).'">';
}
else
{
- print '<input type="text" size="8" name="'.$namef.'_disabled" value="'.$_POST[$namef].'" disabled>';
- print '<input type="hidden" name="'.$namef.'" value="'.$_POST[$namef].'">';
+ print '<input type="text" size="8" name="'.$namef.'_disabled" value="'.dol_escape_htmltag(GETPOST($namef)).'" disabled>';
+ print '<input type="hidden" name="'.$namef.'" value="'.dol_escape_htmltag(GETPOST($namef)).'">';
}
print "</td>";
diff --git a/htdocs/compta/paiement/rapport.php b/htdocs/compta/paiement/rapport.php
index 8f23036f6af..b8bcf030729 100644
--- a/htdocs/compta/paiement/rapport.php
+++ b/htdocs/compta/paiement/rapport.php
@@ -43,7 +43,7 @@ if ($user->societe_id > 0)
$dir = $conf->facture->dir_output.'/payments';
if (! $user->rights->societe->client->voir || $socid) $dir.='/private/'.$user->id; // If user has no permission to see all, output dir is specific to user
-$year = $_GET["year"];
+$year = GETPOST('year', 'int');
if (! $year) { $year=date("Y"); }
diff --git a/htdocs/compta/payment_sc/card.php b/htdocs/compta/payment_sc/card.php
index 0ea48d9075c..b64d92d873f 100644
--- a/htdocs/compta/payment_sc/card.php
+++ b/htdocs/compta/payment_sc/card.php
@@ -37,7 +37,7 @@ $langs->load('banks');
$langs->load('companies');
// Security check
-$id=GETPOST("id");
+$id=GETPOST("id",'int');
$action=GETPOST("action");
$confirm=GETPOST('confirm');
if ($user->societe_id) $socid=$user->societe_id;
@@ -126,12 +126,12 @@ $form = new Form($db);
$h=0;
-$head[$h][0] = DOL_URL_ROOT.'/compta/payment_sc/card.php?id='.$_GET["id"];
+$head[$h][0] = DOL_URL_ROOT.'/compta/payment_sc/card.php?id='.$id;
$head[$h][1] = $langs->trans("Card");
$hselected = $h;
$h++;
-/*$head[$h][0] = DOL_URL_ROOT.'/compta/payment_sc/info.php?id='.$_GET["id"];
+/*$head[$h][0] = DOL_URL_ROOT.'/compta/payment_sc/info.php?id='.$id;
$head[$h][1] = $langs->trans("Info");
$h++;
*/
diff --git a/htdocs/compta/salaries/card.php b/htdocs/compta/salaries/card.php
index a7921e53859..df83f5b9958 100644
--- a/htdocs/compta/salaries/card.php
+++ b/htdocs/compta/salaries/card.php
@@ -257,7 +257,7 @@ if ($action == 'create')
// Label
print '<tr><td>';
print fieldLabel('Label','label',1).'</td><td>';
- print '<input name="label" id="label" size="40" value="'.($_POST["label"]?$_POST["label"]:$langs->trans("SalaryPayment")).'">';
+ print '<input name="label" id="label" class="minwidth300" value="'.($_POST["label"]?GETPOST("label",'',2):$langs->trans("SalaryPayment")).'">';
print '</td></tr>';
// Date start period
@@ -275,7 +275,7 @@ if ($action == 'create')
// Amount
print '<tr><td>';
print fieldLabel('Amount','amount',1).'</td><td>';
- print '<input name="amount" id="amount" size="10" value="'.GETPOST("amount").'">';
+ print '<input name="amount" id="amount" class="minwidth100" value="'.GETPOST("amount").'">';
print '</td></tr>';
// Bank
diff --git a/htdocs/compta/stats/index.php b/htdocs/compta/stats/index.php
index a32a67bb9fe..8d1aceeaa77 100644
--- a/htdocs/compta/stats/index.php
+++ b/htdocs/compta/stats/index.php
@@ -39,7 +39,7 @@ $userid=GETPOST('userid','int');
$socid = GETPOST('socid','int');
// Define modecompta ('CREANCES-DETTES' or 'RECETTES-DEPENSES')
$modecompta = $conf->global->ACCOUNTING_MODE;
-if ($_GET["modecompta"]) $modecompta=$_GET["modecompta"];
+if (GETPOST("modecompta")) $modecompta=GETPOST("modecompta",'alpha');
// Security check
if ($user->societe_id > 0) $socid = $user->societe_id;
diff --git a/htdocs/compta/tva/card.php b/htdocs/compta/tva/card.php
index 99bb676a321..cb80f49e790 100644
--- a/htdocs/compta/tva/card.php
+++ b/htdocs/compta/tva/card.php
@@ -258,10 +258,10 @@ if ($action == 'create')
} else {
$label = $langs->trans("VATPayment");
}
- print '<tr><td class="fieldrequired">'.$langs->trans("Label").'</td><td><input name="label" id="label" size="40" value="'.($_POST["label"]?$_POST["label"]:$label).'"></td></tr>';
+ print '<tr><td class="fieldrequired">'.$langs->trans("Label").'</td><td><input class="minwidth300" name="label" id="label" value="'.($_POST["label"]?GETPOST("label",'',2):$label).'"></td></tr>';
// Amount
- print '<tr><td class="fieldrequired">'.$langs->trans("Amount").'</td><td><input name="amount" size="10" value="'.$_POST["amount"].'"></td></tr>';
+ print '<tr><td class="fieldrequired">'.$langs->trans("Amount").'</td><td><input name="amount" size="10" value="'.GETPOST("amount").'"></td></tr>';
if (! empty($conf->banque->enabled))
{
diff --git a/htdocs/compta/tva/quadri.php b/htdocs/compta/tva/quadri.php
index 0e4a66146aa..73cc0bc96ba 100644
--- a/htdocs/compta/tva/quadri.php
+++ b/htdocs/compta/tva/quadri.php
@@ -29,7 +29,7 @@
require '../../main.inc.php';
require_once DOL_DOCUMENT_ROOT.'/compta/tva/class/tva.class.php';
-$year=$_GET["year"];
+$year = GETPOST('year', 'int');
if ($year == 0 )
{
$year_current = strftime("%Y",time());
diff --git a/htdocs/contact/card.php b/htdocs/contact/card.php
index e7896d9b9ac..2cbcb94c5d4 100644
--- a/htdocs/contact/card.php
+++ b/htdocs/contact/card.php
@@ -477,10 +477,10 @@ else
*/
$object->canvas=$canvas;
- $object->state_id = $_POST["state_id"];
+ $object->state_id = GETPOST("state_id");
// We set country_id, country_code and label for the selected country
- $object->country_id=$_POST["country_id"]?$_POST["country_id"]:(empty($objsoc->country_id)?$mysoc->country_id:$objsoc->country_id);
+ $object->country_id=$_POST["country_id"]?GETPOST("country_id"):(empty($objsoc->country_id)?$mysoc->country_id:$objsoc->country_id);
if ($object->country_id)
{
$tmparray=getCountry($object->country_id,'all');
@@ -530,9 +530,9 @@ else
// Name
print '<tr><td class="titlefieldcreate fieldrequired"><label for="lastname">'.$langs->trans("Lastname").' / '.$langs->trans("Label").'</label></td>';
- print '<td><input name="lastname" id="lastname" type="text" size="30" maxlength="80" value="'.dol_escape_htmltag(GETPOST("lastname")?GETPOST("lastname"):$object->lastname).'" autofocus="autofocus"></td>';
+ print '<td><input name="lastname" id="lastname" type="text" class="minwidth100" maxlength="80" value="'.dol_escape_htmltag(GETPOST("lastname")?GETPOST("lastname"):$object->lastname).'" autofocus="autofocus"></td>';
print '<td><label for="firstname">'.$langs->trans("Firstname").'</label></td>';
- print '<td><input name="firstname" id="firstname"type="text" size="30" maxlength="80" value="'.dol_escape_htmltag(GETPOST("firstname")?GETPOST("firstname"):$object->firstname).'"></td></tr>';
+ print '<td><input name="firstname" id="firstname"type="text" class="minwidth100" maxlength="80" value="'.dol_escape_htmltag(GETPOST("firstname")?GETPOST("firstname"):$object->firstname).'"></td></tr>';
// Company
if (empty($conf->global->SOCIETE_DISABLE_CONTACTS))
@@ -559,7 +559,7 @@ else
print '</td></tr>';
print '<tr><td><label for="title">'.$langs->trans("PostOrFunction").'</label></td>';
- print '<td colspan="3"><input name="poste" id="title" type="text" size="50" maxlength="80" value="'.dol_escape_htmltag(GETPOST("poste",'alpha')?GETPOST("poste",'alpha'):$object->poste).'"></td>';
+ print '<td colspan="3"><input name="poste" id="title" type="text" class="minwidth100" maxlength="80" value="'.dol_escape_htmltag(GETPOST("poste",'alpha')?GETPOST("poste",'alpha'):$object->poste).'"></td>';
$colspan=3;
if ($conf->use_javascript_ajax && $socid > 0) $colspan=2;
@@ -612,20 +612,20 @@ else
// Phone / Fax
if (($objsoc->typent_code == 'TE_PRIVATE' || ! empty($conf->global->CONTACT_USE_COMPANY_ADDRESS)) && dol_strlen(trim($object->phone_pro)) == 0) $object->phone_pro = $objsoc->phone; // Predefined with third party
print '<tr><td><label for="phone_pro">'.$langs->trans("PhonePro").'</label></td>';
- print '<td><input name="phone_pro" id="phone_pro" type="text" size="18" maxlength="80" value="'.dol_escape_htmltag(GETPOST("phone_pro")?GETPOST("phone_pro"):$object->phone_pro).'"></td>';
+ print '<td><input name="phone_pro" id="phone_pro" type="text" class="minwidth100" maxlength="80" value="'.dol_escape_htmltag(GETPOST("phone_pro")?GETPOST("phone_pro"):$object->phone_pro).'"></td>';
print '<td><label for="phone_perso">'.$langs->trans("PhonePerso").'</label></td>';
- print '<td><input name="phone_perso" id="phone_perso" type="text" size="18" maxlength="80" value="'.dol_escape_htmltag(GETPOST("phone_perso")?GETPOST("phone_perso"):$object->phone_perso).'"></td></tr>';
+ print '<td><input name="phone_perso" id="phone_perso" type="text" class="minwidth100" maxlength="80" value="'.dol_escape_htmltag(GETPOST("phone_perso")?GETPOST("phone_perso"):$object->phone_perso).'"></td></tr>';
if (($objsoc->typent_code == 'TE_PRIVATE' || ! empty($conf->global->CONTACT_USE_COMPANY_ADDRESS)) && dol_strlen(trim($object->fax)) == 0) $object->fax = $objsoc->fax; // Predefined with third party
print '<tr><td><label for="phone_mobile">'.$langs->trans("PhoneMobile").'</label></td>';
- print '<td><input name="phone_mobile" id="phone_mobile" type="text" size="18" maxlength="80" value="'.dol_escape_htmltag(GETPOST("phone_mobile")?GETPOST("phone_mobile"):$object->phone_mobile).'"></td>';
+ print '<td><input name="phone_mobile" id="phone_mobile" type="text" class="minwidth100" maxlength="80" value="'.dol_escape_htmltag(GETPOST("phone_mobile")?GETPOST("phone_mobile"):$object->phone_mobile).'"></td>';
print '<td><label for="fax">'.$langs->trans("Fax").'</label></td>';
- print '<td><input name="fax" id="fax" type="text" size="18" maxlength="80" value="'.dol_escape_htmltag(GETPOST("fax",'alpha')?GETPOST("fax",'alpha'):$object->fax).'"></td></tr>';
+ print '<td><input name="fax" id="fax" type="text" class="minwidth100" maxlength="80" value="'.dol_escape_htmltag(GETPOST("fax",'alpha')?GETPOST("fax",'alpha'):$object->fax).'"></td></tr>';
// EMail
if (($objsoc->typent_code == 'TE_PRIVATE' || ! empty($conf->global->CONTACT_USE_COMPANY_ADDRESS)) && dol_strlen(trim($object->email)) == 0) $object->email = $objsoc->email; // Predefined with third party
print '<tr><td><label for="email">'.$langs->trans("Email").'</label></td>';
- print '<td><input name="email" id="email" type="text" size="50" maxlength="80" value="'.(GETPOST("email",'alpha')?GETPOST("email",'alpha'):$object->email).'"></td>';
+ print '<td><input name="email" id="email" type="text" class="minwidth200" maxlength="80" value="'.(GETPOST("email",'alpha')?GETPOST("email",'alpha'):$object->email).'"></td>';
if (! empty($conf->mailing->enabled))
{
print '<td><label for="no_email">'.$langs->trans("No_Email").'</label></td>';
@@ -639,13 +639,13 @@ else
// Instant message and no email
print '<tr><td><label for="jabberid">'.$langs->trans("IM").'</label></td>';
- print '<td colspan="3"><input name="jabberid" id="jabberid" type="text" size="50" maxlength="80" value="'.(GETPOST("jabberid",'alpha')?GETPOST("jabberid",'alpha'):$object->jabberid).'"></td></tr>';
+ print '<td colspan="3"><input name="jabberid" id="jabberid" type="text" class="minwidth100" maxlength="80" value="'.(GETPOST("jabberid",'alpha')?GETPOST("jabberid",'alpha'):$object->jabberid).'"></td></tr>';
// Skype
if (! empty($conf->skype->enabled))
{
print '<tr><td><label for="skype">'.$langs->trans("Skype").'</label></td>';
- print '<td colspan="3"><input name="skype" id="skype" type="text" size="50" maxlength="80" value="'.(GETPOST("skype",'alpha')?GETPOST("skype",'alpha'):$object->skype).'"></td></tr>';
+ print '<td colspan="3"><input name="skype" id="skype" type="text" class="minwidth100" maxlength="80" value="'.(GETPOST("skype",'alpha')?GETPOST("skype",'alpha'):$object->skype).'"></td></tr>';
}
// Visibility
@@ -784,9 +784,13 @@ else
// Lastname
print '<tr><td class="titlefieldcreate fieldrequired"><label for="lastname">'.$langs->trans("Lastname").' / '.$langs->trans("Label").'</label></td>';
- print '<td><input name="lastname" id="lastname" type="text" size="20" maxlength="80" value="'.(isset($_POST["lastname"])?$_POST["lastname"]:$object->lastname).'" autofocus="autofocus"></td>';
+ print '<td colspan="3"><input name="lastname" id="lastname" type="text" class="minwidth200" maxlength="80" value="'.(isset($_POST["lastname"])?GETPOST("lastname"):$object->lastname).'" autofocus="autofocus"></td>';
+ print '</tr>';
+ print '<tr>';
+ // Firstname
print '<td><label for="firstname">'.$langs->trans("Firstname").'</label></td>';
- print '<td><input name="firstname" id="firstname" type="text" size="20" maxlength="80" value="'.(isset($_POST["firstname"])?$_POST["firstname"]:$object->firstname).'"></td></tr>';
+ print '<td colspan="3"><input name="firstname" id="firstname" type="text" class="minwidth200" maxlength="80" value="'.(isset($_POST["firstname"])?GETPOST("firstname"):$object->firstname).'"></td>';
+ print '</tr>';
// Company
if (empty($conf->global->SOCIETE_DISABLE_CONTACTS))
@@ -800,57 +804,56 @@ else
// Civility
print '<tr><td><label for="civility_id">'.$langs->trans("UserTitle").'</label></td><td colspan="3">';
- print $formcompany->select_civility(isset($_POST["civility_id"])?$_POST["civility_id"]:$object->civility_id);
+ print $formcompany->select_civility(isset($_POST["civility_id"])?GETPOST("civility_id"):$object->civility_id);
print '</td></tr>';
print '<tr><td><label for="title">'.$langs->trans("PostOrFunction").'</label></td>';
- print '<td colspan="3"><input name="poste" id="title" type="text" size="50" maxlength="80" value="'.(isset($_POST["poste"])?$_POST["poste"]:$object->poste).'"></td></tr>';
+ print '<td colspan="3"><input name="poste" id="title" type="text" class="minwidth100" maxlength="80" value="'.(isset($_POST["poste"])?GETPOST("poste"):$object->poste).'"></td></tr>';
// Address
print '<tr><td><label for="address">'.$langs->trans("Address").'</label></td>';
- print '<td colspan="2"><textarea class="flat" name="address" id="address" cols="70">'.(isset($_POST["address"])?$_POST["address"]:$object->address).'</textarea></td>';
-
- $rowspan=3;
- if (empty($conf->global->SOCIETE_DISABLE_STATE)) $rowspan++;
-
- print '<td valign="middle" align="center" rowspan="'.$rowspan.'">';
- if ($conf->use_javascript_ajax) print '<a href="#" id="copyaddressfromsoc">'.$langs->trans('CopyAddressFromSoc').'</a>';
- print '</td></tr>';
+ print '<td colspan="3">';
+ print '<div class="paddingrightonly valignmiddle inline-block">';
+ print '<textarea class="flat minwidth200" name="address" id="address">'.(isset($_POST["address"])?GETPOST("address"):$object->address).'</textarea>';
+ print '</div><div class="paddingrightonly valignmiddle inline-block">';
+ if ($conf->use_javascript_ajax) print '<a href="#" id="copyaddressfromsoc">'.$langs->trans('CopyAddressFromSoc').'</a><br>';
+ print '</div>';
+ print '</td>';
// Zip / Town
- print '<tr><td><label for="zipcode">'.$langs->trans("Zip").'</label> / <label for="town">'.$langs->trans("Town").'</label></td><td colspan="2" class="maxwidthonsmartphone">';
- print $formcompany->select_ziptown((isset($_POST["zipcode"])?$_POST["zipcode"]:$object->zip),'zipcode',array('town','selectcountry_id','state_id'),6).' ';
- print $formcompany->select_ziptown((isset($_POST["town"])?$_POST["town"]:$object->town),'town',array('zipcode','selectcountry_id','state_id'));
+ print '<tr><td><label for="zipcode">'.$langs->trans("Zip").'</label> / <label for="town">'.$langs->trans("Town").'</label></td><td colspan="3" class="maxwidthonsmartphone">';
+ print $formcompany->select_ziptown((isset($_POST["zipcode"])?GETPOST("zipcode"):$object->zip),'zipcode',array('town','selectcountry_id','state_id'),6).' ';
+ print $formcompany->select_ziptown((isset($_POST["town"])?GETPOST("town"):$object->town),'town',array('zipcode','selectcountry_id','state_id'));
print '</td></tr>';
// Country
- print '<tr><td><label for="selectcountry_id">'.$langs->trans("Country").'</label></td><td colspan="2" class="maxwidthonsmartphone">';
- print $form->select_country(isset($_POST["country_id"])?$_POST["country_id"]:$object->country_id,'country_id');
+ print '<tr><td><label for="selectcountry_id">'.$langs->trans("Country").'</label></td><td colspan="3" class="maxwidthonsmartphone">';
+ print $form->select_country(isset($_POST["country_id"])?GETPOST("country_id"):$object->country_id,'country_id');
if ($user->admin) print info_admin($langs->trans("YouCanChangeValuesForThisListFromDictionarySetup"),1);
print '</td></tr>';
// State
if (empty($conf->global->SOCIETE_DISABLE_STATE))
{
- print '<tr><td><label for="state_id">'.$langs->trans('State').'</label></td><td colspan="2" class="maxwidthonsmartphone">';
- print $formcompany->select_state($object->state_id,isset($_POST["country_id"])?$_POST["country_id"]:$object->country_id,'state_id');
+ print '<tr><td><label for="state_id">'.$langs->trans('State').'</label></td><td colspan="3" class="maxwidthonsmartphone">';
+ print $formcompany->select_state($object->state_id,isset($_POST["country_id"])?GETPOST("country_id"):$object->country_id,'state_id');
print '</td></tr>';
}
// Phone
print '<tr><td><label for="phone_pro">'.$langs->trans("PhonePro").'</label></td>';
- print '<td><input name="phone_pro" id="phone_pro" type="text" size="18" maxlength="80" value="'.(isset($_POST["phone_pro"])?$_POST["phone_pro"]:$object->phone_pro).'"></td>';
+ print '<td><input name="phone_pro" id="phone_pro" type="text" class="flat maxwidthonsmartphone" maxlength="80" value="'.(isset($_POST["phone_pro"])?GETPOST("phone_pro"):$object->phone_pro).'"></td>';
print '<td><label for="phone_perso">'.$langs->trans("PhonePerso").'</label></td>';
- print '<td><input name="phone_perso" id="phone_perso" type="text" size="18" maxlength="80" value="'.(isset($_POST["phone_perso"])?$_POST["phone_perso"]:$object->phone_perso).'"></td></tr>';
+ print '<td><input name="phone_perso" id="phone_perso" type="text" class="flat maxwidthonsmartphone" maxlength="80" value="'.(isset($_POST["phone_perso"])?GETPOST("phone_perso"):$object->phone_perso).'"></td></tr>';
print '<tr><td><label for="phone_mobile">'.$langs->trans("PhoneMobile").'</label></td>';
- print '<td><input name="phone_mobile" id="phone_mobile" type="text" size="18" maxlength="80" value="'.(isset($_POST["phone_mobile"])?$_POST["phone_mobile"]:$object->phone_mobile).'"></td>';
+ print '<td><input name="phone_mobile" id="phone_mobile" class="flat maxwidthonsmartphone" type="text" maxlength="80" value="'.(isset($_POST["phone_mobile"])?GETPOST("phone_mobile"):$object->phone_mobile).'"></td>';
print '<td><label for="fax">'.$langs->trans("Fax").'</label></td>';
- print '<td><input name="fax" id="fax" type="text" size="18" maxlength="80" value="'.(isset($_POST["fax"])?$_POST["fax"]:$object->fax).'"></td></tr>';
+ print '<td><input name="fax" id="fax" type="text" class="flat maxwidthonsmartphone" maxlength="80" value="'.(isset($_POST["fax"])?GETPOST("fax"):$object->fax).'"></td></tr>';
// EMail
print '<tr><td><label for="email">'.$langs->trans("EMail").'</label></td>';
- print '<td><input name="email" id="email" type="text" size="40" maxlength="80" value="'.(isset($_POST["email"])?$_POST["email"]:$object->email).'"></td>';
+ print '<td><input name="email" id="email" type="text" class="flat maxwidthonsmartphone" maxlength="80" value="'.(isset($_POST["email"])?GETPOST("email"):$object->email).'"></td>';
if (! empty($conf->mailing->enabled))
{
$langs->load("mails");
@@ -865,7 +868,7 @@ else
// Jabberid
print '<tr><td><label for="jabberid">'.$langs->trans("IM").'</label></td>';
- print '<td><input name="jabberid" id="jabberid" type="text" size="40" maxlength="80" value="'.(isset($_POST["jabberid"])?$_POST["jabberid"]:$object->jabberid).'"></td>';
+ print '<td><input name="jabberid" id="jabberid" type="text" class="minwidth100" maxlength="80" value="'.(isset($_POST["jabberid"])?$_POST["jabberid"]:$object->jabberid).'"></td>';
if (! empty($conf->mailing->enabled))
{
print '<td><label for="no_email">'.$langs->trans("No_Email").'</label></td>';
@@ -881,7 +884,7 @@ else
if (! empty($conf->skype->enabled))
{
print '<tr><td><label for="skype">'.$langs->trans("Skype").'</label></td>';
- print '<td><input name="skype" id="skype" type="text" size="40" maxlength="80" value="'.(isset($_POST["skype"])?$_POST["skype"]:$object->skype).'"></td></tr>';
+ print '<td><input name="skype" id="skype" type="text" class="minwidth100" maxlength="80" value="'.(isset($_POST["skype"])?GETPOST("skype"):$object->skype).'"></td></tr>';
}
// Visibility
diff --git a/htdocs/theme/eldy/style.css.php b/htdocs/theme/eldy/style.css.php
index 73015308521..c5d9dd13189 100644
--- a/htdocs/theme/eldy/style.css.php
+++ b/htdocs/theme/eldy/style.css.php
@@ -867,12 +867,12 @@ div.fichecenterbis {
div.fichethirdleft {
<?php if ($conf->browser->layout != 'phone') { print "float: ".$left.";\n"; } ?>
<?php if ($conf->browser->layout != 'phone') { print "width: 50%;\n"; } ?>
- <?php if ($conf->browser->layout == 'phone') { print "padding-bottom: 6px;\n"; } ?>
+ <?php if ($conf->browser->layout == 'phone') { print "padding-bottom: 6px;\n"; } ?>
}
div.fichetwothirdright {
<?php if ($conf->browser->layout != 'phone') { print "float: ".$right.";\n"; } ?>
<?php if ($conf->browser->layout != 'phone') { print "width: 50%;\n"; } ?>
- <?php if ($conf->browser->layout == 'phone') { print "padding-bottom: 6px\n"; } ?>
+ <?php if ($conf->browser->layout == 'phone') { print "padding-bottom: 6px\n"; } ?>
}
div.fichehalfleft {
<?php if ($conf->browser->layout != 'phone') { print "float: ".$left.";\n"; } ?>
@@ -4451,7 +4451,7 @@ border-top-right-radius: 6px;
color: #fff;
text-decoration: none;
padding-top: 18px;
- padding-left: 54px;
+ : 54px;
font-size: 14px;
height: 38px;
}
--
GitLab