War against $_POST

htdocs/admin/boxes.php

@@ -49,8 +49,8 @@ $boxes = array();
  */
 
 if ($action == 'addconst') {
-	dolibarr_set_const($db, "MAIN_BOXES_MAXLINES", $_POST["MAIN_BOXES_MAXLINES"], '', 0, '', $conf->entity);
-	dolibarr_set_const($db, "MAIN_ACTIVATE_FILECACHE", $_POST["MAIN_ACTIVATE_FILECACHE"], 'chaine', 0, '', $conf->entity);
+	dolibarr_set_const($db, "MAIN_BOXES_MAXLINES", GETPOST("MAIN_BOXES_MAXLINES", 'int'), '', 0, '', $conf->entity);
+	dolibarr_set_const($db, "MAIN_ACTIVATE_FILECACHE", GETPOST("MAIN_ACTIVATE_FILECACHE", 'alpha'), 'chaine', 0, '', $conf->entity);
 }
 
 if ($action == 'add') {

htdocs/admin/company.php

@@ -211,7 +211,7 @@ if (($action == 'update' && !GETPOST("cancel", 'alpha'))
 	dolibarr_set_const($db, "FACTURE_LOCAL_TAX1_OPTION", $uselocaltax1, 'chaine', 0, '', $conf->entity);
 	dolibarr_set_const($db, "FACTURE_LOCAL_TAX2_OPTION", $uselocaltax2, 'chaine', 0, '', $conf->entity);
 
-	if ($_POST["optionlocaltax1"] == "localtax1on") {
+	if (GETPOST("optionlocaltax1") == "localtax1on") {
 		if (!GETPOSTISSET('lt1')) {
 			dolibarr_set_const($db, "MAIN_INFO_VALUE_LOCALTAX1", 0, 'chaine', 0, '', $conf->entity);
 		} else {
@@ -219,7 +219,7 @@ if (($action == 'update' && !GETPOST("cancel", 'alpha'))
 		}
 		dolibarr_set_const($db, "MAIN_INFO_LOCALTAX_CALC1", GETPOST("clt1", 'aZ09'), 'chaine', 0, '', $conf->entity);
 	}
-	if ($_POST["optionlocaltax2"] == "localtax2on") {
+	if (GETPOST("optionlocaltax2") == "localtax2on") {
 		if (!GETPOSTISSET('lt2')) {
 			dolibarr_set_const($db, "MAIN_INFO_VALUE_LOCALTAX2", 0, 'chaine', 0, '', $conf->entity);
 		} else {

htdocs/admin/delais.php

@@ -181,7 +181,7 @@ if ($action == 'update') {
 		}
 	}
 
-	dolibarr_set_const($db, "MAIN_DISABLE_METEO", $_POST["MAIN_DISABLE_METEO"], 'chaine', 0, '', $conf->entity);
+	dolibarr_set_const($db, "MAIN_DISABLE_METEO", GETPOST("MAIN_DISABLE_METEO"), 'chaine', 0, '', $conf->entity);
 	dolibarr_set_const($db, "MAIN_USE_METEO_WITH_PERCENTAGE", GETPOST("MAIN_USE_METEO_WITH_PERCENTAGE"), 'chaine', 0, '', $conf->entity);
 
 	// For update value with percentage

htdocs/admin/dict.php

@@ -788,7 +788,7 @@ if (GETPOST('actionadd') || GETPOST('actionmodify')) {
 			$msg .= $langs->transnoentities('ErrorFieldFormat', $langs->transnoentities('Code')).'<br>';
 		}*/
 	}
-	if (GETPOSTISSET("country") && ($_POST["country"] == '0') && ($id != 2)) {
+	if (GETPOSTISSET("country") && (GETPOST("country") == '0') && ($id != 2)) {
 		if (in_array($tablib[$id], array('DictionaryCompanyType', 'DictionaryHolidayTypes'))) {	// Field country is no mandatory for such dictionaries
 			$_POST["country"] = '';
 		} else {
@@ -796,25 +796,25 @@ if (GETPOST('actionadd') || GETPOST('actionmodify')) {
 			setEventMessages($langs->transnoentities("ErrorFieldRequired", $langs->transnoentities("Country")), null, 'errors');
 		}
 	}
-	if (($id == 3 || $id == 42) && !is_numeric($_POST["code"])) {
+	if (($id == 3 || $id == 42) && !is_numeric(GETPOST("code"))) {
 		$ok = 0;
 		setEventMessages($langs->transnoentities("ErrorFieldMustBeANumeric", $langs->transnoentities("Code")), null, 'errors');
 	}
 
 	// Clean some parameters
-	if ((!empty($_POST["localtax1_type"]) || ($_POST['localtax1_type'] == '0')) && empty($_POST["localtax1"])) {
+	if ((GETPOST("localtax1_type") || (GETPOST('localtax1_type') == '0')) && !GETPOST("localtax1")) {
 		$_POST["localtax1"] = '0'; // If empty, we force to 0
 	}
-	if ((!empty($_POST["localtax2_type"]) || ($_POST['localtax2_type'] == '0')) && empty($_POST["localtax2"])) {
+	if ((GETPOST("localtax2_type") || (GETPOST('localtax2_type') == '0')) && !GETPOST("localtax2")) {
 		$_POST["localtax2"] = '0'; // If empty, we force to 0
 	}
-	if ($_POST["accountancy_code"] <= 0) {
+	if (GETPOST("accountancy_code") <= 0) {
 		$_POST["accountancy_code"] = ''; // If empty, we force to null
 	}
-	if ($_POST["accountancy_code_sell"] <= 0) {
+	if (GETPOST("accountancy_code_sell") <= 0) {
 		$_POST["accountancy_code_sell"] = ''; // If empty, we force to null
 	}
-	if ($_POST["accountancy_code_buy"] <= 0) {
+	if (GETPOST("accountancy_code_buy") <= 0) {
 		$_POST["accountancy_code_buy"] = ''; // If empty, we force to null
 	}
 	if ($id == 10 && GETPOSTISSET("code")) {  // Spaces are not allowed into code for tax dictionary

htdocs/admin/external_rss.php

@@ -72,15 +72,15 @@ if ($action == 'add' || GETPOST("modify")) {
 
 	if (!empty($_POST[$external_rss_urlrss])) {
 		$boxlabel = '(ExternalRSSInformations)';
-		//$external_rss_url = "external_rss_url_" . $_POST["norss"];
+		//$external_rss_url = "external_rss_url_" . GETPOST("norss");
 
 		$db->begin();
 
-		if ($_POST["modify"]) {
+		if (GETPOST("modify")) {
 			// Supprime boite box_external_rss de definition des boites
 			/* $sql = "UPDATE ".MAIN_DB_PREFIX."boxes_def";
 			$sql.= " SET name = '".$db->escape($boxlabel)."'";
-			$sql.= " WHERE file ='box_external_rss.php' AND note like '".$db->escape($_POST["norss"])." %'";
+			$sql.= " WHERE file ='box_external_rss.php' AND note like '".$db->escape(GETPOST("norss"))." %'";
 
 			$resql=$db->query($sql);
 			if (! $resql)
@@ -115,7 +115,7 @@ if ($action == 'add' || GETPOST("modify")) {
 	}
 }
 
-if ($_POST["delete"]) {
+if (GETPOST("delete")) {
 	if (GETPOST("norss", 'int')) {
 		$db->begin();
 

htdocs/admin/ihm.php

@@ -96,7 +96,7 @@ if ($action == 'removebackgroundlogin' && !empty($conf->global->MAIN_LOGIN_BACKG
 if ($action == 'update') {
 	dolibarr_set_const($db, "MAIN_LANG_DEFAULT", GETPOST("MAIN_LANG_DEFAULT", 'aZ09'), 'chaine', 0, '', $conf->entity);
 	dolibarr_set_const($db, "MAIN_IHM_PARAMS_REV", (int) $conf->global->MAIN_IHM_PARAMS_REV + 1, 'chaine', 0, '', $conf->entity);
-	//dolibarr_set_const($db, "MAIN_MULTILANGS", $_POST["MAIN_MULTILANGS"], 'chaine', 0, '', $conf->entity);
+	//dolibarr_set_const($db, "MAIN_MULTILANGS", GETPOST("MAIN_MULTILANGS"), 'chaine', 0, '', $conf->entity);
 
 	dolibarr_set_const($db, "MAIN_THEME", GETPOST("main_theme", 'aZ09'), 'chaine', 0, '', $conf->entity);
 

htdocs/admin/mailman.php

@@ -46,21 +46,27 @@ $action = GETPOST('action', 'aZ09');
 $testsubscribeemail = GETPOST("testsubscribeemail");
 $testunsubscribeemail = GETPOST("testunsubscribeemail");
 
+$error = 0;
+
+
 /*
  * Actions
  */
 
 // Action updated or added a constant
 if ($action == 'update' || $action == 'add') {
-	foreach ($_POST['constname'] as $key => $val) {
-		$constname = $_POST["constname"][$key];
-		$constvalue = $_POST["constvalue"][$key];
-		$consttype = $_POST["consttype"][$key];
-		$constnote = $_POST["constnote"][$key];
-		$res = dolibarr_set_const($db, $constname, $constvalue, $type[$consttype], 0, $constnote, $conf->entity);
-
-		if (!($res > 0)) {
-			$error++;
+	$tmparray = GETPOST('constname', 'array');
+	if (is_array($tmparray)) {
+		foreach ($tmparray as $key => $val) {
+			$constname = $tmparray[$key];
+			$constvalue = $tmparray[$key];
+			$consttype = $tmparray[$key];
+			$constnote = $tmparray[$key];
+			$res = dolibarr_set_const($db, $constname, $constvalue, $type[$consttype], 0, $constnote, $conf->entity);
+
+			if (!($res > 0)) {
+				$error++;
+			}
 		}
 	}
 

htdocs/admin/mails_emailing.php

@@ -31,6 +31,7 @@ require_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php';
 $langs->loadLangs(array('companies', 'products', 'admin', 'mails', 'other', 'errors'));
 
 $action = GETPOST('action', 'aZ09');
+$cancel = GETPOST('cancel', 'alpha');
 
 if (!$user->admin) {
 	accessforbidden();
@@ -59,7 +60,7 @@ complete_substitutions_array($substitutionarrayfortest, $langs);
  * Actions
  */
 
-if ($action == 'update' && empty($_POST["cancel"])) {
+if ($action == 'update' && !$cancel) {
 	// Send mode parameters
 	dolibarr_set_const($db, "MAIN_MAIL_SENDMODE_EMAILING", GETPOST("MAIN_MAIL_SENDMODE_EMAILING"), 'chaine', 0, '', $conf->entity);
 	dolibarr_set_const($db, "MAIN_MAIL_SMTP_PORT_EMAILING", GETPOST("MAIN_MAIL_SMTP_PORT_EMAILING"), 'chaine', 0, '', $conf->entity);

htdocs/admin/mails_ticket.php

@@ -31,6 +31,7 @@ require_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php';
 $langs->loadLangs(array('companies', 'products', 'admin', 'mails', 'other', 'errors'));
 
 $action = GETPOST('action', 'aZ09');
+$cancel = GETPOST('cancel', 'alpha');
 
 $usersignature = $user->signature;
 // For action = test or send, we ensure that content is not html, even for signature, because this we want a test with NO html.
@@ -59,7 +60,7 @@ if (!$user->admin) {
  * Actions
  */
 
-if ($action == 'update' && empty($_POST["cancel"])) {
+if ($action == 'update' && !$cancel) {
 	// Send mode parameters
 	dolibarr_set_const($db, "MAIN_MAIL_SENDMODE_TICKET", GETPOST("MAIN_MAIL_SENDMODE_TICKET"), 'chaine', 0, '', $conf->entity);
 	dolibarr_set_const($db, "MAIN_MAIL_SMTP_PORT_TICKET", GETPOST("MAIN_MAIL_SMTP_PORT_TICKET"), 'chaine', 0, '', $conf->entity);

htdocs/admin/menus/edit.php

@@ -333,8 +333,8 @@ if ($action == 'create') {
 	} else {
 		print '<select name="type" class="flat" id="topleft">';
 		print '<option value="">&nbsp;</option>';
-		print '<option value="top"'.(!empty($_POST["type"]) && $_POST["type"] == 'top' ? ' selected' : '').'>'.$langs->trans('Top').'</option>';
-		print '<option value="left"'.(!empty($_POST["type"]) && $_POST["type"] == 'left' ? ' selected' : '').'>'.$langs->trans('Left').'</option>';
+		print '<option value="top"'.(GETPOST("type") == 'top' ? ' selected' : '').'>'.$langs->trans('Top').'</option>';
+		print '<option value="left"'.(GETPOST("type") == 'left' ? ' selected' : '').'>'.$langs->trans('Left').'</option>';
 		print '</select>';
 	}
 	print '</td><td>'.$langs->trans('DetailType').'</td></tr>';

htdocs/admin/sms.php

@@ -66,7 +66,7 @@ if ($action == 'send' && !$_POST['cancel']) {
 	$error = 0;
 
 	$smsfrom = '';
-	if (!empty($_POST["fromsms"])) {
+	if (GETPOST("fromsms", 'alphanohtml')) {
 		$smsfrom = GETPOST("fromsms", 'alphanohtml');
 	}
 	if (empty($smsfrom)) {

htdocs/categories/photos.php

@@ -66,7 +66,7 @@ $upload_dir = $conf->categorie->multidir_output[$object->entity];
  * Actions
  */
 
-if (isset($_FILES['userfile']) && $_FILES['userfile']['size'] > 0 && $_POST["sendit"] && !empty($conf->global->MAIN_UPLOAD_DOC)) {
+if (isset($_FILES['userfile']) && $_FILES['userfile']['size'] > 0 && GETPOST("sendit") && !empty($conf->global->MAIN_UPLOAD_DOC)) {
 	if ($object->id) {
 		$file = $_FILES['userfile'];
 		if (is_array($file['name']) && count($file['name']) > 0) {

htdocs/comm/card.php

@@ -162,7 +162,7 @@ if (empty($reshook)) {
 	// set accountancy code
 	if ($action == 'setcustomeraccountancycode') {
 		$result = $object->fetch($id);
-		$object->code_compta = $_POST["customeraccountancycode"];
+		$object->code_compta = GETPOST("customeraccountancycode");
 		$result = $object->update($object->id, $user, 1, 1, 0);
 		if ($result < 0) {
 			setEventMessages($object->error, $object->errors, 'errors');

htdocs/comm/mailing/advtargetemailing.php

@@ -397,7 +397,7 @@ if ($action == 'delete') {
 	}
 }
 
-if ($_POST["button_removefilter"]) {
+if (GETPOST("button_removefilter")) {
 	$search_nom = '';
 	$search_prenom = '';
 	$search_email = '';

htdocs/comm/mailing/card.php

@@ -46,6 +46,7 @@ if (!$user->rights->mailing->lire || (empty($conf->global->EXTERNAL_USERS_ARE_AU
 
 $id = (GETPOST('mailid', 'int') ? GETPOST('mailid', 'int') : GETPOST('id', 'int'));
 $action = GETPOST('action', 'aZ09');
+$cancel = GETPOST('cancel');
 $confirm = GETPOST('confirm', 'alpha');
 $urlfrom = GETPOST('urlfrom');
 
@@ -393,12 +394,12 @@ if (empty($reshook)) {
 	}
 
 	// Action send test emailing
-	if ($action == 'send' && empty($_POST["cancel"])) {
+	if ($action == 'send' && ! $cancel) {
 		$error = 0;
 
 		$upload_dir = $conf->mailing->dir_output."/".get_exdir($object->id, 2, 0, 1, $object, 'mailing');
 
-		$object->sendto = $_POST["sendto"];
+		$object->sendto = GETPOST("sendto", 'alphawithlgt');
 		if (!$object->sendto) {
 			setEventMessages($langs->trans("ErrorFieldRequired", $langs->transnoentitiesnoconv("MailTo")), null, 'errors');
 			$error++;
@@ -537,7 +538,7 @@ if (empty($reshook)) {
 	}
 
 	// Action of file remove
-	if (!empty($_POST["removedfile"])) {
+	if (GETPOST("removedfile")) {
 		$upload_dir = $conf->mailing->dir_output."/".get_exdir($object->id, 2, 0, 1, $object, 'mailing');
 
 		require_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php';
@@ -548,7 +549,7 @@ if (empty($reshook)) {
 	}
 
 	// Action of emailing update
-	if ($action == 'update' && empty($_POST["removedfile"]) && empty($_POST["cancel"])) {
+	if ($action == 'update' && !GETPOST("removedfile") && !$cancel) {
 		require_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php';
 
 		$isupload = 0;
@@ -643,7 +644,7 @@ if (empty($reshook)) {
 		}
 	}
 
-	if (!empty($_POST["cancel"])) {
+	if ($cancel) {
 		$action = '';
 	}
 }

htdocs/comm/multiprix.php

@@ -30,6 +30,9 @@ require_once DOL_DOCUMENT_ROOT.'/contact/class/contact.class.php';
 // Load translation files required by the page
 $langs->loadLangs(array('orders', 'companies'));
 
+$action = GETPOST('action', 'alpha');
+$cancel = GETPOST('cancel', 'alpha');
+
 $id = GETPOST('id', 'int');
 $_socid = GETPOST("id", 'int');
 // Security check
@@ -42,10 +45,10 @@ if ($user->socid > 0) {
  * Actions
  */
 
-if ($_POST["action"] == 'setpricelevel') {
+if ($action == 'setpricelevel') {
 	$soc = new Societe($db);
 	$soc->fetch($id);
-	$soc->set_price_level($_POST["price_level"], $user);
+	$soc->set_price_level(GETPOST("price_level"), $user);
 
 	header("Location: multiprix.php?id=".$id);
 	exit;

htdocs/comm/propal/card.php

@@ -775,9 +775,9 @@ if (empty($reshook)) {
 			$object->generateDocument($object->model_pdf, $outputlangs, $hidedetails, $hidedesc, $hideref);
 		}
 	} elseif ($action == "setabsolutediscount" && $usercancreate) {
-		if ($_POST["remise_id"]) {
+		if (GETPOST("remise_id", "int")) {
 			if ($object->id > 0) {
-				$result = $object->insert_discount($_POST["remise_id"]);
+				$result = $object->insert_discount(GETPOST("remise_id", "int"));
 				if ($result < 0) {
 					setEventMessages($object->error, $object->errors, 'errors');
 				}

htdocs/compta/bank/bankentries_list.php

@@ -245,7 +245,7 @@ if ((GETPOST('confirm_savestatement', 'alpha') || GETPOST('confirm_reconcile', '
 			foreach ($rowids as $row) {
 				if ($row > 0) {
 					$result = $bankline->fetch($row);
-					$bankline->num_releve = $num_releve; //$_POST["num_releve"];
+					$bankline->num_releve = $num_releve; // GETPOST("num_releve");
 					$result = $bankline->update_conciliation($user, GETPOST("cat"), GETPOST('confirm_reconcile', 'alpha') ? 1 : 0); // If we confirm_reconcile, we set flag 'rappro' to 1.
 					if ($result < 0) {
 						setEventMessages($bankline->error, $bankline->errors, 'errors');

htdocs/compta/bank/card.php

@@ -87,18 +87,18 @@ if ($action == 'add') {
 
 	$object->ref             = dol_string_nospecial(trim(GETPOST('ref', 'alpha')));
 	$object->label           = trim(GETPOST("label", 'alphanohtml'));
-	$object->courant         = $_POST["type"];
-	$object->clos            = $_POST["clos"];
+	$object->courant         = GETPOST("type");
+	$object->clos            = GETPOST("clos");
 	$object->rappro          = (GETPOST("norappro", 'alpha') ? 0 : 1);
 	$object->url             = trim(GETPOST("url", 'alpha'));
 
-	$object->bank            = trim($_POST["bank"]);
-	$object->code_banque     = trim($_POST["code_banque"]);
-	$object->code_guichet    = trim($_POST["code_guichet"]);
-	$object->number          = trim($_POST["number"]);
-	$object->cle_rib         = trim($_POST["cle_rib"]);
-	$object->bic             = trim($_POST["bic"]);
-	$object->iban            = trim($_POST["iban"]);
+	$object->bank            = trim(GETPOST("bank"));
+	$object->code_banque     = trim(GETPOST("code_banque"));
+	$object->code_guichet    = trim(GETPOST("code_guichet"));
+	$object->number          = trim(GETPOST("number"));
+	$object->cle_rib         = trim(GETPOST("cle_rib"));
+	$object->bic             = trim(GETPOST("bic"));
+	$object->iban            = trim(GETPOST("iban"));
 	$object->domiciliation   = trim(GETPOST("domiciliation", "nohtml"));
 
 	$object->proprio = trim(GETPOST("proprio", 'alphanohtml'));
@@ -120,10 +120,10 @@ if ($action == 'add') {
 		$object->fk_accountancy_journal = $fk_accountancy_journal;
 	}
 
-	$object->solde           = $_POST["solde"];
+	$object->solde           = price2num(GETPOST("solde"));
 	$object->date_solde      = dol_mktime(12, 0, 0, GETPOST("remonth", 'int'), GETPOST('reday', 'int'), GETPOST("reyear", 'int'));
 
-	$object->currency_code   = trim($_POST["account_currency_code"]);
+	$object->currency_code   = trim(GETPOST("account_currency_code"));
 
 	$object->state_id        = GETPOST("account_state_id", 'int');
 	$object->country_id      = GETPOST("account_country_id", 'int');
@@ -187,18 +187,18 @@ if ($action == 'update') {
 
 	$object->ref             = dol_string_nospecial(trim(GETPOST('ref', 'alpha')));
 	$object->label           = trim(GETPOST("label", 'alphanohtml'));
-	$object->courant         = $_POST["type"];
-	$object->clos            = $_POST["clos"];
+	$object->courant         = GETPOST("type");
+	$object->clos            = GETPOST("clos");
 	$object->rappro          = (GETPOST("norappro", 'alpha') ? 0 : 1);
 	$object->url             = trim(GETPOST("url", 'alpha'));
 
-	$object->bank            = trim($_POST["bank"]);
-	$object->code_banque     = trim($_POST["code_banque"]);
-	$object->code_guichet    = trim($_POST["code_guichet"]);
-	$object->number          = trim($_POST["number"]);
-	$object->cle_rib         = trim($_POST["cle_rib"]);
-	$object->bic             = trim($_POST["bic"]);
-	$object->iban            = trim($_POST["iban"]);
+	$object->bank            = trim(GETPOST("bank"));
+	$object->code_banque     = trim(GETPOST("code_banque"));
+	$object->code_guichet    = trim(GETPOST("code_guichet"));
+	$object->number          = trim(GETPOST("number"));
+	$object->cle_rib         = trim(GETPOST("cle_rib"));
+	$object->bic             = trim(GETPOST("bic"));
+	$object->iban            = trim(GETPOST("iban"));
 	$object->domiciliation   = trim(GETPOST("domiciliation", "nohtml"));
 
 	$object->proprio = trim(GETPOST("proprio", 'alphanohtml'));
@@ -220,7 +220,7 @@ if ($action == 'update') {
 		$object->fk_accountancy_journal = $fk_accountancy_journal;
 	}
 
-	$object->currency_code   = trim($_POST["account_currency_code"]);
+	$object->currency_code   = trim(GETPOST("account_currency_code"));
 
 	$object->state_id        = GETPOST("account_state_id", 'int');
 	$object->country_id      = GETPOST("account_country_id", 'int');
@@ -274,7 +274,7 @@ if ($action == 'update') {
 	}
 }
 
-if ($action == 'confirm_delete' && $_POST["confirm"] == "yes" && $user->rights->banque->configurer) {
+if ($action == 'confirm_delete' && GETPOST("confirm") == "yes" && $user->rights->banque->configurer) {
 	// Delete
 	$object = new Account($db);
 	$object->fetch(GETPOST("id", "int"));
@@ -462,7 +462,8 @@ if ($action == 'create') {
 	print '</table>';
 	print '<br>';
 
-	if ($_POST["type"] == Account::TYPE_SAVINGS || $_POST["type"] == Account::TYPE_CURRENT) {
+	$type = GETPOST('type');
+	if ($type == Account::TYPE_SAVINGS || $type == Account::TYPE_CURRENT) {
 		print '<table class="border centpercent">';
 
 		// If bank account
@@ -988,7 +989,7 @@ if ($action == 'create') {
 
 		print '</table>';
 
-		if ($_POST["type"] == Account::TYPE_SAVINGS || $_POST["type"] == Account::TYPE_CURRENT) {
+		if (GETPOST("type") == Account::TYPE_SAVINGS || GETPOST("type") == Account::TYPE_CURRENT) {
 			print '<br>';
 
 			//print '<div class="underbanner clearboth"></div>';

htdocs/compta/bank/line.php

@@ -140,9 +140,9 @@ if ($user->rights->banque->modifier && $action == "update") {
 	if (!$error) {
 		$db->begin();
 
-		$amount = price2num($_POST['amount']);
-		$dateop = dol_mktime(12, 0, 0, $_POST["dateomonth"], $_POST["dateoday"], $_POST["dateoyear"]);
-		$dateval = dol_mktime(12, 0, 0, $_POST["datevmonth"], $_POST["datevday"], $_POST["datevyear"]);
+		$amount = price2num(GETPOST('amount'));
+		$dateop = dol_mktime(12, 0, 0, GETPOST("dateomonth"), GETPOST("dateoday"), GETPOST("dateoyear"));
+		$dateval = dol_mktime(12, 0, 0, GETPOST("datevmonth"), GETPOST("datevday"), GETPOST("datevyear"));
 		$sql = "UPDATE ".MAIN_DB_PREFIX."bank";
 		$sql .= " SET ";
 		// Always opened
@@ -212,8 +212,8 @@ if ($user->rights->banque->modifier && $action == "update") {
 
 // Reconcile
 if ($user->rights->banque->consolidate && ($action == 'num_releve' || $action == 'setreconcile')) {
-	$num_rel = trim($_POST["num_rel"]);
-	$rappro = $_POST['reconciled'] ? 1 : 0;
+	$num_rel = trim(GETPOST("num_rel"));
+	$rappro = GETPOST('reconciled') ? 1 : 0;
 
 	// Check parameters
 	if ($rappro && empty($num_rel)) {

htdocs/compta/localtax/card.php

@@ -33,6 +33,8 @@ $langs->loadLangs(array('compta', 'banks', 'bills'));
 
 $id = GETPOST("id", 'int');
 $action = GETPOST("action", "alpha");
+$cancel = GETPOST('cancel');
+
 $refund = GETPOST("refund", "int");
 if (empty($refund)) {
 	$refund = 0;
@@ -57,18 +59,18 @@ $hookmanager->initHooks(array('localtaxvatcard', 'globalcard'));
  * Actions
  */
 
-if ($_POST["cancel"] == $langs->trans("Cancel") && !$id) {
+if ($cancel && !$id) {
 	header("Location: list.php?localTaxType=".$lttype);
 	exit;
 }
 
-if ($action == 'add' && $_POST["cancel"] <> $langs->trans("Cancel")) {
+if ($action == 'add' && $cancel) {
 	$db->begin();
 
-	$datev = dol_mktime(12, 0, 0, $_POST["datevmonth"], $_POST["datevday"], $_POST["datevyear"]);
-	$datep = dol_mktime(12, 0, 0, $_POST["datepmonth"], $_POST["datepday"], $_POST["datepyear"]);
+	$datev = dol_mktime(12, 0, 0, GETPOST("datevmonth"), GETPOST("datevday"), GETPOST("datevyear"));
+	$datep = dol_mktime(12, 0, 0, GETPOST("datepmonth"), GETPOST("datepday"), GETPOST("datepyear"));
 
-	$object->accountid = GETPOST("accountid");
+	$object->accountid = GETPOST("accountid", 'int');
 	$object->paymenttype = GETPOST("paiementtype");
 	$object->datev = $datev;
 	$object->datep = $datep;
@@ -165,14 +167,14 @@ if ($action == 'create') {
 	print '</td></tr>';
 
 	// Label
-	print '<tr><td class="fieldrequired">'.$langs->trans("Label").'</td><td><input name="label" class="minwidth200" value="'.($_POST["label"] ?GETPOST("label", '', 2) : $langs->transcountry(($lttype == 2 ? "LT2Payment" : "LT1Payment"), $mysoc->country_code)).'"></td></tr>';
+	print '<tr><td class="fieldrequired">'.$langs->trans("Label").'</td><td><input name="label" class="minwidth200" value="'.(GETPOSTISSET("label") ? GETPOST("label", '', 2) : $langs->transcountry(($lttype == 2 ? "LT2Payment" : "LT1Payment"), $mysoc->country_code)).'"></td></tr>';
 
 	// Amount
 	print '<tr><td class="fieldrequired">'.$langs->trans("Amount").'</td><td><input name="amount" size="10" value="'.GETPOST("amount").'"></td></tr>';
 
 	if (!empty($conf->banque->enabled)) {
 		print '<tr><td class="fieldrequired">'.$langs->trans("Account").'</td><td>';
-		$form->select_comptes($_POST["accountid"], "accountid", 0, "courant=1", 2); // Affiche liste des comptes courant
+		$form->select_comptes(GETPOST("accountid", "int"), "accountid", 0, "courant=1", 2); // Affiche liste des comptes courant
 		print '</td></tr>';
 
 		print '<tr><td class="fieldrequired">'.$langs->trans("PaymentMode").'</td><td>';

htdocs/compta/paiement/cheque/card.php

@@ -117,9 +117,9 @@ if ($action == 'setref' && $user->rights->banque->cheque) {
 	}
 }
 
-if ($action == 'create' && $_POST["accountid"] > 0 && $user->rights->banque->cheque) {
+if ($action == 'create' && GETPOST("accountid", "int") > 0 && $user->rights->banque->cheque) {
 	if (is_array($_POST['toRemise'])) {
-		$result = $object->create($user, $_POST["accountid"], 0, $_POST['toRemise']);
+		$result = $object->create($user, GETPOST("accountid", "int"), 0, GETPOST('toRemise'));
 		if ($result > 0) {
 			if ($object->statut == 1) {     // If statut is validated, we build doc
 				$object->fetch($object->id); // To force to reload all properties in correct property name
@@ -134,7 +134,7 @@ if ($action == 'create' && $_POST["accountid"] > 0 && $user->rights->banque->che
 					$outputlangs = new Translate("", $conf);
 					$outputlangs->setDefaultLang($newlang);
 				}
-				$result = $object->generatePdf($_POST["model"], $outputlangs);
+				$result = $object->generatePdf(GETPOST("model"), $outputlangs);
 			}
 
 			header("Location: ".$_SERVER["PHP_SELF"]."?id=".$object->id);
@@ -227,7 +227,7 @@ if ($action == 'builddoc' && $user->rights->banque->cheque) {
 		$outputlangs = new Translate("", $conf);
 		$outputlangs->setDefaultLang($newlang);
 	}
-	$result = $object->generatePdf($_POST["model"], $outputlangs);
+	$result = $object->generatePdf(GETPOST("model"), $outputlangs);
 	if ($result <= 0) {
 		dol_print_error($db, $object->error);
 		exit;

htdocs/compta/paiement/rapport.php

@@ -70,14 +70,14 @@ if ($action == 'builddoc') {
 	// We save charset_output to restore it because write_file can change it if needed for
 	// output format that does not support UTF8.
 	$sav_charset_output = $outputlangs->charset_output;
-	if ($rap->write_file($dir, $_POST["remonth"], $_POST["reyear"], $outputlangs) > 0) {
+	if ($rap->write_file($dir, GETPOST("remonth", "int"), GETPOST("reyear", "int"), $outputlangs) > 0) {
 		$outputlangs->charset_output = $sav_charset_output;
 	} else {
 		$outputlangs->charset_output = $sav_charset_output;
 		dol_print_error($db, $obj->error);
 	}
 
-	$year = $_POST["reyear"];
+	$year = GETPOST("reyear", "int");
 }
 
 

htdocs/compta/paiement_charge.php

@@ -32,6 +32,8 @@ $langs->load("bills");
 
 $chid = GETPOST("id", 'int');
 $action = GETPOST('action', 'aZ09');
+$cancel = GETPOST('cancel');
+
 $amounts = array();
 
 // Security check
@@ -50,15 +52,15 @@ $charge = new ChargeSociales($db);
 if ($action == 'add_payment' || ($action == 'confirm_paiement' && $confirm == 'yes')) {
 	$error = 0;
 
-	if ($_POST["cancel"]) {
+	if ($cancel) {
 		$loc = DOL_URL_ROOT.'/compta/sociales/card.php?id='.$chid;
 		header("Location: ".$loc);
 		exit;
 	}
 
-	$datepaye = dol_mktime(12, 0, 0, $_POST["remonth"], $_POST["reday"], $_POST["reyear"]);
+	$datepaye = dol_mktime(12, 0, 0, GETPOST("remonth", "int"), GETPOST("reday", "int"), GETPOST("reyear", "int"));
 
-	if (!$_POST["paiementtype"] > 0) {
+	if (!(GETPOST("paiementtype") > 0)) {
 		setEventMessages($langs->trans("ErrorFieldRequired", $langs->transnoentities("PaymentMode")), null, 'errors');
 		$error++;
 		$action = 'create';
@@ -68,7 +70,7 @@ if ($action == 'add_payment' || ($action == 'confirm_paiement' && $confirm == 'y
 		$error++;
 		$action = 'create';
 	}
-	if (!empty($conf->banque->enabled) && !($_POST["accountid"] > 0)) {
+	if (!empty($conf->banque->enabled) && !(GETPOST("accountid") > 0)) {
 		setEventMessages($langs->trans("ErrorFieldRequired", $langs->transnoentities("AccountToCredit")), null, 'errors');
 		$error++;
 		$action = 'create';

htdocs/compta/paiement_vat.php

@@ -33,6 +33,8 @@ $langs->loadLangs(array("banks", "bills"));
 
 $chid = GETPOST("id", 'int');
 $action = GETPOST('action', 'alpha');
+$cancel = GETPOST('cancel');
+
 $amounts = array();
 
 // Security check
@@ -49,7 +51,7 @@ if ($user->socid > 0) {
 if ($action == 'add_payment' || ($action == 'confirm_paiement' && $confirm == 'yes')) {
 	$error = 0;
 
-	if ($_POST["cancel"]) {
+	if ($cancel) {
 		$loc = DOL_URL_ROOT.'/compta/tva/card.php?id='.$chid;
 		header("Location: ".$loc);
 		exit;

htdocs/compta/tva/card.php

@@ -41,6 +41,7 @@ $langs->loadLangs(array('compta', 'banks', 'bills'));
 
 $id = GETPOST("id", 'int');
 $action = GETPOST("action", "alpha");
+$cancel = GETPOST('cancel');
 $confirm = GETPOST('confirm');
 $refund = GETPOST("refund", "int");
 if (GETPOSTISSET('auto_create_paiement') || $action === 'add') {
@@ -74,7 +75,7 @@ $hookmanager->initHooks(array('taxvatcard', 'globalcard'));
  * Actions
  */
 
-if ($_POST["cancel"] == $langs->trans("Cancel") && !$id) {
+if ($cancel && !$id) {
 	header("Location: list.php");
 	exit;
 }
@@ -135,7 +136,7 @@ if ($action == 'reopen' && $user->rights->tax->charges->creer) {
 	}
 }
 
-if ($action == 'add' && $_POST["cancel"] <> $langs->trans("Cancel")) {
+if ($action == 'add' && $cancel) {
 	$error = 0;
 
 	$object->fk_account = GETPOST("accountid", 'int');

htdocs/contact/canvas/actions_contactcard_common.class.php

@@ -283,28 +283,28 @@ abstract class ActionsContactCardCommon
 		// phpcs:enable
 		global $langs, $mysoc;
 
-		$this->object->old_name = $_POST["old_name"];
-		$this->object->old_firstname = $_POST["old_firstname"];
-
-		$this->object->socid = $_POST["socid"];
-		$this->object->lastname			= $_POST["name"];
-		$this->object->firstname		= $_POST["firstname"];
-		$this->object->civility_id = $_POST["civility_id"];
-		$this->object->poste			= $_POST["poste"];
-		$this->object->address = $_POST["address"];
-		$this->object->zip = $_POST["zipcode"];
-		$this->object->town				= $_POST["town"];
-		$this->object->country_id = $_POST["country_id"] ? $_POST["country_id"] : $mysoc->country_id;
-		$this->object->state_id = $_POST["state_id"];
-		$this->object->phone_pro = $_POST["phone_pro"];
-		$this->object->phone_perso = $_POST["phone_perso"];
-		$this->object->phone_mobile = $_POST["phone_mobile"];
-		$this->object->fax = $_POST["fax"];
-		$this->object->email			= $_POST["email"];
-		$this->object->jabberid = $_POST["jabberid"];
-		$this->object->priv				= $_POST["priv"];
-		$this->object->note				= $_POST["note"];
-		$this->object->canvas = $_POST["canvas"];
+		$this->object->old_name = GETPOST("old_name");
+		$this->object->old_firstname = GETPOST("old_firstname");
+
+		$this->object->socid = GETPOST("socid");
+		$this->object->lastname			= GETPOST("name");
+		$this->object->firstname		= GETPOST("firstname");
+		$this->object->civility_id = GETPOST("civility_id");
+		$this->object->poste			= GETPOST("poste");
+		$this->object->address = GETPOST("address");
+		$this->object->zip = GETPOST("zipcode");
+		$this->object->town				= GETPOST("town");
+		$this->object->country_id = GETPOST("country_id") ? GETPOST("country_id") : $mysoc->country_id;
+		$this->object->state_id = GETPOST("state_id");
+		$this->object->phone_pro = GETPOST("phone_pro");
+		$this->object->phone_perso = GETPOST("phone_perso");
+		$this->object->phone_mobile = GETPOST("phone_mobile");
+		$this->object->fax = GETPOST("fax");
+		$this->object->email			= GETPOST("email");
+		$this->object->jabberid = GETPOST("jabberid");
+		$this->object->priv				= GETPOST("priv");
+		$this->object->note				= GETPOST("note", "restricthtml");
+		$this->object->canvas = GETPOST("canvas");
 
 		// We set country_id, and country_code label of the chosen country
 		if ($this->object->country_id) {

htdocs/contact/card.php

@@ -561,7 +561,7 @@ if (is_object($objcanvas) && $objcanvas->displayCanvasExists($action)) {
 			$object->state_id = GETPOST("state_id");
 
 			// We set country_id, country_code and label for the selected country
-			$object->country_id = $_POST["country_id"] ?GETPOST("country_id") : (empty($objsoc->country_id) ? $mysoc->country_id : $objsoc->country_id);
+			$object->country_id = GETPOST("country_id") ? GETPOST("country_id", "int") : (empty($objsoc->country_id) ? $mysoc->country_id : $objsoc->country_id);
 			if ($object->country_id) {
 				$tmparray = getCountry($object->country_id, 'all');
 				$object->country_code = $tmparray['code'];

htdocs/contact/perso.php

@@ -49,8 +49,8 @@ if ($action == 'update' && !GETPOST("cancel") && $user->rights->societe->contact
 	$ret = $object->fetch($id);
 
 	// Note: Correct date should be completed with location to have exact GM time of birth.
-	$object->birthday = dol_mktime(0, 0, 0, $_POST["birthdaymonth"], $_POST["birthdayday"], $_POST["birthdayyear"]);
-	$object->birthday_alert = $_POST["birthday_alert"];
+	$object->birthday = dol_mktime(0, 0, 0, GETPOST("birthdaymonth"), GETPOST("birthdayday"), GETPOST("birthdayyear"));
+	$object->birthday_alert = GETPOST("birthday_alert");
 
 	if (GETPOST('deletephoto')) {
 		$object->photo = '';

htdocs/core/class/html.formmail.class.php

@@ -912,8 +912,8 @@ class FormMail extends Form
 					}
 				}
 
-				if (GETPOSTISSET("message") && !$_POST['modelselected']) {
-					$defaultmessage = $_POST["message"];
+				if (GETPOSTISSET("message") && !GETPOST('modelselected')) {
+					$defaultmessage = GETPOST("message", "restricthtml");
 				} else {
 					$defaultmessage = make_substitutions($defaultmessage, $this->substit);
 					// Clean first \n and br (to avoid empty line when CONTACTCIVNAME is empty)

htdocs/core/lib/admin.lib.php

@@ -568,7 +568,7 @@ function dolibarr_get_const($db, $name, $entity = 1)
  *	@param	    DoliDB		$db         Database handler
  *	@param	    string		$name		Name of constant
  *	@param	    string		$value		Value of constant
- *	@param	    string		$type		Type of constante (chaine par defaut)
+ *	@param	    string		$type		Type of constant ('chaine by default)
  *	@param	    int			$visible	Is constant visible in Setup->Other page (0 by default)
  *	@param	    string		$note		Note on parameter
  *	@param	    int			$entity		Multi company id (0 means all entities)

htdocs/fourn/facture/card.php

@@ -417,13 +417,11 @@ if (empty($reshook)) {
 			dol_print_error($db, $object->error);
 		}
 	} elseif ($action == "setabsolutediscount" && $usercancreate) {
-		// POST[remise_id] or POST[remise_id_for_payment]
-
 		// We use the credit to reduce amount of invoice
-		if (!empty($_POST["remise_id"])) {
+		if (GETPOST("remise_id", "int")) {
 			$ret = $object->fetch($id);
 			if ($ret > 0) {
-				$result = $object->insert_discount($_POST["remise_id"]);
+				$result = $object->insert_discount(GETPOST("remise_id", "int"));
 				if ($result < 0) {
 					setEventMessages($object->error, $object->errors, 'errors');
 				}
@@ -432,10 +430,10 @@ if (empty($reshook)) {
 			}
 		}
 		// We use the credit to reduce remain to pay
-		if (!empty($_POST["remise_id_for_payment"])) {
+		if (GETPOST("remise_id_for_payment", "int")) {
 			require_once DOL_DOCUMENT_ROOT.'/core/class/discount.class.php';
 			$discount = new DiscountAbsolute($db);
-			$discount->fetch($_POST["remise_id_for_payment"]);
+			$discount->fetch(GETPOST("remise_id_for_payment", "int"));
 
 			//var_dump($object->getRemainToPay(0));
 			//var_dump($discount->amount_ttc);exit;
@@ -1082,14 +1080,14 @@ if (empty($reshook)) {
 			$prod = new Product($db);
 			$prod->fetch(GETPOST('productid'));
 			$label = $prod->description;
-			if (trim($_POST['product_desc']) != trim($label)) {
-				$label = $_POST['product_desc'];
+			if (trim(GETPOST('product_desc', 'restricthtml')) != trim($label)) {
+				$label = GETPOST('product_desc', 'restricthtml');
 			}
 
 			$type = $prod->type;
 		} else {
-			$label = $_POST['product_desc'];
-			$type = $_POST["type"] ? $_POST["type"] : 0;
+			$label = GETPOST('product_desc', 'restricthtml');
+			$type = GETPOST("type") ? GETPOST("type") : 0;
 		}
 
 		$date_start = dol_mktime(GETPOST('date_starthour'), GETPOST('date_startmin'), GETPOST('date_startsec'), GETPOST('date_startmonth'), GETPOST('date_startday'), GETPOST('date_startyear'));

htdocs/opensurvey/results.php

@@ -66,9 +66,9 @@ if (GETPOST("boutonp") || GETPOST("boutonp.x") || GETPOST("boutonp_x")) {		// bo
 
 		$nouveauchoix = '';
 		for ($i = 0; $i < $nbcolonnes; $i++) {
-			if (isset($_POST["choix$i"]) && $_POST["choix$i"] == '1') {
+			if (GETPOSTISSET("choix$i") && GETPOST("choix$i") == '1') {
 				$nouveauchoix .= "1";
-			} elseif (isset($_POST["choix$i"]) && $_POST["choix$i"] == '2') {
+			} elseif (GETPOSTISSET("choix$i") && GETPOST("choix$i") == '2') {
 				$nouveauchoix .= "2";
 			} else { // sinon c'est 0
 				$nouveauchoix .= "0";
@@ -122,17 +122,16 @@ if ($testmodifier) {
 
 	$nouveauchoix = '';
 	for ($i = 0; $i < $nbcolonnes; $i++) {
-		//var_dump($_POST["choix$i"]);
-		if (isset($_POST["choix$i"]) && $_POST["choix$i"] == '1') {
+		if (GETPOSTISSET("choix$i") && GETPOST("choix$i") == '1') {
 			$nouveauchoix .= "1";
-		} elseif (isset($_POST["choix$i"]) && $_POST["choix$i"] == '2') {
+		} elseif (GETPOSTISSET("choix$i") && GETPOST("choix$i") == '2') {
 			$nouveauchoix .= "2";
 		} else { // sinon c'est 0
 			$nouveauchoix .= "0";
 		}
 	}
 
-	$idtomodify = $_POST["idtomodify".$modifier];
+	$idtomodify = GETPOST("idtomodify".$modifier);
 	$sql = 'UPDATE '.MAIN_DB_PREFIX."opensurvey_user_studs";
 	$sql .= " SET reponses = '".$db->escape($nouveauchoix)."'";
 	$sql .= " WHERE id_users = '".$db->escape($idtomodify)."'";
@@ -169,7 +168,7 @@ if (GETPOST("ajoutercolonne") && GETPOST('nouvellecolonne') && $object->format =
 }
 
 // Add column (with format date)
-if (isset($_POST["ajoutercolonne"]) && $object->format == "D") {
+if (GETPOSTISSET("ajoutercolonne") && $object->format == "D") {
 	// Security check
 	if (!$user->rights->opensurvey->write) {
 		accessforbidden();
@@ -177,27 +176,27 @@ if (isset($_POST["ajoutercolonne"]) && $object->format == "D") {
 
 	$nouveauxsujets = $object->sujet;
 
-	if (isset($_POST["nouveaujour"]) && $_POST["nouveaujour"] != "vide" &&
-		isset($_POST["nouveaumois"]) && $_POST["nouveaumois"] != "vide" &&
-		isset($_POST["nouvelleannee"]) && $_POST["nouvelleannee"] != "vide") {
-		$nouvelledate = dol_mktime(0, 0, 0, $_POST["nouveaumois"], $_POST["nouveaujour"], $_POST["nouvelleannee"]);
+	if (GETPOSTISSET("nouveaujour") && GETPOST("nouveaujour") != "vide" &&
+		GETPOSTISSET("nouveaumois") && GETPOST("nouveaumois") != "vide" &&
+		GETPOSTISSET("nouvelleannee") && GETPOST("nouvelleannee") != "vide") {
+		$nouvelledate = dol_mktime(0, 0, 0, GETPOST("nouveaumois"), GETPOST("nouveaujour"), GETPOST("nouvelleannee"));
 
-		if (isset($_POST["nouvelleheuredebut"]) && $_POST["nouvelleheuredebut"] != "vide") {
+		if (GETPOSTISSET("nouvelleheuredebut") && GETPOST("nouvelleheuredebut") != "vide") {
 			$nouvelledate .= "@";
 			$nouvelledate .= GETPOST("nouvelleheuredebut");
 			$nouvelledate .= "h";
 
-			if ($_POST["nouvelleminutedebut"] != "vide") {
+			if (GETPOST("nouvelleminutedebut") != "vide") {
 				$nouvelledate .= GETPOST("nouvelleminutedebut");
 			}
 		}
 
-		if (isset($_POST["nouvelleheurefin"]) && $_POST["nouvelleheurefin"] != "vide") {
+		if (GETPOSTISSET("nouvelleheurefin") && GETPOST("nouvelleheurefin") != "vide") {
 			$nouvelledate .= "-";
 			$nouvelledate .= GETPOST("nouvelleheurefin");
 			$nouvelledate .= "h";
 
-			if ($_POST["nouvelleminutefin"] != "vide") {
+			if (GETPOST("nouvelleminutefin") != "vide") {
 				$nouvelledate .= GETPOST("nouvelleminutefin");
 			}
 		}

htdocs/product/card.php

@@ -405,8 +405,8 @@ if (empty($reshook)) {
 			if (!empty($conf->global->PRODUIT_MULTIPRICES)) {
 				for ($i = 2; $i <= $conf->global->PRODUIT_MULTIPRICES_LIMIT; $i++) {
 					if (GETPOSTISSET("price_".$i)) {
-						$object->multiprices["$i"] = price2num($_POST["price_".$i], 'MU');
-						$object->multiprices_base_type["$i"] = $_POST["multiprices_base_type_".$i];
+						$object->multiprices["$i"] = price2num(GETPOST("price_".$i), 'MU');
+						$object->multiprices_base_type["$i"] = GETPOST("multiprices_base_type_".$i);
 					} else {
 						$object->multiprices["$i"] = "";
 					}

htdocs/product/fournisseurs.php

@@ -217,7 +217,7 @@ if (empty($reshook)) {
 			$langs->load("errors");
 			setEventMessages($langs->trans("ErrorFieldRequired", $langs->transnoentities("Supplier")), null, 'errors');
 		}
-		if (price2num($_POST["price"]) < 0 || $_POST["price"] == '') {
+		if (price2num(GETPOST("price")) < 0 || GETPOST("price") == '') {
 			if ($price_expression === '') {	// Return error of missing price only if price_expression not set
 				$error++;
 				$langs->load("errors");

htdocs/product/stock/movement_card.php

@@ -179,7 +179,7 @@ if ($action == "correct_stock") {
 		setEventMessages($langs->trans("ErrorFieldRequired", $langs->transnoentitiesnoconv("Product")), null, 'errors');
 		$action = 'correction';
 	}
-	if (!is_numeric($_POST["nbpiece"])) {
+	if (!is_numeric(GETPOST("nbpiece"))) {
 		$error++;
 		setEventMessages($langs->trans("ErrorFieldMustBeANumeric", $langs->transnoentitiesnoconv("NumberOfUnit")), null, 'errors');
 		$action = 'correction';

htdocs/product/stock/movement_list.php

@@ -247,7 +247,7 @@ if ($action == "correct_stock") {
 		setEventMessages($langs->trans("ErrorFieldRequired", $langs->transnoentitiesnoconv("Product")), null, 'errors');
 		$action = 'correction';
 	}
-	if (!is_numeric($_POST["nbpiece"])) {
+	if (!is_numeric(GETPOST("nbpiece"))) {
 		$error++;
 		setEventMessages($langs->trans("ErrorFieldMustBeANumeric", $langs->transnoentitiesnoconv("NumberOfUnit")), null, 'errors');
 		$action = 'correction';